diff options
Diffstat (limited to 'cipher.c')
-rw-r--r-- | cipher.c | 54 |
1 files changed, 9 insertions, 45 deletions
@@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) | |||
446 | } | 446 | } |
447 | 447 | ||
448 | int | 448 | int |
449 | cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | 449 | cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) |
450 | { | 450 | { |
451 | #ifdef WITH_OPENSSL | 451 | #ifdef WITH_OPENSSL |
452 | const struct sshcipher *c = cc->cipher; | 452 | const struct sshcipher *c = cc->cipher; |
@@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |||
473 | return 0; | 473 | return 0; |
474 | else if (evplen < 0) | 474 | else if (evplen < 0) |
475 | return SSH_ERR_LIBCRYPTO_ERROR; | 475 | return SSH_ERR_LIBCRYPTO_ERROR; |
476 | if ((u_int)evplen != len) | 476 | if ((size_t)evplen != len) |
477 | return SSH_ERR_INVALID_ARGUMENT; | 477 | return SSH_ERR_INVALID_ARGUMENT; |
478 | #ifndef OPENSSL_HAVE_EVPCTR | 478 | #ifndef OPENSSL_HAVE_EVPCTR |
479 | if (c->evptype == evp_aes_128_ctr) | 479 | if (c->evptype == evp_aes_128_ctr) |
@@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |||
484 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, | 484 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, |
485 | len, iv)) | 485 | len, iv)) |
486 | return SSH_ERR_LIBCRYPTO_ERROR; | 486 | return SSH_ERR_LIBCRYPTO_ERROR; |
487 | } else | 487 | } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) |
488 | memcpy(iv, cc->evp->iv, len); | 488 | return SSH_ERR_LIBCRYPTO_ERROR; |
489 | #endif | 489 | #endif |
490 | return 0; | 490 | return 0; |
491 | } | 491 | } |
492 | 492 | ||
493 | int | 493 | int |
494 | cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | 494 | cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) |
495 | { | 495 | { |
496 | #ifdef WITH_OPENSSL | 496 | #ifdef WITH_OPENSSL |
497 | const struct sshcipher *c = cc->cipher; | 497 | const struct sshcipher *c = cc->cipher; |
@@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |||
507 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); | 507 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); |
508 | if (evplen <= 0) | 508 | if (evplen <= 0) |
509 | return SSH_ERR_LIBCRYPTO_ERROR; | 509 | return SSH_ERR_LIBCRYPTO_ERROR; |
510 | if ((size_t)evplen != len) | ||
511 | return SSH_ERR_INVALID_ARGUMENT; | ||
510 | #ifndef OPENSSL_HAVE_EVPCTR | 512 | #ifndef OPENSSL_HAVE_EVPCTR |
511 | /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ | 513 | /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ |
512 | if (c->evptype == evp_aes_128_ctr) | 514 | if (c->evptype == evp_aes_128_ctr) |
@@ -518,46 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |||
518 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, | 520 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, |
519 | EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) | 521 | EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) |
520 | return SSH_ERR_LIBCRYPTO_ERROR; | 522 | return SSH_ERR_LIBCRYPTO_ERROR; |
521 | } else | 523 | } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) |
522 | memcpy(cc->evp->iv, iv, evplen); | 524 | return SSH_ERR_LIBCRYPTO_ERROR; |
523 | #endif | 525 | #endif |
524 | return 0; | 526 | return 0; |
525 | } | 527 | } |
526 | |||
527 | #ifdef WITH_OPENSSL | ||
528 | #define EVP_X_STATE(evp) (evp)->cipher_data | ||
529 | #define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size | ||
530 | #endif | ||
531 | |||
532 | int | ||
533 | cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) | ||
534 | { | ||
535 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) | ||
536 | const struct sshcipher *c = cc->cipher; | ||
537 | int plen = 0; | ||
538 | |||
539 | if (c->evptype == EVP_rc4) { | ||
540 | plen = EVP_X_STATE_LEN(cc->evp); | ||
541 | if (dat == NULL) | ||
542 | return (plen); | ||
543 | memcpy(dat, EVP_X_STATE(cc->evp), plen); | ||
544 | } | ||
545 | return (plen); | ||
546 | #else | ||
547 | return 0; | ||
548 | #endif | ||
549 | } | ||
550 | |||
551 | void | ||
552 | cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) | ||
553 | { | ||
554 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) | ||
555 | const struct sshcipher *c = cc->cipher; | ||
556 | int plen; | ||
557 | |||
558 | if (c->evptype == EVP_rc4) { | ||
559 | plen = EVP_X_STATE_LEN(cc->evp); | ||
560 | memcpy(EVP_X_STATE(cc->evp), dat, plen); | ||
561 | } | ||
562 | #endif | ||
563 | } | ||