http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz committe...

[gssapi-openssh.git] / openssh / cipher.c

diff --git a/openssh/cipher.c b/openssh/cipher.c
index b264063c40314e696ecf990e103bd6f4ae64968c..05394c4f2288b439a59d44b7240a28ff7127c829 100644 (file)
--- a/openssh/cipher.c
+++ b/openssh/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
 extern const EVP_CIPHER *evp_aes_128_ctr(void);
+extern const EVP_CIPHER *evp_aes_ctr_mt(void);
 extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 
 struct Cipher {
@@ -63,31 +64,32 @@ struct Cipher {
        u_int   block_size;
        u_int   key_len;
        u_int   discard_len;
+       u_int   cbc_mode;
        const EVP_CIPHER        *(*evptype)(void);
 } ciphers[] = {
-       { "none",               SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
-       { "des",                SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
-       { "3des",               SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
-       { "blowfish",           SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
-
-       { "3des-cbc",           SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
-       { "blowfish-cbc",       SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
-       { "cast128-cbc",        SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
-       { "arcfour",            SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
-       { "arcfour128",         SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
-       { "arcfour256",         SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
-       { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
-       { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
-       { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+       { "none",               SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
+       { "des",                SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
+       { "3des",               SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
+       { "blowfish",           SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
+
+       { "3des-cbc",           SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
+       { "blowfish-cbc",       SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
+       { "cast128-cbc",        SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
+       { "arcfour",            SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
+       { "arcfour128",         SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
+       { "arcfour256",         SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
+       { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
+       { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
+       { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
        { "rijndael-cbc@lysator.liu.se",
-                               SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
-       { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
-       { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
-       { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+                               SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+       { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_ctr_mt },
+       { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_ctr_mt },
+       { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_ctr_mt },
 #ifdef USE_CIPHER_ACSS
-       { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
+       { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
 #endif
-       { NULL,                 SSH_CIPHER_INVALID, 0, 0, 0, NULL }
+       { NULL,                 SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
 };
 
 /*--*/
@@ -110,6 +112,12 @@ cipher_get_number(const Cipher *c)
        return (c->number);
 }
 
+u_int
+cipher_is_cbc(const Cipher *c)
+{
+       return (c->cbc_mode);
+}
+
 u_int
 cipher_mask_ssh1(int client)
 {
@@ -156,7 +164,8 @@ ciphers_valid(const char *names)
        for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
            (p = strsep(&cp, CIPHER_SEP))) {
                c = cipher_by_name(p);
-               if (c == NULL || c->number != SSH_CIPHER_SSH2) {
+               if (c == NULL || (c->number != SSH_CIPHER_SSH2 && 
+c->number != SSH_CIPHER_NONE)) {
                        debug("bad cipher %s [%s]", p, names);
                        xfree(cipher_list);
                        return 0;
@@ -330,6 +339,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
        int evplen;
 
        switch (c->number) {
+       case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH:
@@ -364,6 +374,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
        int evplen = 0;
 
        switch (c->number) {
+       case SSH_CIPHER_NONE:
        case SSH_CIPHER_SSH2:
        case SSH_CIPHER_DES:
        case SSH_CIPHER_BLOWFISH: