- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
openbsd-compat/openssl-compat.h] Check for and work around broken AES ciphers >128bit on (some) Solaris 10 systems. ok djm@
This commit is contained in:
Darren Tucker
parent
d40c66cf3f
commit
129d0bb6a6
|
|
@ -1,3 +1,8 @@
|
|||
20051219
|
||||
- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
|
||||
openbsd-compat/openssl-compat.h] Check for and work around broken AES
|
||||
ciphers >128bit on (some) Solaris 10 systems. ok djm@
|
||||
|
||||
20051217
|
||||
- (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
|
||||
scp.c also uses, so undef them here.
|
||||
|
|
@ -3466,4 +3471,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4030 2005/12/17 11:32:03 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4031 2005/12/19 06:40:40 dtucker Exp $
|
||||
|
|
|
|||
12
cipher-aes.c
12
cipher-aes.c
|
|
@ -23,7 +23,11 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
|
||||
/* compatibility with old or broken OpenSSL versions */
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
|
@ -31,10 +35,6 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
|
|||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00906000L
|
||||
#define SSH_OLD_EVP
|
||||
#endif
|
||||
|
||||
#define RIJNDAEL_BLOCKSIZE 16
|
||||
struct ssh_rijndael_ctx
|
||||
{
|
||||
|
|
@ -157,4 +157,4 @@ evp_rijndael(void)
|
|||
#endif
|
||||
return (&rijndal_cbc);
|
||||
}
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
#endif /* USE_BUILTIN_RIJNDAEL */
|
||||
|
|
|
|||
|
|
@ -21,11 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
|
|||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00906000L
|
||||
#define SSH_OLD_EVP
|
||||
#endif
|
||||
/* compatibility with old or broken OpenSSL versions */
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
#include "rijndael.h"
|
||||
#define AES_KEY rijndael_ctx
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
|
|
|||
4
cipher.c
4
cipher.c
|
|
@ -334,7 +334,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
|
|||
if ((u_int)evplen != len)
|
||||
fatal("%s: wrong iv length %d != %d", __func__,
|
||||
evplen, len);
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
if (c->evptype == evp_rijndael)
|
||||
ssh_rijndael_iv(&cc->evp, 0, iv, len);
|
||||
else
|
||||
|
|
@ -365,7 +365,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
|
|||
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
|
||||
if (evplen == 0)
|
||||
return;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
if (c->evptype == evp_rijndael)
|
||||
ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
|
||||
else
|
||||
|
|
|
|||
20
configure.ac
20
configure.ac
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.315 2005/12/17 11:32:03 dtucker Exp $
|
||||
# $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
|
@ -1803,6 +1803,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.])
|
|||
]
|
||||
)
|
||||
|
||||
# Check for OpenSSL without EVP_aes_{192,256}_cbc
|
||||
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
|
||||
]])],
|
||||
[
|
||||
AC_MSG_RESULT(no)
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
|
||||
[libcrypto is missing AES 192 and 256 bit functions])
|
||||
]
|
||||
)
|
||||
|
||||
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
|
||||
# because the system crypt() is more featureful.
|
||||
if test "x$check_for_libcrypt_before" = "x1"; then
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: openssl-compat.h,v 1.2 2005/11/20 03:10:00 dtucker Exp $ */
|
||||
/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
|
|
@ -24,7 +24,11 @@
|
|||
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES)
|
||||
# define USE_BUILTIN_RIJNDAEL
|
||||
#endif
|
||||
|
||||
#ifdef USE_BUILTIN_RIJNDAEL
|
||||
# define EVP_aes_128_cbc evp_rijndael
|
||||
# define EVP_aes_192_cbc evp_rijndael
|
||||
# define EVP_aes_256_cbc evp_rijndael
|
||||
|
|
|
|||
Loading…
Reference in New Issue