diff options
| author | Jan Pechanec <Jan.Pechanec@Sun.COM> | 2008-09-12 11:17:27 -0700 |
|---|---|---|
| committer | Jan Pechanec <Jan.Pechanec@Sun.COM> | 2008-09-12 11:17:27 -0700 |
| commit | cd7d5faf5bbb52336a6f85578a90b31a648ac3fa (patch) | |
| tree | 9ac1635ecfe13f31666944f18e771bc4e9e58373 /usr/src/cmd/ssh/libssh/common/cipher.c | |
| parent | e4da943dc881d5566125b30eda2d8e3dd79a8f59 (diff) | |
| download | illumos-joyent-cd7d5faf5bbb52336a6f85578a90b31a648ac3fa.tar.gz | |
PSARC/2008/520 SunSSH with the OpenSSL PKCS#11 engine support
6445288 ssh needs to be OpenSSL engine aware
6709963 SunSSH server leaks memory during initialization
6687401 ssh monitor shouldn't try to log remote IP when child closed the pipe
6696629 sshd should remove alarm signal handler after authentication
6674088 userland threshold for hw offloading makes it difficult for SSL and SSH protocols
6728450 6708125 prevents parent to use the Crypto Framework after the fork(2)
6742247 ssh debug output with PACKET_DEBUG code could be more readable
Diffstat (limited to 'usr/src/cmd/ssh/libssh/common/cipher.c')
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/cipher.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr/src/cmd/ssh/libssh/common/cipher.c b/usr/src/cmd/ssh/libssh/common/cipher.c index 391f5d3288..e09eba803c 100644 --- a/usr/src/cmd/ssh/libssh/common/cipher.c +++ b/usr/src/cmd/ssh/libssh/common/cipher.c @@ -42,8 +42,6 @@ #include "includes.h" RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); -#pragma ident "%Z%%M% %I% %E% SMI" - #include "xmalloc.h" #include "log.h" #include "cipher.h" @@ -55,7 +53,14 @@ RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif +/* + * Symmetric ciphers can be offloaded to any engine through the EVP API only. + * However, OpenSSL doesn't offer AES in counter mode through EVP. So, we must + * define our own EVP functions. + */ extern const EVP_CIPHER *evp_aes_128_ctr(void); +extern const EVP_CIPHER *evp_aes_192_ctr(void); +extern const EVP_CIPHER *evp_aes_256_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); static const EVP_CIPHER *evp_ssh1_3des(void); @@ -82,8 +87,8 @@ struct Cipher { { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_192_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_256_ctr }, { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } }; |