diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | cipher-ctr.c | 3 | ||||
| -rw-r--r-- | cipher.c | 22 | ||||
| -rw-r--r-- | configure.ac | 25 |
4 files changed, 47 insertions, 9 deletions
| @@ -5,6 +5,12 @@ | |||
| 5 | reset incoming_packet buffer for each new packet in EtM-case, too; | 5 | reset incoming_packet buffer for each new packet in EtM-case, too; |
| 6 | this happens if packets are parsed only parially (e.g. ignore | 6 | this happens if packets are parsed only parially (e.g. ignore |
| 7 | messages sent when su/sudo turn off echo); noted by sthen/millert | 7 | messages sent when su/sudo turn off echo); noted by sthen/millert |
| 8 | - naddy@cvs.openbsd.org 2012/12/12 16:46:10 | ||
| 9 | [cipher.c] | ||
| 10 | use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled | ||
| 11 | counter mode code; ok djm@ | ||
| 12 | - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our | ||
| 13 | compat code for older OpenSSL | ||
| 8 | 14 | ||
| 9 | 20121212 | 15 | 20121212 |
| 10 | - (djm) OpenBSD CVS Sync | 16 | - (djm) OpenBSD CVS Sync |
diff --git a/cipher-ctr.c b/cipher-ctr.c index 04975b4b6..f053abe2e 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c | |||
| @@ -16,6 +16,7 @@ | |||
| 16 | */ | 16 | */ |
| 17 | #include "includes.h" | 17 | #include "includes.h" |
| 18 | 18 | ||
| 19 | #ifndef OPENSSL_HAVE_EVPCTR | ||
| 19 | #include <sys/types.h> | 20 | #include <sys/types.h> |
| 20 | 21 | ||
| 21 | #include <stdarg.h> | 22 | #include <stdarg.h> |
| @@ -144,3 +145,5 @@ evp_aes_128_ctr(void) | |||
| 144 | #endif | 145 | #endif |
| 145 | return (&aes_ctr); | 146 | return (&aes_ctr); |
| 146 | } | 147 | } |
| 148 | |||
| 149 | #endif /* OPENSSL_HAVE_EVPCTR */ | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher.c,v 1.83 2012/12/11 22:31:18 markus Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.84 2012/12/12 16:46:10 naddy Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -54,8 +54,12 @@ | |||
| 54 | extern const EVP_CIPHER *evp_ssh1_bf(void); | 54 | extern const EVP_CIPHER *evp_ssh1_bf(void); |
| 55 | extern const EVP_CIPHER *evp_ssh1_3des(void); | 55 | extern const EVP_CIPHER *evp_ssh1_3des(void); |
| 56 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | 56 | extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); |
| 57 | extern const EVP_CIPHER *evp_aes_128_ctr(void); | 57 | #ifndef OPENSSL_HAVE_EVPCTR |
| 58 | #define EVP_aes_128_ctr evp_aes_128_ctr | ||
| 59 | #define EVP_aes_192_ctr evp_aes_128_ctr | ||
| 60 | #define EVP_aes_256_ctr evp_aes_128_ctr | ||
| 58 | extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | 61 | extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); |
| 62 | #endif | ||
| 59 | 63 | ||
| 60 | struct Cipher { | 64 | struct Cipher { |
| 61 | char *name; | 65 | char *name; |
| @@ -82,9 +86,9 @@ struct Cipher { | |||
| 82 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, | 86 | { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, |
| 83 | { "rijndael-cbc@lysator.liu.se", | 87 | { "rijndael-cbc@lysator.liu.se", |
| 84 | SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, | 88 | SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, |
| 85 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, | 89 | { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, EVP_aes_128_ctr }, |
| 86 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, | 90 | { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, EVP_aes_192_ctr }, |
| 87 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, | 91 | { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, EVP_aes_256_ctr }, |
| 88 | #ifdef USE_CIPHER_ACSS | 92 | #ifdef USE_CIPHER_ACSS |
| 89 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, | 93 | { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, |
| 90 | #endif | 94 | #endif |
| @@ -363,10 +367,12 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
| 363 | ssh_rijndael_iv(&cc->evp, 0, iv, len); | 367 | ssh_rijndael_iv(&cc->evp, 0, iv, len); |
| 364 | else | 368 | else |
| 365 | #endif | 369 | #endif |
| 370 | #ifndef OPENSSL_HAVE_EVPCTR | ||
| 366 | if (c->evptype == evp_aes_128_ctr) | 371 | if (c->evptype == evp_aes_128_ctr) |
| 367 | ssh_aes_ctr_iv(&cc->evp, 0, iv, len); | 372 | ssh_aes_ctr_iv(&cc->evp, 0, iv, len); |
| 368 | else | 373 | else |
| 369 | memcpy(iv, cc->evp.iv, len); | 374 | #endif |
| 375 | memcpy(iv, cc->evp.iv, len); | ||
| 370 | break; | 376 | break; |
| 371 | case SSH_CIPHER_3DES: | 377 | case SSH_CIPHER_3DES: |
| 372 | ssh1_3des_iv(&cc->evp, 0, iv, 24); | 378 | ssh1_3des_iv(&cc->evp, 0, iv, 24); |
| @@ -394,10 +400,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
| 394 | ssh_rijndael_iv(&cc->evp, 1, iv, evplen); | 400 | ssh_rijndael_iv(&cc->evp, 1, iv, evplen); |
| 395 | else | 401 | else |
| 396 | #endif | 402 | #endif |
| 403 | #ifndef OPENSSL_HAVE_EVPCTR | ||
| 397 | if (c->evptype == evp_aes_128_ctr) | 404 | if (c->evptype == evp_aes_128_ctr) |
| 398 | ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); | 405 | ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); |
| 399 | else | 406 | else |
| 400 | memcpy(cc->evp.iv, iv, evplen); | 407 | #endif |
| 408 | memcpy(cc->evp.iv, iv, evplen); | ||
| 401 | break; | 409 | break; |
| 402 | case SSH_CIPHER_3DES: | 410 | case SSH_CIPHER_3DES: |
| 403 | ssh1_3des_iv(&cc->evp, 1, iv, 24); | 411 | ssh1_3des_iv(&cc->evp, 1, iv, 24); |
diff --git a/configure.ac b/configure.ac index 8b32e40c9..64c231b7e 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $Id: configure.ac,v 1.498 2012/12/03 01:35:55 djm Exp $ | 1 | # $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $ |
| 2 | # | 2 | # |
| 3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
| 4 | # | 4 | # |
| @@ -15,7 +15,7 @@ | |||
| 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | 16 | ||
| 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
| 18 | AC_REVISION($Revision: 1.498 $) | 18 | AC_REVISION($Revision: 1.499 $) |
| 19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
| 20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
| 21 | 21 | ||
| @@ -2299,6 +2299,27 @@ AC_LINK_IFELSE( | |||
| 2299 | ] | 2299 | ] |
| 2300 | ) | 2300 | ) |
| 2301 | 2301 | ||
| 2302 | # Check for OpenSSL with EVP_aes_*ctr | ||
| 2303 | AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) | ||
| 2304 | AC_LINK_IFELSE( | ||
| 2305 | [AC_LANG_PROGRAM([[ | ||
| 2306 | #include <string.h> | ||
| 2307 | #include <openssl/evp.h> | ||
| 2308 | ]], [[ | ||
| 2309 | exit(EVP_aes_128_ctr() == NULL || | ||
| 2310 | EVP_aes_192_cbc() == NULL || | ||
| 2311 | EVP_aes_256_cbc() == NULL); | ||
| 2312 | ]])], | ||
| 2313 | [ | ||
| 2314 | AC_MSG_RESULT([yes]) | ||
| 2315 | AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], | ||
| 2316 | [libcrypto has EVP AES CTR]) | ||
| 2317 | ], | ||
| 2318 | [ | ||
| 2319 | AC_MSG_RESULT([no]) | ||
| 2320 | ] | ||
| 2321 | ) | ||
| 2322 | |||
| 2302 | AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) | 2323 | AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) |
| 2303 | AC_LINK_IFELSE( | 2324 | AC_LINK_IFELSE( |
| 2304 | [AC_LANG_PROGRAM([[ | 2325 | [AC_LANG_PROGRAM([[ |