diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | auth.c | 6 | ||||
| -rw-r--r-- | authfd.c | 22 | ||||
| -rw-r--r-- | authfile.c | 33 | ||||
| -rw-r--r-- | bufaux.c | 4 | ||||
| -rw-r--r-- | cipher-aesctr.c | 78 | ||||
| -rw-r--r-- | cipher-aesctr.h | 35 | ||||
| -rw-r--r-- | cipher.c | 88 | ||||
| -rw-r--r-- | cipher.h | 4 | ||||
| -rw-r--r-- | hostfile.c | 8 | ||||
| -rw-r--r-- | kex.c | 18 | ||||
| -rw-r--r-- | key.c | 115 | ||||
| -rw-r--r-- | mac.c | 19 | ||||
| -rw-r--r-- | monitor.c | 23 | ||||
| -rw-r--r-- | monitor_wrap.c | 12 | ||||
| -rw-r--r-- | myproposal.h | 27 | ||||
| -rw-r--r-- | packet.c | 6 | ||||
| -rw-r--r-- | roaming_client.c | 5 | ||||
| -rw-r--r-- | ssh-agent.c | 12 | ||||
| -rw-r--r-- | ssh-keygen.c | 16 | ||||
| -rw-r--r-- | ssh-keyscan.c | 8 | ||||
| -rw-r--r-- | ssh-keysign.c | 5 | ||||
| -rw-r--r-- | ssh-pkcs11.h | 6 | ||||
| -rw-r--r-- | ssh.c | 22 | ||||
| -rw-r--r-- | sshconnect.c | 6 | ||||
| -rw-r--r-- | sshconnect2.c | 4 | ||||
| -rw-r--r-- | sshd.c | 42 |
27 files changed, 560 insertions, 72 deletions
@@ -36,6 +36,14 @@ bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@ + - markus@cvs.openbsd.org 2014/04/29 18:01:49 + [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] + [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] + [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] + [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] + make compiling against OpenSSL optional (make OPENSSL=no); + reduces algorithms to curve25519, aes-ctr, chacha, ed25519; + allows us to explore further options; with and ok djm 20140430 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -659,6 +659,7 @@ getpwnamallow(const char *user) int auth_key_is_revoked(Key *key) { +#ifdef WITH_OPENSSL char *key_fp; if (options.revoked_keys_file == NULL) @@ -671,6 +672,7 @@ auth_key_is_revoked(Key *key) default: goto revoked; } +#endif debug3("%s: treating %s as a key list", __func__, options.revoked_keys_file); switch (key_in_file(key, options.revoked_keys_file, 0)) { @@ -682,6 +684,7 @@ auth_key_is_revoked(Key *key) error("Revoked keys file is unreadable: refusing public key " "authentication"); return 1; +#ifdef WITH_OPENSSL case 1: revoked: /* Key revoked */ @@ -690,6 +693,7 @@ auth_key_is_revoked(Key *key) "%s key %s ", key_type(key), key_fp); free(key_fp); return 1; +#endif } fatal("key_in_file returned junk"); } @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -41,9 +41,6 @@ #include <sys/un.h> #include <sys/socket.h> -#include <openssl/evp.h> -#include <openssl/crypto.h> - #include <fcntl.h> #include <stdlib.h> #include <signal.h> @@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { +#ifdef WITH_SSH1 int keybits; u_int bits; +#endif u_char *blob; u_int blen; Key *key = NULL; @@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * error if the packet is too short or contains corrupt data. */ switch (version) { +#ifdef WITH_SSH1 case 1: key = key_new(KEY_RSA1); bits = buffer_get_int(&auth->identities); @@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; +#endif case 2: blob = buffer_get_string(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); @@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio * supported) and 1 corresponding to protocol version 1.1. */ +#ifdef WITH_SSH1 int ssh_decrypt_challenge(AuthenticationConnection *auth, Key* key, BIGNUM *challenge, @@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buffer_free(&buffer); return success; } +#endif /* ask agent to sign data, returns -1 on error, 0 on success */ int @@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth, /* Encode key for a message to the agent. */ +#ifdef WITH_SSH1 static void ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) { @@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ buffer_put_cstring(b, comment); } +#endif static void ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) @@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_init(&msg); switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: type = constrained ? SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : @@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, buffer_put_char(&msg, type); ssh_encode_identity_rsa1(&msg, key->rsa, comment); break; +#endif +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: case KEY_RSA_CERT_V00: @@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key, case KEY_DSA_CERT_V00: case KEY_ECDSA: case KEY_ECDSA_CERT: +#endif case KEY_ED25519: case KEY_ED25519_CERT: type = constrained ? @@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) buffer_init(&msg); +#ifdef WITH_SSH1 if (key->type == KEY_RSA1) { buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key->type != KEY_UNSPEC) { + } else +#endif + if (key->type != KEY_UNSPEC) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.106 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -43,9 +43,11 @@ #include <sys/param.h> #include <sys/uio.h> +#ifdef WITH_OPENSSL #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/pem.h> +#endif /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" @@ -419,6 +421,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, return k; } +#ifdef WITH_SSH1 /* * Serialises the authentication (private) key to a blob, encrypting it with * passphrase. The identification of the blob (lowest 64 bits of n) will @@ -508,7 +511,9 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, return 1; } +#endif +#ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ static int key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, @@ -558,6 +563,7 @@ key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase, BIO_free(bio); return success; } +#endif /* Save a key blob to a file */ static int @@ -588,8 +594,11 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, int new_format_rounds) { switch (key->type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_private_rsa1_to_blob(key, blob, passphrase, comment); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: @@ -598,6 +607,7 @@ key_private_to_blob(Key *key, Buffer *blob, const char *passphrase, comment, new_format_cipher, new_format_rounds); } return key_private_pem_to_blob(key, blob, passphrase, comment); +#endif case KEY_ED25519: return key_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds); @@ -627,6 +637,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase, return success; } +#ifdef WITH_SSH1 /* * Parse the public, unencrypted portion of a RSA1 key. */ @@ -671,6 +682,7 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) return pub; } +#endif /* Load a key from a fd into a buffer */ int @@ -727,6 +739,7 @@ key_load_file(int fd, const char *filename, Buffer *blob) return 1; } +#ifdef WITH_SSH1 /* * Loads the public part of the ssh v1 key file. Returns NULL if an error was * encountered (the file does not exist or is not readable), and the key @@ -870,7 +883,9 @@ fail: key_free(prv); return NULL; } +#endif +#ifdef WITH_OPENSSL static Key * key_parse_private_pem(Buffer *blob, int type, const char *passphrase, char **commentp) @@ -964,6 +979,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, buffer_free(&buffer); return prv; } +#endif int key_perm_ok(int fd, const char *filename) @@ -1000,18 +1016,24 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, Key *k; switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: return key_parse_private_rsa1(blob, passphrase, commentp); +#endif +#ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: return key_parse_private_pem(blob, type, passphrase, commentp); +#endif case KEY_ED25519: return key_parse_private2(blob, type, passphrase, commentp); case KEY_UNSPEC: if ((k = key_parse_private2(blob, type, passphrase, commentp))) return k; +#ifdef WITH_OPENSSL return key_parse_private_pem(blob, type, passphrase, commentp); +#endif default: error("%s: cannot parse key type %d", __func__, type); break; @@ -1061,6 +1083,7 @@ Key * key_parse_private(Buffer *buffer, const char *filename, const char *passphrase, char **commentp) { +#ifdef WITH_SSH1 Key *pub, *prv; /* it's a SSH v1 key if the public key part is readable */ @@ -1078,6 +1101,10 @@ key_parse_private(Buffer *buffer, const char *filename, NULL); } return prv; +#else + return key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, commentp); +#endif } Key * @@ -1162,6 +1189,7 @@ key_load_public(const char *filename, char **commentp) Key *pub; char file[MAXPATHLEN]; +#ifdef WITH_SSH1 /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) @@ -1172,6 +1200,7 @@ key_load_public(const char *filename, char **commentp) if (key_try_load_public(pub, filename, commentp) == 1) return pub; key_free(pub); +#endif /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); @@ -1211,9 +1240,11 @@ key_load_private_cert(int type, const char *filename, const char *passphrase, Key *key, *pub; switch (type) { +#ifdef WITH_OPENSSL case KEY_RSA: case KEY_DSA: case KEY_ECDSA: +#endif case KEY_ED25519: break; default: @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.58 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.59 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -41,8 +41,6 @@ #include <sys/types.h> -#include <openssl/bn.h> - #include <string.h> #include <stdarg.h> #include <stdlib.h> diff --git a/cipher-aesctr.c b/cipher-aesctr.c new file mode 100644 index 00000000..a4cf61e4 --- /dev/null +++ b/cipher-aesctr.c @@ -0,0 +1,78 @@ +/* $OpenBSD: cipher-aesctr.c,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2003 Markus Friedl <markus@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <string.h> + +#include "cipher-aesctr.h" + +/* + * increment counter 'ctr', + * the counter is of size 'len' bytes and stored in network-byte-order. + * (LSB at ctr[len-1], MSB at ctr[0]) + */ +static __inline__ void +aesctr_inc(u8 *ctr, u32 len) +{ + ssize_t i; + +#ifndef CONSTANT_TIME_INCREMENT + for (i = len - 1; i >= 0; i--) + if (++ctr[i]) /* continue on overflow */ + return; +#else + u8 x, add = 1; + + for (i = len - 1; i >= 0; i--) { + ctr[i] += add; + /* constant time for: x = ctr[i] ? 1 : 0 */ + x = ctr[i]; + x = (x | (x >> 4)) & 0xf; + x = (x | (x >> 2)) & 0x3; + x = (x | (x >> 1)) & 0x1; + add *= (x^1); + } +#endif +} + +void +aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + x->rounds = rijndaelKeySetupEnc(x->ek, k, kbits); +} + +void +aesctr_ivsetup(aesctr_ctx *x,const u8 *iv) +{ + memcpy(x->ctr, iv, AES_BLOCK_SIZE); +} + +void +aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 n = 0; + u8 buf[AES_BLOCK_SIZE]; + + while ((bytes--) > 0) { + if (n == 0) { + rijndaelEncrypt(x->ek, x->rounds, x->ctr, buf); + aesctr_inc(x->ctr, AES_BLOCK_SIZE); + } + *(c++) = *(m++) ^ buf[n]; + n = (n + 1) % AES_BLOCK_SIZE; + } +} diff --git a/cipher-aesctr.h b/cipher-aesctr.h new file mode 100644 index 00000000..85d55bba --- /dev/null +++ b/cipher-aesctr.h @@ -0,0 +1,35 @@ +/* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ +/* + * Copyright (c) 2014 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSH_AESCTR_H +#define OPENSSH_AESCTR_H + +#include "rijndael.h" + +#define AES_BLOCK_SIZE 16 + +typedef struct aesctr_ctx { + int rounds; /* keylen-dependent #rounds */ + u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ + u8 ctr[AES_BLOCK_SIZE]; /* counter */ +} aesctr_ctx; + +void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); +void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); +void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); + +#endif @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -53,9 +53,11 @@ /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" +#ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif struct Cipher { char *name; @@ -68,15 +70,23 @@ struct Cipher { u_int flags; #define CFLAG_CBC (1<<0) #define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); +#else + void *ignored; +#endif }; static const struct Cipher ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, +#ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, - +#endif +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, @@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = { { "aes256-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, #endif +#else /* WITH_OPENSSL */ + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif /* WITH_OPENSSL */ { "chacha20-poly1305@openssh.com", SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } @@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { +#ifdef WITH_OPENSSL static int dowarn = 1; #ifdef SSH_OLD_EVP EVP_CIPHER *type; @@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (keylen > 8) keylen = 8; } +#endif cc->plaintext = (cipher->number == SSH_CIPHER_NONE); cc->encrypt = do_encrypt; @@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher, chachapoly_init(&cc->cp_ctx, key, keylen); return; } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; + fatal("unsupported cipher"); +#else type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); #ifdef SSH_OLD_EVP @@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, free(junk); free(discard); } +#endif } /* @@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + fatal("unsupported cipher"); +#else if (authlen) { u_char lastiv[1]; @@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } return 0; +#endif } /* Extract the packet length, including any decryption necessary beforehand */ @@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); +#endif } /* @@ -455,14 +503,16 @@ int cipher_get_keyiv_len(const CipherContext *cc) { const Cipher *c = cc->cipher; - int ivlen; + int ivlen = 0; if (c->number == SSH_CIPHER_3DES) ivlen = 24; else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) ivlen = 0; +#ifdef WITH_OPENSSL else ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); +#endif return (ivlen); } @@ -470,15 +520,20 @@ void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) fatal("%s: wrong iv length %d != %d", __func__, len, 0); return; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(iv, cc->evp.iv, len); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -512,12 +570,17 @@ void cipher_set_keyiv(CipherContext *cc, u_char *iv) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen = 0; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(cc->evp.iv, iv, evplen); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) int cipher_get_keycontext(const CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen = 0; @@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return (0); +#endif } void cipher_set_keycontext(CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen; @@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: cipher.h,v 1.45 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -39,6 +39,7 @@ #include <openssl/evp.h> #include "cipher-chachapoly.h" +#include "cipher-aesctr.h" /* * Cipher types for SSH-1. New types can be added, but old types should not @@ -69,6 +70,7 @@ struct CipherContext { int encrypt; EVP_CIPHER_CTX evp; struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ const Cipher *cipher; }; @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.56 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -182,6 +182,7 @@ static int hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, u_long linenum) { +#ifdef WITH_SSH1 if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; if (bits != BN_num_bits(key->rsa->n)) { @@ -191,6 +192,7 @@ hostfile_check_key(int bits, const Key *key, const char *host, logit("Warning: replace %d with %d in %s, line %lu.", bits, BN_num_bits(key->rsa->n), filename, linenum); } +#endif return 1; } @@ -296,11 +298,15 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) key = key_new(KEY_UNSPEC); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); +#ifdef WITH_SSH1 key = key_new(KEY_RSA1); if (!hostfile_read_key(&cp, &kbits, key)) { key_free(key); continue; } +#else + continue; +#endif } if (!hostfile_check_key(kbits, key, host, path, linenum)) continue; @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -33,7 +33,9 @@ #include <stdlib.h> #include <string.h> +#ifdef WITH_OPENSSL #include <openssl/crypto.h> +#endif #include "xmalloc.h" #include "ssh2.h" @@ -70,12 +72,13 @@ struct kexalg { int hash_alg; }; static const struct kexalg kexalgs[] = { +#ifdef WITH_OPENSSL { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, #ifdef HAVE_EVP_SHA256 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, -#endif +#endif /* HAVE_EVP_SHA256 */ #ifdef OPENSSL_HAS_ECC { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, @@ -84,12 +87,13 @@ static const struct kexalg kexalgs[] = { # ifdef OPENSSL_HAS_NISTP521 { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, SSH_DIGEST_SHA512 }, -# endif -#endif +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, +#endif /* WITH_OPENSSL */ #ifdef HAVE_EVP_SHA256 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, -#endif +#endif /* HAVE_EVP_SHA256 */ { NULL, -1, -1, -1}, }; @@ -615,6 +619,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, } } +#ifdef WITH_OPENSSL void kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) { @@ -626,6 +631,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) |