1 files changed, 40 insertions, 0 deletions
diff --git a/cipher.c b/cipher.c
index 9e8f42f5e..5ddf819c4 100644
--- a/cipher.c
+++ b/cipher.c
@@ -541,3 +541,43 @@ evp_rijndael(void)
 #endif
        return (&rijndal_cbc);
 }
+/* 
+ * Exports an IV from the CipherContext required to export the key
+ * state back from the unprivileged child to the privileged parent
+ * process.
+ */
+void
+cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
+{
+        Cipher *c = cc->cipher;
+        u_char *civ = NULL;
+        int evplen;
+        switch (c->number) {
+        case SSH_CIPHER_SSH2:
+                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+                if (evplen == 0)
+                        return;
+                if (evplen != len)
+                        fatal("%s: wrong iv length %d != %d", __FUNCTION__,
+                            evplen, len);
+                if (strncmp(c->name, "aes", 3) == 0) {
+                        struct ssh_rijndael_ctx *aesc;
+                        aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
+                        if (aesc == NULL)
+                                fatal("ssh_rijndael_cbc: no context");
+                        civ = aesc->r_iv;
+                } else {
+                        civ = cc->evp.iv;
+                }
+                break;
+        default:
+                fatal("%s: bad cipher %d", __FUNCTION__, c->number);
+        }
+        memcpy(iv, civ, len);
+}

diff --git a/cipher.c b/cipher.c index 9e8f42f5e..5ddf819c4 100644 --- a/cipher.c +++ b/cipher.c
@@ -541,3 +541,43 @@ evp_rijndael(void)
541	#endif	541	#endif
542	return (&rijndal_cbc);	542	return (&rijndal_cbc);
543	}	543	}
		544
		545	/*
		546	* Exports an IV from the CipherContext required to export the key
		547	* state back from the unprivileged child to the privileged parent
		548	* process.
		549	*/
		550
		551	void
		552	cipher_get_keyiv(CipherContext cc, u_char iv, u_int len)
		553	{
		554	Cipher *c = cc->cipher;
		555	u_char *civ = NULL;
		556	int evplen;
		557
		558	switch (c->number) {
		559	case SSH_CIPHER_SSH2:
		560	evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
		561	if (evplen == 0)
		562	return;
		563	if (evplen != len)
		564	fatal("%s: wrong iv length %d != %d", __FUNCTION__,
		565	evplen, len);
		566
		567	if (strncmp(c->name, "aes", 3) == 0) {
		568	struct ssh_rijndael_ctx *aesc;
		569
		570	aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
		571	if (aesc == NULL)
		572	fatal("ssh_rijndael_cbc: no context");
		573	civ = aesc->r_iv;
		574	} else {
		575	civ = cc->evp.iv;
		576	}
		577	break;
		578	default:
		579	fatal("%s: bad cipher %d", __FUNCTION__, c->number);
		580	}
		581	memcpy(iv, civ, len);
		582	}
		583