diff options
| author | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:02 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:02 +1000 |
| commit | 8668706d0f52654fe64c0ca41a96113aeab8d2b8 (patch) | |
| tree | 73e78e1ea3d39206e39870bbe0af17d6c430fb51 /cipher-3des1.c | |
| parent | 2cd7929250cf9e9f658d70dcd452f529ba08c942 (diff) | |
- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
Diffstat (limited to 'cipher-3des1.c')
| -rw-r--r-- | cipher-3des1.c | 55 |
1 files changed, 18 insertions, 37 deletions
diff --git a/cipher-3des1.c b/cipher-3des1.c index b2823592..5361f517 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -29,13 +29,11 @@ #include <openssl/evp.h> -#include <stdarg.h> #include <string.h> #include "xmalloc.h" #include "log.h" - -#include "openbsd-compat/openssl-compat.h" +#include "ssherr.h" /* * This is used by SSH1: @@ -57,7 +55,7 @@ struct ssh1_3des_ctx }; const EVP_CIPHER * evp_ssh1_3des(void); -void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, @@ -67,11 +65,12 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, u_char *k1, *k2, *k3; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - c = xcalloc(1, sizeof(*c)); + if ((c = calloc(1, sizeof(*c))) == NULL) + return 0; EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key == NULL) - return (1); + return 1; if (enc == -1) enc = ctx->encrypt; k1 = k2 = k3 = (u_char *) key; @@ -85,44 +84,29 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, EVP_CIPHER_CTX_init(&c->k1); EVP_CIPHER_CTX_init(&c->k2); EVP_CIPHER_CTX_init(&c->k3); -#ifdef SSH_OLD_EVP - EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc); - EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc); - EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc); -#else if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); - return (0); + return 0; } -#endif - return (1); + return 1; } static int -ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - LIBCRYPTO_EVP_INL_TYPE len) +ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) { struct ssh1_3des_ctx *c; - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - error("ssh1_3des_cbc: no context"); - return (0); - } -#ifdef SSH_OLD_EVP - EVP_Cipher(&c->k1, dest, (u_char *)src, len); - EVP_Cipher(&c->k2, dest, dest, len); - EVP_Cipher(&c->k3, dest, dest, len); -#else + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) + return 0; if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || EVP_Cipher(&c->k2, dest, dest, len) == 0 || EVP_Cipher(&c->k3, dest, dest, len) == 0) - return (0); -#endif - return (1); + return 0; + return 1; } static int @@ -138,29 +122,28 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } - return (1); + return 1; } -void +int ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) { struct ssh1_3des_ctx *c; if (len != 24) - fatal("%s: bad 3des iv length: %d", __func__, len); + return SSH_ERR_INVALID_ARGUMENT; if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - fatal("%s: no 3des context", __func__); + return SSH_ERR_INTERNAL_ERROR; if (doset) { - debug3("%s: Installed 3DES IV", __func__); memcpy(c->k1.iv, iv, 8); memcpy(c->k2.iv, iv + 8, 8); memcpy(c->k3.iv, iv + 16, 8); } else { - debug3("%s: Copying 3DES IV", __func__); memcpy(iv, c->k1.iv, 8); memcpy(iv + 8, c->k2.iv, 8); memcpy(iv + 16, c->k3.iv, 8); } + return 0; } const EVP_CIPHER * @@ -176,8 +159,6 @@ evp_ssh1_3des(void) ssh1_3des.init = ssh1_3des_init; ssh1_3des.cleanup = ssh1_3des_cleanup; ssh1_3des.do_cipher = ssh1_3des_cbc; -#ifndef SSH_OLD_EVP ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; -#endif - return (&ssh1_3des); + return &ssh1_3des; } |