From 482d23bcacdd3664f21cc82a5135f66fc598275f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 13 Sep 2018 02:08:33 +0000 Subject: upstream: hold our collective noses and use the openssl-1.1.x API in OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417 --- cipher.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'cipher.c') diff --git a/cipher.c b/cipher.c index a72682a82..df43826e0 100644 --- a/cipher.c +++ b/cipher.c @@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) } int -cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) +cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) { #ifdef WITH_OPENSSL const struct sshcipher *c = cc->cipher; @@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) return 0; else if (evplen < 0) return SSH_ERR_LIBCRYPTO_ERROR; - if ((u_int)evplen != len) + if ((size_t)evplen != len) return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) @@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(iv, cc->evp->iv, len); + } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) + return SSH_ERR_LIBCRYPTO_ERROR; #endif return 0; } int -cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) +cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) { #ifdef WITH_OPENSSL const struct sshcipher *c = cc->cipher; @@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen <= 0) return SSH_ERR_LIBCRYPTO_ERROR; + if ((size_t)evplen != len) + return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ if (c->evptype == evp_aes_128_ctr) @@ -518,8 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(cc->evp->iv, iv, evplen); + } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) + return SSH_ERR_LIBCRYPTO_ERROR; #endif return 0; } -- cgit v1.2.3