• R/O
  • SSH
  • HTTPS

ttssh2: Commit


Commit MetaInfo

Revision10261 (tree)
Time2022-09-11 14:26:32
Authornmaya

Log Message

OpenSSL のときだけ arc4random.c/h と chacha.c/h が使われるようにした

- LibreSSL のときは compat/stdlib.h を include し LibreSSL の関数を利用する

- RAND_bytes() を呼ぶと LibreSSL の crypto/rand/rand_lib.c の RAND_bytes()
から TTSSH の arc4random.c の arc4random_buf() が呼ばれる状態を解消

Change Summary

Incremental Difference

--- trunk/ttssh2/ttxssh/arc4random.c (revision 10260)
+++ trunk/ttssh2/ttxssh/arc4random.c (revision 10261)
@@ -40,6 +40,14 @@
4040
4141 #define KEYSTREAM_ONLY
4242 #include "ttxssh.h"
43+
44+/*
45+ * このソースは OpenSSL のときだけ使われる
46+ * LibreSSL のときは libressl/crypto/compat/arc4random.c,
47+ * crypto/compat/getentropy_win.c が使われる
48+ */
49+#ifndef LIBRESSL_VERSION_NUMBER
50+
4351 #include "arc4random.h"
4452 #include "chacha.h"
4553
@@ -214,3 +222,5 @@
214222 _rs_random_buf(buf, n);
215223 _ARC4_UNLOCK();
216224 }
225+
226+#endif /* LIBRESSL_VERSION_NUMBER */
--- trunk/ttssh2/ttxssh/chacha.c (revision 10260)
+++ trunk/ttssh2/ttxssh/chacha.c (revision 10261)
@@ -1,221 +1,230 @@
1-/* Imported via OpenSSH-7.6p1, TeraTerm Project doda */
2-
3-/*
4-chacha-merged.c version 20080118
5-D. J. Bernstein
6-Public domain.
7-*/
8-
9-// #include "includes.h"
10-
11-#include "chacha.h"
12-
13-/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
14-
15-typedef unsigned char u8;
16-typedef unsigned int u32;
17-
18-typedef struct chacha_ctx chacha_ctx;
19-
20-#define U8C(v) (v##U)
21-#define U32C(v) (v##U)
22-
23-#define U8V(v) ((u8)(v) & U8C(0xFF))
24-#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
25-
26-#define ROTL32(v, n) \
27- (U32V((v) << (n)) | ((v) >> (32 - (n))))
28-
29-#define U8TO32_LITTLE(p) \
30- (((u32)((p)[0]) ) | \
31- ((u32)((p)[1]) << 8) | \
32- ((u32)((p)[2]) << 16) | \
33- ((u32)((p)[3]) << 24))
34-
35-#define U32TO8_LITTLE(p, v) \
36- do { \
37- (p)[0] = U8V((v) ); \
38- (p)[1] = U8V((v) >> 8); \
39- (p)[2] = U8V((v) >> 16); \
40- (p)[3] = U8V((v) >> 24); \
41- } while (0)
42-
43-#define ROTATE(v,c) (ROTL32(v,c))
44-#define XOR(v,w) ((v) ^ (w))
45-#define PLUS(v,w) (U32V((v) + (w)))
46-#define PLUSONE(v) (PLUS((v),1))
47-
48-#define QUARTERROUND(a,b,c,d) \
49- a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
50- c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
51- a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
52- c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
53-
54-static const char sigma[16] = "expand 32-byte k";
55-static const char tau[16] = "expand 16-byte k";
56-
57-void
58-chacha_keysetup(chacha_ctx *x, const u8 *k, u32 kbits)
59-{
60- const char *constants;
61-
62- x->input[4] = U8TO32_LITTLE(k + 0);
63- x->input[5] = U8TO32_LITTLE(k + 4);
64- x->input[6] = U8TO32_LITTLE(k + 8);
65- x->input[7] = U8TO32_LITTLE(k + 12);
66- if (kbits == 256) { /* recommended */
67- k += 16;
68- constants = sigma;
69- } else { /* kbits == 128 */
70- constants = tau;
71- }
72- x->input[8] = U8TO32_LITTLE(k + 0);
73- x->input[9] = U8TO32_LITTLE(k + 4);
74- x->input[10] = U8TO32_LITTLE(k + 8);
75- x->input[11] = U8TO32_LITTLE(k + 12);
76- x->input[0] = U8TO32_LITTLE(constants + 0);
77- x->input[1] = U8TO32_LITTLE(constants + 4);
78- x->input[2] = U8TO32_LITTLE(constants + 8);
79- x->input[3] = U8TO32_LITTLE(constants + 12);
80-}
81-
82-void
83-chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
84-{
85- x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
86- x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
87- x->input[14] = U8TO32_LITTLE(iv + 0);
88- x->input[15] = U8TO32_LITTLE(iv + 4);
89-}
90-
91-void
92-chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes)
93-{
94- u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
95- u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
96- u8 *ctarget = NULL;
97- u8 tmp[64];
98- u_int i;
99-
100- if (!bytes) return;
101-
102- j0 = x->input[0];
103- j1 = x->input[1];
104- j2 = x->input[2];
105- j3 = x->input[3];
106- j4 = x->input[4];
107- j5 = x->input[5];
108- j6 = x->input[6];
109- j7 = x->input[7];
110- j8 = x->input[8];
111- j9 = x->input[9];
112- j10 = x->input[10];
113- j11 = x->input[11];
114- j12 = x->input[12];
115- j13 = x->input[13];
116- j14 = x->input[14];
117- j15 = x->input[15];
118-
119- for (;;) {
120- if (bytes < 64) {
121- for (i = 0;i < bytes;++i) tmp[i] = m[i];
122- m = tmp;
123- ctarget = c;
124- c = tmp;
125- }
126- x0 = j0;
127- x1 = j1;
128- x2 = j2;
129- x3 = j3;
130- x4 = j4;
131- x5 = j5;
132- x6 = j6;
133- x7 = j7;
134- x8 = j8;
135- x9 = j9;
136- x10 = j10;
137- x11 = j11;
138- x12 = j12;
139- x13 = j13;
140- x14 = j14;
141- x15 = j15;
142- for (i = 20;i > 0;i -= 2) {
143- QUARTERROUND( x0, x4, x8,x12)
144- QUARTERROUND( x1, x5, x9,x13)
145- QUARTERROUND( x2, x6,x10,x14)
146- QUARTERROUND( x3, x7,x11,x15)
147- QUARTERROUND( x0, x5,x10,x15)
148- QUARTERROUND( x1, x6,x11,x12)
149- QUARTERROUND( x2, x7, x8,x13)
150- QUARTERROUND( x3, x4, x9,x14)
151- }
152- x0 = PLUS(x0,j0);
153- x1 = PLUS(x1,j1);
154- x2 = PLUS(x2,j2);
155- x3 = PLUS(x3,j3);
156- x4 = PLUS(x4,j4);
157- x5 = PLUS(x5,j5);
158- x6 = PLUS(x6,j6);
159- x7 = PLUS(x7,j7);
160- x8 = PLUS(x8,j8);
161- x9 = PLUS(x9,j9);
162- x10 = PLUS(x10,j10);
163- x11 = PLUS(x11,j11);
164- x12 = PLUS(x12,j12);
165- x13 = PLUS(x13,j13);
166- x14 = PLUS(x14,j14);
167- x15 = PLUS(x15,j15);
168-
169- x0 = XOR(x0,U8TO32_LITTLE(m + 0));
170- x1 = XOR(x1,U8TO32_LITTLE(m + 4));
171- x2 = XOR(x2,U8TO32_LITTLE(m + 8));
172- x3 = XOR(x3,U8TO32_LITTLE(m + 12));
173- x4 = XOR(x4,U8TO32_LITTLE(m + 16));
174- x5 = XOR(x5,U8TO32_LITTLE(m + 20));
175- x6 = XOR(x6,U8TO32_LITTLE(m + 24));
176- x7 = XOR(x7,U8TO32_LITTLE(m + 28));
177- x8 = XOR(x8,U8TO32_LITTLE(m + 32));
178- x9 = XOR(x9,U8TO32_LITTLE(m + 36));
179- x10 = XOR(x10,U8TO32_LITTLE(m + 40));
180- x11 = XOR(x11,U8TO32_LITTLE(m + 44));
181- x12 = XOR(x12,U8TO32_LITTLE(m + 48));
182- x13 = XOR(x13,U8TO32_LITTLE(m + 52));
183- x14 = XOR(x14,U8TO32_LITTLE(m + 56));
184- x15 = XOR(x15,U8TO32_LITTLE(m + 60));
185-
186- j12 = PLUSONE(j12);
187- if (!j12) {
188- j13 = PLUSONE(j13);
189- /* stopping at 2^70 bytes per nonce is user's responsibility */
190- }
191-
192- U32TO8_LITTLE(c + 0,x0);
193- U32TO8_LITTLE(c + 4,x1);
194- U32TO8_LITTLE(c + 8,x2);
195- U32TO8_LITTLE(c + 12,x3);
196- U32TO8_LITTLE(c + 16,x4);
197- U32TO8_LITTLE(c + 20,x5);
198- U32TO8_LITTLE(c + 24,x6);
199- U32TO8_LITTLE(c + 28,x7);
200- U32TO8_LITTLE(c + 32,x8);
201- U32TO8_LITTLE(c + 36,x9);
202- U32TO8_LITTLE(c + 40,x10);
203- U32TO8_LITTLE(c + 44,x11);
204- U32TO8_LITTLE(c + 48,x12);
205- U32TO8_LITTLE(c + 52,x13);
206- U32TO8_LITTLE(c + 56,x14);
207- U32TO8_LITTLE(c + 60,x15);
208-
209- if (bytes <= 64) {
210- if (bytes < 64) {
211- for (i = 0;i < bytes;++i) ctarget[i] = c[i];
212- }
213- x->input[12] = j12;
214- x->input[13] = j13;
215- return;
216- }
217- bytes -= 64;
218- c += 64;
219- m += 64;
220- }
221-}
1+/* Imported via OpenSSH-7.6p1, TeraTerm Project doda */
2+
3+/*
4+chacha-merged.c version 20080118
5+D. J. Bernstein
6+Public domain.
7+*/
8+
9+// #include "includes.h"
10+
11+/*
12+ * このソースは OpenSSL のときだけ使われる
13+ * LibreSSL のときは libressl/crypto/compat/chacha_private.h が使われる
14+ */
15+#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
16+#ifndef LIBRESSL_VERSION_NUMBER
17+
18+#include "chacha.h"
19+
20+/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
21+
22+typedef unsigned char u8;
23+typedef unsigned int u32;
24+
25+typedef struct chacha_ctx chacha_ctx;
26+
27+#define U8C(v) (v##U)
28+#define U32C(v) (v##U)
29+
30+#define U8V(v) ((u8)(v) & U8C(0xFF))
31+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
32+
33+#define ROTL32(v, n) \
34+ (U32V((v) << (n)) | ((v) >> (32 - (n))))
35+
36+#define U8TO32_LITTLE(p) \
37+ (((u32)((p)[0]) ) | \
38+ ((u32)((p)[1]) << 8) | \
39+ ((u32)((p)[2]) << 16) | \
40+ ((u32)((p)[3]) << 24))
41+
42+#define U32TO8_LITTLE(p, v) \
43+ do { \
44+ (p)[0] = U8V((v) ); \
45+ (p)[1] = U8V((v) >> 8); \
46+ (p)[2] = U8V((v) >> 16); \
47+ (p)[3] = U8V((v) >> 24); \
48+ } while (0)
49+
50+#define ROTATE(v,c) (ROTL32(v,c))
51+#define XOR(v,w) ((v) ^ (w))
52+#define PLUS(v,w) (U32V((v) + (w)))
53+#define PLUSONE(v) (PLUS((v),1))
54+
55+#define QUARTERROUND(a,b,c,d) \
56+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
57+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
58+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
59+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
60+
61+static const char sigma[16] = "expand 32-byte k";
62+static const char tau[16] = "expand 16-byte k";
63+
64+void
65+chacha_keysetup(chacha_ctx *x, const u8 *k, u32 kbits)
66+{
67+ const char *constants;
68+
69+ x->input[4] = U8TO32_LITTLE(k + 0);
70+ x->input[5] = U8TO32_LITTLE(k + 4);
71+ x->input[6] = U8TO32_LITTLE(k + 8);
72+ x->input[7] = U8TO32_LITTLE(k + 12);
73+ if (kbits == 256) { /* recommended */
74+ k += 16;
75+ constants = sigma;
76+ } else { /* kbits == 128 */
77+ constants = tau;
78+ }
79+ x->input[8] = U8TO32_LITTLE(k + 0);
80+ x->input[9] = U8TO32_LITTLE(k + 4);
81+ x->input[10] = U8TO32_LITTLE(k + 8);
82+ x->input[11] = U8TO32_LITTLE(k + 12);
83+ x->input[0] = U8TO32_LITTLE(constants + 0);
84+ x->input[1] = U8TO32_LITTLE(constants + 4);
85+ x->input[2] = U8TO32_LITTLE(constants + 8);
86+ x->input[3] = U8TO32_LITTLE(constants + 12);
87+}
88+
89+void
90+chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
91+{
92+ x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
93+ x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
94+ x->input[14] = U8TO32_LITTLE(iv + 0);
95+ x->input[15] = U8TO32_LITTLE(iv + 4);
96+}
97+
98+void
99+chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes)
100+{
101+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
102+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
103+ u8 *ctarget = NULL;
104+ u8 tmp[64];
105+ u_int i;
106+
107+ if (!bytes) return;
108+
109+ j0 = x->input[0];
110+ j1 = x->input[1];
111+ j2 = x->input[2];
112+ j3 = x->input[3];
113+ j4 = x->input[4];
114+ j5 = x->input[5];
115+ j6 = x->input[6];
116+ j7 = x->input[7];
117+ j8 = x->input[8];
118+ j9 = x->input[9];
119+ j10 = x->input[10];
120+ j11 = x->input[11];
121+ j12 = x->input[12];
122+ j13 = x->input[13];
123+ j14 = x->input[14];
124+ j15 = x->input[15];
125+
126+ for (;;) {
127+ if (bytes < 64) {
128+ for (i = 0;i < bytes;++i) tmp[i] = m[i];
129+ m = tmp;
130+ ctarget = c;
131+ c = tmp;
132+ }
133+ x0 = j0;
134+ x1 = j1;
135+ x2 = j2;
136+ x3 = j3;
137+ x4 = j4;
138+ x5 = j5;
139+ x6 = j6;
140+ x7 = j7;
141+ x8 = j8;
142+ x9 = j9;
143+ x10 = j10;
144+ x11 = j11;
145+ x12 = j12;
146+ x13 = j13;
147+ x14 = j14;
148+ x15 = j15;
149+ for (i = 20;i > 0;i -= 2) {
150+ QUARTERROUND( x0, x4, x8,x12)
151+ QUARTERROUND( x1, x5, x9,x13)
152+ QUARTERROUND( x2, x6,x10,x14)
153+ QUARTERROUND( x3, x7,x11,x15)
154+ QUARTERROUND( x0, x5,x10,x15)
155+ QUARTERROUND( x1, x6,x11,x12)
156+ QUARTERROUND( x2, x7, x8,x13)
157+ QUARTERROUND( x3, x4, x9,x14)
158+ }
159+ x0 = PLUS(x0,j0);
160+ x1 = PLUS(x1,j1);
161+ x2 = PLUS(x2,j2);
162+ x3 = PLUS(x3,j3);
163+ x4 = PLUS(x4,j4);
164+ x5 = PLUS(x5,j5);
165+ x6 = PLUS(x6,j6);
166+ x7 = PLUS(x7,j7);
167+ x8 = PLUS(x8,j8);
168+ x9 = PLUS(x9,j9);
169+ x10 = PLUS(x10,j10);
170+ x11 = PLUS(x11,j11);
171+ x12 = PLUS(x12,j12);
172+ x13 = PLUS(x13,j13);
173+ x14 = PLUS(x14,j14);
174+ x15 = PLUS(x15,j15);
175+
176+ x0 = XOR(x0,U8TO32_LITTLE(m + 0));
177+ x1 = XOR(x1,U8TO32_LITTLE(m + 4));
178+ x2 = XOR(x2,U8TO32_LITTLE(m + 8));
179+ x3 = XOR(x3,U8TO32_LITTLE(m + 12));
180+ x4 = XOR(x4,U8TO32_LITTLE(m + 16));
181+ x5 = XOR(x5,U8TO32_LITTLE(m + 20));
182+ x6 = XOR(x6,U8TO32_LITTLE(m + 24));
183+ x7 = XOR(x7,U8TO32_LITTLE(m + 28));
184+ x8 = XOR(x8,U8TO32_LITTLE(m + 32));
185+ x9 = XOR(x9,U8TO32_LITTLE(m + 36));
186+ x10 = XOR(x10,U8TO32_LITTLE(m + 40));
187+ x11 = XOR(x11,U8TO32_LITTLE(m + 44));
188+ x12 = XOR(x12,U8TO32_LITTLE(m + 48));
189+ x13 = XOR(x13,U8TO32_LITTLE(m + 52));
190+ x14 = XOR(x14,U8TO32_LITTLE(m + 56));
191+ x15 = XOR(x15,U8TO32_LITTLE(m + 60));
192+
193+ j12 = PLUSONE(j12);
194+ if (!j12) {
195+ j13 = PLUSONE(j13);
196+ /* stopping at 2^70 bytes per nonce is user's responsibility */
197+ }
198+
199+ U32TO8_LITTLE(c + 0,x0);
200+ U32TO8_LITTLE(c + 4,x1);
201+ U32TO8_LITTLE(c + 8,x2);
202+ U32TO8_LITTLE(c + 12,x3);
203+ U32TO8_LITTLE(c + 16,x4);
204+ U32TO8_LITTLE(c + 20,x5);
205+ U32TO8_LITTLE(c + 24,x6);
206+ U32TO8_LITTLE(c + 28,x7);
207+ U32TO8_LITTLE(c + 32,x8);
208+ U32TO8_LITTLE(c + 36,x9);
209+ U32TO8_LITTLE(c + 40,x10);
210+ U32TO8_LITTLE(c + 44,x11);
211+ U32TO8_LITTLE(c + 48,x12);
212+ U32TO8_LITTLE(c + 52,x13);
213+ U32TO8_LITTLE(c + 56,x14);
214+ U32TO8_LITTLE(c + 60,x15);
215+
216+ if (bytes <= 64) {
217+ if (bytes < 64) {
218+ for (i = 0;i < bytes;++i) ctarget[i] = c[i];
219+ }
220+ x->input[12] = j12;
221+ x->input[13] = j13;
222+ return;
223+ }
224+ bytes -= 64;
225+ c += 64;
226+ m += 64;
227+ }
228+}
229+
230+#endif /* LIBRESSL_VERSION_NUMBER */
--- trunk/ttssh2/ttxssh/ed25519_crypto_api.h (revision 10260)
+++ trunk/ttssh2/ttxssh/ed25519_crypto_api.h (revision 10261)
@@ -31,8 +31,14 @@
3131
3232 #include <stdio.h>
3333 #include <stdlib.h>
34-#include "arc4random.h"
3534
35+#ifndef LIBRESSL_VERSION_NUMBER
36+ #include "arc4random.h"
37+#else
38+ // include LibreSSL header file
39+ #include <compat/stdlib.h>
40+#endif
41+
3642 typedef unsigned char u_int8_t;
3743 typedef unsigned short int u_int16_t;
3844 typedef unsigned int u_int32_t;
--- trunk/ttssh2/ttxssh/ttxssh.c (revision 10260)
+++ trunk/ttssh2/ttxssh/ttxssh.c (revision 10261)
@@ -40,7 +40,6 @@
4040 #include "ttcommon.h"
4141 #include "ttlib.h"
4242 #include "keyfiles.h"
43-#include "arc4random.h"
4443 #include "auth.h"
4544 #include "helpid.h"
4645
@@ -71,6 +70,13 @@
7170 #include <openssl/rc4.h>
7271 #include <openssl/md5.h>
7372
73+#ifndef LIBRESSL_VERSION_NUMBER
74+ #include "arc4random.h"
75+#else
76+ // include LibreSSL header file
77+ #include <compat/stdlib.h>
78+#endif
79+
7480 // include ZLib header file
7581 #include <zlib.h>
7682
Show on old repository browser