From 135247df179e55e1aafd8b88ebbe0883b0539467 Mon Sep 17 00:00:00 2001 From: mouring Date: Thu, 6 Jun 2002 20:50:07 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2002/05/30 08:07:31 [cipher.c] use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@ --- ChangeLog | 5 +++++ cipher.c | 28 +++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 50af40d4..db33f514 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,11 @@ [sshd.c] don't start if privsep is enabled and SSH_PRIVSEP_USER or _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ + - markus@cvs.openbsd.org 2002/05/30 08:07:31 + [cipher.c] + use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of + our own implementation. allow use of AES hardware via libcrypto, + ok deraadt@ 20020604 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed diff --git a/cipher.c b/cipher.c index 0078f5aa..db5a7228 100644 --- a/cipher.c +++ b/cipher.c @@ -35,23 +35,25 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.56 2002/05/16 22:02:50 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.57 2002/05/30 08:07:31 markus Exp $"); #include "xmalloc.h" #include "log.h" #include "cipher.h" #include -#include "rijndael.h" #if OPENSSL_VERSION_NUMBER < 0x00906000L #define SSH_OLD_EVP #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif +#if OPENSSL_VERSION_NUMBER < 0x00907000L +#include "rijndael.h" +static const EVP_CIPHER *evp_rijndael(void); +#endif static const EVP_CIPHER *evp_ssh1_3des(void); static const EVP_CIPHER *evp_ssh1_bf(void); -static const EVP_CIPHER *evp_rijndael(void); struct Cipher { char *name; @@ -69,11 +71,19 @@ struct Cipher { { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, +#if OPENSSL_VERSION_NUMBER < 0x00907000L { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, +#else + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, + { "rijndael-cbc@lysator.liu.se", + SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, +#endif { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } }; @@ -444,6 +454,7 @@ evp_ssh1_bf(void) return (&ssh1_bf); } +#if OPENSSL_VERSION_NUMBER < 0x00907000L /* RIJNDAEL */ #define RIJNDAEL_BLOCKSIZE 16 struct ssh_rijndael_ctx @@ -548,6 +559,7 @@ evp_rijndael(void) #endif return (&rijndal_cbc); } +#endif /* * Exports an IV from the CipherContext required to export the key @@ -586,6 +598,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) fatal("%s: wrong iv length %d != %d", __FUNCTION__, evplen, len); +#if OPENSSL_VERSION_NUMBER < 0x00907000L if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; @@ -593,7 +606,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if (aesc == NULL) fatal("%s: no rijndael context", __FUNCTION__); civ = aesc->r_iv; - } else { + } else +#endif + { civ = cc->evp.iv; } break; @@ -631,6 +646,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (evplen == 0) return; +#if OPENSSL_VERSION_NUMBER < 0x00907000L if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; @@ -638,7 +654,9 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (aesc == NULL) fatal("%s: no rijndael context", __FUNCTION__); div = aesc->r_iv; - }else { + } else +#endif + { div = cc->evp.iv; } break; -- 2.45.2