diff options
| author | Damien Miller <djm@mindrot.org> | 2005-05-26 12:19:17 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-05-26 12:19:17 +1000 |
| commit | 3710f278ae76751118fb3ced2ee6e8e320b91002 (patch) | |
| tree | 049c62a80c0ad073f0b20c1fd7d330d7bcadfb7d /cipher.c | |
| parent | b089fb5fe15a6b1936262a33417265f8cb9b0afb (diff) | |
- djm@cvs.openbsd.org 2005/05/23 23:32:46
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
ok markus@
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 61 |
1 files changed, 38 insertions, 23 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); |
| 39 | 39 | ||
| 40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 41 | #include "log.h" | 41 | #include "log.h" |
| @@ -74,39 +74,42 @@ struct Cipher { | |||
| 74 | int number; /* for ssh1 only */ | 74 | int number; /* for ssh1 only */ |
| 75 | u_int block_size; | 75 | u_int block_size; |
| 76 | u_int key_len; | 76 | u_int key_len; |
| 77 | u_int discard_len; | ||
| 77 | const EVP_CIPHER *(*evptype)(void); | 78 | const EVP_CIPHER *(*evptype)(void); |
| 78 | } ciphers[] = { | 79 | } ciphers[] = { |
| 79 | { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, | 80 | { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, |
| 80 | { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, | 81 | { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, |
| 81 | { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, | 82 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, |
| 82 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, | 83 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, |
| 83 | 84 | ||
| 84 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, | 85 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, |
| 85 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, | 86 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, |
| 86 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, | 87 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, |
| 87 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, | 88 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, |
| 89 | { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, | ||
| 90 | { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, | ||
| 88 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 91 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |
| 89 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, | 92 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, |
| 90 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, | 93 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, |
| 91 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 94 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, |
| 92 | { "rijndael-cbc@lysator.liu.se", | 95 | { "rijndael-cbc@lysator.liu.se", |
| 93 | SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 96 | SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, |
| 94 | #else | 97 | #else |
| 95 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, | 98 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, |
| 96 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, | 99 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, |
| 97 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | 100 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, |
| 98 | { "rijndael-cbc@lysator.liu.se", | 101 | { "rijndael-cbc@lysator.liu.se", |
| 99 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | 102 | SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, |
| 100 | #endif | 103 | #endif |
| 101 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L | 104 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L |
| 102 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, | 105 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, |
| 103 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, | 106 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, |
| 104 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, | 107 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, |
| 105 | #endif | 108 | #endif |
| 106 | #if defined(EVP_CTRL_SET_ACSS_MODE) | 109 | #if defined(EVP_CTRL_SET_ACSS_MODE) |
| 107 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, | 110 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, |
| 108 | #endif | 111 | #endif |
| 109 | { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } | 112 | { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } |
| 110 | }; | 113 | }; |
| 111 | 114 | ||
| 112 | /*--*/ | 115 | /*--*/ |
| @@ -224,6 +227,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
| 224 | const EVP_CIPHER *type; | 227 | const EVP_CIPHER *type; |
| 225 | #endif | 228 | #endif |
| 226 | int klen; | 229 | int klen; |
| 230 | u_char *junk, *discard; | ||
| 227 | 231 | ||
| 228 | if (cipher->number == SSH_CIPHER_DES) { | 232 | if (cipher->number == SSH_CIPHER_DES) { |
| 229 | if (dowarn) { | 233 | if (dowarn) { |
| @@ -271,6 +275,17 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
| 271 | fatal("cipher_init: EVP_CipherInit: set key failed for %s", | 275 | fatal("cipher_init: EVP_CipherInit: set key failed for %s", |
| 272 | cipher->name); | 276 | cipher->name); |
| 273 | #endif | 277 | #endif |
| 278 | |||
| 279 | if (cipher->discard_len > 0) { | ||
| 280 | junk = xmalloc(cipher->discard_len); | ||
| 281 | discard = xmalloc(cipher->discard_len); | ||
| 282 | if (EVP_Cipher(&cc->evp, discard, junk, | ||
| 283 | cipher->discard_len) == 0) | ||
| 284 | fatal("evp_crypt: EVP_Cipher failed during discard"); | ||
| 285 | memset(discard, 0, cipher->discard_len); | ||
| 286 | xfree(junk); | ||
| 287 | xfree(discard); | ||
| 288 | } | ||
| 274 | } | 289 | } |
| 275 | 290 | ||
| 276 | void | 291 | void |