summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c54
1 files changed, 9 insertions, 45 deletions
diff --git a/cipher.c b/cipher.c
index a72682a82..12c598881 100644
--- a/cipher.c
+++ b/cipher.c
@@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc)
446} 446}
447 447
448int 448int
449cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) 449cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
450{ 450{
451#ifdef WITH_OPENSSL 451#ifdef WITH_OPENSSL
452 const struct sshcipher *c = cc->cipher; 452 const struct sshcipher *c = cc->cipher;
@@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
473 return 0; 473 return 0;
474 else if (evplen < 0) 474 else if (evplen < 0)
475 return SSH_ERR_LIBCRYPTO_ERROR; 475 return SSH_ERR_LIBCRYPTO_ERROR;
476 if ((u_int)evplen != len) 476 if ((size_t)evplen != len)
477 return SSH_ERR_INVALID_ARGUMENT; 477 return SSH_ERR_INVALID_ARGUMENT;
478#ifndef OPENSSL_HAVE_EVPCTR 478#ifndef OPENSSL_HAVE_EVPCTR
479 if (c->evptype == evp_aes_128_ctr) 479 if (c->evptype == evp_aes_128_ctr)
@@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
484 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 484 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
485 len, iv)) 485 len, iv))
486 return SSH_ERR_LIBCRYPTO_ERROR; 486 return SSH_ERR_LIBCRYPTO_ERROR;
487 } else 487 } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
488 memcpy(iv, cc->evp->iv, len); 488 return SSH_ERR_LIBCRYPTO_ERROR;
489#endif 489#endif
490 return 0; 490 return 0;
491} 491}
492 492
493int 493int
494cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) 494cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
495{ 495{
496#ifdef WITH_OPENSSL 496#ifdef WITH_OPENSSL
497 const struct sshcipher *c = cc->cipher; 497 const struct sshcipher *c = cc->cipher;
@@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
507 evplen = EVP_CIPHER_CTX_iv_length(cc->evp); 507 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
508 if (evplen <= 0) 508 if (evplen <= 0)
509 return SSH_ERR_LIBCRYPTO_ERROR; 509 return SSH_ERR_LIBCRYPTO_ERROR;
510 if ((size_t)evplen != len)
511 return SSH_ERR_INVALID_ARGUMENT;
510#ifndef OPENSSL_HAVE_EVPCTR 512#ifndef OPENSSL_HAVE_EVPCTR
511 /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ 513 /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */
512 if (c->evptype == evp_aes_128_ctr) 514 if (c->evptype == evp_aes_128_ctr)
@@ -518,46 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
518 if (!EVP_CIPHER_CTX_ctrl(cc->evp, 520 if (!EVP_CIPHER_CTX_ctrl(cc->evp,
519 EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) 521 EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
520 return SSH_ERR_LIBCRYPTO_ERROR; 522 return SSH_ERR_LIBCRYPTO_ERROR;
521 } else 523 } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
522 memcpy(cc->evp->iv, iv, evplen); 524 return SSH_ERR_LIBCRYPTO_ERROR;
523#endif 525#endif
524 return 0; 526 return 0;
525} 527}
526
527#ifdef WITH_OPENSSL
528#define EVP_X_STATE(evp) (evp)->cipher_data
529#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
530#endif
531
532int
533cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
534{
535#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
536 const struct sshcipher *c = cc->cipher;
537 int plen = 0;
538
539 if (c->evptype == EVP_rc4) {
540 plen = EVP_X_STATE_LEN(cc->evp);
541 if (dat == NULL)
542 return (plen);
543 memcpy(dat, EVP_X_STATE(cc->evp), plen);
544 }
545 return (plen);
546#else
547 return 0;
548#endif
549}
550
551void
552cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
553{
554#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
555 const struct sshcipher *c = cc->cipher;
556 int plen;
557
558 if (c->evptype == EVP_rc4) {
559 plen = EVP_X_STATE_LEN(cc->evp);
560 memcpy(EVP_X_STATE(cc->evp), dat, plen);
561 }
562#endif
563}