src - FreeBSD source tree

diff options


context:
space:
mode:

author	Dag-Erling Smørgrav <des@FreeBSD.org>	2005-09-03 07:04:25 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2005-09-03 07:04:25 +0000
commit	d4ecd1085791f1e31b106a2546b08647fd6a2a17 (patch)
tree	15c858fecc18a67f9dcc639fd5be6afa6ed7037f /crypto/openssh/cipher.c
parent	f8a2a7f14a354d1231b54c452245604bf11bed62 (diff)
download	src-d4ecd1085791f1e31b106a2546b08647fd6a2a17.tar.gz src-d4ecd1085791f1e31b106a2546b08647fd6a2a17.zip

Resolve conflicts.

Notes

Notes: svn path=/head/; revision=149753

Diffstat (limited to 'crypto/openssh/cipher.c')

-rw-r--r--

crypto/openssh/cipher.c

102

1 files changed, 41 insertions, 61 deletions

diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c
index beba4618dc82..0dddf270af90 100644
--- a/crypto/openssh/cipher.c
+++ b/crypto/openssh/cipher.c

@@ -35,7 +35,7 @@

#include "includes.h"

-RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");

+RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $");

#include "xmalloc.h"

#include "log.h"

@@ -43,25 +43,8 @@ RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");

#include <openssl/md5.h>

-#if OPENSSL_VERSION_NUMBER < 0x00906000L

-#define SSH_OLD_EVP

-#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)

-#endif

-#if OPENSSL_VERSION_NUMBER < 0x00907000L

-extern const EVP_CIPHER *evp_rijndael(void);

-extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);

-#endif

-#if !defined(EVP_CTRL_SET_ACSS_MODE)

-# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)

-extern const EVP_CIPHER *evp_acss(void);

-# define EVP_acss evp_acss

-# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */

-# else

-# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */

-# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */

-#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */

+/* compatibility with old or broken OpenSSL versions */

+#include "openbsd-compat/openssl-compat.h"

extern const EVP_CIPHER *evp_ssh1_bf(void);

extern const EVP_CIPHER *evp_ssh1_3des(void);

@@ -74,39 +57,32 @@ struct Cipher {

int number; /* for ssh1 only */

u_int block_size;

u_int key_len;

+ u_int discard_len;

const EVP_CIPHER *(*evptype)(void);

} ciphers[] = {

- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },

- { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },

- { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },

- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },

- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },

- { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },

- { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },

- { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },

-#if OPENSSL_VERSION_NUMBER < 0x00907000L

- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },

- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },

- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

+ { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },

+ { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },

+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },

+ { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },

+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },

+ { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },

+ { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },

+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },

+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },

+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },

+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },

+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },

+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },

{ "rijndael-cbc@lysator.liu.se",

- SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

-#else

- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },

- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },

- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

- { "rijndael-cbc@lysator.liu.se",

- SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

-#endif

-#if OPENSSL_VERSION_NUMBER >= 0x00905000L

- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },

- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },

- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },

+ SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },

+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },

+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },

+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },

+#ifdef USE_CIPHER_ACSS

+ { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },

#endif

-#if defined(EVP_CTRL_SET_ACSS_MODE)

- { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },

-#endif

- { NULL, SSH_CIPHER_INVALID, 0, 0, NULL }

+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }

};

/*--*/

@@ -222,8 +198,9 @@ cipher_init(CipherContext *cc, Cipher *cipher,

EVP_CIPHER *type;

#else

const EVP_CIPHER *type;

-#endif

int klen;

+#endif

+ u_char *junk, *discard;

if (cipher->number == SSH_CIPHER_DES) {

if (dowarn) {

@@ -261,7 +238,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,

fatal("cipher_init: EVP_CipherInit failed for %s",

cipher->name);

klen = EVP_CIPHER_CTX_key_length(&cc->evp);

- if (klen > 0 && keylen != klen) {

+ if (klen > 0 && keylen != (u_int)klen) {

debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);

if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)

fatal("cipher_init: set keylen failed (%d -> %d)",

@@ -271,6 +248,17 @@ cipher_init(CipherContext *cc, Cipher *cipher,

fatal("cipher_init: EVP_CipherInit: set key failed for %s",

cipher->name);

#endif

+ if (cipher->discard_len > 0) {

+ junk = xmalloc(cipher->discard_len);

+ discard = xmalloc(cipher->discard_len);

+ if (EVP_Cipher(&cc->evp, discard, junk,

+ cipher->discard_len) == 0)

+ fatal("evp_crypt: EVP_Cipher failed during discard");

+ memset(discard, 0, cipher->discard_len);

+ xfree(junk);

+ xfree(discard);

+ }

}

void

@@ -278,23 +266,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)

{

if (len % cc->cipher->block_size)

fatal("cipher_encrypt: bad plaintext length %d", len);

-#ifdef SSH_OLD_EVP

- EVP_Cipher(&cc->evp, dest, (u_char *)src, len);

-#else

if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)

fatal("evp_crypt: EVP_Cipher failed");

-#endif

}

void

cipher_cleanup(CipherContext *cc)

{

-#ifdef SSH_OLD_EVP

- EVP_CIPHER_CTX_cleanup(&cc->evp);

-#else

if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)

error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");

-#endif

}

@@ -349,9 +329,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)

case SSH_CIPHER_DES:

case SSH_CIPHER_BLOWFISH:

evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);

- if (evplen == 0)

+ if (evplen <= 0)

return;

- if (evplen != len)

+ if ((u_int)evplen != len)

fatal("%s: wrong iv length %d != %d", __func__,

evplen, len);

#if OPENSSL_VERSION_NUMBER < 0x00907000L