diff options
| author | Colin Watson <cjwatson@debian.org> | 2005-01-04 13:07:27 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2005-01-04 13:07:27 +0000 |
| commit | fd0f611b70a83d80fe8793af785542ee5541b7cd (patch) | |
| tree | bededd22bb7eeec52e20083237ab7e4113445a16 /cipher.c | |
| parent | c44fe9a5b9d3db96a7249b04d915f17e4a3a3b04 (diff) | |
| parent | ebd2ce335af5861020c79fddb1ae35c03bf036cf (diff) | |
Merge 3.9p1 to the trunk.
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 52 |
1 files changed, 26 insertions, 26 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: cipher.c,v 1.68 2004/01/23 19:26:33 hshoexer Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.71 2004/07/28 09:40:29 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 41 | #include "log.h" | 41 | #include "log.h" |
| @@ -76,19 +76,19 @@ struct Cipher { | |||
| 76 | u_int key_len; | 76 | u_int key_len; |
| 77 | const EVP_CIPHER *(*evptype)(void); | 77 | const EVP_CIPHER *(*evptype)(void); |
| 78 | } ciphers[] = { | 78 | } ciphers[] = { |
| 79 | { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, | 79 | { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, |
| 80 | { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, | 80 | { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, |
| 81 | { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, | 81 | { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, |
| 82 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, | 82 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, |
| 83 | 83 | ||
| 84 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, | 84 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, |
| 85 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, | 85 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, |
| 86 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, | 86 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, |
| 87 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, | 87 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, |
| 88 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 88 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |
| 89 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, | 89 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, |
| 90 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, | 90 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, |
| 91 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 91 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
| 92 | { "rijndael-cbc@lysator.liu.se", | 92 | { "rijndael-cbc@lysator.liu.se", |
| 93 | SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 93 | SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
| 94 | #else | 94 | #else |
| @@ -99,14 +99,14 @@ struct Cipher { | |||
| 99 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | 99 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, |
| 100 | #endif | 100 | #endif |
| 101 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L | 101 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L |
| 102 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, | 102 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, |
| 103 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, | 103 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, |
| 104 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, | 104 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, |
| 105 | #endif | 105 | #endif |
| 106 | #if defined(EVP_CTRL_SET_ACSS_MODE) | 106 | #if defined(EVP_CTRL_SET_ACSS_MODE) |
| 107 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, | 107 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, |
| 108 | #endif | 108 | #endif |
| 109 | { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } | 109 | { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } |
| 110 | }; | 110 | }; |
| 111 | 111 | ||
| 112 | /*--*/ | 112 | /*--*/ |
| @@ -166,25 +166,25 @@ int | |||
| 166 | ciphers_valid(const char *names) | 166 | ciphers_valid(const char *names) |
| 167 | { | 167 | { |
| 168 | Cipher *c; | 168 | Cipher *c; |
| 169 | char *ciphers, *cp; | 169 | char *cipher_list, *cp; |
| 170 | char *p; | 170 | char *p; |
| 171 | 171 | ||
| 172 | if (names == NULL || strcmp(names, "") == 0) | 172 | if (names == NULL || strcmp(names, "") == 0) |
| 173 | return 0; | 173 | return 0; |
| 174 | ciphers = cp = xstrdup(names); | 174 | cipher_list = cp = xstrdup(names); |
| 175 | for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; | 175 | for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; |
| 176 | (p = strsep(&cp, CIPHER_SEP))) { | 176 | (p = strsep(&cp, CIPHER_SEP))) { |
| 177 | c = cipher_by_name(p); | 177 | c = cipher_by_name(p); |
| 178 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { | 178 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { |
| 179 | debug("bad cipher %s [%s]", p, names); | 179 | debug("bad cipher %s [%s]", p, names); |
| 180 | xfree(ciphers); | 180 | xfree(cipher_list); |
| 181 | return 0; | 181 | return 0; |
| 182 | } else { | 182 | } else { |
| 183 | debug3("cipher ok: %s [%s]", p, names); | 183 | debug3("cipher ok: %s [%s]", p, names); |
| 184 | } | 184 | } |
| 185 | } | 185 | } |
| 186 | debug3("ciphers ok: [%s]", names); | 186 | debug3("ciphers ok: [%s]", names); |
| 187 | xfree(ciphers); | 187 | xfree(cipher_list); |
| 188 | return 1; | 188 | return 1; |
| 189 | } | 189 | } |
| 190 | 190 | ||
| @@ -213,7 +213,7 @@ cipher_name(int id) | |||
| 213 | void | 213 | void |
| 214 | cipher_init(CipherContext *cc, Cipher *cipher, | 214 | cipher_init(CipherContext *cc, Cipher *cipher, |
| 215 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, | 215 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, |
| 216 | int encrypt) | 216 | int do_encrypt) |
| 217 | { | 217 | { |
| 218 | static int dowarn = 1; | 218 | static int dowarn = 1; |
| 219 | #ifdef SSH_OLD_EVP | 219 | #ifdef SSH_OLD_EVP |
| @@ -252,10 +252,10 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
| 252 | type->key_len = keylen; | 252 | type->key_len = keylen; |
| 253 | } | 253 | } |
| 254 | EVP_CipherInit(&cc->evp, type, (u_char *)key, (u_char *)iv, | 254 | EVP_CipherInit(&cc->evp, type, (u_char *)key, (u_char *)iv, |
| 255 | (encrypt == CIPHER_ENCRYPT)); | 255 | (do_encrypt == CIPHER_ENCRYPT)); |
| 256 | #else | 256 | #else |
| 257 | if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, | 257 | if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, |
| 258 | (encrypt == CIPHER_ENCRYPT)) == 0) | 258 | (do_encrypt == CIPHER_ENCRYPT)) == 0) |
| 259 | fatal("cipher_init: EVP_CipherInit failed for %s", | 259 | fatal("cipher_init: EVP_CipherInit failed for %s", |
| 260 | cipher->name); | 260 | cipher->name); |
| 261 | klen = EVP_CIPHER_CTX_key_length(&cc->evp); | 261 | klen = EVP_CIPHER_CTX_key_length(&cc->evp); |
| @@ -302,7 +302,7 @@ cipher_cleanup(CipherContext *cc) | |||
| 302 | 302 | ||
| 303 | void | 303 | void |
| 304 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, | 304 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, |
| 305 | const char *passphrase, int encrypt) | 305 | const char *passphrase, int do_encrypt) |
| 306 | { | 306 | { |
| 307 | MD5_CTX md; | 307 | MD5_CTX md; |
| 308 | u_char digest[16]; | 308 | u_char digest[16]; |
| @@ -311,7 +311,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, | |||
| 311 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); | 311 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); |
| 312 | MD5_Final(digest, &md); | 312 | MD5_Final(digest, &md); |
| 313 | 313 | ||
| 314 | cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt); | 314 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); |
| 315 | 315 | ||
| 316 | memset(digest, 0, sizeof(digest)); | 316 | memset(digest, 0, sizeof(digest)); |
| 317 | memset(&md, 0, sizeof(md)); | 317 | memset(&md, 0, sizeof(md)); |