tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our

Browse Source 
compat code for older OpenSSL
This commit is contained in:
Damien Miller 2012-12-13 08:18:56 +11:00
parent 8c05da3326
commit 25a02b0c95
4 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -5,6 +5,12 @@
reset incoming_packet buffer for each new packet in EtM-case, too; reset incoming_packet buffer for each new packet in EtM-case, too;
this happens if packets are parsed only parially (e.g. ignore this happens if packets are parsed only parially (e.g. ignore
messages sent when su/sudo turn off echo); noted by sthen/millert messages sent when su/sudo turn off echo); noted by sthen/millert
- naddy@cvs.openbsd.org 2012/12/12 16:46:10
[cipher.c]
use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
counter mode code; ok djm@
- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
compat code for older OpenSSL
20121212 20121212
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync

3
cipher-ctr.c
View File

@ -16,6 +16,7 @@
*/ */
#include "includes.h" #include "includes.h"
#ifndef OPENSSL_HAVE_EVPCTR
#include <sys/types.h> #include <sys/types.h>
#include <stdarg.h> #include <stdarg.h>
@ -144,3 +145,5 @@ evp_aes_128_ctr(void)
#endif #endif
return (&aes_ctr); return (&aes_ctr);
} }
#endif /* OPENSSL_HAVE_EVPCTR */

22
cipher.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher.c,v 1.83 2012/12/11 22:31:18 markus Exp $ */ /* $OpenBSD: cipher.c,v 1.84 2012/12/12 16:46:10 naddy Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -54,8 +54,12 @@
extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_bf(void);
extern const EVP_CIPHER *evp_ssh1_3des(void); extern const EVP_CIPHER *evp_ssh1_3des(void);
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
extern const EVP_CIPHER *evp_aes_128_ctr(void); #ifndef OPENSSL_HAVE_EVPCTR
#define EVP_aes_128_ctr evp_aes_128_ctr
#define EVP_aes_192_ctr evp_aes_128_ctr
#define EVP_aes_256_ctr evp_aes_128_ctr
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
#endif
struct Cipher { struct Cipher {
char *name; char *name;
@ -82,9 +86,9 @@ struct Cipher {
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
{ "rijndael-cbc@lysator.liu.se", { "rijndael-cbc@lysator.liu.se",
SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, EVP_aes_128_ctr },
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, EVP_aes_192_ctr },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, EVP_aes_256_ctr },
#ifdef USE_CIPHER_ACSS #ifdef USE_CIPHER_ACSS
{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
#endif #endif
@ -363,10 +367,12 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
ssh_rijndael_iv(&cc->evp, 0, iv, len); ssh_rijndael_iv(&cc->evp, 0, iv, len);
else else
#endif #endif
#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr) if (c->evptype == evp_aes_128_ctr)
ssh_aes_ctr_iv(&cc->evp, 0, iv, len); ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
else else
memcpy(iv, cc->evp.iv, len); #endif
memcpy(iv, cc->evp.iv, len);
break; break;
case SSH_CIPHER_3DES: case SSH_CIPHER_3DES:
ssh1_3des_iv(&cc->evp, 0, iv, 24); ssh1_3des_iv(&cc->evp, 0, iv, 24);
@ -394,10 +400,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
ssh_rijndael_iv(&cc->evp, 1, iv, evplen); ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
else else
#endif #endif
#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr) if (c->evptype == evp_aes_128_ctr)
ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
else else
memcpy(cc->evp.iv, iv, evplen); #endif
memcpy(cc->evp.iv, iv, evplen);
break; break;
case SSH_CIPHER_3DES: case SSH_CIPHER_3DES:
ssh1_3des_iv(&cc->evp, 1, iv, 24); ssh1_3des_iv(&cc->evp, 1, iv, 24);

25
configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.498 2012/12/03 01:35:55 djm Exp $ # $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $
# #
# Copyright (c) 1999-2004 Damien Miller # Copyright (c) 1999-2004 Damien Miller
# #
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
AC_REVISION($Revision: 1.498 $) AC_REVISION($Revision: 1.499 $)
AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C]) AC_LANG([C])
@ -2299,6 +2299,27 @@ AC_LINK_IFELSE(
] ]
) )
# Check for OpenSSL with EVP_aes_*ctr
AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/evp.h>
]], [[
exit(EVP_aes_128_ctr() == NULL ||
EVP_aes_192_cbc() == NULL ||
EVP_aes_256_cbc() == NULL);
]])],
[
AC_MSG_RESULT([yes])
AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
[libcrypto has EVP AES CTR])
],
[
AC_MSG_RESULT([no])
]
)
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
AC_LINK_IFELSE( AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[ [AC_LANG_PROGRAM([[