diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
| commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
| tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /cipher.c | |
| parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) | |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 16 |
1 files changed, 9 insertions, 7 deletions
| @@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) | |||
| 446 | } | 446 | } |
| 447 | 447 | ||
| 448 | int | 448 | int |
| 449 | cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | 449 | cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) |
| 450 | { | 450 | { |
| 451 | #ifdef WITH_OPENSSL | 451 | #ifdef WITH_OPENSSL |
| 452 | const struct sshcipher *c = cc->cipher; | 452 | const struct sshcipher *c = cc->cipher; |
| @@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |||
| 473 | return 0; | 473 | return 0; |
| 474 | else if (evplen < 0) | 474 | else if (evplen < 0) |
| 475 | return SSH_ERR_LIBCRYPTO_ERROR; | 475 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 476 | if ((u_int)evplen != len) | 476 | if ((size_t)evplen != len) |
| 477 | return SSH_ERR_INVALID_ARGUMENT; | 477 | return SSH_ERR_INVALID_ARGUMENT; |
| 478 | #ifndef OPENSSL_HAVE_EVPCTR | 478 | #ifndef OPENSSL_HAVE_EVPCTR |
| 479 | if (c->evptype == evp_aes_128_ctr) | 479 | if (c->evptype == evp_aes_128_ctr) |
| @@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |||
| 484 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, | 484 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, |
| 485 | len, iv)) | 485 | len, iv)) |
| 486 | return SSH_ERR_LIBCRYPTO_ERROR; | 486 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 487 | } else | 487 | } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) |
| 488 | memcpy(iv, cc->evp->iv, len); | 488 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 489 | #endif | 489 | #endif |
| 490 | return 0; | 490 | return 0; |
| 491 | } | 491 | } |
| 492 | 492 | ||
| 493 | int | 493 | int |
| 494 | cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | 494 | cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) |
| 495 | { | 495 | { |
| 496 | #ifdef WITH_OPENSSL | 496 | #ifdef WITH_OPENSSL |
| 497 | const struct sshcipher *c = cc->cipher; | 497 | const struct sshcipher *c = cc->cipher; |
| @@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |||
| 507 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); | 507 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); |
| 508 | if (evplen <= 0) | 508 | if (evplen <= 0) |
| 509 | return SSH_ERR_LIBCRYPTO_ERROR; | 509 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 510 | if ((size_t)evplen != len) | ||
| 511 | return SSH_ERR_INVALID_ARGUMENT; | ||
| 510 | #ifndef OPENSSL_HAVE_EVPCTR | 512 | #ifndef OPENSSL_HAVE_EVPCTR |
| 511 | /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ | 513 | /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ |
| 512 | if (c->evptype == evp_aes_128_ctr) | 514 | if (c->evptype == evp_aes_128_ctr) |
| @@ -518,8 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |||
| 518 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, | 520 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, |
| 519 | EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) | 521 | EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) |
| 520 | return SSH_ERR_LIBCRYPTO_ERROR; | 522 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 521 | } else | 523 | } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) |
| 522 | memcpy(cc->evp->iv, iv, evplen); | 524 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 523 | #endif | 525 | #endif |
| 524 | return 0; | 526 | return 0; |
| 525 | } | 527 | } |