mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-06 09:39:48 +00:00
3ff92ba756
[key.c] suppress spurious error message when loading key with a passphrase; reported by kettenis@ ok markus@ - djm@cvs.openbsd.org 2014/07/02 04:59:06 [cipher-3des1.c] fix ssh protocol 1 on the server that regressed with the sshkey change (sometimes fatal() after auth completed), make file return useful status codes. NB. Id sync only for these two. They were bundled into the sshkey merge above, since it was easier to sync the entire file and then apply portable-specific changed atop it.
165 lines
4.6 KiB
C
165 lines
4.6 KiB
C
/* $OpenBSD: cipher-3des1.c,v 1.11 2014/07/02 04:59:06 djm Exp $ */
|
|
/*
|
|
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include "xmalloc.h"
|
|
#include "log.h"
|
|
#include "ssherr.h"
|
|
|
|
/*
|
|
* This is used by SSH1:
|
|
*
|
|
* What kind of triple DES are these 2 routines?
|
|
*
|
|
* Why is there a redundant initialization vector?
|
|
*
|
|
* If only iv3 was used, then, this would till effect have been
|
|
* outer-cbc. However, there is also a private iv1 == iv2 which
|
|
* perhaps makes differential analysis easier. On the other hand, the
|
|
* private iv1 probably makes the CRC-32 attack ineffective. This is a
|
|
* result of that there is no longer any known iv1 to use when
|
|
* choosing the X block.
|
|
*/
|
|
struct ssh1_3des_ctx
|
|
{
|
|
EVP_CIPHER_CTX k1, k2, k3;
|
|
};
|
|
|
|
const EVP_CIPHER * evp_ssh1_3des(void);
|
|
int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
|
|
|
|
static int
|
|
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
|
int enc)
|
|
{
|
|
struct ssh1_3des_ctx *c;
|
|
u_char *k1, *k2, *k3;
|
|
|
|
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
|
|
if ((c = calloc(1, sizeof(*c))) == NULL)
|
|
return 0;
|
|
EVP_CIPHER_CTX_set_app_data(ctx, c);
|
|
}
|
|
if (key == NULL)
|
|
return 1;
|
|
if (enc == -1)
|
|
enc = ctx->encrypt;
|
|
k1 = k2 = k3 = (u_char *) key;
|
|
k2 += 8;
|
|
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
|
|
if (enc)
|
|
k3 += 16;
|
|
else
|
|
k1 += 16;
|
|
}
|
|
EVP_CIPHER_CTX_init(&c->k1);
|
|
EVP_CIPHER_CTX_init(&c->k2);
|
|
EVP_CIPHER_CTX_init(&c->k3);
|
|
if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
|
|
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
|
|
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
|
|
explicit_bzero(c, sizeof(*c));
|
|
free(c);
|
|
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
static int
|
|
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len)
|
|
{
|
|
struct ssh1_3des_ctx *c;
|
|
|
|
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
|
|
return 0;
|
|
if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
|
|
EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
|
|
EVP_Cipher(&c->k3, dest, dest, len) == 0)
|
|
return 0;
|
|
return 1;
|
|
}
|
|
|
|
static int
|
|
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
|
{
|
|
struct ssh1_3des_ctx *c;
|
|
|
|
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
|
|
EVP_CIPHER_CTX_cleanup(&c->k1);
|
|
EVP_CIPHER_CTX_cleanup(&c->k2);
|
|
EVP_CIPHER_CTX_cleanup(&c->k3);
|
|
explicit_bzero(c, sizeof(*c));
|
|
free(c);
|
|
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int
|
|
ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
|
|
{
|
|
struct ssh1_3des_ctx *c;
|
|
|
|
if (len != 24)
|
|
return SSH_ERR_INVALID_ARGUMENT;
|
|
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
|
|
return SSH_ERR_INTERNAL_ERROR;
|
|
if (doset) {
|
|
memcpy(c->k1.iv, iv, 8);
|
|
memcpy(c->k2.iv, iv + 8, 8);
|
|
memcpy(c->k3.iv, iv + 16, 8);
|
|
} else {
|
|
memcpy(iv, c->k1.iv, 8);
|
|
memcpy(iv + 8, c->k2.iv, 8);
|
|
memcpy(iv + 16, c->k3.iv, 8);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
const EVP_CIPHER *
|
|
evp_ssh1_3des(void)
|
|
{
|
|
static EVP_CIPHER ssh1_3des;
|
|
|
|
memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
|
|
ssh1_3des.nid = NID_undef;
|
|
ssh1_3des.block_size = 8;
|
|
ssh1_3des.iv_len = 0;
|
|
ssh1_3des.key_len = 16;
|
|
ssh1_3des.init = ssh1_3des_init;
|
|
ssh1_3des.cleanup = ssh1_3des_cleanup;
|
|
ssh1_3des.do_cipher = ssh1_3des_cbc;
|
|
ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
|
|
return &ssh1_3des;
|
|
}
|