diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-06-09 21:45:10 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-06-09 21:45:10 +1000 |
commit | a55ec7701336230c76b63ad426057146ae516a4f (patch) | |
tree | ce6f737b8fe815e6ce88e60a8cf9e5c610ff34e1 | |
parent | 431f022263a59595dd7894181515832828a950f9 (diff) |
- (dtucker) [cipher.c openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
Move compatibility code for supporting older OpenSSL versions to the
compat layer. Suggested by and "no objection" djm@
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | cipher.c | 42 | ||||
-rw-r--r-- | openbsd-compat/Makefile.in | 4 | ||||
-rw-r--r-- | openbsd-compat/openbsd-compat.h | 5 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.c | 44 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.h | 65 |
6 files changed, 124 insertions, 44 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20050609 | ||
2 | - (dtucker) [cipher.c openbsd-compat/Makefile.in | ||
3 | openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] | ||
4 | Move compatibility code for supporting older OpenSSL versions to the | ||
5 | compat layer. Suggested by and "no objection" djm@ | ||
6 | |||
1 | 20050607 | 7 | 20050607 |
2 | - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: | 8 | - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: |
3 | in today's episode we attempt to coax it from limits.h where it may be | 9 | in today's episode we attempt to coax it from limits.h where it may be |
@@ -2686,4 +2692,4 @@ | |||
2686 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2692 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2687 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2693 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2688 | 2694 | ||
2689 | $Id: ChangeLog,v 1.3813 2005/06/07 07:53:40 dtucker Exp $ | 2695 | $Id: ChangeLog,v 1.3814 2005/06/09 11:45:10 dtucker Exp $ |
@@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); | |||
43 | 43 | ||
44 | #include <openssl/md5.h> | 44 | #include <openssl/md5.h> |
45 | 45 | ||
46 | #if OPENSSL_VERSION_NUMBER < 0x00906000L | ||
47 | #define SSH_OLD_EVP | ||
48 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | ||
49 | #endif | ||
50 | |||
51 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
52 | extern const EVP_CIPHER *evp_rijndael(void); | ||
53 | extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | ||
54 | #endif | ||
55 | |||
56 | #if !defined(EVP_CTRL_SET_ACSS_MODE) | ||
57 | # if (OPENSSL_VERSION_NUMBER >= 0x00907000L) | ||
58 | extern const EVP_CIPHER *evp_acss(void); | ||
59 | # define EVP_acss evp_acss | ||
60 | # define EVP_CTRL_SET_ACSS_MODE xxx /* used below */ | ||
61 | # else | ||
62 | # define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */ | ||
63 | # endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */ | ||
64 | #endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */ | ||
65 | |||
66 | extern const EVP_CIPHER *evp_ssh1_bf(void); | 46 | extern const EVP_CIPHER *evp_ssh1_bf(void); |
67 | extern const EVP_CIPHER *evp_ssh1_3des(void); | 47 | extern const EVP_CIPHER *evp_ssh1_3des(void); |
68 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | 48 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); |
@@ -88,25 +68,15 @@ struct Cipher { | |||
88 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, | 68 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, |
89 | { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, | 69 | { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, |
90 | { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, | 70 | { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, |
91 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
92 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, | ||
93 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, | ||
94 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, | ||
95 | { "rijndael-cbc@lysator.liu.se", | ||
96 | SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, | ||
97 | #else | ||
98 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, | 71 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, |
99 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, | 72 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, |
100 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, | 73 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, |
101 | { "rijndael-cbc@lysator.liu.se", | 74 | { "rijndael-cbc@lysator.liu.se", |
102 | SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, | 75 | SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, |
103 | #endif | ||
104 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L | ||
105 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, | 76 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, |
106 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, | 77 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, |
107 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, | 78 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, |
108 | #endif | 79 | #ifdef USE_CIPHER_ACSS |
109 | #if defined(EVP_CTRL_SET_ACSS_MODE) | ||
110 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, | 80 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, |
111 | #endif | 81 | #endif |
112 | { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } | 82 | { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } |
@@ -225,8 +195,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
225 | EVP_CIPHER *type; | 195 | EVP_CIPHER *type; |
226 | #else | 196 | #else |
227 | const EVP_CIPHER *type; | 197 | const EVP_CIPHER *type; |
228 | #endif | ||
229 | int klen; | 198 | int klen; |
199 | #endif | ||
230 | u_char *junk, *discard; | 200 | u_char *junk, *discard; |
231 | 201 | ||
232 | if (cipher->number == SSH_CIPHER_DES) { | 202 | if (cipher->number == SSH_CIPHER_DES) { |
@@ -293,23 +263,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) | |||
293 | { | 263 | { |
294 | if (len % cc->cipher->block_size) | 264 | if (len % cc->cipher->block_size) |
295 | fatal("cipher_encrypt: bad plaintext length %d", len); | 265 | fatal("cipher_encrypt: bad plaintext length %d", len); |
296 | #ifdef SSH_OLD_EVP | ||
297 | EVP_Cipher(&cc->evp, dest, (u_char *)src, len); | ||
298 | #else | ||
299 | if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) | 266 | if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) |
300 | fatal("evp_crypt: EVP_Cipher failed"); | 267 | fatal("evp_crypt: EVP_Cipher failed"); |
301 | #endif | ||
302 | } | 268 | } |
303 | 269 | ||
304 | void | 270 | void |
305 | cipher_cleanup(CipherContext *cc) | 271 | cipher_cleanup(CipherContext *cc) |
306 | { | 272 | { |
307 | #ifdef SSH_OLD_EVP | ||
308 | EVP_CIPHER_CTX_cleanup(&cc->evp); | ||
309 | #else | ||
310 | if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) | 273 | if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) |
311 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); | 274 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); |
312 | #endif | ||
313 | } | 275 | } |
314 | 276 | ||
315 | /* | 277 | /* |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 30d2410bc..c6e08867c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ | |||
18 | 18 | ||
19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o | 19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o | 21 | COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
22 | 22 | ||
23 | PORTS=port-irix.o port-aix.o | 23 | PORTS=port-irix.o port-aix.o |
24 | 24 | ||
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a4cfa6c4d..f468d5aab 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw); | |||
168 | /* rfc2553 socket API replacements */ | 168 | /* rfc2553 socket API replacements */ |
169 | #include "fake-rfc2553.h" | 169 | #include "fake-rfc2553.h" |
170 | 170 | ||
171 | /* compatibility with old or broken OpenSSL versions */ | ||
172 | #include "openssl-compat.h" | ||
173 | |||
171 | /* Routines for a single OS platform */ | 174 | /* Routines for a single OS platform */ |
172 | #include "bsd-cray.h" | 175 | #include "bsd-cray.h" |
173 | #include "bsd-cygwin_util.h" | 176 | #include "bsd-cygwin_util.h" |
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 000000000..10b4d1d74 --- /dev/null +++ b/openbsd-compat/openssl-compat.c | |||
@@ -0,0 +1,44 @@ | |||
1 | /* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | ||
5 | * | ||
6 | * Permission to use, copy, modify, and distribute this software for any | ||
7 | * purpose with or without fee is hereby granted, provided that the above | ||
8 | * copyright notice and this permission notice appear in all copies. | ||
9 | * | ||
10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
14 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER | ||
15 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | ||
16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
17 | */ | ||
18 | |||
19 | #define SSH_DONT_REDEF_EVP | ||
20 | #include "includes.h" | ||
21 | |||
22 | #ifdef SSH_OLD_EVP | ||
23 | int | ||
24 | ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, | ||
25 | unsigned char *key, unsigned char *iv, int enc) | ||
26 | { | ||
27 | EVP_CipherInit(evp, type, key, iv, enc); | ||
28 | return 1; | ||
29 | } | ||
30 | |||
31 | int | ||
32 | ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) | ||
33 | { | ||
34 | EVP_Cipher(evp, dst, src, len); | ||
35 | return 1; | ||
36 | } | ||
37 | |||
38 | int | ||
39 | ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) | ||
40 | { | ||
41 | EVP_CIPHER_CTX_cleanup(evp); | ||
42 | return 1; | ||
43 | } | ||
44 | #endif | ||
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 000000000..d9b2fa55f --- /dev/null +++ b/openbsd-compat/openssl-compat.h | |||
@@ -0,0 +1,65 @@ | |||
1 | /* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | ||
5 | * | ||
6 | * Permission to use, copy, modify, and distribute this software for any | ||
7 | * purpose with or without fee is hereby granted, provided that the above | ||
8 | * copyright notice and this permission notice appear in all copies. | ||
9 | * | ||
10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
14 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER | ||
15 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | ||
16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
17 | */ | ||
18 | |||
19 | #include "includes.h" | ||
20 | #include <openssl/evp.h> | ||
21 | |||
22 | #if OPENSSL_VERSION_NUMBER < 0x00906000L | ||
23 | # define SSH_OLD_EVP | ||
24 | # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | ||
25 | #endif | ||
26 | |||
27 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
28 | # define EVP_aes_128_cbc evp_rijndael | ||
29 | # define EVP_aes_192_cbc evp_rijndael | ||
30 | # define EVP_aes_256_cbc evp_rijndael | ||
31 | extern const EVP_CIPHER *evp_rijndael(void); | ||
32 | extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | ||
33 | #endif | ||
34 | |||
35 | #if !defined(EVP_CTRL_SET_ACSS_MODE) | ||
36 | # if (OPENSSL_VERSION_NUMBER >= 0x00907000L) | ||
37 | # define USE_CIPHER_ACSS 1 | ||
38 | extern const EVP_CIPHER *evp_acss(void); | ||
39 | # define EVP_acss evp_acss | ||
40 | # else | ||
41 | # define EVP_acss NULL | ||
42 | # endif | ||
43 | #endif | ||
44 | |||
45 | /* | ||
46 | * insert comment here | ||
47 | */ | ||
48 | #ifdef SSH_OLD_EVP | ||
49 | |||
50 | # ifndef SSH_DONT_REDEF_EVP | ||
51 | |||
52 | # ifdef EVP_Cipher | ||
53 | # undef EVP_Cipher | ||
54 | # endif | ||
55 | |||
56 | # define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) | ||
57 | # define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) | ||
58 | # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) | ||
59 | # endif | ||
60 | |||
61 | int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, | ||
62 | unsigned char *, int); | ||
63 | int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); | ||
64 | int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); | ||
65 | #endif | ||