- markus@cvs.openbsd.org 2014/04/29 18:01:49

     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

1 files changed, 80 insertions, 8 deletions

diff --git a/cipher.c b/cipher.c
index 53d9b4fb7..0ea073f55 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,9 +53,11 @@
 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
 
+#ifdef WITH_SSH1
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+#endif
 
 struct Cipher {
         char    *name;
@@ -68,15 +70,23 @@ struct Cipher {
         u_int   flags;
 #define CFLAG_CBC               (1<<0)
 #define CFLAG_CHACHAPOLY        (1<<1)
+#define CFLAG_AESCTR            (1<<2)
+#define CFLAG_NONE              (1<<3)
+#ifdef WITH_OPENSSL
         const EVP_CIPHER        *(*evptype)(void);
+#else
+        void    *ignored;
+#endif
 };
 
 static const struct Cipher ciphers[] = {
-        { "none",       SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+#ifdef WITH_SSH1
         { "des",        SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
         { "3des",       SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
         { "blowfish",   SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
-
+#endif
+#ifdef WITH_OPENSSL
+        { "none",       SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
         { "3des-cbc",   SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
         { "blowfish-cbc",
                         SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
@@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = {
         { "aes256-gcm@openssh.com",
                         SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
 #endif
+#else /* WITH_OPENSSL */
+        { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
+        { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
+        { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
+        { "none",       SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
+#endif /* WITH_OPENSSL */
         { "chacha20-poly1305@openssh.com",
                         SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
         { NULL,         SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
@@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
     const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
     int do_encrypt)
 {
+#ifdef WITH_OPENSSL
         static int dowarn = 1;
 #ifdef SSH_OLD_EVP
         EVP_CIPHER *type;
@@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
                 if (keylen > 8)
                         keylen = 8;
         }
+#endif
         cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
         cc->encrypt = do_encrypt;
 
@@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
                 chachapoly_init(&cc->cp_ctx, key, keylen);
                 return;
         }
+#ifndef WITH_OPENSSL
+        if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
+                aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);
+                aesctr_ivsetup(&cc->ac_ctx, iv);
+                return;
+        }
+        if ((cc->cipher->flags & CFLAG_NONE) != 0)
+                return;
+        fatal("unsupported cipher");
+#else
         type = (*cipher->evptype)();
         EVP_CIPHER_CTX_init(&cc->evp);
 #ifdef SSH_OLD_EVP
@@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
                 free(junk);
                 free(discard);
         }
+#endif
 }
 
 /*
@@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
         if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
                 return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
                     aadlen, authlen, cc->encrypt);
+#ifndef WITH_OPENSSL
+        if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
+                if (aadlen)
+                        memcpy(dest, src, aadlen);
+                aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen,
+                    dest + aadlen, len);
+                return 0;
+        }
+        if ((cc->cipher->flags & CFLAG_NONE) != 0) {
+                memcpy(dest, src, aadlen + len);
+                return 0;
+        }
+        fatal("unsupported cipher");
+#else
         if (authlen) {
                 u_char lastiv[1];
 
@@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
                         fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
         }
         return 0;
+#endif
 }
 
 /* Extract the packet length, including any decryption necessary beforehand */
@@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc)
 {
         if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
                 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
+        else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
+                explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
+#ifdef WITH_OPENSSL
         else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
                 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
+#endif
 }
 
 /*
@@ -455,14 +503,16 @@ int
 cipher_get_keyiv_len(const CipherContext *cc)
 {
         const Cipher *c = cc->cipher;
-        int ivlen;
+        int ivlen = 0;
 
         if (c->number == SSH_CIPHER_3DES)
                 ivlen = 24;
         else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
                 ivlen = 0;
+#ifdef WITH_OPENSSL
         else
                 ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+#endif
         return (ivlen);
 }
 
@@ -470,15 +520,20 @@ void
 cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 {
         const Cipher *c = cc->cipher;
+#ifdef WITH_OPENSSL
         int evplen;
+#endif
 
         if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
                 if (len != 0)
                         fatal("%s: wrong iv length %d != %d", __func__, len, 0);
                 return;
         }
+        if ((cc->cipher->flags & CFLAG_NONE) != 0)
+                return;
 
         switch (c->number) {
+#ifdef WITH_OPENSSL
         case SSH_CIPHER_SSH2:
         case SSH_CIPHER_DES:
         case SSH_CIPHER_BLOWFISH:
@@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
                 if (c->evptype == evp_rijndael)
                         ssh_rijndael_iv(&cc->evp, 0, iv, len);
                 else
-#endif
+#endif /* USE_BUILTIN_RIJNDAEL */
 #ifndef OPENSSL_HAVE_EVPCTR
                 if (c->evptype == evp_aes_128_ctr)
                         ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
                 else
-#endif
+#endif /* OPENSSL_HAVE_EVPCTR */
                 memcpy(iv, cc->evp.iv, len);
                 break;
+#endif /* WITH_OPENSSL */
+#ifdef WITH_SSH1
         case SSH_CIPHER_3DES:
                 ssh1_3des_iv(&cc->evp, 0, iv, 24);
                 break;
+#endif /* WITH_SSH1 */
         default:
                 fatal("%s: bad cipher %d", __func__, c->number);
         }
@@ -512,12 +570,17 @@ void
 cipher_set_keyiv(CipherContext *cc, u_char *iv)
 {
         const Cipher *c = cc->cipher;
+#ifdef WITH_OPENSSL
         int evplen = 0;
+#endif
 
         if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
                 return;
+        if ((cc->cipher->flags & CFLAG_NONE) != 0)
+                return;
 
         switch (c->number) {
+#ifdef WITH_OPENSSL
         case SSH_CIPHER_SSH2:
         case SSH_CIPHER_DES:
         case SSH_CIPHER_BLOWFISH:
@@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
                 if (c->evptype == evp_rijndael)
                         ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
                 else
-#endif
+#endif /* USE_BUILTIN_RIJNDAEL */
 #ifndef OPENSSL_HAVE_EVPCTR
                 if (c->evptype == evp_aes_128_ctr)
                         ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
                 else
-#endif
+#endif /* OPENSSL_HAVE_EVPCTR */
                 memcpy(cc->evp.iv, iv, evplen);
                 break;
+#endif /* WITH_OPENSSL */
+#ifdef WITH_SSH1
         case SSH_CIPHER_3DES:
                 ssh1_3des_iv(&cc->evp, 1, iv, 24);
                 break;
+#endif /* WITH_SSH1 */
         default:
                 fatal("%s: bad cipher %d", __func__, c->number);
         }
@@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 int
 cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
+#ifdef WITH_OPENSSL
         const Cipher *c = cc->cipher;
         int plen = 0;
 
@@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
                 memcpy(dat, EVP_X_STATE(cc->evp), plen);
         }
         return (plen);
+#else
+        return (0);
+#endif
 }
 
 void
 cipher_set_keycontext(CipherContext *cc, u_char *dat)
 {
+#ifdef WITH_OPENSSL
         const Cipher *c = cc->cipher;
         int plen;
 
@@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
                 plen = EVP_X_STATE_LEN(cc->evp);
                 memcpy(EVP_X_STATE(cc->evp), dat, plen);
         }
+#endif
 }