From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 15 May 2014 14:24:09 +1000
Subject:    - markus@cvs.openbsd.org 2014/04/29 18:01:49      [auth.c authfd.c
 authfile.c bufaux.c cipher.c cipher.h hostfile.c]      [kex.c key.c mac.c
 monitor.c monitor_wrap.c myproposal.h packet.c]      [roaming_client.c
 ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]      [ssh-pkcs11.h
 ssh.c sshconnect.c sshconnect2.c sshd.c]      make compiling against OpenSSL
 optional (make OPENSSL=no);      reduces algorithms to curve25519, aes-ctr,
 chacha, ed25519;      allows us to explore further options; with and ok djm

---
 kex.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'kex.c')

diff --git a/kex.c b/kex.c
index 74e2b8682..a173e70e3 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -33,7 +33,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
+#endif
 
 #include "xmalloc.h"
 #include "ssh2.h"
@@ -70,12 +72,13 @@ struct kexalg {
 	int hash_alg;
 };
 static const struct kexalg kexalgs[] = {
+#ifdef WITH_OPENSSL
 	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
 	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
 	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
 #ifdef HAVE_EVP_SHA256
 	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
-#endif
+#endif /* HAVE_EVP_SHA256 */
 #ifdef OPENSSL_HAS_ECC
 	{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
 	    NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
@@ -84,12 +87,13 @@ static const struct kexalg kexalgs[] = {
 # ifdef OPENSSL_HAS_NISTP521
 	{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
 	    SSH_DIGEST_SHA512 },
-# endif
-#endif
+# endif /* OPENSSL_HAS_NISTP521 */
+#endif /* OPENSSL_HAS_ECC */
 	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
+#endif /* WITH_OPENSSL */
 #ifdef HAVE_EVP_SHA256
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
-#endif
+#endif /* HAVE_EVP_SHA256 */
 	{ NULL, -1, -1, -1},
 };
 
@@ -615,6 +619,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
 	}
 }
 
+#ifdef WITH_OPENSSL
 void
 kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
 {
@@ -626,6 +631,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
 	    buffer_ptr(&shared_secret), buffer_len(&shared_secret));
 	buffer_free(&shared_secret);
 }
+#endif
 
 Newkeys *
 kex_get_newkeys(int mode)
@@ -637,6 +643,7 @@ kex_get_newkeys(int mode)
 	return ret;
 }
 
+#ifdef WITH_SSH1
 void
 derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
     u_int8_t cookie[8], u_int8_t id[16])
@@ -669,6 +676,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
 	explicit_bzero(nbuf, sizeof(nbuf));
 	explicit_bzero(obuf, sizeof(obuf));
 }
+#endif
 
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
-- 
cgit v1.2.3