mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little cipher compat code to openssl-compat.h
This commit is contained in:
parent
1d75abfe23
commit
d522c68872
@ -37,6 +37,9 @@
|
|||||||
[myproposal.h packet.c ssh_config.5 sshd_config.5]
|
[myproposal.h packet.c ssh_config.5 sshd_config.5]
|
||||||
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
|
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
|
||||||
ok and feedback djm@
|
ok and feedback djm@
|
||||||
|
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
|
||||||
|
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
|
||||||
|
cipher compat code to openssl-compat.h
|
||||||
|
|
||||||
20121217
|
20121217
|
||||||
- (dtucker) [Makefile.in] Add some scaffolding so that the new regress
|
- (dtucker) [Makefile.in] Add some scaffolding so that the new regress
|
||||||
|
21
cipher.c
21
cipher.c
@ -54,25 +54,18 @@
|
|||||||
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
extern const EVP_CIPHER *evp_ssh1_bf(void);
|
||||||
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
extern const EVP_CIPHER *evp_ssh1_3des(void);
|
||||||
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
||||||
#ifndef OPENSSL_HAVE_EVPCTR
|
|
||||||
#define EVP_aes_128_ctr evp_aes_128_ctr
|
|
||||||
#define EVP_aes_192_ctr evp_aes_128_ctr
|
|
||||||
#define EVP_aes_256_ctr evp_aes_128_ctr
|
|
||||||
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
|
||||||
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct Cipher {
|
struct Cipher {
|
||||||
char *name;
|
char *name;
|
||||||
int number; /* for ssh1 only */
|
int number; /* for ssh1 only */
|
||||||
u_int block_size;
|
u_int block_size;
|
||||||
u_int key_len;
|
u_int key_len;
|
||||||
|
u_int iv_len; /* defaults to block_size */
|
||||||
|
u_int auth_len;
|
||||||
u_int discard_len;
|
u_int discard_len;
|
||||||
u_int cbc_mode;
|
u_int cbc_mode;
|
||||||
const EVP_CIPHER *(*evptype)(void);
|
const EVP_CIPHER *(*evptype)(void);
|
||||||
} ciphers[] = {
|
} ciphers[] = {
|
||||||
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
|
|
||||||
|
|
||||||
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
||||||
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
||||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
||||||
@ -94,10 +87,12 @@ struct Cipher {
|
|||||||
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
|
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
|
||||||
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
|
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
|
||||||
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
|
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
|
||||||
|
#ifdef OPENSSL_HAVE_EVPGCM
|
||||||
{ "aes128-gcm@openssh.com",
|
{ "aes128-gcm@openssh.com",
|
||||||
SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
|
SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
|
||||||
{ "aes256-gcm@openssh.com",
|
{ "aes256-gcm@openssh.com",
|
||||||
SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
|
SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
|
||||||
|
#endif
|
||||||
#ifdef USE_CIPHER_ACSS
|
#ifdef USE_CIPHER_ACSS
|
||||||
{ "acss@openssh.org",
|
{ "acss@openssh.org",
|
||||||
SSH_CIPHER_SSH2, 16, 5, 0, 0, 0, 0, EVP_acss },
|
SSH_CIPHER_SSH2, 16, 5, 0, 0, 0, 0, EVP_acss },
|
||||||
@ -473,14 +468,6 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
|
||||||
#define EVP_X_STATE(evp) &(evp).c
|
|
||||||
#define EVP_X_STATE_LEN(evp) sizeof((evp).c)
|
|
||||||
#else
|
|
||||||
#define EVP_X_STATE(evp) (evp).cipher_data
|
|
||||||
#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
|
|
||||||
#endif
|
|
||||||
|
|
||||||
int
|
int
|
||||||
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
|
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
|
||||||
{
|
{
|
||||||
|
24
configure.ac
24
configure.ac
@ -1,4 +1,4 @@
|
|||||||
# $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $
|
# $Id: configure.ac,v 1.500 2013/01/09 05:42:47 djm Exp $
|
||||||
#
|
#
|
||||||
# Copyright (c) 1999-2004 Damien Miller
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
#
|
#
|
||||||
@ -15,7 +15,7 @@
|
|||||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||||
AC_REVISION($Revision: 1.499 $)
|
AC_REVISION($Revision: 1.500 $)
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
AC_LANG([C])
|
AC_LANG([C])
|
||||||
|
|
||||||
@ -2320,6 +2320,26 @@ AC_LINK_IFELSE(
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Check for OpenSSL with EVP_aes_*gcm
|
||||||
|
AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
|
||||||
|
AC_LINK_IFELSE(
|
||||||
|
[AC_LANG_PROGRAM([[
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
]], [[
|
||||||
|
exit(EVP_aes_128_gcm() == NULL ||
|
||||||
|
EVP_aes_256_gcm() == NULL);
|
||||||
|
]])],
|
||||||
|
[
|
||||||
|
AC_MSG_RESULT([yes])
|
||||||
|
AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
|
||||||
|
[libcrypto has EVP AES GCM])
|
||||||
|
],
|
||||||
|
[
|
||||||
|
AC_MSG_RESULT([no])
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
|
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
|
||||||
AC_LINK_IFELSE(
|
AC_LINK_IFELSE(
|
||||||
[AC_LANG_PROGRAM([[
|
[AC_LANG_PROGRAM([[
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */
|
/* $Id: openssl-compat.h,v 1.21 2013/01/09 05:42:49 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||||
@ -63,6 +63,30 @@ extern const EVP_CIPHER *evp_rijndael(void);
|
|||||||
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_HAVE_EVPCTR
|
||||||
|
#define EVP_aes_128_ctr evp_aes_128_ctr
|
||||||
|
#define EVP_aes_192_ctr evp_aes_128_ctr
|
||||||
|
#define EVP_aes_256_ctr evp_aes_128_ctr
|
||||||
|
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
||||||
|
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Avoid some #ifdef. Code that uses these is unreachable without GCM */
|
||||||
|
#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED)
|
||||||
|
# define EVP_CTRL_GCM_SET_IV_FIXED -1
|
||||||
|
# define EVP_CTRL_GCM_IV_GEN -1
|
||||||
|
# define EVP_CTRL_GCM_SET_TAG -1
|
||||||
|
# define EVP_CTRL_GCM_GET_TAG -1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||||
|
#define EVP_X_STATE(evp) &(evp).c
|
||||||
|
#define EVP_X_STATE_LEN(evp) sizeof((evp).c)
|
||||||
|
#else
|
||||||
|
#define EVP_X_STATE(evp) (evp).cipher_data
|
||||||
|
#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
|
||||||
|
#endif
|
||||||
|
|
||||||
#if !defined(EVP_CTRL_SET_ACSS_MODE)
|
#if !defined(EVP_CTRL_SET_ACSS_MODE)
|
||||||
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||||
# define USE_CIPHER_ACSS 1
|
# define USE_CIPHER_ACSS 1
|
||||||
|
Loading…
Reference in New Issue
Block a user