diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | cipher.c | 7 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.h | 10 |
3 files changed, 20 insertions, 1 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20140721 | ||
2 | - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits | ||
3 | needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm | ||
4 | |||
1 | 20140719 | 5 | 20140719 |
2 | - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used | 6 | - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used |
3 | in servconf.h. | 7 | in servconf.h. |
@@ -49,6 +49,8 @@ | |||
49 | #include "ssherr.h" | 49 | #include "ssherr.h" |
50 | #include "digest.h" | 50 | #include "digest.h" |
51 | 51 | ||
52 | #include "openbsd-compat/openssl-compat.h" | ||
53 | |||
52 | #ifdef WITH_SSH1 | 54 | #ifdef WITH_SSH1 |
53 | extern const EVP_CIPHER *evp_ssh1_bf(void); | 55 | extern const EVP_CIPHER *evp_ssh1_bf(void); |
54 | extern const EVP_CIPHER *evp_ssh1_3des(void); | 56 | extern const EVP_CIPHER *evp_ssh1_3des(void); |
@@ -545,6 +547,11 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |||
545 | return SSH_ERR_LIBCRYPTO_ERROR; | 547 | return SSH_ERR_LIBCRYPTO_ERROR; |
546 | if ((u_int)evplen != len) | 548 | if ((u_int)evplen != len) |
547 | return SSH_ERR_INVALID_ARGUMENT; | 549 | return SSH_ERR_INVALID_ARGUMENT; |
550 | #ifndef OPENSSL_HAVE_EVPCTR | ||
551 | if (c->evptype == evp_aes_128_ctr) | ||
552 | ssh_aes_ctr_iv(&cc->evp, 0, iv, len); | ||
553 | else | ||
554 | #endif | ||
548 | if (cipher_authlen(c)) { | 555 | if (cipher_authlen(c)) { |
549 | if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, | 556 | if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, |
550 | len, iv)) | 557 | len, iv)) |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index d088d2962..21002107a 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.h,v 1.28 2014/07/02 05:28:07 djm Exp $ */ | 1 | /* $Id: openssl-compat.h,v 1.29 2014/07/20 16:24:59 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -34,6 +34,14 @@ int ssh_compatible_openssl(long, long); | |||
34 | # define LIBCRYPTO_EVP_INL_TYPE size_t | 34 | # define LIBCRYPTO_EVP_INL_TYPE size_t |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | #ifndef OPENSSL_HAVE_EVPCTR | ||
38 | #define EVP_aes_128_ctr evp_aes_128_ctr | ||
39 | #define EVP_aes_192_ctr evp_aes_128_ctr | ||
40 | #define EVP_aes_256_ctr evp_aes_128_ctr | ||
41 | const EVP_CIPHER *evp_aes_128_ctr(void); | ||
42 | void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); | ||
43 | #endif | ||
44 | |||
37 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ | 45 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ |
38 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) | 46 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) |
39 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 | 47 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 |