search for: ciphercontext

Greetings; I've been reading the OpenSSH source code and have a question about the des_ssh1_setiv function in cipher.c. (cut-n-pasted here from cipher.c v1.47) : static void des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv)); } This doesn't use the *iv parameter. Compare with: static void des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { memset(cc->u.des3.iv1, 0, sizeof(cc->u.des3.iv1));...

...======================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/cipher.c,v retrieving revision 1.81 diff -u -p -r1.81 cipher.c --- cipher.c 17 Jul 2005 07:02:10 -0000 1.81 +++ cipher.c 20 Nov 2005 02:22:41 -0000 @@ -334,7 +334,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); -#if OPENSSL_VERSION_NUMBER < 0x00907000L +#ifdef USE_BUILTIN_RIJNDAEL if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else @@ -36...

When compiling the software it breaks with an error on the cipher.c file. Lot's of warnings and error of undeclared stuff. Snippet follows: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Iyes -I/usr/local/include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\"

...ut works correctly for other ciphers which don't include a built-in MAC. The error happens for all key types when using the new private key format. The error is in the call inside sshkey_parse_private2() where it passes in the length of the encrypted buffer: if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) { The length here should be encrypted_len, not sshbuf_len(decoded), as that includes the cipher_authlen(cipher) additional MAC bytes. A few additional changes are needed to use encrypted_len safely her...

...ude "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.46 2001/06/25 08:25:36 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -283,66 +283,65 @@ static void rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen) { - rijndael_set_key(&cc->u.rijndael.enc, (u4byte *)key, 8*keylen, 1); - rijndael_set_key(&cc->u.rijndael.dec, (u4byte *)key, 8*keylen, 0); + rijndael_set_key(&cc->u.rijndael.enc, (char *)key, 8*keylen, 1); + rijndael_set_key(&cc->u...

http://bugzilla.mindrot.org/show_bug.cgi?id=138 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vjo at dulug.duke.edu ------- Additional Comments From mouring at eviladmin.org 2002-03-08 04:49 ------- *** Bug 139 has been

...yp, struct sshkey_vault **vault_infop) ?{ ??? ?char *ciphername = NULL, *kdfname = NULL; ??? ?const struct sshcipher *cipher = NULL; @@ -4038,12 +4081,21 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ?struct sshbuf *kdf = NULL, *decrypted = NULL; ??? ?struct sshcipher_ctx *ciphercontext = NULL; ??? ?struct sshkey *pubkey = NULL; +?? ?struct sshkey_vault *vault_info = NULL; ??? ?u_char *key = NULL, *salt = NULL, *dp; ??? ?u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; ? ??? ?if (decoded == NULL || decryptedp == NULL || pubkeyp == NULL) ??? ??? ?return SSH_ERR_INVALI...

...", p, names); + xfree(cipher_list); + return 0; + } +#endif if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); xfree(cipher_list); @@ -291,9 +300,25 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, const char *passphrase, int do_encrypt) { +#ifdef OPENSSL_FIPS + SHA_CTX sha; +#endif MD5_CTX md; - u_char digest[16]; + u_char digest[20]; +#ifdef OPENSSL_FIPS + if (fips_mode) { + SHA1_Init(&sha); + SHA1_Update(&sha, (const u_char *)passphrase, strlen(pass...