From 4f0fe684daa4f35e1c91224e144c91b4869946fa Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 27 Jan 2004 21:19:21 +1100
Subject:  - (djm) OpenBSD CVS Sync    - hshoexer@cvs.openbsd.org 2004/01/23
 17:06:03      [cipher.c]      enable acss for ssh      ok deraadt@ markus@  -
 (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS    if libcrypto
 lacks it

---
 cipher.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'cipher.c')

diff --git a/cipher.c b/cipher.c
index a1c40cc4a..190b8688b 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.67 2004/01/23 17:06:03 hshoexer Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
 extern const EVP_CIPHER *evp_rijndael(void);
 extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 #endif
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+#  define EVP_CTRL_SET_ACSS_MODE xxx	/* used below */
+# else
+#  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
+# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
+#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
+
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -92,7 +103,9 @@ struct Cipher {
 	{ "aes192-ctr", 	SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
 	{ "aes256-ctr", 	SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
 #endif
-
+#if defined(EVP_CTRL_SET_ACSS_MODE)
+	{ "acss@openbsd.org",	SSH_CIPHER_SSH2, 16, 5, EVP_acss },
+#endif
 	{ NULL,			SSH_CIPHER_ILLEGAL, 0, 0, NULL }
 };
 
@@ -402,7 +415,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 	Cipher *c = cc->cipher;
 	int plen = 0;
 
-	if (c->evptype == EVP_rc4) {
+	if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
 		plen = EVP_X_STATE_LEN(cc->evp);
 		if (dat == NULL)
 			return (plen);
@@ -417,7 +430,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
 	Cipher *c = cc->cipher;
 	int plen;
 
-	if (c->evptype == EVP_rc4) {
+	if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
 		plen = EVP_X_STATE_LEN(cc->evp);
 		memcpy(EVP_X_STATE(cc->evp), dat, plen);
 	}
-- 
cgit v1.2.3