Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 8668706d0f52654fe64c0ca41a96113aeab8d2b8^! / . / cipher-3des1.c
commit8668706d0f52654fe64c0ca41a96113aeab8d2b8[log] [tgz]
authorDamien Miller <djm@mindrot.org>Wed Jul 02 15:28:02 2014 +1000
committerDamien Miller <djm@mindrot.org>Wed Jul 02 15:28:02 2014 +1000
tree73e78e1ea3d39206e39870bbe0af17d6c430fb51
parent2cd7929250cf9e9f658d70dcd452f529ba08c942 [diff] [blame]
   - djm@cvs.openbsd.org 2014/06/24 01:13:21
     [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.

diff --git a/cipher-3des1.c b/cipher-3des1.c
index b282359..5361f51 100644
--- a/cipher-3des1.c
+++ b/cipher-3des1.c

@@ -29,13 +29,11 @@
 
 #include <openssl/evp.h>
 
-#include <stdarg.h>
 #include <string.h>
 
 #include "xmalloc.h"
 #include "log.h"
-
-#include "openbsd-compat/openssl-compat.h"
+#include "ssherr.h"
 
 /*
  * This is used by SSH1:
@@ -57,7 +55,7 @@
 };
 
 const EVP_CIPHER * evp_ssh1_3des(void);
-void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
 
 static int
 ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
@@ -67,11 +65,12 @@
 	u_char *k1, *k2, *k3;
 
 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
-		c = xcalloc(1, sizeof(*c));
+		if ((c = calloc(1, sizeof(*c))) == NULL)
+			return 0;
 		EVP_CIPHER_CTX_set_app_data(ctx, c);
 	}
 	if (key == NULL)
-		return (1);
+		return 1;
 	if (enc == -1)
 		enc = ctx->encrypt;
 	k1 = k2 = k3 = (u_char *) key;
@@ -85,44 +84,29 @@
 	EVP_CIPHER_CTX_init(&c->k1);
 	EVP_CIPHER_CTX_init(&c->k2);
 	EVP_CIPHER_CTX_init(&c->k3);
-#ifdef SSH_OLD_EVP
-	EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
-	EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
-	EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
-#else
 	if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
 	    EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
 	    EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
 		explicit_bzero(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
-		return (0);
+		return 0;
 	}
-#endif
-	return (1);
+	return 1;
 }
 
 static int
-ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
-    LIBCRYPTO_EVP_INL_TYPE len)
+ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len)
 {
 	struct ssh1_3des_ctx *c;
 
-	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
-		error("ssh1_3des_cbc: no context");
-		return (0);
-	}
-#ifdef SSH_OLD_EVP
-	EVP_Cipher(&c->k1, dest, (u_char *)src, len);
-	EVP_Cipher(&c->k2, dest, dest, len);
-	EVP_Cipher(&c->k3, dest, dest, len);
-#else
+	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
+		return 0;
 	if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
 	    EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
 	    EVP_Cipher(&c->k3, dest, dest, len) == 0)
-		return (0);
-#endif
-	return (1);
+		return 0;
+	return 1;
 }
 
 static int
@@ -138,29 +122,28 @@
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
-	return (1);
+	return 1;
 }
 
-void
+int
 ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
 {
 	struct ssh1_3des_ctx *c;
 
 	if (len != 24)
-		fatal("%s: bad 3des iv length: %d", __func__, len);
+		return SSH_ERR_INVALID_ARGUMENT;
 	if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
-		fatal("%s: no 3des context", __func__);
+		return SSH_ERR_INTERNAL_ERROR;
 	if (doset) {
-		debug3("%s: Installed 3DES IV", __func__);
 		memcpy(c->k1.iv, iv, 8);
 		memcpy(c->k2.iv, iv + 8, 8);
 		memcpy(c->k3.iv, iv + 16, 8);
 	} else {
-		debug3("%s: Copying 3DES IV", __func__);
 		memcpy(iv, c->k1.iv, 8);
 		memcpy(iv + 8, c->k2.iv, 8);
 		memcpy(iv + 16, c->k3.iv, 8);
 	}
+	return 0;
 }
 
 const EVP_CIPHER *
@@ -176,8 +159,6 @@
 	ssh1_3des.init = ssh1_3des_init;
 	ssh1_3des.cleanup = ssh1_3des_cleanup;
 	ssh1_3des.do_cipher = ssh1_3des_cbc;
-#ifndef SSH_OLD_EVP
 	ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
-#endif
-	return (&ssh1_3des);
+	return &ssh1_3des;
 }