- (djm) OpenBSD CVS Sync

- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03 [cipher.c] enable acss for ssh ok deraadt@ markus@ - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS if libcrypto lacks it
author: Damien Miller <djm@mindrot.org> 2004-01-27 21:19:21 +1100
committer: Damien Miller <djm@mindrot.org> 2004-01-27 21:19:21 +1100
commit: 4f0fe684daa4f35e1c91224e144c91b4869946fa (patch)
tree: 650499929f514c84eb05da24595d97e113b2af2c /cipher.c
parent: 01326ebada378a58c1797fb5a75f631a70a020e0 (diff)
1 files changed, 17 insertions, 4 deletions
diff --git a/cipher.c b/cipher.c
index a1c40cc4a..190b8688b 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.67 2004/01/23 17:06:03 hshoexer Exp $");
 #include "xmalloc.h"
 #include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
 extern const EVP_CIPHER *evp_rijndael(void);
 extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 #endif
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+#  define EVP_CTRL_SET_ACSS_MODE xxx    /* used below */
+# else
+#  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
+# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
+#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -92,7 +103,9 @@ struct Cipher {
        { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
        { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
 #endif
+#if defined(EVP_CTRL_SET_ACSS_MODE)
+        { "acss@openbsd.org",   SSH_CIPHER_SSH2, 16, 5, EVP_acss },
+#endif
        { NULL,                 SSH_CIPHER_ILLEGAL, 0, 0, NULL }
 };
@@ -402,7 +415,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
        Cipher *c = cc->cipher;
        int plen = 0;
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                plen = EVP_X_STATE_LEN(cc->evp);
                if (dat == NULL)
                        return (plen);
@@ -417,7 +430,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
        Cipher *c = cc->cipher;
        int plen;
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                plen = EVP_X_STATE_LEN(cc->evp);
                memcpy(EVP_X_STATE(cc->evp), dat, plen);
        }
author	Damien Miller <djm@mindrot.org>	2004-01-27 21:19:21 +1100
committer	Damien Miller <djm@mindrot.org>	2004-01-27 21:19:21 +1100
commit	4f0fe684daa4f35e1c91224e144c91b4869946fa (patch)
tree	650499929f514c84eb05da24595d97e113b2af2c /cipher.c
parent	01326ebada378a58c1797fb5a75f631a70a020e0 (diff)

diff --git a/cipher.c b/cipher.c index a1c40cc4a..190b8688b 100644 --- a/cipher.c +++ b/cipher.c
@@ -35,7 +35,7 @@
35	*/	35	*/
36		36
37	#include "includes.h"	37	#include "includes.h"
38	RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");	38	RCSID("$OpenBSD: cipher.c,v 1.67 2004/01/23 17:06:03 hshoexer Exp $");
39		39
40	#include "xmalloc.h"	40	#include "xmalloc.h"
41	#include "log.h"	41	#include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
52	extern const EVP_CIPHER *evp_rijndael(void);	52	extern const EVP_CIPHER *evp_rijndael(void);
53	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);	53	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);
54	#endif	54	#endif
		55
		56	#if !defined(EVP_CTRL_SET_ACSS_MODE)
		57	# if (OPENSSL_VERSION_NUMBER >= 0x00906000L)
		58	extern const EVP_CIPHER *evp_acss(void);
		59	# define EVP_acss evp_acss
		60	# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */
		61	# else
		62	# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
		63	# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
		64	#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
		65
55	extern const EVP_CIPHER *evp_ssh1_bf(void);	66	extern const EVP_CIPHER *evp_ssh1_bf(void);
56	extern const EVP_CIPHER *evp_ssh1_3des(void);	67	extern const EVP_CIPHER *evp_ssh1_3des(void);
57	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);	68	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);
@@ -92,7 +103,9 @@ struct Cipher {
92	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },	103	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
93	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },	104	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
94	#endif	105	#endif
95		106	#if defined(EVP_CTRL_SET_ACSS_MODE)
		107	{ "acss@openbsd.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },
		108	#endif
96	{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }	109	{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
97	};	110	};
98		111
@@ -402,7 +415,7 @@ cipher_get_keycontext(const CipherContext cc, u_char dat)
402	Cipher *c = cc->cipher;	415	Cipher *c = cc->cipher;
403	int plen = 0;	416	int plen = 0;
404		417
405	if (c->evptype == EVP_rc4) {	418	if (c->evptype == EVP_rc4 \|\| c->evptype == EVP_acss) {
406	plen = EVP_X_STATE_LEN(cc->evp);	419	plen = EVP_X_STATE_LEN(cc->evp);
407	if (dat == NULL)	420	if (dat == NULL)
408	return (plen);	421	return (plen);
@@ -417,7 +430,7 @@ cipher_set_keycontext(CipherContext cc, u_char dat)
417	Cipher *c = cc->cipher;	430	Cipher *c = cc->cipher;
418	int plen;	431	int plen;
419		432
420	if (c->evptype == EVP_rc4) {	433	if (c->evptype == EVP_rc4 \|\| c->evptype == EVP_acss) {
421	plen = EVP_X_STATE_LEN(cc->evp);	434	plen = EVP_X_STATE_LEN(cc->evp);
422	memcpy(EVP_X_STATE(cc->evp), dat, plen);	435	memcpy(EVP_X_STATE(cc->evp), dat, plen);
423	}	436	}