Tera Term

[Ttssh2-commit] [9211] cipher_init_SSH2() に渡すのを EVP_CIPHER_CTX から sshcipher_ctx に変更

• 前の記事 (スレッド) [Ttssh2-commit] [9210] ファイルを分割・コードを移動・関数名を整理・新しい OpenSSH からインポート
• 次の記事 (スレッド) [Ttssh2-commit] [9212] OpenSSH-8.5p1 から cipher-chachapoly, poly1305 のファイルを追加
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Revision: 9211
          https://osdn.net/projects/ttssh2/scm/svn/commits/9211
Author:   nmaya
Date:     2021-04-17 18:52:01 +0900 (Sat, 17 Apr 2021)
Log Message:
-----------
cipher_init_SSH2() に渡すのを EVP_CIPHER_CTX から sshcipher_ctx に変更

- cipher_init_SSH2() の中で sshcipher_ctx, EVP_CIPHER_CTX のメモリを確保する
- cipher_free_SSH2() の中でメモリを解放する
  これで
  cipher_init_SSH2() -> cipher_free_SSH2()
  EVP_CIPHER_CTX_new() -> EVP_CIPHER_CTX_free()
  という対応になる

Modified Paths:
--------------
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.c
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.h
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/keyfiles.c
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.c
    branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.h

-------------- next part --------------
Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.c
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.c	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.c	2021-04-17 09:52:01 UTC (rev 9211)
@@ -70,7 +70,8 @@
 #endif // WITH_CAMELLIA_PRIVATE
 	{SSH2_CIPHER_AES128_GCM,      "aes12****@opens*****",      16, 16, 0, 12, 16, EVP_aes_128_gcm}, // not RFC5647, PROTOCOL of OpenSSH
 	{SSH2_CIPHER_AES256_GCM,      "aes25****@opens*****",      16, 32, 0, 12, 16, EVP_aes_256_gcm}, // not RFC5647, PROTOCOL of OpenSSH
-	{SSH_CIPHER_NONE,             NULL,               0,  0,    0, 0, 0, NULL},
+	{SSH_CIPHER_NONE,             "none",             8,  0,    0, 0, 0, EVP_enc_null},         // for no passphrase key file
+	{SSH_CIPHER_3DES,             "3des",             8, 16,    0, 0, 0, evp_ssh1_3des},        // for RSA1 key file
 };
 
 
@@ -488,71 +489,123 @@
 //
 // SSH2\x97p\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82̏\x89\x8A\xFA\x89\xBB
 //
-void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
-                      const u_char *key, u_int keylen,
-                      const u_char *iv, u_int ivlen,
-                      int do_encrypt,
-                      const EVP_CIPHER *type,
-                      int discard_len,
-                      unsigned int authlen,
-                      PTInstVar pvar)
+int cipher_init_SSH2(
+	struct sshcipher_ctx **ccp, const struct ssh2cipher *cipher,
+	const u_char *key, u_int keylen,
+	const u_char *iv, u_int ivlen,
+	int do_encrypt,
+	PTInstVar pvar)
 {
+	struct sshcipher_ctx *cc = NULL;
+	int ret = SSH_ERR_INTERNAL_ERROR;
+	const EVP_CIPHER *type;
 	int klen;
 	unsigned char *junk = NULL, *discard = NULL;
 	char tmp[80];
 
-	EVP_CIPHER_CTX_reset(evp);
-	
-	if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) {
+	*ccp = NULL;
+	if ((cc = calloc(sizeof(*cc), 1)) == NULL) {
 		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
 		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
 		notify_fatal_error(pvar, tmp, TRUE);
-		return;
+		return SSH_ERR_ALLOC_FAIL;
 	}
-	if (authlen &&
-	    !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
+
+	if (keylen < cipher->key_len) {
 		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
 		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
 		notify_fatal_error(pvar, tmp, TRUE);
-		return;
+		ret = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
 	}
-	klen = EVP_CIPHER_CTX_key_length(evp);
+	if (iv != NULL && ivlen < get_cipher_iv_len(cipher)) {
+		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
+		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
+		notify_fatal_error(pvar, tmp, TRUE);
+		ret = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
+	}
+
+	cc->cipher = cipher;
+	type = (*cipher->func)();
+	if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
+		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
+		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
+		notify_fatal_error(pvar, tmp, TRUE);
+		ret = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) {
+		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
+		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
+		notify_fatal_error(pvar, tmp, TRUE);
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	if (get_cipher_auth_len(cipher) &&
+	    !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
+		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
+		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
+		notify_fatal_error(pvar, tmp, TRUE);
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	klen = EVP_CIPHER_CTX_key_length(cc->evp);
 	if (klen > 0 && keylen != (u_int)klen) {
-		if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
+		if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
 			UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
-			_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
+			_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
 			notify_fatal_error(pvar, tmp, TRUE);
-			return;
+			ret = SSH_ERR_LIBCRYPTO_ERROR;
+			goto out;
 		}
 	}
-	if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
+	if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
 		UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
-		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
+		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 8);
 		notify_fatal_error(pvar, tmp, TRUE);
-		return;
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
 	}
 
-	if (discard_len > 0) {
-		junk = malloc(discard_len);
-		discard = malloc(discard_len);
+	if (cipher->discard_len > 0) {
+		junk = malloc(cipher->discard_len);
+		discard = malloc(cipher->discard_len);
 		if (junk == NULL || discard == NULL ||
-		    EVP_Cipher(evp, discard, junk, discard_len) == 0) {
+		    EVP_Cipher(cc->evp, discard, junk, cipher->discard_len) == 0) {
 			UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
-			_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
+			_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 9);
 			notify_fatal_error(pvar, tmp, TRUE);
 		}
 		else {
-			SecureZeroMemory(discard, discard_len);
+			SecureZeroMemory(discard, cipher->discard_len);
 		}
 		free(junk);
 		free(discard);
 	}
+	ret = 0;
+
+out:
+	if (ret == 0) {
+		*ccp = cc;
+	}
+	else {
+		if (cc != NULL) {
+			EVP_CIPHER_CTX_free(cc->evp);
+			SecureZeroMemory(cc, sizeof(*cc));
+		}
+	}
+	return ret;
 }
 
 //
 // SSH2\x97p\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82̔j\x8A\xFC
 ///
-void cipher_free_SSH2(EVP_CIPHER_CTX *evp)
+void cipher_free_SSH2(struct sshcipher_ctx *cc)
 {
-	EVP_CIPHER_CTX_free(evp);
+	if (cc == NULL)
+		return;
+	EVP_CIPHER_CTX_free(cc->evp);
+	cc->evp = NULL;
+	SecureZeroMemory(cc, sizeof(*cc));
 }

Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.h
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.h	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/cipher.h	2021-04-17 09:52:01 UTC (rev 9211)
@@ -122,16 +122,13 @@
 const struct ssh2cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal);
 void SSH2_update_cipher_myproposal(PTInstVar pvar);
 
-void cipher_init_SSH2(
-	EVP_CIPHER_CTX *evp,
+int cipher_init_SSH2(
+	struct sshcipher_ctx **ccp, const struct ssh2cipher *cipher,
 	const u_char *key, u_int keylen,
 	const u_char *iv, u_int ivlen,
-	int encrypt,
-	const EVP_CIPHER *type,
-	int discard_len,
-	unsigned int authlen,
+	int do_encrypt,
 	PTInstVar pvar
 );
-void cipher_free_SSH2(EVP_CIPHER_CTX *evp);
+void cipher_free_SSH2(struct sshcipher_ctx *cc);
 
 #endif				/* CIPHER_H */

Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c	2021-04-17 09:52:01 UTC (rev 9211)
@@ -204,7 +204,7 @@
 	unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
 	unsigned char lastiv[1];
 	char tmp[80];
-	EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT];
+	struct sshcipher_ctx *cc = pvar->cc[MODE_OUT];
 
 	if (bytes == 0)
 		return TRUE;
@@ -225,21 +225,21 @@
 		encbufflen = bytes;
 	}
 
-	if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
+	if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
 		goto err;
 
-	if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
+	if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
 		goto err;
 
-	if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
+	if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
 		goto err;
 
 	memcpy(data+aadlen, encbuff, bytes);
 
-	if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
+	if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
 		goto err;
 
-	if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
+	if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
 		goto err;
 
 	return TRUE;
@@ -258,7 +258,7 @@
 	unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
 	unsigned char lastiv[1];
 	char tmp[80];
-	EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN];
+	struct sshcipher_ctx *cc = pvar->cc[MODE_OUT];
 
 	if (bytes == 0)
 		return TRUE;
@@ -279,21 +279,21 @@
 		encbufflen = bytes;
 	}
 
-	if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
+	if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
 		goto err;
 
-	if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
+	if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
 		goto err;
 
-	if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
+	if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
 		goto err;
 
-	if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
+	if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
 		goto err;
 
 	memcpy(data+aadlen, encbuff, bytes);
 
-	if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
+	if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
 		goto err;
 
 	return TRUE;
@@ -336,7 +336,7 @@
 		encbufflen = bytes;
 	}
 
-	if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
+	if (EVP_Cipher(pvar->cc[MODE_OUT]->evp, encbuff, buf, bytes) == 0) {
 		UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
 		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
 		            get_cipher_name(pvar->crypt_state.sender_cipher));
@@ -372,7 +372,7 @@
 		encbufflen = bytes;
 	}
 
-	if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
+	if (EVP_Cipher(pvar->cc[MODE_IN]->evp, encbuff, buf, bytes) == 0) {
 		UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
 		_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
 		            get_cipher_name(pvar->crypt_state.receiver_cipher));
@@ -1083,15 +1083,11 @@
 			cipher = pvar->ciphers[MODE_OUT];
 			if (cipher) {
 				enc = &pvar->ssh2_keys[MODE_OUT].enc;
-				cipher_init_SSH2(pvar->evpcip[MODE_OUT],
-				                 enc->key, get_cipher_key_len(cipher),
-				                 enc->iv, get_cipher_iv_len(cipher),
+				cipher_init_SSH2(&pvar->cc[MODE_OUT], cipher,
+				                 enc->key, enc->key_len,
+				                 enc->iv, enc->iv_len,
 				                 CIPHER_ENCRYPT,
-				                 get_cipher_EVP_CIPHER(cipher),
-				                 get_cipher_discard_len(cipher),
-				                 get_cipher_auth_len(cipher),
 				                 pvar);
-
 				pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
 			}
 			else {
@@ -1131,15 +1127,11 @@
 			cipher = pvar->ciphers[MODE_IN];
 			if (cipher) {
 				enc = &pvar->ssh2_keys[MODE_IN].enc;
-				cipher_init_SSH2(pvar->evpcip[MODE_IN],
-				                 enc->key, get_cipher_key_len(cipher),
-				                 enc->iv, get_cipher_iv_len(cipher),
+				cipher_init_SSH2(&pvar->cc[MODE_IN], cipher,
+				                 enc->key, enc->key_len,
+				                 enc->iv, enc->iv_len,
 				                 CIPHER_DECRYPT,
-				                 get_cipher_EVP_CIPHER(cipher),
-				                 get_cipher_discard_len(cipher),
-				                 get_cipher_auth_len(cipher),
 				                 pvar);
-
 				pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
 			}
 			else {

Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/keyfiles.c	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/keyfiles.c	2021-04-17 09:52:01 UTC (rev 9211)
@@ -381,7 +381,7 @@
 	int dlen, i;
 	const struct ssh2cipher *cipher;
 	size_t authlen;
-	EVP_CIPHER_CTX *cipher_ctx = NULL;
+	struct sshcipher_ctx *cc = NULL;
 	int ret;
 
 	blob = buffer_init();
@@ -389,9 +389,8 @@
 	kdf = buffer_init();
 	encoded = buffer_init();
 	copy_consumed = buffer_init();
-	cipher_ctx = EVP_CIPHER_CTX_new();
 
-	if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy_consumed == NULL || cipher_ctx == NULL)
+	if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy_consumed == NULL)
 		goto error;
 
 	// \x83t\x83@\x83C\x83\x8B\x82\xF0\x82\xB7\x82ׂēǂݍ\x9E\x82\xDE
@@ -552,9 +551,8 @@
 
 	// \x95\x9C\x8D\x86\x89\xBB
 	cp = buffer_append_space(b, len);
-	cipher_init_SSH2(cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT, 
-	                 get_cipher_EVP_CIPHER(cipher), 0, 0, pvar);
-	ret = EVP_Cipher(cipher_ctx, cp, buffer_tail_ptr(copy_consumed), len);
+	cipher_init_SSH2(&cc, cipher, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT, pvar);
+	ret = EVP_Cipher(cc->evp, cp, buffer_tail_ptr(copy_consumed), len);
 	if (ret == 0) {
 		goto error;
 	}
@@ -605,7 +603,7 @@
 	buffer_free(kdf);
 	buffer_free(encoded);
 	buffer_free(copy_consumed);
-	cipher_free_SSH2(cipher_ctx);
+	cipher_free_SSH2(cc);
 
 	free(ciphername);
 	free(kdfname);
@@ -820,6 +818,9 @@
 	result->dsa = NULL;
 	result->ecdsa = NULL;
 
+	const struct ssh2cipher *cipher = NULL;
+	struct sshcipher_ctx *cc = NULL;
+
 	pubkey = buffer_init();
 	prikey = buffer_init();
 
@@ -958,20 +959,21 @@
 		memset(iv, 0, sizeof(iv));
 
 		// decrypt
-		cipher_init_SSH2(cipher_ctx, key, 32, iv, 16, CIPHER_DECRYPT, EVP_aes_256_cbc(), 0, 0, pvar);
+		cipher = get_cipher_by_name("aes256-cbc");
+		cipher_init_SSH2(&cc, cipher, key, 32, iv, 16, CIPHER_DECRYPT, pvar);
 		len = buffer_len(prikey);
 		decrypted = (char *)malloc(len);
-		ret = EVP_Cipher(cipher_ctx, decrypted, prikey->buf, len);
+		ret = EVP_Cipher(cc->evp, decrypted, prikey->buf, len);
 		if (ret == 0) {
 			strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
 			free(decrypted);
-			cipher_free_SSH2(cipher_ctx);
+			cipher_free_SSH2(cc);
 			goto error;
 		}
 		buffer_clear(prikey);
 		buffer_append(prikey, decrypted, len);
 		free(decrypted);
-		cipher_free_SSH2(cipher_ctx);
+		cipher_free_SSH2(cc);
 	}
 
 	// verity MAC
@@ -1399,6 +1401,9 @@
 	blob = buffer_init();
 	blob2 = buffer_init();
 
+	const struct ssh2cipher *cipher = NULL;
+	struct sshcipher_ctx *cc = NULL;
+
 	// parse keyfile & decode blob
 	{
 	char line[200], buf[100];
@@ -1529,17 +1534,18 @@
 		memset(iv, 0, sizeof(iv));
 
 		// decrypt
-		cipher_init_SSH2(cipher_ctx, key, 24, iv, 8, CIPHER_DECRYPT, EVP_des_ede3_cbc(), 0, 0, pvar);
+		cipher = get_cipher_by_name("3des-cbc");
+		cipher_init_SSH2(&cc, cipher, key, 24, iv, 8, CIPHER_DECRYPT, pvar);
 		decrypted = (char *)malloc(len);
-		ret = EVP_Cipher(cipher_ctx, decrypted, blob->buf + blob->offset, len);
+		ret = EVP_Cipher(cc->evp, decrypted, blob->buf + blob->offset, len);
 		if (ret == 0) {
 			strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
-			cipher_free_SSH2(cipher_ctx);
+			cipher_free_SSH2(cc);
 			goto error;
 		}
 		buffer_append(blob2, decrypted, len);
 		free(decrypted);
-		cipher_free_SSH2(cipher_ctx);
+		cipher_free_SSH2(cc);
 
 		*invalid_passphrase = TRUE;
 	}

Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.c
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.c	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.c	2021-04-17 09:52:01 UTC (rev 9211)
@@ -161,10 +161,10 @@
 	FWDUI_init(pvar);
 
 	ssh_heartbeat_lock_initialize();
-
-	pvar->evpcip[MODE_IN] = EVP_CIPHER_CTX_new();
-	pvar->evpcip[MODE_OUT] = EVP_CIPHER_CTX_new();
-	/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335\x82ŏ\x88\x92u\x97\\x92\xE8) ***/
+	
+	pvar->cc[MODE_IN] = NULL;
+	pvar->cc[MODE_OUT] = NULL;
+	// \x83\x81\x83\x82\x83\x8A\x8Am\x95ۂ\xCD CRYPT_start_encryption \x82̐\xE6\x82\xCC cipher_init_SSH2 \x82Ɉړ\xAE
 }
 
 static void uninit_TTSSH(PTInstVar pvar)
@@ -197,8 +197,12 @@
 
 	ssh_heartbeat_lock_finalize();
 
-	cipher_free_SSH2(pvar->evpcip[MODE_IN]);
-	cipher_free_SSH2(pvar->evpcip[MODE_OUT]);
+	cipher_free_SSH2(pvar->cc[MODE_IN]);
+	cipher_free_SSH2(pvar->cc[MODE_OUT]);
+
+	// CloseTCP \x82\xC6 TTXEnd \x82\xA9\x82\xE7 2 \x89\xF1\x8CĂ΂\xEA\x82\xE9\x8Fꍇ\x82\xAA\x82\xA0\x82邽\x82߁A2\x8Fd free \x82\xB5\x82Ȃ\xA2\x82悤\x82\xC9 NULL \x82\xF0\x83Z\x83b\x83g\x82\xB5\x82Ă\xA8\x82\xAD
+	pvar->cc[MODE_IN] = NULL;
+	pvar->cc[MODE_OUT] = NULL;
 }
 
 static void PASCAL TTXInit(PTTSet ts, PComVar cv)
@@ -3643,7 +3647,7 @@
 	int blocksize, keylen, ivlen, authlen, i, n; 
 	unsigned char *key = NULL, salt[SALT_LEN];
 	char *kdfname = KDFNAME;
-	EVP_CIPHER_CTX *cipher_ctx = NULL;
+	struct sshcipher_ctx *cc = NULL;
 	Key keyblob;
 	unsigned char *cp = NULL;
 	unsigned int len, check;
@@ -3654,8 +3658,7 @@
 	kdf = buffer_init();
 	encoded = buffer_init();
 	blob = buffer_init();
-	cipher_ctx = EVP_CIPHER_CTX_new();
-	if (b == NULL || kdf == NULL || encoded == NULL || blob == NULL || cipher_ctx == NULL)
+	if (b == NULL || kdf == NULL || encoded == NULL || blob == NULL)
 		goto ed25519_error;
 
 	if (passphrase == NULL || !strlen(passphrase)) {
@@ -3682,8 +3685,8 @@
 	// \x88Í\x86\x89\xBB\x82̏\x80\x94\xF5
 	// TODO: OpenSSH 6.5\x82ł\xCD -Z \x83I\x83v\x83V\x83\x87\x83\x93\x82ŁA\x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x8Ew\x92\xE8\x89”\\x82\xBE\x82\xAA\x81A
 	// \x82\xB1\x82\xB1\x82ł\xCD"AES256-CBC"\x82ɌŒ\xE8\x82Ƃ\xB7\x82\xE9\x81B
-	cipher_init_SSH2(cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT,
-	                 get_cipher_EVP_CIPHER(cipher), 0, 0, pvar);
+	cipher = get_cipher_by_name(ciphername);
+	cipher_init_SSH2(&cc, cipher, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT, pvar);
 	SecureZeroMemory(key, keylen + ivlen);
 	free(key);
 
@@ -3726,12 +3729,12 @@
 
 	/* encrypt */
 	cp = buffer_append_space(encoded, buffer_len(b) + authlen);
-	if (EVP_Cipher(cipher_ctx, cp, buffer_ptr(b), buffer_len(b)) == 0) {
+	if (EVP_Cipher(cc->evp, cp, buffer_ptr(b), buffer_len(b)) == 0) {
 		//strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
 		//free(decrypted);
 		//goto error;
 	}
-	cipher_free_SSH2(cipher_ctx);
+	cipher_free_SSH2(cc);
 
 	len = 2 * buffer_len(encoded);
 	cp = malloc(len);
@@ -4397,7 +4400,8 @@
 				MD5_CTX md;
 				unsigned char digest[16];
 				char *passphrase = buf;
-				EVP_CIPHER_CTX *cipher_ctx = NULL;
+				const struct ssh2cipher *cipher = NULL;
+				struct sshcipher_ctx *cc = NULL;
 				FILE *fp;
 				char wrapped[4096];
 				BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
@@ -4405,7 +4409,7 @@
 				if (passphrase[0] == '\0') { // passphrase is empty
 					cipher_num = SSH_CIPHER_NONE;
 				} else {
-					cipher_num = SSH_CIPHER_3DES; // 3DES-CBC
+					cipher_num = SSH_CIPHER_3DES; // 3DES
 				}
 
 				b = buffer_init();
@@ -4417,9 +4421,6 @@
 					break;
 				}
 
-				cipher_ctx = EVP_CIPHER_CTX_new();
-				/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335\x82ŏ\x88\x92u\x97\\x92\xE8) ***/
-
 				// set random value
 				rnd = arc4random();
 				tmp[0] = rnd & 0xff;
@@ -4469,9 +4470,11 @@
 				MD5_Update(&md, (const unsigned char *)passphrase, strlen(passphrase));
 				MD5_Final(digest, &md);
 				if (cipher_num == SSH_CIPHER_NONE) {
-					cipher_init_SSH2(cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, EVP_enc_null(), 0, 0, pvar);
+					cipher = get_cipher_by_name("none");
+					cipher_init_SSH2(&cc, cipher, digest, 16, NULL, 0, CIPHER_ENCRYPT, pvar);
 				} else {
-					cipher_init_SSH2(cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, evp_ssh1_3des(), 0, 0, pvar);
+					cipher = get_cipher_by_name("3des");
+					cipher_init_SSH2(&cc, cipher, digest, 16, NULL, 0, CIPHER_ENCRYPT, pvar);
 				}
 				len = buffer_len(b);
 				if (len % 8) { // fatal error
@@ -4483,7 +4486,7 @@
 					goto error;
 				}
 
-				if (EVP_Cipher(cipher_ctx, wrapped, buffer_ptr(b), len) == 0) {
+				if (EVP_Cipher(cc->evp, wrapped, buffer_ptr(b), len) == 0) {
 					goto error;
 				}
 
@@ -4506,7 +4509,7 @@
 error:;
 				buffer_free(b);
 				buffer_free(enc);
-				cipher_free_SSH2(cipher_ctx);
+				cipher_free_SSH2(cc);
 
 			} else if (private_key.type == KEY_ED25519) { // SSH2 ED25519 
 				save_bcrypt_private_key(buf, filename, comment, dlg, pvar, rounds);

Modified: branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.h
===================================================================
--- branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.h	2021-04-17 08:36:59 UTC (rev 9210)
+++ branches/ssh_chacha20poly1305/ttssh2/ttxssh/ttxssh.h	2021-04-17 09:52:01 UTC (rev 9211)
@@ -283,7 +283,7 @@
 	char *session_id;
 	int session_id_len;
 	SSHKeys ssh2_keys[MODE_MAX];
-	EVP_CIPHER_CTX *evpcip[MODE_MAX];
+	struct sshcipher_ctx *cc[MODE_MAX];
 	int userauth_success;
 	int shell_id;
 	int session_nego_status;

• 前の記事 (スレッド) [Ttssh2-commit] [9210] ファイルを分割・コードを移動・関数名を整理・新しい OpenSSH からインポート
• 次の記事 (スレッド) [Ttssh2-commit] [9212] OpenSSH-8.5p1 から cipher-chachapoly, poly1305 のファイルを追加
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]