- markus@cvs.openbsd.org 2014/04/29 18:01:49

[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
author: Damien Miller <djm@mindrot.org> 2014-05-15 14:24:09 +1000
committer: Damien Miller <djm@mindrot.org> 2014-05-15 14:24:09 +1000
commit: 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
tree: ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /cipher.c
parent: c5893785564498cea73cb60d2cf199490483e080 (diff)
1 files changed, 80 insertions, 8 deletions
diff --git a/cipher.c b/cipher.c
index 53d9b4fb7..0ea073f55 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,9 +53,11 @@
 /* compatibility with old or broken OpenSSL versions */
 #include "openbsd-compat/openssl-compat.h"
 
+#ifdef WITH_SSH1
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+#endif
 
 struct Cipher {
 	char	*name;
@@ -68,15 +70,23 @@ struct Cipher {
 	u_int	flags;
 #define CFLAG_CBC		(1<<0)
 #define CFLAG_CHACHAPOLY	(1<<1)
+#define CFLAG_AESCTR		(1<<2)
+#define CFLAG_NONE		(1<<3)
+#ifdef WITH_OPENSSL
 	const EVP_CIPHER	*(*evptype)(void);
+#else
+	void	*ignored;
+#endif
 };
 
 static const struct Cipher ciphers[] = {
-	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+#ifdef WITH_SSH1
 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
 	{ "blowfish",	SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
-
+#endif
+#ifdef WITH_OPENSSL
+	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
 	{ "blowfish-cbc",
 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
@@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = {
 	{ "aes256-gcm@openssh.com",
 			SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
 #endif
+#else /* WITH_OPENSSL */
+	{ "aes128-ctr",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
+	{ "aes192-ctr",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
+	{ "aes256-ctr",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
+	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
+#endif /* WITH_OPENSSL */
 	{ "chacha20-poly1305@openssh.com",
 			SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
 	{ NULL,		SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
@@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
     const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
     int do_encrypt)
 {
+#ifdef WITH_OPENSSL
 	static int dowarn = 1;
 #ifdef SSH_OLD_EVP
 	EVP_CIPHER *type;
@@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
 		if (keylen > 8)
 			keylen = 8;
 	}
+#endif
 	cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
 	cc->encrypt = do_encrypt;
 
@@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
 		chachapoly_init(&cc->cp_ctx, key, keylen);
 		return;
 	}
+#ifndef WITH_OPENSSL
+	if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
+		aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);
+		aesctr_ivsetup(&cc->ac_ctx, iv);
+		return;
+	}
+	if ((cc->cipher->flags & CFLAG_NONE) != 0)
+		return;
+	fatal("unsupported cipher");
+#else
 	type = (*cipher->evptype)();
 	EVP_CIPHER_CTX_init(&cc->evp);
 #ifdef SSH_OLD_EVP
@@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
 		free(junk);
 		free(discard);
 	}
+#endif
 }
 
 /*
@@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
 	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
 		return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
 		    aadlen, authlen, cc->encrypt);
+#ifndef WITH_OPENSSL
+	if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
+		if (aadlen)
+			memcpy(dest, src, aadlen);
+		aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen,
+		    dest + aadlen, len);
+		return 0;
+	}
+	if ((cc->cipher->flags & CFLAG_NONE) != 0) {
+		memcpy(dest, src, aadlen + len);
+		return 0;
+	}
+	fatal("unsupported cipher");
+#else
 	if (authlen) {
 		u_char lastiv[1];
 
@@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
 			fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
 	}
 	return 0;
+#endif
 }
 
 /* Extract the packet length, including any decryption necessary beforehand */
@@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc)
 {
 	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
 		explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
+	else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
+		explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
+#ifdef WITH_OPENSSL
 	else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
 		error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
+#endif
 }
 
 /*
@@ -455,14 +503,16 @@ int
 cipher_get_keyiv_len(const CipherContext *cc)
 {
 	const Cipher *c = cc->cipher;
-	int ivlen;
+	int ivlen = 0;
 
 	if (c->number == SSH_CIPHER_3DES)
 		ivlen = 24;
 	else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
 		ivlen = 0;
+#ifdef WITH_OPENSSL
 	else
 		ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+#endif
 	return (ivlen);
 }
 
@@ -470,15 +520,20 @@ void
 cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 {
 	const Cipher *c = cc->cipher;
+#ifdef WITH_OPENSSL
 	int evplen;
+#endif
 
 	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
 		if (len != 0)
 			fatal("%s: wrong iv length %d != %d", __func__, len, 0);
 		return;
 	}
+	if ((cc->cipher->flags & CFLAG_NONE) != 0)
+		return;
 
 	switch (c->number) {
+#ifdef WITH_OPENSSL
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
@@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 		if (c->evptype == evp_rijndael)
 			ssh_rijndael_iv(&cc->evp, 0, iv, len);
 		else
-#endif
+#endif /* USE_BUILTIN_RIJNDAEL */
 #ifndef OPENSSL_HAVE_EVPCTR
 		if (c->evptype == evp_aes_128_ctr)
 			ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
 		else
-#endif
+#endif /* OPENSSL_HAVE_EVPCTR */
 		memcpy(iv, cc->evp.iv, len);
 		break;
+#endif /* WITH_OPENSSL */
+#ifdef WITH_SSH1
 	case SSH_CIPHER_3DES:
 		ssh1_3des_iv(&cc->evp, 0, iv, 24);
 		break;
+#endif /* WITH_SSH1 */
 	default:
 		fatal("%s: bad cipher %d", __func__, c->number);
 	}
@@ -512,12 +570,17 @@ void
 cipher_set_keyiv(CipherContext *cc, u_char *iv)
 {
 	const Cipher *c = cc->cipher;
+#ifdef WITH_OPENSSL
 	int evplen = 0;
+#endif
 
 	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
 		return;
+	if ((cc->cipher->flags & CFLAG_NONE) != 0)
+		return;
 
 	switch (c->number) {
+#ifdef WITH_OPENSSL
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
@@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 		if (c->evptype == evp_rijndael)
 			ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
 		else
-#endif
+#endif /* USE_BUILTIN_RIJNDAEL */
 #ifndef OPENSSL_HAVE_EVPCTR
 		if (c->evptype == evp_aes_128_ctr)
 			ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
 		else
-#endif
+#endif /* OPENSSL_HAVE_EVPCTR */
 		memcpy(cc->evp.iv, iv, evplen);
 		break;
+#endif /* WITH_OPENSSL */
+#ifdef WITH_SSH1
 	case SSH_CIPHER_3DES:
 		ssh1_3des_iv(&cc->evp, 1, iv, 24);
 		break;
+#endif /* WITH_SSH1 */
 	default:
 		fatal("%s: bad cipher %d", __func__, c->number);
 	}
@@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 int
 cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
+#ifdef WITH_OPENSSL
 	const Cipher *c = cc->cipher;
 	int plen = 0;
 
@@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 		memcpy(dat, EVP_X_STATE(cc->evp), plen);
 	}
 	return (plen);
+#else
+	return (0);
+#endif
 }
 
 void
 cipher_set_keycontext(CipherContext *cc, u_char *dat)
 {
+#ifdef WITH_OPENSSL
 	const Cipher *c = cc->cipher;
 	int plen;
 
@@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
 		plen = EVP_X_STATE_LEN(cc->evp);
 		memcpy(EVP_X_STATE(cc->evp), dat, plen);
 	}
+#endif
 }
author	Damien Miller <djm@mindrot.org>	2014-05-15 14:24:09 +1000
committer	Damien Miller <djm@mindrot.org>	2014-05-15 14:24:09 +1000
commit	1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch)
tree	ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /cipher.c
parent	c5893785564498cea73cb60d2cf199490483e080 (diff)