diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | cipher.c | 28 |
2 files changed, 29 insertions, 6 deletions
@@ -54,6 +54,11 @@ | |||
54 | [sshd.c] | 54 | [sshd.c] |
55 | don't start if privsep is enabled and SSH_PRIVSEP_USER or | 55 | don't start if privsep is enabled and SSH_PRIVSEP_USER or |
56 | _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ | 56 | _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ |
57 | - markus@cvs.openbsd.org 2002/05/30 08:07:31 | ||
58 | [cipher.c] | ||
59 | use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of | ||
60 | our own implementation. allow use of AES hardware via libcrypto, | ||
61 | ok deraadt@ | ||
57 | 62 | ||
58 | 20020604 | 63 | 20020604 |
59 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | 64 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed |
@@ -738,4 +743,4 @@ | |||
738 | - (stevesk) entropy.c: typo in debug message | 743 | - (stevesk) entropy.c: typo in debug message |
739 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 744 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
740 | 745 | ||
741 | $Id: ChangeLog,v 1.2160 2002/06/06 20:46:25 mouring Exp $ | 746 | $Id: ChangeLog,v 1.2161 2002/06/06 20:50:07 mouring Exp $ |
@@ -35,23 +35,25 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.56 2002/05/16 22:02:50 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.57 2002/05/30 08:07:31 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "log.h" | 41 | #include "log.h" |
42 | #include "cipher.h" | 42 | #include "cipher.h" |
43 | 43 | ||
44 | #include <openssl/md5.h> | 44 | #include <openssl/md5.h> |
45 | #include "rijndael.h" | ||
46 | 45 | ||
47 | #if OPENSSL_VERSION_NUMBER < 0x00906000L | 46 | #if OPENSSL_VERSION_NUMBER < 0x00906000L |
48 | #define SSH_OLD_EVP | 47 | #define SSH_OLD_EVP |
49 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | 48 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) |
50 | #endif | 49 | #endif |
51 | 50 | ||
51 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
52 | #include "rijndael.h" | ||
53 | static const EVP_CIPHER *evp_rijndael(void); | ||
54 | #endif | ||
52 | static const EVP_CIPHER *evp_ssh1_3des(void); | 55 | static const EVP_CIPHER *evp_ssh1_3des(void); |
53 | static const EVP_CIPHER *evp_ssh1_bf(void); | 56 | static const EVP_CIPHER *evp_ssh1_bf(void); |
54 | static const EVP_CIPHER *evp_rijndael(void); | ||
55 | 57 | ||
56 | struct Cipher { | 58 | struct Cipher { |
57 | char *name; | 59 | char *name; |
@@ -69,11 +71,19 @@ struct Cipher { | |||
69 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, | 71 | { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, |
70 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, | 72 | { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, |
71 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, | 73 | { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, |
74 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
72 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, | 75 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, |
73 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, | 76 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, |
74 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 77 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
75 | { "rijndael-cbc@lysator.liu.se", | 78 | { "rijndael-cbc@lysator.liu.se", |
76 | SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, | 79 | SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
80 | #else | ||
81 | { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, | ||
82 | { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, | ||
83 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | ||
84 | { "rijndael-cbc@lysator.liu.se", | ||
85 | SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, | ||
86 | #endif | ||
77 | 87 | ||
78 | { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } | 88 | { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } |
79 | }; | 89 | }; |
@@ -444,6 +454,7 @@ evp_ssh1_bf(void) | |||
444 | return (&ssh1_bf); | 454 | return (&ssh1_bf); |
445 | } | 455 | } |
446 | 456 | ||
457 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
447 | /* RIJNDAEL */ | 458 | /* RIJNDAEL */ |
448 | #define RIJNDAEL_BLOCKSIZE 16 | 459 | #define RIJNDAEL_BLOCKSIZE 16 |
449 | struct ssh_rijndael_ctx | 460 | struct ssh_rijndael_ctx |
@@ -548,6 +559,7 @@ evp_rijndael(void) | |||
548 | #endif | 559 | #endif |
549 | return (&rijndal_cbc); | 560 | return (&rijndal_cbc); |
550 | } | 561 | } |
562 | #endif | ||
551 | 563 | ||
552 | /* | 564 | /* |
553 | * Exports an IV from the CipherContext required to export the key | 565 | * Exports an IV from the CipherContext required to export the key |
@@ -586,6 +598,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
586 | fatal("%s: wrong iv length %d != %d", __FUNCTION__, | 598 | fatal("%s: wrong iv length %d != %d", __FUNCTION__, |
587 | evplen, len); | 599 | evplen, len); |
588 | 600 | ||
601 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
589 | if (c->evptype == evp_rijndael) { | 602 | if (c->evptype == evp_rijndael) { |
590 | struct ssh_rijndael_ctx *aesc; | 603 | struct ssh_rijndael_ctx *aesc; |
591 | 604 | ||
@@ -593,7 +606,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
593 | if (aesc == NULL) | 606 | if (aesc == NULL) |
594 | fatal("%s: no rijndael context", __FUNCTION__); | 607 | fatal("%s: no rijndael context", __FUNCTION__); |
595 | civ = aesc->r_iv; | 608 | civ = aesc->r_iv; |
596 | } else { | 609 | } else |
610 | #endif | ||
611 | { | ||
597 | civ = cc->evp.iv; | 612 | civ = cc->evp.iv; |
598 | } | 613 | } |
599 | break; | 614 | break; |
@@ -631,6 +646,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
631 | if (evplen == 0) | 646 | if (evplen == 0) |
632 | return; | 647 | return; |
633 | 648 | ||
649 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
634 | if (c->evptype == evp_rijndael) { | 650 | if (c->evptype == evp_rijndael) { |
635 | struct ssh_rijndael_ctx *aesc; | 651 | struct ssh_rijndael_ctx *aesc; |
636 | 652 | ||
@@ -638,7 +654,9 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
638 | if (aesc == NULL) | 654 | if (aesc == NULL) |
639 | fatal("%s: no rijndael context", __FUNCTION__); | 655 | fatal("%s: no rijndael context", __FUNCTION__); |
640 | div = aesc->r_iv; | 656 | div = aesc->r_iv; |
641 | }else { | 657 | } else |
658 | #endif | ||
659 | { | ||
642 | div = cc->evp.iv; | 660 | div = cc->evp.iv; |
643 | } | 661 | } |
644 | break; | 662 | break; |