diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | cipher.c | 103 |
2 files changed, 54 insertions, 54 deletions
@@ -6,6 +6,9 @@ | |||
6 | [readconf.c] | 6 | [readconf.c] |
7 | strip trailing whitespace from config lines before parsing. | 7 | strip trailing whitespace from config lines before parsing. |
8 | Fixes bz 528; ok markus@ | 8 | Fixes bz 528; ok markus@ |
9 | - markus@cvs.openbsd.org 2003/04/12 10:13:57 | ||
10 | [cipher.c] | ||
11 | hide cipher details; ok djm@ | ||
9 | 12 | ||
10 | 20030512 | 13 | 20030512 |
11 | - (djm) Redhat spec: Don't install profile.d scripts when not | 14 | - (djm) Redhat spec: Don't install profile.d scripts when not |
@@ -1393,4 +1396,4 @@ | |||
1393 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1396 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
1394 | ok provos@ | 1397 | ok provos@ |
1395 | 1398 | ||
1396 | $Id: ChangeLog,v 1.2678 2003/05/14 03:40:54 djm Exp $ | 1399 | $Id: ChangeLog,v 1.2679 2003/05/14 03:41:23 djm Exp $ |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.63 2003/04/12 10:13:57 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "log.h" | 41 | #include "log.h" |
@@ -395,6 +395,28 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) | |||
395 | return (1); | 395 | return (1); |
396 | } | 396 | } |
397 | 397 | ||
398 | static void | ||
399 | ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) | ||
400 | { | ||
401 | struct ssh1_3des_ctx *c; | ||
402 | |||
403 | if (len != 24) | ||
404 | fatal("%s: bad 3des iv length: %d", __func__, len); | ||
405 | if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) | ||
406 | fatal("%s: no 3des context", __func__); | ||
407 | if (doset) { | ||
408 | debug3("%s: Installed 3DES IV", __func__); | ||
409 | memcpy(c->k1.iv, iv, 8); | ||
410 | memcpy(c->k2.iv, iv + 8, 8); | ||
411 | memcpy(c->k3.iv, iv + 16, 8); | ||
412 | } else { | ||
413 | debug3("%s: Copying 3DES IV", __func__); | ||
414 | memcpy(iv, c->k1.iv, 8); | ||
415 | memcpy(iv + 8, c->k2.iv, 8); | ||
416 | memcpy(iv + 16, c->k3.iv, 8); | ||
417 | } | ||
418 | } | ||
419 | |||
398 | static const EVP_CIPHER * | 420 | static const EVP_CIPHER * |
399 | evp_ssh1_3des(void) | 421 | evp_ssh1_3des(void) |
400 | { | 422 | { |
@@ -567,6 +589,19 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) | |||
567 | return (1); | 589 | return (1); |
568 | } | 590 | } |
569 | 591 | ||
592 | static void | ||
593 | ssh_rijndael_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len) | ||
594 | { | ||
595 | struct ssh_rijndael_ctx *c; | ||
596 | |||
597 | if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) | ||
598 | fatal("ssh_rijndael_iv: no context"); | ||
599 | if (doset) | ||
600 | memcpy(c->r_iv, iv, len); | ||
601 | else | ||
602 | memcpy(iv, c->r_iv, len); | ||
603 | } | ||
604 | |||
570 | static const EVP_CIPHER * | 605 | static const EVP_CIPHER * |
571 | evp_rijndael(void) | 606 | evp_rijndael(void) |
572 | { | 607 | { |
@@ -611,7 +646,6 @@ void | |||
611 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | 646 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) |
612 | { | 647 | { |
613 | Cipher *c = cc->cipher; | 648 | Cipher *c = cc->cipher; |
614 | u_char *civ = NULL; | ||
615 | int evplen; | 649 | int evplen; |
616 | 650 | ||
617 | switch (c->number) { | 651 | switch (c->number) { |
@@ -624,45 +658,25 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
624 | if (evplen != len) | 658 | if (evplen != len) |
625 | fatal("%s: wrong iv length %d != %d", __func__, | 659 | fatal("%s: wrong iv length %d != %d", __func__, |
626 | evplen, len); | 660 | evplen, len); |
627 | |||
628 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 661 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |
629 | if (c->evptype == evp_rijndael) { | 662 | if (c->evptype == evp_rijndael) |
630 | struct ssh_rijndael_ctx *aesc; | 663 | ssh_rijndael_iv(&cc->evp, 0, iv, len); |
631 | 664 | else | |
632 | aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); | ||
633 | if (aesc == NULL) | ||
634 | fatal("%s: no rijndael context", __func__); | ||
635 | civ = aesc->r_iv; | ||
636 | } else | ||
637 | #endif | 665 | #endif |
638 | { | 666 | memcpy(iv, cc->evp.iv, len); |
639 | civ = cc->evp.iv; | 667 | break; |
640 | } | 668 | case SSH_CIPHER_3DES: |
669 | ssh1_3des_iv(&cc->evp, 0, iv, 24); | ||
641 | break; | 670 | break; |
642 | case SSH_CIPHER_3DES: { | ||
643 | struct ssh1_3des_ctx *desc; | ||
644 | if (len != 24) | ||
645 | fatal("%s: bad 3des iv length: %d", __func__, len); | ||
646 | desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); | ||
647 | if (desc == NULL) | ||
648 | fatal("%s: no 3des context", __func__); | ||
649 | debug3("%s: Copying 3DES IV", __func__); | ||
650 | memcpy(iv, desc->k1.iv, 8); | ||
651 | memcpy(iv + 8, desc->k2.iv, 8); | ||
652 | memcpy(iv + 16, desc->k3.iv, 8); | ||
653 | return; | ||
654 | } | ||
655 | default: | 671 | default: |
656 | fatal("%s: bad cipher %d", __func__, c->number); | 672 | fatal("%s: bad cipher %d", __func__, c->number); |
657 | } | 673 | } |
658 | memcpy(iv, civ, len); | ||
659 | } | 674 | } |
660 | 675 | ||
661 | void | 676 | void |
662 | cipher_set_keyiv(CipherContext *cc, u_char *iv) | 677 | cipher_set_keyiv(CipherContext *cc, u_char *iv) |
663 | { | 678 | { |
664 | Cipher *c = cc->cipher; | 679 | Cipher *c = cc->cipher; |
665 | u_char *div = NULL; | ||
666 | int evplen = 0; | 680 | int evplen = 0; |
667 | 681 | ||
668 | switch (c->number) { | 682 | switch (c->number) { |
@@ -672,36 +686,19 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
672 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); | 686 | evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); |
673 | if (evplen == 0) | 687 | if (evplen == 0) |
674 | return; | 688 | return; |
675 | |||
676 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 689 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |
677 | if (c->evptype == evp_rijndael) { | 690 | if (c->evptype == evp_rijndael) |
678 | struct ssh_rijndael_ctx *aesc; | 691 | ssh_rijndael_iv(&cc->evp, 1, iv, evplen); |
679 | 692 | else | |
680 | aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); | ||
681 | if (aesc == NULL) | ||
682 | fatal("%s: no rijndael context", __func__); | ||
683 | div = aesc->r_iv; | ||
684 | } else | ||
685 | #endif | 693 | #endif |
686 | { | 694 | memcpy(cc->evp.iv, iv, evplen); |
687 | div = cc->evp.iv; | 695 | break; |
688 | } | 696 | case SSH_CIPHER_3DES: |
697 | ssh1_3des_iv(&cc->evp, 1, iv, 24); | ||
689 | break; | 698 | break; |
690 | case SSH_CIPHER_3DES: { | ||
691 | struct ssh1_3des_ctx *desc; | ||
692 | desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); | ||
693 | if (desc == NULL) | ||
694 | fatal("%s: no 3des context", __func__); | ||
695 | debug3("%s: Installed 3DES IV", __func__); | ||
696 | memcpy(desc->k1.iv, iv, 8); | ||
697 | memcpy(desc->k2.iv, iv + 8, 8); | ||
698 | memcpy(desc->k3.iv, iv + 16, 8); | ||
699 | return; | ||
700 | } | ||
701 | default: | 699 | default: |
702 | fatal("%s: bad cipher %d", __func__, c->number); | 700 | fatal("%s: bad cipher %d", __func__, c->number); |
703 | } | 701 | } |
704 | memcpy(div, iv, evplen); | ||
705 | } | 702 | } |
706 | 703 | ||
707 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | 704 | #if OPENSSL_VERSION_NUMBER < 0x00907000L |