From 1249177580e91cb4476836a604cfbb1fd56d87ec Mon Sep 17 00:00:00 2001 From: markus Date: Tue, 29 Apr 2014 18:01:49 +0000 Subject: [PATCH] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- usr.bin/ssh/Makefile.inc | 7 +- usr.bin/ssh/auth.c | 6 +- usr.bin/ssh/authfd.c | 22 +++++-- usr.bin/ssh/authfile.c | 33 +++++++++- usr.bin/ssh/bufaux.c | 4 +- usr.bin/ssh/cipher.c | 82 ++++++++++++++++++++++-- usr.bin/ssh/cipher.h | 4 +- usr.bin/ssh/hostfile.c | 8 ++- usr.bin/ssh/kex.c | 10 ++- usr.bin/ssh/key.c | 120 ++++++++++++++++++++++++++++------- usr.bin/ssh/lib/Makefile | 25 +++++--- usr.bin/ssh/mac.c | 19 +++++- usr.bin/ssh/monitor.c | 23 ++++++- usr.bin/ssh/monitor_wrap.c | 13 +++- usr.bin/ssh/myproposal.h | 28 +++++++- usr.bin/ssh/packet.c | 6 +- usr.bin/ssh/roaming_client.c | 5 +- usr.bin/ssh/ssh-agent.c | 12 +++- usr.bin/ssh/ssh-keygen.c | 16 ++++- usr.bin/ssh/ssh-keyscan.c | 8 ++- usr.bin/ssh/ssh-keysign.c | 5 +- usr.bin/ssh/ssh-pkcs11.h | 6 +- usr.bin/ssh/ssh.c | 22 ++++++- usr.bin/ssh/ssh/Makefile | 18 ++++-- usr.bin/ssh/sshconnect.c | 6 +- usr.bin/ssh/sshconnect2.c | 4 +- usr.bin/ssh/sshd.c | 44 +++++++++++-- usr.bin/ssh/sshd/Makefile | 23 +++++-- 28 files changed, 492 insertions(+), 87 deletions(-) diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index e83c0426d06..46f34fd343f 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.45 2014/03/31 15:25:26 deraadt Exp $ +# $OpenBSD: Makefile.inc,v 1.46 2014/04/29 18:01:49 markus Exp $ .include @@ -39,6 +39,11 @@ CDIAGFLAGS+= -Wno-unused-parameter # Not clean for this yet WARNINGS=yes +OPENSSL?= yes +.if (${OPENSSL:L} == "yes") +CFLAGS+= -DWITH_OPENSSL -DWITH_SSH1 +.endif + CFLAGS+= -DENABLE_PKCS11 .ifndef NOPIC CFLAGS+= -DHAVE_DLOPEN diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 70fc44f26de..72b88c207da 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -533,6 +533,7 @@ getpwnamallow(const char *user) int auth_key_is_revoked(Key *key) { +#ifdef WITH_OPENSSL char *key_fp; if (options.revoked_keys_file == NULL) @@ -545,6 +546,7 @@ auth_key_is_revoked(Key *key) default: goto revoked; } +#endif debug3("%s: treating %s as a key list", __func__, options.revoked_keys_file); switch (key_in_file(key, options.revoked_keys_file, 0)) { @@ -556,6 +558,7 @@ auth_key_is_revoked(Key *key) error("Revoked keys file is unreadable: refusing public key " "authentication"); return 1; +#ifdef WITH_OPENSSL case 1: revoked: /* Key revoked */ @@ -564,6 +567,7 @@ auth_key_is_revoked(Key *key) "%s key %s ", key_type(key), key_fp); free(key_fp); return 1; +#endif } fatal("key_in_file returned junk"); } diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index 9d617509606..b7f0a018c8f 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,9 +40,6 @@ #include #include -#include -#include - #include #include #include @@ -311,8 +308,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { +#ifdef WITH_SSH1 int keybits; u_int bits; +#endif u_char *blob; u_int blen; Key *key = NULL; @@ -326,6 +325,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * error if the packet is too short or contains corrupt data. */ switch (version) { +#ifdef WITH_SSH1 case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); @@ -337,6 +337,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; +#endif case 2: blob = buffer_get_string(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); @@ -359,6 +360,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * supported) and 1 corresponding to protocol version 1.1. */ +#ifdef WITH_SSH1 int ssh_decrypt_challenge(AuthenticationConnection *auth, Key* key, BIGNUM *challenge, @@ -408,6 +410,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buffer_free(&buffer); return success; } +#endif /* ask agent to sign data, returns -1 on error, 0 on success */ int @@ -455,6 +458,7 @@ ssh_agent_sign(AuthenticationConnection *auth, /* Encode key for a message to the agent. */ +#ifdef WITH_SSH1 static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { @@ -468,6 +472,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ buffer_put_cstring(b, comment); } +#endif static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) @@ -491,6 +496,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_init(&msg); switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : @@ -498,6 +504,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; +#endif +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: @@ -506,6 +514,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: +#endif case KEY_ED25519: case KEY_ED25519_CERT: type = constrained ? @@ -550,12 +559,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) buffer_init(&msg); +#ifdef WITH_SSH1 if (key->type == KEY_RSA1) { buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key->type != KEY_UNSPEC) { + } else +#endif + if (key->type != KEY_UNSPEC) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index 19b0c619342..ab2efee47ad 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,9 +42,11 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include +#endif #include "crypto_api.h" @@ -412,6 +414,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, return k; } +#ifdef WITH_SSH1 /* * Serialises the authentication (private) key to a blob, encrypting it with * passphrase. The identification of the blob (lowest 64 bits of n) will @@ -501,7 +504,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, return 1; } +#endif +#ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ static int key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, @@ -545,6 +550,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, BIO_free(bio); return success; } +#endif /* Save a key blob to a file */ static int @@ -575,8 +581,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, int new_format_rounds) { switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_private_rsa1_to_blob(key, blob, passphrase, comment); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: @@ -585,6 +594,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, comment, new_format_cipher, new_format_rounds); } return key_private_pem_to_blob(key, blob, passphrase, comment); +#endif case KEY_ED25519: return key_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds); @@ -614,6 +624,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, return success; } +#ifdef WITH_SSH1 /* * Parse the public, unencrypted portion of a RSA1 key. */ @@ -658,6 +669,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) return pub; } +#endif /* Load a key from a fd into a buffer */ int @@ -714,6 +726,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) return 1; } +#ifdef WITH_SSH1 /* * Loads the public part of the ssh v1 key file. Returns NULL if an error was * encountered (the file does not exist or is not readable), and the key @@ -857,7 +870,9 @@ fail: key_free(prv); return NULL; } +#endif +#ifdef WITH_OPENSSL static Key * key_parse_private_pem(Buffer *blob, int type, const char *passphrase, char **commentp) @@ -949,6 +964,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, buffer_free(&buffer); return prv; } +#endif int key_perm_ok(int fd, const char *filename) @@ -982,18 +998,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, Key *k; switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_parse_private_rsa1(blob, passphrase, commentp); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: return key_parse_private_pem(blob, type, passphrase, commentp); +#endif case KEY_ED25519: return key_parse_private2(blob, type, passphrase, commentp); case KEY_UNSPEC: if ((k = key_parse_private2(blob, type, passphrase, commentp))) return k; +#ifdef WITH_OPENSSL return key_parse_private_pem(blob, type, passphrase, commentp); +#endif default: error("%s: cannot parse key type %d", __func__, type); break; @@ -1043,6 +1065,7 @@ Key * key_parse_private(Buffer *buffer, const char *filename, const char *passphrase, char **commentp) { +#ifdef WITH_SSH1 Key *pub, *prv; /* it's a SSH v1 key if the public key part is readable */ @@ -1060,6 +1083,10 @@ key_parse_private(Buffer *buffer, const char *filename, NULL); } return prv; +#else + return key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, commentp); +#endif } Key * @@ -1144,6 +1171,7 @@ key_load_public(const char *filename, char **commentp) Key *pub; char file[MAXPATHLEN]; +#ifdef WITH_SSH1 /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) @@ -1154,6 +1182,7 @@ key_load_public(const char *filename, char **commentp) if (key_try_load_public(pub, filename, commentp) == 1) return pub; key_free(pub); +#endif /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); @@ -1193,9 +1222,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, Key *key, *pub; switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_DSA: case KEY_ECDSA: +#endif case KEY_ED25519: break; default: diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c index 61eb26643bb..488cbde8a6b 100644 --- a/usr.bin/ssh/bufaux.c +++ b/usr.bin/ssh/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.58 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.59 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,8 +39,6 @@ #include -#include - #include #include #include diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index 97b8ef9c4bc..f07b9b23c6e 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,9 +48,11 @@ #include "buffer.h" #include "digest.h" +#ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif struct Cipher { char *name; @@ -63,15 +65,23 @@ struct Cipher { u_int flags; #define CFLAG_CBC (1<<0) #define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); +#else + void *ignored; +#endif }; static const struct Cipher ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, +#ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, - +#endif +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, @@ -92,6 +102,12 @@ static const struct Cipher ciphers[] = { SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, +#else + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif { "chacha20-poly1305@openssh.com", SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, @@ -258,6 +274,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { +#ifdef WITH_OPENSSL static int dowarn = 1; const EVP_CIPHER *type; int klen; @@ -272,6 +289,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (keylen > 8) keylen = 8; } +#endif cc->plaintext = (cipher->number == SSH_CIPHER_NONE); cc->encrypt = do_encrypt; @@ -287,6 +305,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher, chachapoly_init(&cc->cp_ctx, key, keylen); return; } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; + fatal("unsupported cipher"); +#else type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, @@ -319,6 +347,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, free(junk); free(discard); } +#endif } /* @@ -340,6 +369,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + fatal("unsupported cipher"); +#else if (authlen) { u_char lastiv[1]; @@ -380,6 +423,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } return 0; +#endif } /* Extract the packet length, including any decryption necessary beforehand */ @@ -401,8 +445,12 @@ cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); +#endif } /* @@ -435,14 +483,16 @@ int cipher_get_keyiv_len(const CipherContext *cc) { const Cipher *c = cc->cipher; - int ivlen; + int ivlen = 0; if (c->number == SSH_CIPHER_3DES) ivlen = 24; else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) ivlen = 0; +#ifdef WITH_OPENSSL else ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); +#endif return (ivlen); } @@ -450,15 +500,20 @@ void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) fatal("%s: wrong iv length %d != %d", __func__, len, 0); return; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -475,9 +530,12 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) } else memcpy(iv, cc->evp.iv, len); break; +#endif +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; +#endif default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -487,12 +545,17 @@ void cipher_set_keyiv(CipherContext *cc, u_char *iv) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen = 0; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -507,20 +570,26 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) } else memcpy(cc->evp.iv, iv, evplen); break; +#endif +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); break; +#endif default: fatal("%s: bad cipher %d", __func__, c->number); } } +#ifdef WITH_OPENSSL #define EVP_X_STATE(evp) (evp).cipher_data #define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size +#endif int cipher_get_keycontext(const CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen = 0; @@ -531,11 +600,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return (0); +#endif } void cipher_set_keycontext(CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen; @@ -543,4 +616,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index 133d2e73d2e..5aa778f1436 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: cipher.h,v 1.45 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen @@ -39,6 +39,7 @@ #include #include "cipher-chachapoly.h" +#include "cipher-aesctr.h" /* * Cipher types for SSH-1. New types can be added, but old types should not @@ -69,6 +70,7 @@ struct CipherContext { int encrypt; EVP_CIPHER_CTX evp; struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ const Cipher *cipher; }; diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index 440363d5848..ae856382656 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.56 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -179,6 +179,7 @@ static int hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, u_long linenum) { +#ifdef WITH_SSH1 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { @@ -188,6 +189,7 @@ hostfile_check_key(int bits, const Key *key, const char *host, logit("Warning: replace %d with %d in %s, line %lu.", bits, BN_num_bits(key->rsa->n), filename, linenum); } +#endif return 1; } @@ -293,11 +295,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) key = key_new(KEY_UNSPEC); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); +#ifdef WITH_SSH1 key = key_new(KEY_RSA1); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); continue; } +#else + continue; +#endif } if (!hostfile_check_key(kbits, key, host, path, linenum)) continue; diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 5b24945e062..4afc25bff66 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -30,7 +30,9 @@ #include #include +#ifdef WITH_OPENSSL #include +#endif #include "xmalloc.h" #include "ssh2.h" @@ -59,6 +61,7 @@ struct kexalg { int hash_alg; }; static const struct kexalg kexalgs[] = { +#ifdef WITH_OPENSSL { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, @@ -69,6 +72,7 @@ static const struct kexalg kexalgs[] = { SSH_DIGEST_SHA384 }, { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, SSH_DIGEST_SHA512 }, +#endif { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, { NULL, -1, -1, -1}, }; @@ -595,6 +599,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, } } +#ifdef WITH_OPENSSL void kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) { @@ -606,6 +611,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) buffer_ptr(&shared_secret), buffer_len(&shared_secret)); buffer_free(&shared_secret); } +#endif Newkeys * kex_get_newkeys(int mode) @@ -617,6 +623,7 @@ kex_get_newkeys(int mode) return ret; } +#ifdef WITH_SSH1 void derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, u_int8_t cookie[8], u_int8_t id[16]) @@ -649,6 +656,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, explicit_bzero(nbuf, sizeof(nbuf)); explicit_bzero(obuf, sizeof(obuf)); } +#endif #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index 7ee213845f5..c00d6e8ae8c 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: key.c,v 1.117 2014/04/29 18:01:49 markus Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -75,8 +75,11 @@ Key * key_new(int type) { Key *k; +#ifdef WITH_OPENSSL RSA *rsa; DSA *dsa; +#endif + k = xcalloc(1, sizeof(*k)); k->type = type; k->ecdsa = NULL; @@ -87,6 +90,7 @@ key_new(int type) k->ed25519_sk = NULL; k->ed25519_pk = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -118,6 +122,7 @@ key_new(int type) case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: /* no need to prealloc */ @@ -139,6 +144,7 @@ void key_add_private(Key *k) { switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -166,6 +172,7 @@ key_add_private(Key *k) case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: /* no need to prealloc */ @@ -209,6 +216,7 @@ key_free(Key *k) if (k == NULL) fatal("key_free: key is NULL"); switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -230,6 +238,7 @@ key_free(Key *k) EC_KEY_free(k->ecdsa); k->ecdsa = NULL; break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: if (k->ed25519_pk) { @@ -280,13 +289,16 @@ cert_compare(struct KeyCert *a, struct KeyCert *b) int key_equal_public(const Key *a, const Key *b) { +#ifdef WITH_OPENSSL BN_CTX *bnctx; +#endif if (a == NULL || b == NULL || key_type_plain(a->type) != key_type_plain(b->type)) return 0; switch (a->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -320,6 +332,7 @@ key_equal_public(const Key *a, const Key *b) } BN_CTX_free(bnctx); return 1; +#endif case KEY_ED25519: case KEY_ED25519_CERT: return a->ed25519_pk != NULL && b->ed25519_pk != NULL && @@ -349,7 +362,10 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, u_char *blob = NULL; u_char *retval = NULL; u_int len = 0; - int nlen, elen, hash_alg = -1; + int hash_alg = -1; +#ifdef WITH_OPENSSL + int nlen, elen; +#endif *dgst_raw_length = 0; @@ -368,6 +384,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, fatal("%s: bad digest type %d", __func__, dgst_type); } switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: nlen = BN_num_bytes(k->rsa->n); elen = BN_num_bytes(k->rsa->e); @@ -379,14 +396,17 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, case KEY_DSA: case KEY_ECDSA: case KEY_RSA: +#endif case KEY_ED25519: key_to_blob(k, &blob, &len); break; +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_RSA_CERT: +#endif case KEY_ED25519_CERT: /* We want a fingerprint of the _key_ not of the cert */ to_blob(k, &blob, &len, 1); @@ -615,6 +635,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) return retval; } +#ifdef WITH_SSH1 /* * Reads a multiple-precision integer in decimal from the buffer, and advances * the pointer. The integer must already be initialized. This function is @@ -671,6 +692,7 @@ write_bignum(FILE *f, BIGNUM *num) OPENSSL_free(buf); return 1; } +#endif /* returns 1 ok, -1 error */ int @@ -680,13 +702,16 @@ key_read(Key *ret, char **cpp) int success = -1; char *cp, *space; int len, n, type, curve_nid = -1; +#ifdef WITH_SSH1 u_int bits; +#endif u_char *blob; cp = *cpp; switch (ret->type) { case KEY_RSA1: +#ifdef WITH_SSH1 /* Get number of bits. */ if (*cp < '0' || *cp > '9') return -1; /* Bad bit count... */ @@ -707,6 +732,7 @@ key_read(Key *ret, char **cpp) return -1; } success = 1; +#endif break; case KEY_UNSPEC: case KEY_RSA: @@ -785,6 +811,7 @@ key_read(Key *ret, char **cpp) ret->cert = k->cert; k->cert = NULL; } +#ifdef WITH_OPENSSL if (key_type_plain(ret->type) == KEY_RSA) { if (ret->rsa != NULL) RSA_free(ret->rsa); @@ -814,6 +841,7 @@ key_read(Key *ret, char **cpp) key_dump_ec_key(ret->ecdsa); #endif } +#endif if (key_type_plain(ret->type) == KEY_ED25519) { free(ret->ed25519_pk); ret->ed25519_pk = k->ed25519_pk; @@ -845,7 +873,10 @@ int key_write(const Key *key, FILE *f) { int n, success = 0; - u_int len, bits = 0; +#ifdef WITH_SSH1 + u_int bits = 0; +#endif + u_int len; u_char *blob; char *uu; @@ -861,6 +892,7 @@ key_write(const Key *key, FILE *f) } switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: if (key->rsa == NULL) return 0; @@ -872,6 +904,8 @@ key_write(const Key *key, FILE *f) return 1; error("key_write: failed for RSA key"); return 0; +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT_V00: case KEY_DSA_CERT: @@ -883,17 +917,18 @@ key_write(const Key *key, FILE *f) if (key->ecdsa == NULL) return 0; break; - case KEY_ED25519: - case KEY_ED25519_CERT: - if (key->ed25519_pk == NULL) - return 0; - break; case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: if (key->rsa == NULL) return 0; break; +#endif + case KEY_ED25519: + case KEY_ED25519_CERT: + if (key->ed25519_pk == NULL) + return 0; + break; default: return 0; } @@ -932,10 +967,12 @@ struct keytype { int cert; }; static const struct keytype keytypes[] = { +#ifdef WITH_OPENSSL +#ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0 }, +#endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, - { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, @@ -951,6 +988,8 @@ static const struct keytype keytypes[] = { KEY_RSA_CERT_V00, 0, 1 }, { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", KEY_DSA_CERT_V00, 0, 1 }, +#endif + { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1 }, { NULL, NULL, -1, -1, 0 } @@ -1075,6 +1114,7 @@ u_int key_size(const Key *k) { switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT_V00: @@ -1084,15 +1124,17 @@ key_size(const Key *k) case KEY_DSA_CERT_V00: case KEY_DSA_CERT: return BN_num_bits(k->dsa->p); - case KEY_ED25519: - return 256; /* XXX */ case KEY_ECDSA: case KEY_ECDSA_CERT: return key_curve_nid_to_bits(k->ecdsa_nid); +#endif + case KEY_ED25519: + return 256; /* XXX */ } return 0; } +#ifdef WITH_OPENSSL static RSA * rsa_generate_private_key(u_int bits) { @@ -1201,12 +1243,14 @@ ecdsa_generate_private_key(u_int bits, int *nid) EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); return private; } +#endif Key * key_generate(int type, u_int bits) { Key *k = key_new(KEY_UNSPEC); switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA: k->dsa = dsa_generate_private_key(bits); break; @@ -1217,16 +1261,17 @@ key_generate(int type, u_int bits) case KEY_RSA1: k->rsa = rsa_generate_private_key(bits); break; - case KEY_ED25519: - k->ed25519_pk = xmalloc(ED25519_PK_SZ); - k->ed25519_sk = xmalloc(ED25519_SK_SZ); - crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); - break; case KEY_RSA_CERT_V00: case KEY_DSA_CERT_V00: case KEY_RSA_CERT: case KEY_DSA_CERT: fatal("key_generate: cert keys cannot be generated directly"); +#endif + case KEY_ED25519: + k->ed25519_pk = xmalloc(ED25519_PK_SZ); + k->ed25519_sk = xmalloc(ED25519_SK_SZ); + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + break; default: fatal("key_generate: unknown type %d", type); } @@ -1284,6 +1329,7 @@ key_from_private(const Key *k) { Key *n = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT_V00: case KEY_DSA_CERT: @@ -1313,6 +1359,7 @@ key_from_private(const Key *k) (BN_copy(n->rsa->e, k->rsa->e) == NULL)) fatal("key_from_private: BN_copy failed"); break; +#endif case KEY_ED25519: case KEY_ED25519_CERT: n = key_new(k->type); @@ -1505,6 +1552,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) goto out; } switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA_CERT: (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ /* FALLTHROUGH */ @@ -1514,10 +1562,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { error("key_from_blob: can't read rsa key"); - badkey: - key_free(key); - key = NULL; - goto out; + goto badkey; } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); @@ -1575,6 +1620,7 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); #endif break; +#endif case KEY_ED25519_CERT: (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ /* FALLTHROUGH */ @@ -1614,6 +1660,11 @@ key_from_blob2(const u_char *blob, u_int blen, int allow_cert) EC_POINT_free(q); buffer_free(&b); return key; + + badkey: + key_free(key); + key = NULL; + goto out; } Key * @@ -1639,16 +1690,19 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) buffer_init(&b); type = force_plain ? key_type_plain(key->type) : key->type; switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_RSA_CERT_V00: case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_RSA_CERT: +#endif case KEY_ED25519_CERT: /* Use the existing blob */ buffer_append(&b, buffer_ptr(&key->cert->certblob), buffer_len(&key->cert->certblob)); break; +#ifdef WITH_OPENSSL case KEY_DSA: buffer_put_cstring(&b, key_ssh_name_from_type_nid(type, key->ecdsa_nid)); @@ -1670,6 +1724,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) buffer_put_bignum2(&b, key->rsa->e); buffer_put_bignum2(&b, key->rsa->n); break; +#endif case KEY_ED25519: buffer_put_cstring(&b, key_ssh_name_from_type_nid(type, key->ecdsa_nid)); @@ -1705,6 +1760,7 @@ key_sign( const u_char *data, u_int datalen) { switch (key->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: case KEY_DSA: @@ -1716,6 +1772,7 @@ key_sign( case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_sign(key, sigp, lenp, data, datalen); +#endif case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_sign(key, sigp, lenp, data, datalen); @@ -1739,6 +1796,7 @@ key_verify( return -1; switch (key->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: case KEY_DSA: @@ -1750,6 +1808,7 @@ key_verify( case KEY_RSA_CERT: case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); +#endif case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); @@ -1776,6 +1835,7 @@ key_demote(const Key *k) pk->ed25519_sk = NULL; switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA_CERT_V00: case KEY_RSA_CERT: key_cert_copy(k, pk); @@ -1815,6 +1875,7 @@ key_demote(const Key *k) EC_KEY_get0_public_key(k->ecdsa)) != 1) fatal("key_demote: EC_KEY_set_public_key failed"); break; +#endif case KEY_ED25519_CERT: key_cert_copy(k, pk); /* FALLTHROUGH */ @@ -1944,6 +2005,7 @@ key_certify(Key *k, Key *ca) /* XXX this substantially duplicates to_blob(); refactor */ switch (k->type) { +#ifdef WITH_OPENSSL case KEY_DSA_CERT_V00: case KEY_DSA_CERT: buffer_put_bignum2(&k->cert->certblob, k->dsa->p); @@ -1963,6 +2025,7 @@ key_certify(Key *k, Key *ca) buffer_put_bignum2(&k->cert->certblob, k->rsa->e); buffer_put_bignum2(&k->cert->certblob, k->rsa->n); break; +#endif case KEY_ED25519_CERT: buffer_put_string(&k->cert->certblob, k->ed25519_pk, ED25519_PK_SZ); @@ -2087,6 +2150,7 @@ key_cert_is_legacy(const Key *k) } } +#ifdef WITH_OPENSSL /* XXX: these are really begging for a table-driven approach */ int key_curve_name_to_nid(const char *name) @@ -2272,6 +2336,7 @@ key_ec_validate_private(const EC_KEY *key) BN_CTX_free(bnctx); return ret; } +#endif #if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) void @@ -2322,6 +2387,7 @@ key_private_serialize(const Key *key, Buffer *b) { buffer_put_cstring(b, key_ssh_name(key)); switch (key->type) { +#ifdef WITH_OPENSSL case KEY_RSA: buffer_put_bignum2(b, key->rsa->n); buffer_put_bignum2(b, key->rsa->e); @@ -2369,6 +2435,7 @@ key_private_serialize(const Key *key, Buffer *b) buffer_len(&key->cert->certblob)); buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); break; +#endif case KEY_ED25519: buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); @@ -2387,17 +2454,21 @@ key_private_serialize(const Key *key, Buffer *b) Key * key_private_deserialize(Buffer *blob) { - char *type_name, *curve; + char *type_name; Key *k = NULL; - BIGNUM *exponent; - EC_POINT *q; u_char *cert; u_int len, pklen, sklen; int type; +#ifdef WITH_OPENSSL + char *curve; + BIGNUM *exponent; + EC_POINT *q; +#endif type_name = buffer_get_string(blob, NULL); type = key_type_from_name(type_name); switch (type) { +#ifdef WITH_OPENSSL case KEY_DSA: k = key_new_private(type); buffer_get_bignum2(blob, k->dsa->p); @@ -2490,6 +2561,7 @@ key_private_deserialize(Buffer *blob) buffer_get_bignum2(blob, k->rsa->p); buffer_get_bignum2(blob, k->rsa->q); break; +#endif case KEY_ED25519: k = key_new_private(type); k->ed25519_pk = buffer_get_string(blob, &pklen); @@ -2525,6 +2597,7 @@ key_private_deserialize(Buffer *blob) /* enable blinding */ switch (k->type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT_V00: case KEY_RSA_CERT: @@ -2535,6 +2608,7 @@ key_private_deserialize(Buffer *blob) return NULL; } break; +#endif } return k; } diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile index 8a14f5fa604..506a652048e 100644 --- a/usr.bin/ssh/lib/Makefile +++ b/usr.bin/ssh/lib/Makefile @@ -1,21 +1,28 @@ -# $OpenBSD: Makefile,v 1.75 2014/04/22 11:47:55 henning Exp $ +# $OpenBSD: Makefile,v 1.76 2014/04/29 18:01:49 markus Exp $ .PATH: ${.CURDIR}/.. .include "${.CURDIR}/../Makefile.inc" LIB= ssh -SRCS= authfd.c authfile.c bufaux.c bufec.c bufbn.c buffer.c canohost.c \ - channels.c cipher.c cipher-3des1.c cipher-bf1.c \ +SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c \ + channels.c cipher.c \ cleanup.c compat.c compress.c crc32.c deattack.c fatal.c \ hostfile.c log.c match.c nchan.c packet.c readpass.c \ - rsa.c ttymodes.c xmalloc.c atomicio.c \ + ttymodes.c xmalloc.c atomicio.c \ key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ + msg.c progressmeter.c dns.c \ + monitor_fdpass.c addrmatch.c \ + smult_curve25519_ref.c kexc25519.c kexc25519c.c \ + chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c + +.if (${OPENSSL:L} == "yes") +SRCS+= bufec.c bufbn.c cipher-3des1.c cipher-bf1.c rsa.c \ ssh-dss.c ssh-rsa.c ssh-ecdsa.c dh.c kexdh.c kexgex.c kexecdh.c \ - kexdhc.c kexgexc.c kexecdhc.c msg.c progressmeter.c dns.c \ - monitor_fdpass.c umac.c addrmatch.c ssh-pkcs11.c \ - krl.c smult_curve25519_ref.c kexc25519.c kexc25519c.c \ - chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c \ - digest-openssl.c hmac.c + kexdhc.c kexgexc.c kexecdhc.c umac.c ssh-pkcs11.c \ + krl.c digest-openssl.c +.else +SRCS+= digest-libc.c rijndael.c cipher-aesctr.c +.endif # ed25519, from supercop SRCS+= sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c index e0bdbb3dba5..fa18e577ca7 100644 --- a/usr.bin/ssh/mac.c +++ b/usr.bin/ssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -67,8 +67,10 @@ static const struct macalg macs[] = { { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 }, { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, { "hmac-ripemd160@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 }, +#ifdef WITH_OPENSSL { "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 }, { "umac-128@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 }, +#endif /* Encrypt-then-MAC variants */ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, @@ -78,8 +80,10 @@ static const struct macalg macs[] = { { "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 }, { "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 }, { "hmac-ripemd160-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 }, +#ifdef WITH_OPENSSL { "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 }, { "umac-128-etm@openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 }, +#endif { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -112,9 +116,11 @@ mac_setup_by_alg(Mac *mac, const struct macalg *macalg) fatal("ssh_hmac_start(alg=%d) failed", macalg->alg); mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg); } else { +#ifdef WITH_OPENSSL mac->mac_len = macalg->len / 8; mac->key_len = macalg->key_len / 8; mac->umac_ctx = NULL; +#endif } if (macalg->truncatebits != 0) mac->mac_len = macalg->truncatebits / 8; @@ -150,12 +156,14 @@ mac_init(Mac *mac) ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0) return -1; return 0; +#ifdef WITH_OPENSSL case SSH_UMAC: mac->umac_ctx = umac_new(mac->key); return 0; case SSH_UMAC128: mac->umac_ctx = umac128_new(mac->key); return 0; +#endif default: return -1; } @@ -168,7 +176,10 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) u_char m[EVP_MAX_MD_SIZE]; u_int64_t for_align; } u; - u_char b[4], nonce[8]; + u_char b[4]; +#ifdef WITH_OPENSSL + u_char nonce[8]; +#endif if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %zu", @@ -184,6 +195,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0) fatal("ssh_hmac failed"); break; +#ifdef WITH_OPENSSL case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); @@ -194,6 +206,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; +#endif default: fatal("mac_compute: unknown MAC type"); } @@ -203,6 +216,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) void mac_clear(Mac *mac) { +#ifdef WITH_OPENSSL if (mac->type == SSH_UMAC) { if (mac->umac_ctx != NULL) umac_delete(mac->umac_ctx); @@ -210,6 +224,7 @@ mac_clear(Mac *mac) if (mac->umac_ctx != NULL) umac128_delete(mac->umac_ctx); } else if (mac->hmac_ctx != NULL) +#endif ssh_hmac_free(mac->hmac_ctx); mac->hmac_ctx = NULL; mac->umac_ctx = NULL; diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 703031a9bc5..5fe12a6c0bd 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.132 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -32,7 +32,9 @@ #include #include +#ifdef WITH_OPENSSL #include +#endif #include #include @@ -149,7 +151,10 @@ int mm_answer_gss_checkmic(int, Buffer *); static int monitor_read_log(struct monitor *); static Authctxt *authctxt; + +#ifdef WITH_SSH1 static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ +#endif /* local state for key verify */ static u_char *key_blob = NULL; @@ -179,7 +184,9 @@ struct mon_table { #define MON_PERMIT 0x1000 /* Request is permitted */ struct mon_table mon_dispatch_proto20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, @@ -199,7 +206,9 @@ struct mon_table mon_dispatch_proto20[] = { }; struct mon_table mon_dispatch_postauth20[] = { +#ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, +#endif {MONITOR_REQ_SIGN, 0, mm_answer_sign}, {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, @@ -208,6 +217,7 @@ struct mon_table mon_dispatch_postauth20[] = { }; struct mon_table mon_dispatch_proto15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, @@ -218,13 +228,16 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, +#endif {0, 0, NULL} }; struct mon_table mon_dispatch_postauth15[] = { +#ifdef WITH_SSH1 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#endif {0, 0, NULL} }; @@ -538,6 +551,7 @@ monitor_reset_key_state(void) hostbased_chost = NULL; } +#ifdef WITH_OPENSSL int mm_answer_moduli(int sock, Buffer *m) { @@ -572,6 +586,7 @@ mm_answer_moduli(int sock, Buffer *m) mm_request_send(sock, MONITOR_ANS_MODULI, m); return (0); } +#endif extern AuthenticationConnection *auth_conn; @@ -882,6 +897,7 @@ mm_answer_keyallowed(int sock, Buffer *m) cuser, chost); auth_method = "hostbased"; break; +#ifdef WITH_SSH1 case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && @@ -891,6 +907,7 @@ mm_answer_keyallowed(int sock, Buffer *m) auth_clear_options(); auth_method = "rsa"; break; +#endif default: fatal("%s: unknown key type %d", __func__, type); break; @@ -1227,6 +1244,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) return (0); } +#ifdef WITH_SSH1 int mm_answer_sesskey(int sock, Buffer *m) { @@ -1404,6 +1422,7 @@ mm_answer_rsa_response(int sock, Buffer *m) return (success); } +#endif int mm_answer_term(int sock, Buffer *req) @@ -1497,11 +1516,13 @@ mm_get_kex(Buffer *m) timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index b001ffd5adc..4dec4448c58 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -36,13 +36,16 @@ #include #include +#ifdef WITH_OPENSSL #include #include -#include +#endif #include "xmalloc.h" #include "ssh.h" +#ifdef WITH_OPENSSL #include "dh.h" +#endif #include "buffer.h" #include "key.h" #include "cipher.h" @@ -165,6 +168,7 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) rtype, type); } +#ifdef WITH_OPENSSL DH * mm_choose_dh(int min, int nbits, int max) { @@ -198,6 +202,7 @@ mm_choose_dh(int min, int nbits, int max) return (dh_new_group(g, p)); } +#endif int mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) @@ -767,6 +772,7 @@ mm_terminate(void) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_ssh1_session_key(BIGNUM *num) { @@ -786,6 +792,7 @@ mm_ssh1_session_key(BIGNUM *num) return (rsafail); } +#endif static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, @@ -873,6 +880,7 @@ mm_ssh1_session_id(u_char session_id[16]) buffer_free(&m); } +#ifdef WITH_SSH1 int mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { @@ -968,6 +976,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) return (success); } +#endif #ifdef GSSAPI OM_uint32 diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index ef60dae5da2..9e079625806 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifdef WITH_OPENSSL + #define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org," \ "ecdh-sha2-nistp256," \ @@ -85,6 +87,30 @@ "hmac-sha1-96," \ "hmac-md5-96" +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "chacha20-poly1305@openssh.com" +#define KEX_SERVER_MAC \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-sha1-etm@openssh.com," \ + "hmac-sha1" + +#endif /* WITH_OPENSSL */ + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index fae025c9e96..fe2af2d5c21 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.194 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.195 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -621,6 +621,7 @@ packet_put_raw(const void *buf, u_int len) buffer_append(&active_state->outgoing_packet, buf, len); } +#ifdef WITH_OPENSSL void packet_put_bignum(BIGNUM * value) { @@ -638,6 +639,7 @@ packet_put_ecpoint(const EC_GROUP *curve, const EC_POINT *point) { buffer_put_ecpoint(&active_state->outgoing_packet, curve, point); } +#endif /* * Finalizes and sends the packet. If the encryption key has been set, @@ -1557,6 +1559,7 @@ packet_get_int64(void) * must have been initialized before this call. */ +#ifdef WITH_OPENSSL void packet_get_bignum(BIGNUM * value) { @@ -1574,6 +1577,7 @@ packet_get_ecpoint(const EC_GROUP *curve, EC_POINT *point) { buffer_get_ecpoint(&active_state->incoming_packet, curve, point); } +#endif void * packet_get_raw(u_int *length_ptr) diff --git a/usr.bin/ssh/roaming_client.c b/usr.bin/ssh/roaming_client.c index 50b9d764ee4..bf4361b842d 100644 --- a/usr.bin/ssh/roaming_client.c +++ b/usr.bin/ssh/roaming_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: roaming_client.c,v 1.8 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -24,9 +24,6 @@ #include #include -#include -#include - #include "xmalloc.h" #include "buffer.h" #include "channels.h" diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index fe68d9ad74f..44f2d339d6f 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.185 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,7 +43,9 @@ #include #include +#ifdef WITH_OPENSSL #include +#endif #include #include @@ -207,9 +209,11 @@ process_request_identities(SocketEntry *e, int version) buffer_put_int(&msg, tab->nentries); TAILQ_FOREACH(id, &tab->idlist, next) { if (id->key->type == KEY_RSA1) { +#ifdef WITH_SSH1 buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); buffer_put_bignum(&msg, id->key->rsa->e); buffer_put_bignum(&msg, id->key->rsa->n); +#endif } else { u_char *blob; u_int blen; @@ -224,6 +228,7 @@ process_request_identities(SocketEntry *e, int version) buffer_free(&msg); } +#ifdef WITH_SSH1 /* ssh1 only */ static void process_authentication_challenge1(SocketEntry *e) @@ -294,6 +299,7 @@ send: BN_clear_free(challenge); buffer_free(&msg); } +#endif /* ssh2 only */ static void @@ -719,6 +725,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_UNLOCK: process_lock_agent(e, type == SSH_AGENTC_LOCK); break; +#ifdef WITH_SSH1 /* ssh1 */ case SSH_AGENTC_RSA_CHALLENGE: process_authentication_challenge1(e); @@ -736,6 +743,7 @@ process_message(SocketEntry *e) case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: process_remove_all_identities(e, 1); break; +#endif /* ssh2 */ case SSH2_AGENTC_SIGN_REQUEST: process_sign_request2(e); @@ -1016,7 +1024,9 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { switch (ch) { diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index acb6f0d5cca..08ac3428e36 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -190,6 +190,7 @@ type_bits_valid(int type, u_int32_t *bitsp) fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); exit(1); } +#ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) @@ -197,6 +198,7 @@ type_bits_valid(int type, u_int32_t *bitsp) else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) fatal("Invalid ECDSA key length - valid lengths are " "256, 384 or 521 bits"); +#endif } static void @@ -271,6 +273,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb +#ifdef WITH_OPENSSL static void do_convert_to_ssh2(struct passwd *pw, Key *k) { @@ -698,6 +701,7 @@ do_convert_from(struct passwd *pw) key_free(k); exit(0); } +#endif static void do_print_public(struct passwd *pw) @@ -1574,7 +1578,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } } +#ifdef ENABLE_PKCS11 pkcs11_init(1); +#endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { if ((ca = load_pkcs11_key(tmp)) == NULL) @@ -1657,7 +1663,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) key_free(public); free(out); } +#ifdef ENABLE_PKCS11 pkcs11_terminate(); +#endif exit(0); } @@ -1908,6 +1916,7 @@ do_show_cert(struct passwd *pw) exit(0); } +#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2130,6 +2139,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv) ssh_krl_free(krl); exit(ret); } +#endif static void usage(void) @@ -2429,6 +2439,7 @@ main(int argc, char **argv) printf("Cannot use -l with -H or -R.\n"); usage(); } +#ifdef WITH_OPENSSL if (gen_krl) { do_gen_krl(pw, update_krl, argc, argv); return (0); @@ -2437,6 +2448,7 @@ main(int argc, char **argv) do_check_krl(pw, argc, argv); return (0); } +#endif if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); @@ -2454,10 +2466,12 @@ main(int argc, char **argv) do_change_passphrase(pw); if (change_comment) do_change_comment(pw); +#ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); if (convert_from) do_convert_from(pw); +#endif if (print_public) do_print_public(pw); if (rr_hostname != NULL) { diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 61fd5bbd22c..bb5d74e9ce1 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.92 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -167,6 +167,7 @@ strnnsep(char **stringp, char *delim) return (tok); } +#ifdef WITH_SSH1 static Key * keygrab_ssh1(con *c) { @@ -200,6 +201,7 @@ keygrab_ssh1(con *c) return (rsa); } +#endif static int hostjump(Key *hostkey) @@ -238,11 +240,13 @@ keygrab_ssh2(con *c) (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); c->c_kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client; c->c_kex->verify_host_key = hostjump; @@ -492,10 +496,12 @@ conread(int s) c->c_data = xmalloc(c->c_len); c->c_status = CS_KEYS; break; +#ifdef WITH_SSH1 case CS_KEYS: keyprint(c, keygrab_ssh1(c)); confree(s); return; +#endif default: fatal("conread: invalid status %d", c->c_status); break; diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 96de058f85e..1da6eb7adce 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.41 2014/04/19 14:53:48 tedu Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.42 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -198,8 +198,11 @@ main(int argc, char **argv) keys[i] = NULL; if (key_fd[i] == -1) continue; +#ifdef WITH_OPENSSL +/* XXX wrong api */ keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); +#endif close(key_fd[i]); if (keys[i] != NULL) found = 1; diff --git a/usr.bin/ssh/ssh-pkcs11.h b/usr.bin/ssh/ssh-pkcs11.h index 59f456adf09..4d2efda13f1 100644 --- a/usr.bin/ssh/ssh-pkcs11.h +++ b/usr.bin/ssh/ssh-pkcs11.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -18,3 +18,7 @@ int pkcs11_init(int); void pkcs11_terminate(void); int pkcs11_add_provider(char *, char *, Key ***); int pkcs11_del_provider(char *); + +#if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) +#undef ENABLE_PKCS11 +#endif diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index b26604bddc9..ad5202eed0b 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.402 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -64,8 +64,10 @@ #include #include +#ifdef WITH_OPENSSL #include #include +#endif #include "xmalloc.h" #include "ssh.h" @@ -603,7 +605,13 @@ main(int ac, char **av) break; case 'V': fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_VERSION, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); if (opt == 'V') exit(0); break; @@ -800,8 +808,10 @@ main(int ac, char **av) host_arg = xstrdup(host); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); +#endif /* Initialize the command to execute on remote host. */ buffer_init(&command); @@ -848,7 +858,13 @@ main(int ac, char **av) SYSLOG_FACILITY_USER, !use_syslog); if (debug_flag) - logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + logit("%s, %s", SSH_VERSION, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); /* Parse the configuration files */ process_config_files(pw); diff --git a/usr.bin/ssh/ssh/Makefile b/usr.bin/ssh/ssh/Makefile index 530993d121c..ed46c36fcfb 100644 --- a/usr.bin/ssh/ssh/Makefile +++ b/usr.bin/ssh/ssh/Makefile @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile,v 1.62 2013/07/20 01:55:13 djm Exp $ +# $OpenBSD: Makefile,v 1.63 2014/04/29 18:01:49 markus Exp $ .PATH: ${.CURDIR}/.. +.include "${.CURDIR}/../Makefile.inc" PROG= ssh BINOWN= root @@ -13,11 +14,15 @@ LINKS= ${BINDIR}/ssh ${BINDIR}/slogin MLINKS= ssh.1 slogin.1 SRCS= ssh.c readconf.c clientloop.c sshtty.c \ - sshconnect.c sshconnect1.c sshconnect2.c mux.c \ + sshconnect.c sshconnect2.c mux.c \ roaming_common.c roaming_client.c .include +.if (${OPENSSL:L} == "yes") +SRCS+= sshconnect1.c +.endif + KERBEROS5=no .if (${KERBEROS5:L} == "yes") @@ -32,5 +37,10 @@ LDADD+= -lgssapi -lkrb5 -lasn1 LDADD+= -lwind -lroken -lcom_err -lpthread -lheimbase .endif # KERBEROS5 -LDADD+= -lcrypto -lutil -lz -DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} +.if (${OPENSSL:L} == "yes") +LDADD+= -lcrypto -lutil +DPADD+= ${LIBCRYPTO} ${LIBUTIL} +.endif + +LDADD+= -lz +DPADD+= ${LIBZ} diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index f01fb856e26..9ee8006e454 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.247 2014/04/01 03:34:10 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.248 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1266,8 +1266,12 @@ ssh_login(Sensitive *sensitive, const char *orighost, ssh_kex2(host, hostaddr, port); ssh_userauth2(local_user, server_user, host, sensitive); } else { +#ifdef WITH_SSH1 ssh_kex(host, hostaddr); ssh_userauth1(local_user, server_user, host, sensitive); +#else + fatal("ssh1 is not unsupported"); +#endif } free(local_user); } diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 8e7e7ca75b7..e0d2dc990a6 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.206 2014/04/18 23:52:25 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.207 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -199,11 +199,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->kex[KEX_ECDH_SHA2] = kexecdh_client; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 0e1c1d37bab..57160cf11ad 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.425 2014/04/19 14:53:48 tedu Exp $ */ +/* $OpenBSD: sshd.c,v 1.426 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -62,8 +62,9 @@ #include #include -#include +#ifdef WITH_OPENSSL #include +#endif #include "xmalloc.h" #include "ssh.h" @@ -81,7 +82,6 @@ #include "digest.h" #include "key.h" #include "kex.h" -#include "dh.h" #include "myproposal.h" #include "authfile.h" #include "pathnames.h" @@ -235,7 +235,9 @@ Buffer loginmsg; void destroy_sensitive_data(void); void demote_sensitive_data(void); +#ifdef WITH_SSH1 static void do_ssh1_kex(void); +#endif static void do_ssh2_kex(void); /* @@ -696,7 +698,6 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { - if (authctxt->pw->pw_uid == 0 || options.use_login) { /* File descriptor passing is broken or root login */ use_privsep = 0; @@ -900,7 +901,13 @@ static void usage(void) { fprintf(stderr, "%s, %s\n", - SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + SSH_VERSION, +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); fprintf(stderr, "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" " [-E log_file] [-f config_file] [-g login_grace_time]\n" @@ -932,6 +939,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_init(&m); buffer_put_cstring(&m, buffer_ptr(conf)); +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { buffer_put_int(&m, 1); @@ -942,6 +950,7 @@ send_rexec_state(int fd, Buffer *conf) buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); } else +#endif buffer_put_int(&m, 0); if (ssh_msg_send(fd, 0, &m) == -1) @@ -974,6 +983,7 @@ recv_rexec_state(int fd, Buffer *conf) free(cp); if (buffer_get_int(&m)) { +#ifdef WITH_SSH1 if (sensitive_data.server_key != NULL) key_free(sensitive_data.server_key); sensitive_data.server_key = key_new_private(KEY_RSA1); @@ -985,6 +995,9 @@ recv_rexec_state(int fd, Buffer *conf) buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); rsa_generate_additional_parameters( sensitive_data.server_key->rsa); +#else + fatal("ssh1 not supported"); +#endif } buffer_free(&m); @@ -1467,7 +1480,9 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); +#endif /* If requested, redirect the logs to the specified logfile. */ if (logfile != NULL) { @@ -1556,7 +1571,12 @@ main(int ac, char **av) } debug("sshd version %s, %s", SSH_VERSION, - SSLeay_version(SSLEAY_VERSION)); +#ifdef WITH_OPENSSL + SSLeay_version(SSLEAY_VERSION) +#else + "without OpenSSL" +#endif + ); /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, @@ -1664,6 +1684,8 @@ main(int ac, char **av) debug("host certificate: #%d type %d %s", j, key->type, key_type(key)); } + +#ifdef WITH_SSH1 /* Check certain values for sanity. */ if (options.protocol & SSH_PROTO_1) { if (options.server_key_bits < 512 || @@ -1688,6 +1710,7 @@ main(int ac, char **av) options.server_key_bits); } } +#endif if (use_privsep) { struct stat st; @@ -1939,8 +1962,12 @@ main(int ac, char **av) do_ssh2_kex(); do_authentication2(authctxt); } else { +#ifdef WITH_SSH1 do_ssh1_kex(); do_authentication(authctxt); +#else + fatal("ssh1 not supported"); +#endif } /* * If we use privilege separation, the unprivileged child transfers @@ -1996,6 +2023,7 @@ main(int ac, char **av) exit(0); } +#ifdef WITH_SSH1 /* * Decrypt session_key_int using our private server key and private host key * (key with larger modulus first). @@ -2045,6 +2073,7 @@ ssh1_session_key(BIGNUM *session_key_int) } return (rsafail); } + /* * SSH1 key exchange */ @@ -2222,6 +2251,7 @@ do_ssh1_kex(void) packet_send(); packet_write_wait(); } +#endif void sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, @@ -2284,11 +2314,13 @@ do_ssh2_kex(void) /* start key exchange */ kex = kex_setup(myproposal); +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile index f581d47dabf..642860b92ce 100644 --- a/usr.bin/ssh/sshd/Makefile +++ b/usr.bin/ssh/sshd/Makefile @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile,v 1.82 2014/03/26 19:58:37 tedu Exp $ +# $OpenBSD: Makefile,v 1.83 2014/04/29 18:01:49 markus Exp $ .PATH: ${.CURDIR}/.. +.include "${.CURDIR}/../Makefile.inc" PROG= sshd BINOWN= root @@ -8,17 +9,22 @@ BINMODE=555 BINDIR= /usr/sbin MAN= sshd.8 sshd_config.5 -SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ +SRCS= sshd.c auth-rhosts.c auth-passwd.c \ sshpty.c sshlogin.c servconf.c serverloop.c \ - auth.c auth1.c auth2.c auth-options.c session.c \ + auth.c auth2.c auth-options.c session.c \ auth-chall.c auth2-chall.c groupaccess.c \ auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ monitor_mm.c monitor.c monitor_wrap.c \ - kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \ + sftp-server.c sftp-common.c \ roaming_common.c roaming_serv.c sandbox-systrace.c \ kexc25519s.c +.if (${OPENSSL:L} == "yes") +SRCS+= auth-rsa.c auth-rh-rsa.c auth1.c \ + kexdhs.c kexgexs.c kexecdhs.c +.endif + .include # for KERBEROS and AFS KERBEROS5=no @@ -36,5 +42,10 @@ LDADD+= -lwind -lroken -lcom_err -lpthread -lheimbase -lkafs DPADD+= ${LIBGSSAPI} ${LIBKRB5} .endif -LDADD+= -lcrypto -lutil -lz -DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} +.if (${OPENSSL:L} == "yes") +LDADD+= -lcrypto -lutil +DPADD+= ${LIBCRYPTO} ${LIBUTIL} +.endif + +LDADD+= -lz +DPADD+= ${LIBZ} -- 2.20.1