diff options
| author | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
| commit | ea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch) | |
| tree | d73ccdff78d8608e156465af42e6a1b3527fb2d6 /cipher.c | |
| parent | e39b311381a5609cc05acf298c42fba196dc524b (diff) | |
| parent | f5bda272678ec6dccaa5f29379cf60cb855018e8 (diff) | |
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 33 |
1 files changed, 24 insertions, 9 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.68 2004/01/23 19:26:33 hshoexer Exp $"); |
| 39 | 39 | ||
| 40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 41 | #include "log.h" | 41 | #include "log.h" |
| @@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $"); | |||
| 52 | extern const EVP_CIPHER *evp_rijndael(void); | 52 | extern const EVP_CIPHER *evp_rijndael(void); |
| 53 | extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | 53 | extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); |
| 54 | #endif | 54 | #endif |
| 55 | |||
| 56 | #if !defined(EVP_CTRL_SET_ACSS_MODE) | ||
| 57 | # if (OPENSSL_VERSION_NUMBER >= 0x00907000L) | ||
| 58 | extern const EVP_CIPHER *evp_acss(void); | ||
| 59 | # define EVP_acss evp_acss | ||
| 60 | # define EVP_CTRL_SET_ACSS_MODE xxx /* used below */ | ||
| 61 | # else | ||
| 62 | # define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */ | ||
| 63 | # endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */ | ||
| 64 | #endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */ | ||
| 65 | |||
| 55 | extern const EVP_CIPHER *evp_ssh1_bf(void); | 66 | extern const EVP_CIPHER *evp_ssh1_bf(void); |
| 56 | extern const EVP_CIPHER *evp_ssh1_3des(void); | 67 | extern const EVP_CIPHER *evp_ssh1_3des(void); |
| 57 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | 68 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); |
| @@ -87,29 +98,33 @@ struct Cipher { | |||
| 87 | { "rijndael-cbc@lysator.liu.se", | 98 | { "rijndael-cbc@lysator.liu.se", |
| 88 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | 99 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, |
| 89 | #endif | 100 | #endif |
| 101 | #if OPENSSL_VERSION_NUMBER >= 0x00905000L | ||
| 90 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, | 102 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, |
| 91 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, | 103 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, |
| 92 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, | 104 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, |
| 93 | 105 | #endif | |
| 106 | #if defined(EVP_CTRL_SET_ACSS_MODE) | ||
| 107 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, | ||
| 108 | #endif | ||
| 94 | { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } | 109 | { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } |
| 95 | }; | 110 | }; |
| 96 | 111 | ||
| 97 | /*--*/ | 112 | /*--*/ |
| 98 | 113 | ||
| 99 | u_int | 114 | u_int |
| 100 | cipher_blocksize(Cipher *c) | 115 | cipher_blocksize(const Cipher *c) |
| 101 | { | 116 | { |
| 102 | return (c->block_size); | 117 | return (c->block_size); |
| 103 | } | 118 | } |
| 104 | 119 | ||
| 105 | u_int | 120 | u_int |
| 106 | cipher_keylen(Cipher *c) | 121 | cipher_keylen(const Cipher *c) |
| 107 | { | 122 | { |
| 108 | return (c->key_len); | 123 | return (c->key_len); |
| 109 | } | 124 | } |
| 110 | 125 | ||
| 111 | u_int | 126 | u_int |
| 112 | cipher_get_number(Cipher *c) | 127 | cipher_get_number(const Cipher *c) |
| 113 | { | 128 | { |
| 114 | return (c->number); | 129 | return (c->number); |
| 115 | } | 130 | } |
| @@ -309,7 +324,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, | |||
| 309 | */ | 324 | */ |
| 310 | 325 | ||
| 311 | int | 326 | int |
| 312 | cipher_get_keyiv_len(CipherContext *cc) | 327 | cipher_get_keyiv_len(const CipherContext *cc) |
| 313 | { | 328 | { |
| 314 | Cipher *c = cc->cipher; | 329 | Cipher *c = cc->cipher; |
| 315 | int ivlen; | 330 | int ivlen; |
| @@ -395,12 +410,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
| 395 | #endif | 410 | #endif |
| 396 | 411 | ||
| 397 | int | 412 | int |
| 398 | cipher_get_keycontext(CipherContext *cc, u_char *dat) | 413 | cipher_get_keycontext(const CipherContext *cc, u_char *dat) |
| 399 | { | 414 | { |
| 400 | Cipher *c = cc->cipher; | 415 | Cipher *c = cc->cipher; |
| 401 | int plen = 0; | 416 | int plen = 0; |
| 402 | 417 | ||
| 403 | if (c->evptype == EVP_rc4) { | 418 | if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) { |
| 404 | plen = EVP_X_STATE_LEN(cc->evp); | 419 | plen = EVP_X_STATE_LEN(cc->evp); |
| 405 | if (dat == NULL) | 420 | if (dat == NULL) |
| 406 | return (plen); | 421 | return (plen); |
| @@ -415,7 +430,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) | |||
| 415 | Cipher *c = cc->cipher; | 430 | Cipher *c = cc->cipher; |
| 416 | int plen; | 431 | int plen; |
| 417 | 432 | ||
| 418 | if (c->evptype == EVP_rc4) { | 433 | if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) { |
| 419 | plen = EVP_X_STATE_LEN(cc->evp); | 434 | plen = EVP_X_STATE_LEN(cc->evp); |
| 420 | memcpy(EVP_X_STATE(cc->evp), dat, plen); | 435 | memcpy(EVP_X_STATE(cc->evp), dat, plen); |
| 421 | } | 436 | } |