summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/cipher.c b/cipher.c
index ce3f6f3ce..9e8f42f5e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -44,6 +44,11 @@ RCSID("$OpenBSD: cipher.c,v 1.52 2002/02/18 13:05:32 markus Exp $");
44#include <openssl/md5.h> 44#include <openssl/md5.h>
45#include "rijndael.h" 45#include "rijndael.h"
46 46
47#if OPENSSL_VERSION_NUMBER < 0x00906000L
48#define SSH_OLD_EVP
49#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
50#endif
51
47static EVP_CIPHER *evp_ssh1_3des(void); 52static EVP_CIPHER *evp_ssh1_3des(void);
48static EVP_CIPHER *evp_ssh1_bf(void); 53static EVP_CIPHER *evp_ssh1_bf(void);
49static EVP_CIPHER *evp_rijndael(void); 54static EVP_CIPHER *evp_rijndael(void);
@@ -171,7 +176,11 @@ cipher_init(CipherContext *cc, Cipher *cipher,
171 int encrypt) 176 int encrypt)
172{ 177{
173 static int dowarn = 1; 178 static int dowarn = 1;
179#ifdef SSH_OLD_EVP
180 EVP_CIPHER *type;
181#else
174 const EVP_CIPHER *type; 182 const EVP_CIPHER *type;
183#endif
175 int klen; 184 int klen;
176 185
177 if (cipher->number == SSH_CIPHER_DES) { 186 if (cipher->number == SSH_CIPHER_DES) {
@@ -196,6 +205,15 @@ cipher_init(CipherContext *cc, Cipher *cipher,
196 type = (*cipher->evptype)(); 205 type = (*cipher->evptype)();
197 206
198 EVP_CIPHER_CTX_init(&cc->evp); 207 EVP_CIPHER_CTX_init(&cc->evp);
208#ifdef SSH_OLD_EVP
209 if (type->key_len > 0 && type->key_len != keylen) {
210 debug("cipher_init: set keylen (%d -> %d)",
211 type->key_len, keylen);
212 type->key_len = keylen;
213 }
214 EVP_CipherInit(&cc->evp, type, (u_char *)key, (u_char *)iv,
215 (encrypt == CIPHER_ENCRYPT));
216#else
199 if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, 217 if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
200 (encrypt == CIPHER_ENCRYPT)) == 0) 218 (encrypt == CIPHER_ENCRYPT)) == 0)
201 fatal("cipher_init: EVP_CipherInit failed for %s", 219 fatal("cipher_init: EVP_CipherInit failed for %s",
@@ -210,6 +228,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
210 if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) 228 if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0)
211 fatal("cipher_init: EVP_CipherInit: set key failed for %s", 229 fatal("cipher_init: EVP_CipherInit: set key failed for %s",
212 cipher->name); 230 cipher->name);
231#endif
213} 232}
214 233
215void 234void
@@ -217,15 +236,23 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
217{ 236{
218 if (len % cc->cipher->block_size) 237 if (len % cc->cipher->block_size)
219 fatal("cipher_encrypt: bad plaintext length %d", len); 238 fatal("cipher_encrypt: bad plaintext length %d", len);
239#ifdef SSH_OLD_EVP
240 EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
241#else
220 if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) 242 if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
221 fatal("evp_crypt: EVP_Cipher failed"); 243 fatal("evp_crypt: EVP_Cipher failed");
244#endif
222} 245}
223 246
224void 247void
225cipher_cleanup(CipherContext *cc) 248cipher_cleanup(CipherContext *cc)
226{ 249{
250#ifdef SSH_OLD_EVP
251 EVP_CIPHER_CTX_cleanup(&cc->evp);
252#else
227 if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) 253 if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
228 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); 254 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
255#endif
229} 256}
230 257
231/* 258/*
@@ -296,6 +323,11 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
296 EVP_CIPHER_CTX_init(&c->k1); 323 EVP_CIPHER_CTX_init(&c->k1);
297 EVP_CIPHER_CTX_init(&c->k2); 324 EVP_CIPHER_CTX_init(&c->k2);
298 EVP_CIPHER_CTX_init(&c->k3); 325 EVP_CIPHER_CTX_init(&c->k3);
326#ifdef SSH_OLD_EVP
327 EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
328 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
329 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
330#else
299 if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || 331 if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
300 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || 332 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
301 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { 333 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
@@ -304,6 +336,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
304 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 336 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
305 return (0); 337 return (0);
306 } 338 }
339#endif
307 return (1); 340 return (1);
308} 341}
309static int 342static int
@@ -315,10 +348,16 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
315 error("ssh1_3des_cbc: no context"); 348 error("ssh1_3des_cbc: no context");
316 return (0); 349 return (0);
317 } 350 }
351#ifdef SSH_OLD_EVP
352 EVP_Cipher(&c->k1, dest, (u_char *)src, len);
353 EVP_Cipher(&c->k2, dest, dest, len);
354 EVP_Cipher(&c->k3, dest, dest, len);
355#else
318 if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || 356 if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
319 EVP_Cipher(&c->k2, dest, dest, len) == 0 || 357 EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
320 EVP_Cipher(&c->k3, dest, dest, len) == 0) 358 EVP_Cipher(&c->k3, dest, dest, len) == 0)
321 return (0); 359 return (0);
360#endif
322 return (1); 361 return (1);
323} 362}
324static int 363static int
@@ -346,7 +385,9 @@ evp_ssh1_3des(void)
346 ssh1_3des.init = ssh1_3des_init; 385 ssh1_3des.init = ssh1_3des_init;
347 ssh1_3des.cleanup = ssh1_3des_cleanup; 386 ssh1_3des.cleanup = ssh1_3des_cleanup;
348 ssh1_3des.do_cipher = ssh1_3des_cbc; 387 ssh1_3des.do_cipher = ssh1_3des_cbc;
388#ifndef SSH_OLD_EVP
349 ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; 389 ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
390#endif
350 return (&ssh1_3des); 391 return (&ssh1_3des);
351} 392}
352 393
@@ -494,7 +535,9 @@ evp_rijndael(void)
494 rijndal_cbc.init = ssh_rijndael_init; 535 rijndal_cbc.init = ssh_rijndael_init;
495 rijndal_cbc.cleanup = ssh_rijndael_cleanup; 536 rijndal_cbc.cleanup = ssh_rijndael_cleanup;
496 rijndal_cbc.do_cipher = ssh_rijndael_cbc; 537 rijndal_cbc.do_cipher = ssh_rijndael_cbc;
538#ifndef SSH_OLD_EVP
497 rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | 539 rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
498 EVP_CIPH_ALWAYS_CALL_INIT; 540 EVP_CIPH_ALWAYS_CALL_INIT;
541#endif
499 return (&rijndal_cbc); 542 return (&rijndal_cbc);
500} 543}