[Ttssh2-commit] [6561] ※これはブランチへのコミットです

svnno****@sourc***** svnno****@sourc*****
2017年 1月 7日 (土) 00:03:57 JST


Revision: 6561
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6561
Author:   yutakapon
Date:     2017-01-07 00:03:57 +0900 (Sat, 07 Jan 2017)
Log Message:
-----------
※これはブランチへのコミットです
EVP_CIPHER_CTX 構造体の定義をポインタ化した。

Modified Paths:
--------------
    branches/openssl_1_1_0/ttssh2/ttxssh/cipher.h
    branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c
    branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c

-------------- next part --------------
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/cipher.h
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/cipher.h	2017-01-05 15:22:41 UTC (rev 6560)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/cipher.h	2017-01-06 15:03:57 UTC (rev 6561)
@@ -63,7 +63,7 @@
 struct Cipher;
 struct CipherContext {
 	int	plaintext;
-	EVP_CIPHER_CTX evp;
+	EVP_CIPHER_CTX *evp;
 	Cipher *cipher;
 };
 

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c	2017-01-05 15:22:41 UTC (rev 6560)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c	2017-01-06 15:03:57 UTC (rev 6561)
@@ -372,7 +372,7 @@
 	int dlen, i;
 	SSHCipher ciphernameval;
 	size_t authlen;
-	EVP_CIPHER_CTX cipher_ctx;
+	EVP_CIPHER_CTX *cipher_ctx = NULL;
 
 	blob = buffer_init();
 	b = buffer_init();
@@ -379,7 +379,8 @@
 	kdf = buffer_init();
 	encoded = buffer_init();
 	copy_consumed = buffer_init();
-	if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy_consumed == NULL)
+	cipher_ctx = EVP_CIPHER_CTX_new();
+	if (blob == NULL || b == NULL || ;kdf == NULL || encoded == NULL || copy_consumed == NULL || cipher_ctx == NULL)
 		goto error;
 
 	// \x83t\x83@\x83C\x83\x8B\x82\xF0\x82\xB7\x82ׂēǂݍ\x9E\x82\xDE
@@ -539,13 +540,13 @@
 
 	// \x95\x9C\x8D\x86\x89\xBB
 	cp = buffer_append_space(b, len);
-	cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT, 
+	cipher_init_SSH2(cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT, 
 		get_cipher_EVP_CIPHER(ciphernameval), 0, pvar);
-	if (EVP_Cipher(&cipher_ctx, cp, buffer_tail_ptr(copy_consumed), len) == 0) {
-		cipher_cleanup_SSH2(&cipher_ctx);
+	if (EVP_Cipher(cipher_ctx, cp, buffer_tail_ptr(copy_consumed), len) == 0) {
+		cipher_cleanup_SSH2(cipher_ctx);
 		goto error;
 	}
-	cipher_cleanup_SSH2(&cipher_ctx);
+	cipher_cleanup_SSH2(cipher_ctx);
 	buffer_consume(copy_consumed, len);
 
 	if (buffer_remain_len(copy_consumed) != 0) {
@@ -601,6 +602,10 @@
 	free(salt);
 	free(comment);
 
+	if (cipher_ctx) {
+		EVP_CIPHER_CTX_free(cipher_ctx);
+	}
+
 	// KDF \x82ł͂Ȃ\xA9\x82\xC1\x82\xBD
 	if (keyfmt == NULL) {
 		fseek(fp, 0, SEEK_SET);
@@ -874,9 +879,11 @@
 		const EVP_MD *md = EVP_sha1();
 		EVP_MD_CTX ctx;
 		unsigned char key[40], iv[32];
-		EVP_CIPHER_CTX cipher_ctx;
+		EVP_CIPHER_CTX *cipher_ctx = NULL;
 		char *decrypted = NULL;
 
+		cipher_ctx = EVP_CIPHER_CTX_new();
+
 		EVP_DigestInit(&ctx, md);
 		EVP_DigestUpdate(&ctx, "\0\0\0\0", 4);
 		EVP_DigestUpdate(&ctx, passphrase, strlen(passphrase));
@@ -890,19 +897,21 @@
 		memset(iv, 0, sizeof(iv));
 
 		// decrypt
-		cipher_init_SSH2(&cipher_ctx, key, 32, iv, 16, CIPHER_DECRYPT, EVP_aes_256_cbc(), 0, pvar);
+		cipher_init_SSH2(cipher_ctx, key, 32, iv, 16, CIPHER_DECRYPT, EVP_aes_256_cbc(), 0, pvar);
 		len = buffer_len(prikey);
 		decrypted = (char *)malloc(len);
-		if (EVP_Cipher(&cipher_ctx, decrypted, prikey->buf, len) == 0) {
+		if (EVP_Cipher(cipher_ctx, decrypted, prikey->buf, len) == 0) {
 			strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
 			free(decrypted);
-			cipher_cleanup_SSH2(&cipher_ctx);
+			cipher_cleanup_SSH2(cipher_ctx);
+			EVP_CIPHER_CTX_free(cipher_ctx);
 			goto error;
 		}
 		buffer_clear(prikey);
 		buffer_append(prikey, decrypted, len);
 		free(decrypted);
-		cipher_cleanup_SSH2(&cipher_ctx);
+		cipher_cleanup_SSH2(cipher_ctx);
+		EVP_CIPHER_CTX_free(cipher_ctx);
 	}
 
 	// verity MAC
@@ -1308,9 +1317,11 @@
 	if (strcmp(encname, "3des-cbc") == 0) {
 		MD5_CTX md;
 		unsigned char key[32], iv[16];
-		EVP_CIPHER_CTX cipher_ctx;
+		EVP_CIPHER_CTX *cipher_ctx = NULL;
 		char *decrypted = NULL;
 
+		cipher_ctx = EVP_CIPHER_CTX_new();
+
 		MD5_Init(&md);
 		MD5_Update(&md, passphrase, strlen(passphrase));
 		MD5_Final(key, &md);
@@ -1323,16 +1334,18 @@
 		memset(iv, 0, sizeof(iv));
 
 		// decrypt
-		cipher_init_SSH2(&cipher_ctx, key, 24, iv, 8, CIPHER_DECRYPT, EVP_des_ede3_cbc(), 0, pvar);
+		cipher_init_SSH2(cipher_ctx, key, 24, iv, 8, CIPHER_DECRYPT, EVP_des_ede3_cbc(), 0, pvar);
 		decrypted = (char *)malloc(len);
-		if (EVP_Cipher(&cipher_ctx, decrypted, blob->buf + blob->offset, len) == 0) {
+		if (EVP_Cipher(cipher_ctx, decrypted, blob->buf + blob->offset, len) == 0) {
 			strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
-			cipher_cleanup_SSH2(&cipher_ctx);
+			cipher_cleanup_SSH2(cipher_ctx);
+			EVP_CIPHER_CTX_free(cipher_ctx);
 			goto error;
 		}
 		buffer_append(blob2, decrypted, len);
 		free(decrypted);
-		cipher_cleanup_SSH2(&cipher_ctx);
+		cipher_cleanup_SSH2(cipher_ctx);
+		EVP_CIPHER_CTX_free(cipher_ctx);
 
 		*invalid_passphrase = TRUE;
 	}

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c	2017-01-05 15:22:41 UTC (rev 6560)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c	2017-01-06 15:03:57 UTC (rev 6561)
@@ -3802,7 +3802,7 @@
  */
 struct ssh1_3des_ctx
 {
-	EVP_CIPHER_CTX  k1, k2, k3;
+	EVP_CIPHER_CTX  *k1, *k2, *k3;
 };
 
 static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc)
@@ -3812,6 +3812,9 @@
 
 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
 		c = malloc(sizeof(*c));
+		c->k1 = EVP_CIPHER_CTX_new();
+		c->k2 = EVP_CIPHER_CTX_new();
+		c->k3 = EVP_CIPHER_CTX_new();
 		EVP_CIPHER_CTX_set_app_data(ctx, c);
 	}
 	if (key == NULL)
@@ -3826,12 +3829,15 @@
 		else
 			k1 += 16;
 	}
-	EVP_CIPHER_CTX_init(&c->k1);
-	EVP_CIPHER_CTX_init(&c->k2);
-	EVP_CIPHER_CTX_init(&c->k3);
-	if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
-		EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
-		EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
+	EVP_CIPHER_CTX_init(c->k1);
+	EVP_CIPHER_CTX_init(c->k2);
+	EVP_CIPHER_CTX_init(c->k3);
+	if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
+		EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
+		EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
+			EVP_CIPHER_CTX_free(c->k1);
+			EVP_CIPHER_CTX_free(c->k2);
+			EVP_CIPHER_CTX_free(c->k3);
 			SecureZeroMemory(c, sizeof(*c));
 			free(c);
 			EVP_CIPHER_CTX_set_app_data(ctx, NULL);
@@ -3848,9 +3854,9 @@
 		//error("ssh1_3des_cbc: no context");
 		return (0);
 	}
-	if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
-		EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
-		EVP_Cipher(&c->k3, dest, dest, len) == 0)
+	if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 ||
+		EVP_Cipher(c->k2, dest, dest, len) == 0 ||
+		EVP_Cipher(c->k3, dest, dest, len) == 0)
 		return (0);
 	return (1);
 }
@@ -3860,9 +3866,12 @@
 	struct ssh1_3des_ctx *c;
 
 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		EVP_CIPHER_CTX_cleanup(&c->k1);
-		EVP_CIPHER_CTX_cleanup(&c->k2);
-		EVP_CIPHER_CTX_cleanup(&c->k3);
+		EVP_CIPHER_CTX_cleanup(c->k1);
+		EVP_CIPHER_CTX_cleanup(c->k2);
+		EVP_CIPHER_CTX_cleanup(c->k3);
+		EVP_CIPHER_CTX_free(c->k1);
+		EVP_CIPHER_CTX_free(c->k2);
+		EVP_CIPHER_CTX_free(c->k3);
 		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
@@ -4285,7 +4294,7 @@
 	int blocksize, keylen, ivlen, authlen, i, n; 
 	unsigned char *key = NULL, salt[SALT_LEN];
 	char *kdfname = KDFNAME;
-	EVP_CIPHER_CTX cipher_ctx;
+	EVP_CIPHER_CTX *cipher_ctx = NULL;
 	Key keyblob;
 	unsigned char *cp = NULL;
 	unsigned int len, check;
@@ -4296,7 +4305,8 @@
 	kdf = buffer_init();
 	encoded = buffer_init();
 	blob = buffer_init();
-	if (b == NULL || kdf == NULL || encoded == NULL || blob == NULL)
+	cipher_ctx = EVP_CIPHER_CTX_new();
+	if (b == NULL || kdf == NULL || encoded == NULL || blob == NULL || cipher_ctx == NULL)
 		goto ed25519_error;
 
 	if (passphrase == NULL || !strlen(passphrase)) {
@@ -4422,6 +4432,10 @@
 	buffer_free(kdf);
 	buffer_free(encoded);
 	buffer_free(blob);
+
+	if (cipher_ctx) {
+		EVP_CIPHER_CTX_free(cipher_ctx);
+	}
 }
 
 static BOOL CALLBACK TTXKeyGenerator(HWND dlg, UINT msg, WPARAM wParam,
@@ -5072,7 +5086,7 @@
 				MD5_CTX md;
 				unsigned char digest[16];
 				char *passphrase = buf;
-				EVP_CIPHER_CTX cipher_ctx;
+				EVP_CIPHER_CTX *cipher_ctx = NULL;
 				FILE *fp;
 				char wrapped[4096];
 
@@ -5091,6 +5105,8 @@
 					break;
 				}
 
+				cipher_ctx = EVP_CIPHER_CTX_new();
+
 				// set random value
 				rnd = arc4random();
 				tmp[0] = rnd & 0xff;
@@ -5137,9 +5153,9 @@
 				MD5_Update(&md, (const unsigned char *)passphrase, strlen(passphrase));
 				MD5_Final(digest, &md);
 				if (cipher_num == SSH_CIPHER_NONE) {
-					cipher_init_SSH2(&cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, EVP_enc_null(), 0, pvar);
+					cipher_init_SSH2(cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, EVP_enc_null(), 0, pvar);
 				} else {
-					cipher_init_SSH2(&cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, evp_ssh1_3des(), 0, pvar);
+					cipher_init_SSH2(cipher_ctx, digest, 16, NULL, 0, CIPHER_ENCRYPT, evp_ssh1_3des(), 0, pvar);
 				}
 				len = buffer_len(b);
 				if (len % 8) { // fatal error
@@ -5151,10 +5167,10 @@
 					goto error;
 				}
 
-				if (EVP_Cipher(&cipher_ctx, wrapped, buffer_ptr(b), len) == 0) {
+				if (EVP_Cipher(cipher_ctx, wrapped, buffer_ptr(b), len) == 0) {
 					goto error;
 				}
-				if (EVP_CIPHER_CTX_cleanup(&cipher_ctx) == 0) {
+				if (EVP_CIPHER_CTX_cleanup(cipher_ctx) == 0) {
 					goto error;
 				}
 
@@ -5177,6 +5193,9 @@
 error:;
 				buffer_free(b);
 				buffer_free(enc);
+				if (cipher_ctx) {
+					EVP_CIPHER_CTX_free(cipher_ctx);
+				}
 
 			} else if (private_key.type == KEY_ED25519) { // SSH2 ED25519 
 				save_bcrypt_private_key(buf, filename, comment, dlg, pvar, rounds);



Ttssh2-commit メーリングリストの案内