Tree - rpms/openssh - CentOS Git server

rpms / openssh

Blame SOURCES/openssh-6.6p1-ctr-cavstest.patch

Blob History Raw

		017ff1	`diff --git a/Makefile.in b/Makefile.in`
		017ff1	`index 4ab6717..581b121 100644`
		017ff1	`--- a/Makefile.in`
		017ff1	`+++ b/Makefile.in`
		017ff1	`@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign`
		017ff1	`SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper`
		017ff1	`SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper`
		017ff1	`SSH_KEYCAT=$(libexecdir)/ssh-keycat`
		017ff1	`+CTR_CAVSTEST=$(libexecdir)/ctr-cavstest`
		017ff1	`SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper`
		017ff1	`PRIVSEP_PATH=@PRIVSEP_PATH@`
		017ff1	`SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@`
		017ff1	`@@ -65,7 +66,7 @@ EXEEXT=@EXEEXT@`
		017ff1	`MANFMT=@MANFMT@`
		017ff1	`INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@`
		017ff1
		017ff1	`-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)`
		017ff1	`+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)`
		017ff1
		017ff1	`LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \`
		017ff1	`canohost.o channels.o cipher.o cipher-aes.o \`
		017ff1	`@@ -180,6 +181,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o`
		017ff1	`ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o`
		017ff1	`$(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(SSHLIBS)`
		017ff1
		017ff1	`+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o`
		017ff1	`+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)`
		017ff1	`+`
		017ff1	`ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o`
		017ff1	`$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)`
		017ff1
		017ff1	`@@ -288,6 +292,7 @@ install-files:`
		017ff1	`$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \`
		017ff1	`fi`
		017ff1	`$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)`
		017ff1	`+ $(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)`
		017ff1	`$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)`
		017ff1	`$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)`
		017ff1	`$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1`
		017ff1	`diff --git a/ctr-cavstest.c b/ctr-cavstest.c`
		017ff1	`new file mode 100644`
		017ff1	`index 0000000..bbcbe8a`
		017ff1	`--- /dev/null`
		017ff1	`+++ b/ctr-cavstest.c`
		f09e2e	`@@ -0,0 +1,208 @@`
		f09e2e	`+/*`
		f09e2e	`+ *`
		f09e2e	`+ * invocation (all of the following are equal):`
		f09e2e	`+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6`
		f09e2e	`+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000`
		f09e2e	`+ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 \| ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt`
		f09e2e	`+ */`
		f09e2e	`+`
		f09e2e	`+#include "includes.h"`
		f09e2e	`+`
		f09e2e	`+#include <sys/types.h>`
		f09e2e	`+#include <sys/param.h>`
		f09e2e	`+#include <stdarg.h>`
		f09e2e	`+#include <stdio.h>`
		f09e2e	`+#include <stdlib.h>`
		f09e2e	`+#include <string.h>`
		f09e2e	`+#include <ctype.h>`
		f09e2e	`+`
		f09e2e	`+#include "xmalloc.h"`
		f09e2e	`+#include "log.h"`
		f09e2e	`+#include "cipher.h"`
		f09e2e	`+`
		f09e2e	`+/* compatibility with old or broken OpenSSL versions */`
		f09e2e	`+#include "openbsd-compat/openssl-compat.h"`
		f09e2e	`+`
		f09e2e	`+void usage(void) {`
		f09e2e	`+ fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"`
		f09e2e	`+ " --key <hexadecimal-key> --mode <encrypt\|decrypt>\n"`
		f09e2e	`+ " [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"`
		f09e2e	`+ "Hexadecimal output is printed to stdout.\n"`
		f09e2e	`+ "Hexadecimal input data can be alternatively read from stdin.\n");`
		f09e2e	`+ exit(1);`
		f09e2e	`+}`
		f09e2e	`+`
		f09e2e	`+void fromhex(char hex, size_t *len)`
		f09e2e	`+{`
		f09e2e	`+ unsigned char *bin;`
		f09e2e	`+ char *p;`
		f09e2e	`+ size_t n = 0;`
		f09e2e	`+ int shift = 4;`
		f09e2e	`+ unsigned char out = 0;`
		f09e2e	`+ unsigned char *optr;`
		f09e2e	`+`
		f09e2e	`+ bin = xmalloc(strlen(hex)/2);`
		f09e2e	`+ optr = bin;`
		f09e2e	`+`
		f09e2e	`+ for (p = hex; *p != '\0'; ++p) {`
		f09e2e	`+ unsigned char c;`
		f09e2e	`+`
		f09e2e	`+ c = *p;`
		f09e2e	`+ if (isspace(c))`
		f09e2e	`+ continue;`
		f09e2e	`+`
		f09e2e	`+ if (c >= '0' && c <= '9') {`
		f09e2e	`+ c = c - '0';`
		f09e2e	`+ } else if (c >= 'A' && c <= 'F') {`
		f09e2e	`+ c = c - 'A' + 10;`
		f09e2e	`+ } else if (c >= 'a' && c <= 'f') {`
		f09e2e	`+ c = c - 'a' + 10;`
		f09e2e	`+ } else {`
		f09e2e	`+ /* truncate on nonhex cipher */`
		f09e2e	`+ break;`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ out \|= c << shift;`
		f09e2e	`+ shift = (shift + 4) % 8;`
		f09e2e	`+`
		f09e2e	`+ if (shift) {`
		f09e2e	`+ *(optr++) = out;`
		f09e2e	`+ out = 0;`
		f09e2e	`+ ++n;`
		f09e2e	`+ }`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ *len = n;`
		f09e2e	`+ return bin;`
		f09e2e	`+}`
		f09e2e	`+`
		f09e2e	`+#define READ_CHUNK 4096`
		f09e2e	`+#define MAX_READ_SIZE 10241024100`
		f09e2e	`+char *read_stdin(void)`
		f09e2e	`+{`
		f09e2e	`+ char *buf;`
		f09e2e	`+ size_t n, total = 0;`
		f09e2e	`+`
		f09e2e	`+ buf = xmalloc(READ_CHUNK);`
		f09e2e	`+`
		f09e2e	`+ do {`
		f09e2e	`+ n = fread(buf + total, 1, READ_CHUNK, stdin);`
		f09e2e	`+ if (n < READ_CHUNK) /* terminate on short read */`
		f09e2e	`+ break;`
		f09e2e	`+`
		f09e2e	`+ total += n;`
		f09e2e	`+ buf = xrealloc(buf, total + READ_CHUNK, 1);`
		f09e2e	`+ } while(total < MAX_READ_SIZE);`
		f09e2e	`+ return buf;`
		f09e2e	`+}`
		f09e2e	`+`
		f09e2e	`+int main (int argc, char *argv[])`
		f09e2e	`+{`
		f09e2e	`+`
		017ff1	`+ const Cipher *c;`
		f09e2e	`+ CipherContext cc;`
		f09e2e	`+ char *algo = "aes128-ctr";`
		f09e2e	`+ char *hexkey = NULL;`
		f09e2e	`+ char *hexiv = "00000000000000000000000000000000";`
		f09e2e	`+ char *hexdata = NULL;`
		f09e2e	`+ char *p;`
		f09e2e	`+ int i;`
		f09e2e	`+ int encrypt = 1;`
		f09e2e	`+ void *key;`
		f09e2e	`+ size_t keylen;`
		f09e2e	`+ void *iv;`
		f09e2e	`+ size_t ivlen;`
		f09e2e	`+ void *data;`
		f09e2e	`+ size_t datalen;`
		f09e2e	`+ void *outdata;`
		f09e2e	`+`
		f09e2e	`+ for (i = 1; i < argc; ++i) {`
		f09e2e	`+ if (strcmp(argv[i], "--algo") == 0) {`
		f09e2e	`+ algo = argv[++i];`
		f09e2e	`+ } else if (strcmp(argv[i], "--key") == 0) {`
		f09e2e	`+ hexkey = argv[++i];`
		f09e2e	`+ } else if (strcmp(argv[i], "--mode") == 0) {`
		f09e2e	`+ ++i;`
		f09e2e	`+ if (argv[i] == NULL) {`
		f09e2e	`+ usage();`
		f09e2e	`+ }`
		f09e2e	`+ if (strncmp(argv[i], "enc", 3) == 0) {`
		f09e2e	`+ encrypt = 1;`
		f09e2e	`+ } else if (strncmp(argv[i], "dec", 3) == 0) {`
		f09e2e	`+ encrypt = 0;`
		f09e2e	`+ } else {`
		f09e2e	`+ usage();`
		f09e2e	`+ }`
		f09e2e	`+ } else if (strcmp(argv[i], "--iv") == 0) {`
		f09e2e	`+ hexiv = argv[++i];`
		f09e2e	`+ } else if (strcmp(argv[i], "--data") == 0) {`
		f09e2e	`+ hexdata = argv[++i];`
		f09e2e	`+ }`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ if (hexkey == NULL \|\| algo == NULL) {`
		f09e2e	`+ usage();`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ SSLeay_add_all_algorithms();`
		f09e2e	`+`
		f09e2e	`+ c = cipher_by_name(algo);`
		f09e2e	`+ if (c == NULL) {`
		f09e2e	`+ fprintf(stderr, "Error: unknown algorithm\n");`
		f09e2e	`+ return 2;`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ if (hexdata == NULL) {`
		f09e2e	`+ hexdata = read_stdin();`
		f09e2e	`+ } else {`
		f09e2e	`+ hexdata = xstrdup(hexdata);`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ key = fromhex(hexkey, &keylen);`
		f09e2e	`+`
		f09e2e	`+ if (keylen != 16 && keylen != 24 && keylen == 32) {`
		f09e2e	`+ fprintf(stderr, "Error: unsupported key length\n");`
		f09e2e	`+ return 2;`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ iv = fromhex(hexiv, &ivlen);`
		f09e2e	`+`
		f09e2e	`+ if (ivlen != 16) {`
		f09e2e	`+ fprintf(stderr, "Error: unsupported iv length\n");`
		f09e2e	`+ return 2;`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ data = fromhex(hexdata, &datalen);`
		f09e2e	`+`
		f09e2e	`+ if (data == NULL \|\| datalen == 0) {`
		f09e2e	`+ fprintf(stderr, "Error: no data to encrypt/decrypt\n");`
		f09e2e	`+ return 2;`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);`
		f09e2e	`+`
		f09e2e	`+ free(key);`
		f09e2e	`+ free(iv);`
		f09e2e	`+`
		f09e2e	`+ outdata = malloc(datalen);`
		f09e2e	`+ if(outdata == NULL) {`
		f09e2e	`+ fprintf(stderr, "Error: memory allocation failure\n");`
		f09e2e	`+ return 2;`
		f09e2e	`+ }`
		f09e2e	`+`
		017ff1	`+ cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0);`
		f09e2e	`+`
		f09e2e	`+ free(data);`
		f09e2e	`+`
		f09e2e	`+ cipher_cleanup(&cc);`
		f09e2e	`+`
		f09e2e	`+ for (p = outdata; datalen > 0; ++p, --datalen) {`
		f09e2e	`+ printf("%02X", (unsigned char)*p);`
		f09e2e	`+ }`
		f09e2e	`+`
		f09e2e	`+ free(outdata);`
		f09e2e	`+`
		f09e2e	`+ printf("\n");`
		f09e2e	`+ return 0;`
		f09e2e	`+}`
		f09e2e	`+`

rpms / openssh

Source Code

Blame SOURCES/openssh-6.6p1-ctr-cavstest.patch