src/usr.bin/ssh/cipher.c - diff

Return to cipher.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/cipher.c between version 1.68 and 1.68.2.2

version 1.68, 2004/01/23 19:26:33

version 1.68.2.2, 2005/03/10 17:15:04

Line 43

#include <openssl/md5.h>

#if OPENSSL_VERSION_NUMBER < 0x00907000L

extern const EVP_CIPHER *evp_rijndael(void);

extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);

#endif

extern const EVP_CIPHER *evp_ssh1_bf(void);

extern const EVP_CIPHER *evp_ssh1_3des(void);

extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);

Line 60

Line 56

u_int key_len;

const EVP_CIPHER *(*evptype)(void);

} ciphers[] = {

{ "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },

{ "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },

{ "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },

{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },

{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },

{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },

{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },

{ "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },

#if OPENSSL_VERSION_NUMBER < 0x00907000L

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

#else

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

#endif

{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },

{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },

{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },

{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },

{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }

{ NULL, SSH_CIPHER_INVALID, 0, 0, NULL }

};

/*--*/

Line 127

Line 115

{

Cipher *c;

for (c = ciphers; c->name != NULL; c++)

if (strcasecmp(c->name, name) == 0)

if (strcmp(c->name, name) == 0)

return c;

return NULL;

}

Line 147

Line 135

ciphers_valid(const char *names)

{

Cipher *c;

char *ciphers, *cp;

char *cipher_list, *cp;

char *p;

if (names == NULL || strcmp(names, "") == 0)

return 0;

ciphers = cp = xstrdup(names);

cipher_list = cp = xstrdup(names);

for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';

(p = strsep(&cp, CIPHER_SEP))) {

c = cipher_by_name(p);

if (c == NULL || c->number != SSH_CIPHER_SSH2) {

debug("bad cipher %s [%s]", p, names);

xfree(ciphers);

xfree(cipher_list);

return 0;

} else {

debug3("cipher ok: %s [%s]", p, names);

}

debug3("ciphers ok: [%s]", names);

xfree(ciphers);

xfree(cipher_list);

return 1;

}

Line 180

Line 168

Cipher *c;

if (name == NULL)

return -1;

c = cipher_by_name(name);

for (c = ciphers; c->name != NULL; c++)

return (c==NULL) ? -1 : c->number;

if (strcasecmp(c->name, name) == 0)

return c->number;

return -1;

}

char *

Line 194

Line 184

void

cipher_init(CipherContext *cc, Cipher *cipher,

const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,

int encrypt)

int do_encrypt)

{

static int dowarn = 1;

const EVP_CIPHER *type;

Line 223

Line 213

EVP_CIPHER_CTX_init(&cc->evp);

if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,

(encrypt == CIPHER_ENCRYPT)) == 0)

(do_encrypt == CIPHER_ENCRYPT)) == 0)

fatal("cipher_init: EVP_CipherInit failed for %s",

cipher->name);

klen = EVP_CIPHER_CTX_key_length(&cc->evp);

Line 261

Line 251

void

cipher_set_key_string(CipherContext *cc, Cipher *cipher,

const char *passphrase, int encrypt)

const char *passphrase, int do_encrypt)

{

MD5_CTX md;

u_char digest[16];

Line 270

Line 260

MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));

MD5_Final(digest, &md);

cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt);

cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);

memset(digest, 0, sizeof(digest));

memset(&md, 0, sizeof(md));

Line 311

Line 301

if (evplen != len)

fatal("%s: wrong iv length %d != %d", __func__,

evplen, len);

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael)

ssh_rijndael_iv(&cc->evp, 0, iv, len);

else

#endif

if (c->evptype == evp_aes_128_ctr)

ssh_aes_ctr_iv(&cc->evp, 0, iv, len);

else

Line 342

Line 327

evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);

if (evplen == 0)

return;

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael)

ssh_rijndael_iv(&cc->evp, 1, iv, evplen);

else

#endif

if (c->evptype == evp_aes_128_ctr)

ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);

else

Line 360

Line 340

}

#if OPENSSL_VERSION_NUMBER < 0x00907000L

#define EVP_X_STATE(evp) &(evp).c

#define EVP_X_STATE_LEN(evp) sizeof((evp).c)

#else

#define EVP_X_STATE(evp) (evp).cipher_data

#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size

#endif

int

cipher_get_keycontext(const CipherContext *cc, u_char *dat)