From 52607c0f32906fb6d3fa195c251a20a973832e4a Mon Sep 17 00:00:00 2001 From: dtucker Date: Thu, 9 Jun 2005 11:45:10 +0000 Subject: [PATCH] - (dtucker) [cipher.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] Move compatibility code for supporting older OpenSSL versions to the compat layer. Suggested by and "no objection" djm@ --- ChangeLog | 6 +++ cipher.c | 42 +-------------------- openbsd-compat/Makefile.in | 2 +- openbsd-compat/openbsd-compat.h | 3 ++ openbsd-compat/openssl-compat.c | 44 ++++++++++++++++++++++ openbsd-compat/openssl-compat.h | 65 +++++++++++++++++++++++++++++++++ 6 files changed, 121 insertions(+), 41 deletions(-) create mode 100644 openbsd-compat/openssl-compat.c create mode 100644 openbsd-compat/openssl-compat.h diff --git a/ChangeLog b/ChangeLog index 24931305..0c46ed8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050609 + - (dtucker) [cipher.c openbsd-compat/Makefile.in + openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] + Move compatibility code for supporting older OpenSSL versions to the + compat layer. Suggested by and "no objection" djm@ + 20050607 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: in today's episode we attempt to coax it from limits.h where it may be diff --git a/cipher.c b/cipher.c index b5649294..df46c017 100644 --- a/cipher.c +++ b/cipher.c @@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); #include -#if OPENSSL_VERSION_NUMBER < 0x00906000L -#define SSH_OLD_EVP -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x00907000L -extern const EVP_CIPHER *evp_rijndael(void); -extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); -#endif - -#if !defined(EVP_CTRL_SET_ACSS_MODE) -# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) -extern const EVP_CIPHER *evp_acss(void); -# define EVP_acss evp_acss -# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */ -# else -# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */ -# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */ -#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */ - extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); @@ -88,25 +68,15 @@ struct Cipher { { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, -#if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, - { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, -#else { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, -#endif -#if OPENSSL_VERSION_NUMBER >= 0x00905000L { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, -#endif -#if defined(EVP_CTRL_SET_ACSS_MODE) +#ifdef USE_CIPHER_ACSS { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, #endif { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } @@ -225,8 +195,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, EVP_CIPHER *type; #else const EVP_CIPHER *type; -#endif int klen; +#endif u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { @@ -293,23 +263,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) fatal("cipher_encrypt: bad plaintext length %d", len); -#ifdef SSH_OLD_EVP - EVP_Cipher(&cc->evp, dest, (u_char *)src, len); -#else if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) fatal("evp_crypt: EVP_Cipher failed"); -#endif } void cipher_cleanup(CipherContext *cc) { -#ifdef SSH_OLD_EVP - EVP_CIPHER_CTX_cleanup(&cc->evp); -#else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); -#endif } /* diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index eaaf5671..b0234686 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-irix.o port-aix.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 8f55193b..899ca41e 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw); /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" +/* compatibility with old or broken OpenSSL versions */ +#include "openssl-compat.h" + /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 00000000..89bd250c --- /dev/null +++ b/openbsd-compat/openssl-compat.c @@ -0,0 +1,44 @@ +/* $Id$ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSH_DONT_REDEF_EVP +#include "includes.h" + +#ifdef SSH_OLD_EVP +int +ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv, int enc) +{ + EVP_CipherInit(evp, type, key, iv, enc); + return 1; +} + +int +ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) +{ + EVP_Cipher(evp, dst, src, len); + return 1; +} + +int +ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) +{ + EVP_CIPHER_CTX_cleanup(evp); + return 1; +} +#endif diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 00000000..eff09473 --- /dev/null +++ b/openbsd-compat/openssl-compat.h @@ -0,0 +1,65 @@ +/* $Id$ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#include + +#if OPENSSL_VERSION_NUMBER < 0x00906000L +# define SSH_OLD_EVP +# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#endif + +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define EVP_aes_128_cbc evp_rijndael +# define EVP_aes_192_cbc evp_rijndael +# define EVP_aes_256_cbc evp_rijndael +extern const EVP_CIPHER *evp_rijndael(void); +extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +#endif + +#if !defined(EVP_CTRL_SET_ACSS_MODE) +# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# define USE_CIPHER_ACSS 1 +extern const EVP_CIPHER *evp_acss(void); +# define EVP_acss evp_acss +# else +# define EVP_acss NULL +# endif +#endif + +/* + * insert comment here + */ +#ifdef SSH_OLD_EVP + +# ifndef SSH_DONT_REDEF_EVP + +# ifdef EVP_Cipher +# undef EVP_Cipher +# endif + +# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) +# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) +# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) +# endif + +int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, + unsigned char *, int); +int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); +int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +#endif -- 2.45.1