fixes for !WITH_OPENSSL compilation; ok dtucker@

17 files changed, 111 insertions, 30 deletions

diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index d443a1241dc..afe7eb0f036 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.100 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -30,8 +30,6 @@
 
 #include <signal.h>
 
-#include <openssl/rsa.h>
-
 #include <bsd_auth.h>
 #ifdef KRB5
 #include <krb5.h>
diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c
index 1d50c038e10..94ea6e744bc 100644
--- a/usr.bin/ssh/cipher.c
+++ b/usr.bin/ssh/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.112 2018/09/13 02:08:33 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -47,6 +47,9 @@
 #include "ssherr.h"
 #include "digest.h"
 
+#ifndef WITH_OPENSSL
+#define EVP_CIPHER_CTX void
+#endif
 
 struct sshcipher_ctx {
 	int	plaintext;
diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h
index 688ad1efde9..5843aab4931 100644
--- a/usr.bin/ssh/cipher.h
+++ b/usr.bin/ssh/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.53 2018/09/13 02:08:33 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,7 +38,9 @@
 #define CIPHER_H
 
 #include <sys/types.h>
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
+#endif
 #include "cipher-chachapoly.h"
 #include "cipher-aesctr.h"
 
diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c
index 5fc67e842bf..4cfdc93cbe2 100644
--- a/usr.bin/ssh/dh.c
+++ b/usr.bin/ssh/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.69 2018/11/09 02:56:22 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.70 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -23,16 +23,15 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
 
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+#include <errno.h>
 #include "dh.h"
 #include "pathnames.h"
 #include "log.h"
diff --git a/usr.bin/ssh/dh.h b/usr.bin/ssh/dh.h
index adb643a7534..5d6df629701 100644
--- a/usr.bin/ssh/dh.h
+++ b/usr.bin/ssh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.17 2019/01/20 01:12:40 dtucker Exp $ */
+/* $OpenBSD: dh.h,v 1.18 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -26,6 +26,8 @@
 #ifndef DH_H
 #define DH_H
 
+#ifdef WITH_OPENSSL
+
 struct dhgroup {
 	int size;
 	BIGNUM *g;
@@ -76,5 +78,6 @@ u_int	 dh_estimate(int);
 #define MODULI_TESTS_JACOBI		(0x08)
 #define MODULI_TESTS_ELLIPTIC		(0x10)
 
+#endif /* WITH_OPENSSL */
 
-#endif
+#endif /* DH_H */
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index d4ef5589bae..50decba6e4c 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.108 2019/09/06 03:30:42 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -29,6 +29,18 @@
 #include "mac.h"
 #include "crypto_api.h"
 
+#ifdef WITH_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#else /* OPENSSL */
+#define BIGNUM		void
+#define DH		void
+#define EC_KEY		void
+#define EC_GROUP	void
+#endif /* WITH_OPENSSL */
+
 #define KEX_COOKIE_LEN	16
 
 #define	KEX_DH1				"diffie-hellman-group1-sha1"
diff --git a/usr.bin/ssh/kexgen.c b/usr.bin/ssh/kexgen.c
index 92fd9811b98..dbf99d436e4 100644
--- a/usr.bin/ssh/kexgen.c
+++ b/usr.bin/ssh/kexgen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgen.c,v 1.2 2019/01/23 00:30:41 djm Exp $ */
+/* $OpenBSD: kexgen.c,v 1.3 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -99,6 +99,7 @@ kex_gen_client(struct ssh *ssh)
 	int r;
 
 	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
 	case KEX_DH_GRP1_SHA1:
 	case KEX_DH_GRP14_SHA1:
 	case KEX_DH_GRP14_SHA256:
@@ -109,6 +110,7 @@ kex_gen_client(struct ssh *ssh)
 	case KEX_ECDH_SHA2:
 		r = kex_ecdh_keypair(kex);
 		break;
+#endif /* WITH_OPENSSL */
 	case KEX_C25519_SHA256:
 		r = kex_c25519_keypair(kex);
 		break;
@@ -165,6 +167,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 
 	/* compute shared secret */
 	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
 	case KEX_DH_GRP1_SHA1:
 	case KEX_DH_GRP14_SHA1:
 	case KEX_DH_GRP14_SHA256:
@@ -175,6 +178,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 	case KEX_ECDH_SHA2:
 		r = kex_ecdh_dec(kex, server_blob, &shared_secret);
 		break;
+#endif /* WITH_OPENSSL */
 	case KEX_C25519_SHA256:
 		r = kex_c25519_dec(kex, server_blob, &shared_secret);
 		break;
@@ -257,6 +261,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
 
 	/* compute shared secret */
 	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
 	case KEX_DH_GRP1_SHA1:
 	case KEX_DH_GRP14_SHA1:
 	case KEX_DH_GRP14_SHA256:
@@ -269,6 +274,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
 		r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey,
 		    &shared_secret);
 		break;
+#endif /* WITH_OPENSSL */
 	case KEX_C25519_SHA256:
 		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 		    &shared_secret);
diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h
index e5c30227404..08620f918da 100644
--- a/usr.bin/ssh/monitor_wrap.h
+++ b/usr.bin/ssh/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.41 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.42 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -41,7 +41,9 @@ struct sshauthopt;
 
 void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
+#ifdef WITH_OPENSSL
 DH *mm_choose_dh(int, int, int);
+#endif
 int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
     const u_char *, size_t, const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h
index 4ff3682baec..acc589225de 100644
--- a/usr.bin/ssh/packet.h
+++ b/usr.bin/ssh/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.90 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.91 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,11 +18,19 @@
 
 #include <termios.h>
 
-#include <openssl/bn.h>
-#include <openssl/ec.h>
 #include <sys/signal.h>
 #include <sys/queue.h>
 
+#ifdef WITH_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#else /* OPENSSL */
+#define BIGNUM		void
+#define EC_GROUP	void
+#define EC_POINT	void
+#endif /* WITH_OPENSSL */
+
 struct kex;
 struct sshkey;
 struct sshbuf;
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index cf978f65fb5..5a4f6891f2e 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.140 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.141 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -38,7 +38,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
+#endif
 
 #include <errno.h>
 #include <fcntl.h>
@@ -570,8 +572,9 @@ main(int argc, char **argv)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
-
+#endif
 	log_init(__progname, log_level, log_facility, 1);
 
 	setvbuf(stdout, NULL, _IOLBF, 0);
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 8d07b5f4e11..6880e72918a 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.347 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.348 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,8 +16,10 @@
 #include <sys/socket.h>
 #include <sys/stat.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#endif
 
 #include <stdint.h>
 #include <errno.h>
@@ -2759,7 +2761,9 @@ main(int argc, char **argv)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
+#endif
 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
 	setlocale(LC_CTYPE, "");
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 7dba318a082..1f52cf7aad1 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.129 2019/07/12 04:08:39 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -13,7 +13,9 @@
 #include <sys/time.h>
 #include <sys/resource.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
+#endif
 
 #include <errno.h>
 #include <netdb.h>
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c
index b11d1b0472c..2c87801b84d 100644
--- a/usr.bin/ssh/ssh-keysign.c
+++ b/usr.bin/ssh/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.59 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.60 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -25,8 +25,9 @@
 
 #include <sys/types.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
-#include <openssl/rsa.h>
+#endif
 
 #include <fcntl.h>
 #include <paths.h>
@@ -211,8 +212,9 @@ main(int argc, char **argv)
 	if (found == 0)
 		fatal("could not open any host key");
 
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
-
+#endif
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {
 		keys[i] = NULL;
diff --git a/usr.bin/ssh/ssh-pkcs11-helper.c b/usr.bin/ssh/ssh-pkcs11-helper.c
index 76bb8a7aa31..f3b93c66371 100644
--- a/usr.bin/ssh/ssh-pkcs11-helper.c
+++ b/usr.bin/ssh/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.20 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.21 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -35,6 +35,8 @@
 #include "ssh-pkcs11.h"
 #include "ssherr.h"
 
+#ifdef WITH_OPENSSL
+
 /* borrows code from sftp-server and ssh-agent */
 
 struct pkcs11_keyinfo {
@@ -413,3 +415,18 @@ main(int argc, char **argv)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
 }
+
+#else /* WITH_OPENSSL */
+void
+cleanup_exit(int i)
+{
+	_exit(i);
+}
+
+int
+main(int argc, char **argv)
+{
+	fprintf(stderr, "PKCS#11 code is not enabled\n");
+	return 1;
+}
+#endif /* WITH_OPENSSL */
diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c
index 4e250b38d0c..43aebbc3121 100644
--- a/usr.bin/ssh/ssh_api.c
+++ b/usr.bin/ssh/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.16 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.17 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -51,7 +51,10 @@ int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
 int	use_privsep = 0;
 int	mm_sshkey_sign(struct sshkey *, u_char **, u_int *,
     u_char *, u_int, char *, u_int);
+
+#ifdef WITH_OPENSSL
 DH	*mm_choose_dh(int, int, int);
+#endif
 
 /* Define these two variables here so that they are part of the library */
 u_char *session_id2 = NULL;
@@ -64,11 +67,13 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
 	return (-1);
 }
 
+#ifdef WITH_OPENSSL
 DH *
 mm_choose_dh(int min, int nbits, int max)
 {
 	return (NULL);
 }
+#endif
 
 /* API */
 
@@ -82,7 +87,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 	int r;
 
 	if (!called) {
+#ifdef WITH_OPENSSL
 		OpenSSL_add_all_algorithms();
+#endif
 		called = 1;
 	}
 
diff --git a/usr.bin/ssh/sshbuf.h b/usr.bin/ssh/sshbuf.h
index 255de5d8ad1..1288b92cc6e 100644
--- a/usr.bin/ssh/sshbuf.h
+++ b/usr.bin/ssh/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.17 2019/07/30 05:04:49 djm Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.18 2019/09/06 05:23:55 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -21,8 +21,17 @@
 #include <sys/types.h>
 #include <stdarg.h>
 #include <stdio.h>
+
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#else /* OPENSSL */
+#define BIGNUM		void
+#define EC_KEY		void
+#define EC_GROUP	void
+#define EC_POINT	void
+#endif /* WITH_OPENSSL */
 
 #define SSHBUF_SIZE_MAX		0x8000000	/* Hard maximum size */
 #define SSHBUF_REFS_MAX		0x100000	/* Max child buffers */
diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c
index 998ac555289..3ebc3e32e40 100644
--- a/usr.bin/ssh/sshkey.c
+++ b/usr.bin/ssh/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.82 2019/09/03 08:31:20 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.83 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -1824,12 +1824,14 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
 	r = 0;
  out:
 	sshkey_free(n);
+#ifdef WITH_OPENSSL
 	BN_clear_free(rsa_n_dup);
 	BN_clear_free(rsa_e_dup);
 	BN_clear_free(dsa_p_dup);
 	BN_clear_free(dsa_q_dup);
 	BN_clear_free(dsa_g_dup);
 	BN_clear_free(dsa_pub_key_dup);
+#endif /* WITH_OPENSSL */
 
 	return r;
 }
@@ -2172,6 +2174,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
 	return ret;
 }
 
+#ifdef WITH_OPENSSL
 static int
 check_rsa_length(const RSA *rsa)
 {
@@ -2182,6 +2185,7 @@ check_rsa_length(const RSA *rsa)
 		return SSH_ERR_KEY_LENGTH;
 	return 0;
 }
+#endif /* WITH_OPENSSL */
 
 static int
 sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,