Attachment #36 for bug #141

Lines 44-49 Link Here

(-)cipher.c (+44 lines)
44	#include <openssl/md5.h>	44	#include <openssl/md5.h>
45	#include "rijndael.h"	45	#include "rijndael.h"
46		46
		47	#if OPENSSL_VERSION_NUMBER < 0x00906000L
		48	#define SSH_OLD_EVP
		49	#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
		50	#endif
		51
47	static EVP_CIPHER *evp_ssh1_3des(void);	52	static EVP_CIPHER *evp_ssh1_3des(void);
48	static EVP_CIPHER *evp_ssh1_bf(void);	53	static EVP_CIPHER *evp_ssh1_bf(void);
49	static EVP_CIPHER *evp_rijndael(void);	54	static EVP_CIPHER *evp_rijndael(void);
Lines 171-177 Link Here
171	int encrypt)	176	int encrypt)
172	{	177	{
173	static int dowarn = 1;	178	static int dowarn = 1;
		179	#ifdef SSH_OLD_EVP
		180	EVP_CIPHER *type;
		181	#else
174	const EVP_CIPHER *type;	182	const EVP_CIPHER *type;
		183	#endif
175	int klen;	184	int klen;
176		185
177	if (cipher->number == SSH_CIPHER_DES) {	186	if (cipher->number == SSH_CIPHER_DES) {
Lines 195-201 Link Here
195		204
196	type = (*cipher->evptype)();	205	type = (*cipher->evptype)();
197		206
		207
		208	#ifdef SSH_OLD_EVP
		209	if (type->key_len > 0 && type->key_len != keylen) {
		210	debug("cipher_init: set keylen (%d -> %d)",
		211	type->key_len, keylen);
		212	type->key_len = keylen;
		213	}
198	EVP_CIPHER_CTX_init(&cc->evp);	214	EVP_CIPHER_CTX_init(&cc->evp);
		215	EVP_CipherInit(&cc->evp, type, (u_char )key, (u_char )iv,
		216	(encrypt == CIPHER_ENCRYPT));
		217	#else
199	if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,	218	if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
200	(encrypt == CIPHER_ENCRYPT)) == 0)	219	(encrypt == CIPHER_ENCRYPT)) == 0)
201	fatal("cipher_init: EVP_CipherInit failed for %s",	220	fatal("cipher_init: EVP_CipherInit failed for %s",
Lines 210-215 Link Here
210	if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0)	229	if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0)
211	fatal("cipher_init: EVP_CipherInit: set key failed for %s",	230	fatal("cipher_init: EVP_CipherInit: set key failed for %s",
212	cipher->name);	231	cipher->name);
		232	#endif
213	}	233	}
214		234
215	void	235	void
Lines 217-231 Link Here
217	{	237	{
218	if (len % cc->cipher->block_size)	238	if (len % cc->cipher->block_size)
219	fatal("cipher_encrypt: bad plaintext length %d", len);	239	fatal("cipher_encrypt: bad plaintext length %d", len);
		240	#ifdef SSH_OLD_EVP
		241	EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
		242	#else
220	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)	243	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
221	fatal("evp_crypt: EVP_Cipher failed");	244	fatal("evp_crypt: EVP_Cipher failed");
		245	#endif
222	}	246	}
223		247
224	void	248	void
225	cipher_cleanup(CipherContext *cc)	249	cipher_cleanup(CipherContext *cc)
226	{	250	{
		251	#ifdef SSH_OLD_EVP
		252	EVP_CIPHER_CTX_cleanup(&cc->evp);
		253	#else
227	if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)	254	if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
228	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");	255	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
		256	#endif
229	}	257	}
230		258
231	/*	259	/*
Lines 296-301 Link Here
296	EVP_CIPHER_CTX_init(&c->k1);	324	EVP_CIPHER_CTX_init(&c->k1);
297	EVP_CIPHER_CTX_init(&c->k2);	325	EVP_CIPHER_CTX_init(&c->k2);
298	EVP_CIPHER_CTX_init(&c->k3);	326	EVP_CIPHER_CTX_init(&c->k3);
		327	#ifdef SSH_OLD_EVP
		328	EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
		329	EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
		330	EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
		331	#else
299	if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 \|\|	332	if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 \|\|
300	EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 \|\|	333	EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 \|\|
301	EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {	334	EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
Lines 304-309 Link Here
304	EVP_CIPHER_CTX_set_app_data(ctx, NULL);	337	EVP_CIPHER_CTX_set_app_data(ctx, NULL);
305	return (0);	338	return (0);
306	}	339	}
		340	#endif
307	return (1);	341	return (1);
308	}	342	}
309	static int	343	static int
Lines 315-324 Link Here
315	error("ssh1_3des_cbc: no context");	349	error("ssh1_3des_cbc: no context");
316	return (0);	350	return (0);
317	}	351	}
		352	#ifdef SSH_OLD_EVP
		353	EVP_Cipher(&c->k1, dest, (u_char *)src, len);
		354	EVP_Cipher(&c->k2, dest, dest, len);
		355	EVP_Cipher(&c->k3, dest, dest, len);
		356	#else
318	if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 \|\|	357	if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 \|\|
319	EVP_Cipher(&c->k2, dest, dest, len) == 0 \|\|	358	EVP_Cipher(&c->k2, dest, dest, len) == 0 \|\|
320	EVP_Cipher(&c->k3, dest, dest, len) == 0)	359	EVP_Cipher(&c->k3, dest, dest, len) == 0)
321	return (0);	360	return (0);
		361	#endif
322	return (1);	362	return (1);
323	}	363	}
324	static int	364	static int
Lines 346-352 Link Here
346	ssh1_3des.init = ssh1_3des_init;	386	ssh1_3des.init = ssh1_3des_init;
347	ssh1_3des.cleanup = ssh1_3des_cleanup;	387	ssh1_3des.cleanup = ssh1_3des_cleanup;
348	ssh1_3des.do_cipher = ssh1_3des_cbc;	388	ssh1_3des.do_cipher = ssh1_3des_cbc;
		389	#ifndef SSH_OLD_EVP
349	ssh1_3des.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH;	390	ssh1_3des.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH;
		391	#endif
350	return (&ssh1_3des);	392	return (&ssh1_3des);
351	}	393	}
352		394
Lines 494-500 Link Here
494	rijndal_cbc.init = ssh_rijndael_init;	536	rijndal_cbc.init = ssh_rijndael_init;
495	rijndal_cbc.cleanup = ssh_rijndael_cleanup;	537	rijndal_cbc.cleanup = ssh_rijndael_cleanup;
496	rijndal_cbc.do_cipher = ssh_rijndael_cbc;	538	rijndal_cbc.do_cipher = ssh_rijndael_cbc;
		539	#ifndef SSH_OLD_EVP
497	rijndal_cbc.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH \|	540	rijndal_cbc.flags = EVP_CIPH_CBC_MODE \| EVP_CIPH_VARIABLE_LENGTH \|
498	EVP_CIPH_ALWAYS_CALL_INIT;	541	EVP_CIPH_ALWAYS_CALL_INIT;
		542	#endif
499	return (&rijndal_cbc);	543	return (&rijndal_cbc);
500	}	544	}

Return to bug 141