Initial revision

[gssapi-openssh.git] / openssh / cipher.c

diff --git a/openssh/cipher.c b/openssh/cipher.c
index 0dddf270af90186fca423bd3f953afe7ba0b4f3c..75512922e4f080d9b3cac51a6924b20e00d5b66c 100644 (file)
--- a/openssh/cipher.c
+++ b/openssh/cipher.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,14 +36,18 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $");
+
+#include <sys/types.h>
+
+#include <openssl/md5.h>
+
+#include <string.h>
+#include <stdarg.h>
 
 #include "xmalloc.h"
 #include "log.h"
 #include "cipher.h"
 
-#include <openssl/md5.h>
-
 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
 
@@ -50,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
 extern const EVP_CIPHER *evp_aes_128_ctr(void);
+extern const EVP_CIPHER *evp_aes_ctr_mt(void);
 extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 
 struct Cipher {
@@ -76,9 +82,9 @@ struct Cipher {
        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
        { "rijndael-cbc@lysator.liu.se",
                                SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
-       { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
-       { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
-       { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+       { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt },
+       { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt },
+       { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt },
 #ifdef USE_CIPHER_ACSS
        { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
 #endif
@@ -151,7 +157,8 @@ ciphers_valid(const char *names)
        for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
            (p = strsep(&cp, CIPHER_SEP))) {
                c = cipher_by_name(p);
-               if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+               if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
+                                 c->number != SSH_CIPHER_NONE)) {
                        debug("bad cipher %s [%s]", p, names);
                        xfree(cipher_list);
                        return 0;
@@ -325,6 +332,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
        int evplen;
 
        switch (c->number) {
+       case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
@@ -334,7 +342,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
                if ((u_int)evplen != len)
                        fatal("%s: wrong iv length %d != %d", __func__,
                            evplen, len);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#ifdef USE_BUILTIN_RIJNDAEL
                if (c->evptype == evp_rijndael)
                        ssh_rijndael_iv(&cc->evp, 0, iv, len);
                else
@@ -359,13 +367,14 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
        int evplen = 0;
 
        switch (c->number) {
+       case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
                evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
                if (evplen == 0)
                        return;
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#ifdef USE_BUILTIN_RIJNDAEL
                if (c->evptype == evp_rijndael)
                        ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
                else