diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | cipher-ctr.c | 3 | ||||
| -rw-r--r-- | cipher.c | 22 | ||||
| -rw-r--r-- | configure.ac | 25 |
4 files changed, 47 insertions, 9 deletions
@@ -5,6 +5,12 @@ reset incoming_packet buffer for each new packet in EtM-case, too; this happens if packets are parsed only parially (e.g. ignore messages sent when su/sudo turn off echo); noted by sthen/millert + - naddy@cvs.openbsd.org 2012/12/12 16:46:10 + [cipher.c] + use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled + counter mode code; ok djm@ + - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our + compat code for older OpenSSL 20121212 - (djm) OpenBSD CVS Sync diff --git a/cipher-ctr.c b/cipher-ctr.c index 04975b4b..f053abe2 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -16,6 +16,7 @@ */ #include "includes.h" +#ifndef OPENSSL_HAVE_EVPCTR #include <sys/types.h> #include <stdarg.h> @@ -144,3 +145,5 @@ evp_aes_128_ctr(void) #endif return (&aes_ctr); } + +#endif /* OPENSSL_HAVE_EVPCTR */ @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.83 2012/12/11 22:31:18 markus Exp $ */ +/* $OpenBSD: cipher.c,v 1.84 2012/12/12 16:46:10 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -54,8 +54,12 @@ extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); -extern const EVP_CIPHER *evp_aes_128_ctr(void); +#ifndef OPENSSL_HAVE_EVPCTR +#define EVP_aes_128_ctr evp_aes_128_ctr +#define EVP_aes_192_ctr evp_aes_128_ctr +#define EVP_aes_256_ctr evp_aes_128_ctr extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +#endif struct Cipher { char *name; @@ -82,9 +86,9 @@ struct Cipher { { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, EVP_aes_256_ctr }, #ifdef USE_CIPHER_ACSS { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, #endif @@ -363,10 +367,12 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) ssh_rijndael_iv(&cc->evp, 0, iv, len); else #endif +#ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else - memcpy(iv, cc->evp.iv, len); +#endif + memcpy(iv, cc->evp.iv, len); break; case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); @@ -394,10 +400,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else #endif +#ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); else - memcpy(cc->evp.iv, iv, evplen); +#endif + memcpy(cc->evp.iv, iv, evplen); break; case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); diff --git a/configure.ac b/configure.ac index 8b32e40c..64c231b7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.498 2012/12/03 01:35:55 djm Exp $ +# $Id: configure.ac,v 1.499 2012/12/12 21:18:56 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.498 $) +AC_REVISION($Revision: 1.499 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2299,6 +2299,27 @@ AC_LINK_IFELSE( ] ) +# Check for OpenSSL with EVP_aes_*ctr +AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ +#include <string.h> +#include <openssl/evp.h> + ]], [[ + exit(EVP_aes_128_ctr() == NULL || + EVP_aes_192_cbc() == NULL || + EVP_aes_256_cbc() == NULL); + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], + [libcrypto has EVP AES CTR]) + ], + [ + AC_MSG_RESULT([no]) + ] +) + AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ |