From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:24:09 +1000 Subject: - markus@cvs.openbsd.org 2014/04/29 18:01:49 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- authfile.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index 44994a81..7cb90113 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -43,9 +43,11 @@ #include #include +#ifdef WITH_OPENSSL #include #include #include +#endif /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, return k; } +#ifdef WITH_SSH1 /* * Serialises the authentication (private) key to a blob, encrypting it with * passphrase. The identification of the blob (lowest 64 bits of n) will @@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, return 1; } +#endif +#ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ static int key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, @@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, BIO_free(bio); return success; } +#endif /* Save a key blob to a file */ static int @@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, int new_format_rounds) { switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_private_rsa1_to_blob(key, blob, passphrase, comment); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: @@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, comment, new_format_cipher, new_format_rounds); } return key_private_pem_to_blob(key, blob, passphrase, comment); +#endif case KEY_ED25519: return key_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds); @@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, return success; } +#ifdef WITH_SSH1 /* * Parse the public, unencrypted portion of a RSA1 key. */ @@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) return pub; } +#endif /* Load a key from a fd into a buffer */ int @@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) return 1; } +#ifdef WITH_SSH1 /* * Loads the public part of the ssh v1 key file. Returns NULL if an error was * encountered (the file does not exist or is not readable), and the key @@ -870,7 +883,9 @@ fail: key_free(prv); return NULL; } +#endif +#ifdef WITH_OPENSSL static Key * key_parse_private_pem(Buffer *blob, int type, const char *passphrase, char **commentp) @@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, buffer_free(&buffer); return prv; } +#endif int key_perm_ok(int fd, const char *filename) @@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, Key *k; switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_parse_private_rsa1(blob, passphrase, commentp); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: return key_parse_private_pem(blob, type, passphrase, commentp); +#endif case KEY_ED25519: return key_parse_private2(blob, type, passphrase, commentp); case KEY_UNSPEC: if ((k = key_parse_private2(blob, type, passphrase, commentp))) return k; +#ifdef WITH_OPENSSL return key_parse_private_pem(blob, type, passphrase, commentp); +#endif default: error("%s: cannot parse key type %d", __func__, type); break; @@ -1061,6 +1083,7 @@ Key * key_parse_private(Buffer *buffer, const char *filename, const char *passphrase, char **commentp) { +#ifdef WITH_SSH1 Key *pub, *prv; /* it's a SSH v1 key if the public key part is readable */ @@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename, NULL); } return prv; +#else + return key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, commentp); +#endif } Key * @@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp) Key *pub; char file[MAXPATHLEN]; +#ifdef WITH_SSH1 /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) @@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp) if (key_try_load_public(pub, filename, commentp) == 1) return pub; key_free(pub); +#endif /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); @@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, Key *key, *pub; switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_DSA: case KEY_ECDSA: +#endif case KEY_ED25519: break; default: -- cgit v1.2.1