summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--cipher.c28
2 files changed, 29 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index d20ad9129..46a2addaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -54,6 +54,11 @@
54 [sshd.c] 54 [sshd.c]
55 don't start if privsep is enabled and SSH_PRIVSEP_USER or 55 don't start if privsep is enabled and SSH_PRIVSEP_USER or
56 _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ 56 _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
57 - markus@cvs.openbsd.org 2002/05/30 08:07:31
58 [cipher.c]
59 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
60 our own implementation. allow use of AES hardware via libcrypto,
61 ok deraadt@
57 62
5820020604 6320020604
59 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 64 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -738,4 +743,4 @@
738 - (stevesk) entropy.c: typo in debug message 743 - (stevesk) entropy.c: typo in debug message
739 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 744 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
740 745
741$Id: ChangeLog,v 1.2160 2002/06/06 20:46:25 mouring Exp $ 746$Id: ChangeLog,v 1.2161 2002/06/06 20:50:07 mouring Exp $
diff --git a/cipher.c b/cipher.c
index 0078f5aad..db5a7228a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,23 +35,25 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.56 2002/05/16 22:02:50 markus Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.57 2002/05/30 08:07:31 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "log.h" 41#include "log.h"
42#include "cipher.h" 42#include "cipher.h"
43 43
44#include <openssl/md5.h> 44#include <openssl/md5.h>
45#include "rijndael.h"
46 45
47#if OPENSSL_VERSION_NUMBER < 0x00906000L 46#if OPENSSL_VERSION_NUMBER < 0x00906000L
48#define SSH_OLD_EVP 47#define SSH_OLD_EVP
49#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) 48#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
50#endif 49#endif
51 50
51#if OPENSSL_VERSION_NUMBER < 0x00907000L
52#include "rijndael.h"
53static const EVP_CIPHER *evp_rijndael(void);
54#endif
52static const EVP_CIPHER *evp_ssh1_3des(void); 55static const EVP_CIPHER *evp_ssh1_3des(void);
53static const EVP_CIPHER *evp_ssh1_bf(void); 56static const EVP_CIPHER *evp_ssh1_bf(void);
54static const EVP_CIPHER *evp_rijndael(void);
55 57
56struct Cipher { 58struct Cipher {
57 char *name; 59 char *name;
@@ -69,11 +71,19 @@ struct Cipher {
69 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, 71 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
70 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, 72 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
71 { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, 73 { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },
74#if OPENSSL_VERSION_NUMBER < 0x00907000L
72 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, 75 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },
73 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, 76 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },
74 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, 77 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
75 { "rijndael-cbc@lysator.liu.se", 78 { "rijndael-cbc@lysator.liu.se",
76 SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, 79 SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
80#else
81 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },
82 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },
83 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
84 { "rijndael-cbc@lysator.liu.se",
85 SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
86#endif
77 87
78 { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } 88 { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
79}; 89};
@@ -444,6 +454,7 @@ evp_ssh1_bf(void)
444 return (&ssh1_bf); 454 return (&ssh1_bf);
445} 455}
446 456
457#if OPENSSL_VERSION_NUMBER < 0x00907000L
447/* RIJNDAEL */ 458/* RIJNDAEL */
448#define RIJNDAEL_BLOCKSIZE 16 459#define RIJNDAEL_BLOCKSIZE 16
449struct ssh_rijndael_ctx 460struct ssh_rijndael_ctx
@@ -548,6 +559,7 @@ evp_rijndael(void)
548#endif 559#endif
549 return (&rijndal_cbc); 560 return (&rijndal_cbc);
550} 561}
562#endif
551 563
552/* 564/*
553 * Exports an IV from the CipherContext required to export the key 565 * Exports an IV from the CipherContext required to export the key
@@ -586,6 +598,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
586 fatal("%s: wrong iv length %d != %d", __FUNCTION__, 598 fatal("%s: wrong iv length %d != %d", __FUNCTION__,
587 evplen, len); 599 evplen, len);
588 600
601#if OPENSSL_VERSION_NUMBER < 0x00907000L
589 if (c->evptype == evp_rijndael) { 602 if (c->evptype == evp_rijndael) {
590 struct ssh_rijndael_ctx *aesc; 603 struct ssh_rijndael_ctx *aesc;
591 604
@@ -593,7 +606,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
593 if (aesc == NULL) 606 if (aesc == NULL)
594 fatal("%s: no rijndael context", __FUNCTION__); 607 fatal("%s: no rijndael context", __FUNCTION__);
595 civ = aesc->r_iv; 608 civ = aesc->r_iv;
596 } else { 609 } else
610#endif
611 {
597 civ = cc->evp.iv; 612 civ = cc->evp.iv;
598 } 613 }
599 break; 614 break;
@@ -631,6 +646,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
631 if (evplen == 0) 646 if (evplen == 0)
632 return; 647 return;
633 648
649#if OPENSSL_VERSION_NUMBER < 0x00907000L
634 if (c->evptype == evp_rijndael) { 650 if (c->evptype == evp_rijndael) {
635 struct ssh_rijndael_ctx *aesc; 651 struct ssh_rijndael_ctx *aesc;
636 652
@@ -638,7 +654,9 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
638 if (aesc == NULL) 654 if (aesc == NULL)
639 fatal("%s: no rijndael context", __FUNCTION__); 655 fatal("%s: no rijndael context", __FUNCTION__);
640 div = aesc->r_iv; 656 div = aesc->r_iv;
641 }else { 657 } else
658#endif
659 {
642 div = cc->evp.iv; 660 div = cc->evp.iv;
643 } 661 }
644 break; 662 break;