diff options
-rw-r--r-- | usr.bin/ssh/authfile.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/cipher.c | 24 | ||||
-rw-r--r-- | usr.bin/ssh/cipher.h | 8 | ||||
-rw-r--r-- | usr.bin/ssh/packet.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 4 |
6 files changed, 35 insertions, 23 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index f619a498408..6acc330c69a 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.11 1999/12/06 19:11:15 deraadt Exp $"); +RCSID("$Id: authfile.c,v 1.12 2000/04/04 21:37:27 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -101,7 +101,7 @@ save_private_key(const char *filename, const char *passphrase, /* Allocate space for the private part of the key in the buffer. */ buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); - cipher_set_key_string(&cipher, cipher_type, passphrase, 1); + cipher_set_key_string(&cipher, cipher_type, passphrase); cipher_encrypt(&cipher, (unsigned char *) cp, (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); @@ -280,7 +280,7 @@ load_private_key(const char *filename, const char *passphrase, xfree(buffer_get_string(&buffer, NULL)); /* Check that it is a supported cipher. */ - if (((cipher_mask() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & + if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & (1 << cipher_type)) == 0) { debug("Unsupported cipher %.100s used in key file %.200s.", cipher_name(cipher_type), filename); @@ -292,7 +292,7 @@ load_private_key(const char *filename, const char *passphrase, buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&cipher, cipher_type, passphrase, 0); + cipher_set_key_string(&cipher, cipher_type, passphrase); cipher_decrypt(&cipher, (unsigned char *) cp, (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index cbdec264375..37ea1d75744 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.21 2000/03/28 20:24:49 markus Exp $"); +RCSID("$Id: cipher.c,v 1.22 2000/04/04 21:37:27 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -131,17 +131,28 @@ static char *cipher_names[] = */ unsigned int -cipher_mask() +cipher_mask1() { unsigned int mask = 0; mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; + return mask; +} +unsigned int +cipher_mask2() +{ + unsigned int mask = 0; mask |= 1 << SSH_CIPHER_BLOWFISH_CBC; mask |= 1 << SSH_CIPHER_3DES_CBC; mask |= 1 << SSH_CIPHER_ARCFOUR; mask |= 1 << SSH_CIPHER_CAST128_CBC; return mask; } +unsigned int +cipher_mask() +{ + return cipher_mask1() | cipher_mask2(); +} /* Returns the name of the cipher. */ @@ -176,8 +187,7 @@ cipher_number(const char *name) */ void -cipher_set_key_string(CipherContext *context, int cipher, - const char *passphrase, int for_encryption) +cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase) { MD5_CTX md; unsigned char digest[16]; @@ -186,7 +196,7 @@ cipher_set_key_string(CipherContext *context, int cipher, MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase)); MD5_Final(digest, &md); - cipher_set_key(context, cipher, digest, 16, for_encryption); + cipher_set_key(context, cipher, digest, 16); memset(digest, 0, sizeof(digest)); memset(&md, 0, sizeof(md)); @@ -195,8 +205,8 @@ cipher_set_key_string(CipherContext *context, int cipher, /* Selects the cipher to use and sets the key. */ void -cipher_set_key(CipherContext *context, int cipher, - const unsigned char *key, int keylen, int for_encryption) +cipher_set_key(CipherContext *context, int cipher, const unsigned char *key, + int keylen) { unsigned char padded[32]; diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index b8e647ca67e..7831963871a 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: cipher.h,v 1.12 2000/03/28 20:24:50 markus Exp $"); */ +/* RCSID("$Id: cipher.h,v 1.13 2000/04/04 21:37:27 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H @@ -66,6 +66,8 @@ typedef struct { * supported cipher. */ unsigned int cipher_mask(); +unsigned int cipher_mask1(); +unsigned int cipher_mask2(); /* Returns the name of the cipher. */ const char *cipher_name(int cipher); @@ -82,7 +84,7 @@ int cipher_number(const char *name); */ void cipher_set_key(CipherContext * context, int cipher, - const unsigned char *key, int keylen, int for_encryption); + const unsigned char *key, int keylen); void cipher_set_key_iv(CipherContext * context, int cipher, const unsigned char *key, int keylen, @@ -94,7 +96,7 @@ cipher_set_key_iv(CipherContext * context, int cipher, */ void cipher_set_key_string(CipherContext * context, int cipher, - const char *passphrase, int for_encryption); + const char *passphrase); /* Encrypts data using the cipher. */ void diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 9925f7595dd..0e01e6ebe0f 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.25 2000/04/03 20:12:55 markus Exp $"); +RCSID("$Id: packet.c,v 1.26 2000/04/04 21:37:27 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -144,8 +144,8 @@ packet_set_connection(int fd_in, int fd_out) connection_in = fd_in; connection_out = fd_out; cipher_type = SSH_CIPHER_NONE; - cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 1); - cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 0); + cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0); + cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0); if (!initialized) { initialized = 1; buffer_init(&input); @@ -344,8 +344,8 @@ packet_set_encryption_key(const unsigned char *key, unsigned int keylen, fatal("keylen too small: %d", keylen); /* All other ciphers use the same key in both directions for now. */ - cipher_set_key(&receive_context, cipher, key, keylen, 0); - cipher_set_key(&send_context, cipher, key, keylen, 1); + cipher_set_key(&receive_context, cipher, key, keylen); + cipher_set_key(&send_context, cipher, key, keylen); } /* Starts constructing a packet to send. */ diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 972ffeee652..307689948d3 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.60 2000/04/04 15:30:51 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.61 2000/04/04 21:37:27 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -1728,7 +1728,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) RSA_free(host_key); if (options.cipher == SSH_CIPHER_NOT_SET) { - if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) + if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default)) options.cipher = ssh_cipher_default; else { debug("Cipher %s not supported, using %.100s instead.", diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index a5dc749885c..e6a7327cfaf 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.96 2000/03/28 21:15:45 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.97 2000/04/04 21:37:27 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -892,7 +892,7 @@ do_ssh1_kex() packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN); /* Declare which ciphers we support. */ - packet_put_int(cipher_mask()); + packet_put_int(cipher_mask1()); /* Declare supported authentication types. */ auth_mask = 0; |