diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | cipher.c | 7 | ||||
| -rw-r--r-- | openbsd-compat/openssl-compat.h | 10 |
3 files changed, 20 insertions, 1 deletions
@@ -1,3 +1,7 @@ +20140721 + - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits + needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm + 20140719 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used in servconf.h. @@ -49,6 +49,8 @@ #include "ssherr.h" #include "digest.h" +#include "openbsd-compat/openssl-compat.h" + #ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); @@ -545,6 +547,11 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) return SSH_ERR_LIBCRYPTO_ERROR; if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; +#ifndef OPENSSL_HAVE_EVPCTR + if (c->evptype == evp_aes_128_ctr) + ssh_aes_ctr_iv(&cc->evp, 0, iv, len); + else +#endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index d088d296..21002107 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.28 2014/07/02 05:28:07 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.29 2014/07/20 16:24:59 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> @@ -34,6 +34,14 @@ int ssh_compatible_openssl(long, long); # define LIBCRYPTO_EVP_INL_TYPE size_t #endif +#ifndef OPENSSL_HAVE_EVPCTR +#define EVP_aes_128_ctr evp_aes_128_ctr +#define EVP_aes_192_ctr evp_aes_128_ctr +#define EVP_aes_256_ctr evp_aes_128_ctr +const EVP_CIPHER *evp_aes_128_ctr(void); +void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); +#endif + /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) # define EVP_CTRL_GCM_SET_IV_FIXED -1 |