summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/ssh/authfile.c8
-rw-r--r--usr.bin/ssh/cipher.c24
-rw-r--r--usr.bin/ssh/cipher.h8
-rw-r--r--usr.bin/ssh/packet.c10
-rw-r--r--usr.bin/ssh/sshconnect.c4
-rw-r--r--usr.bin/ssh/sshd.c4
6 files changed, 35 insertions, 23 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index f619a498408..6acc330c69a 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: authfile.c,v 1.11 1999/12/06 19:11:15 deraadt Exp $");
+RCSID("$Id: authfile.c,v 1.12 2000/04/04 21:37:27 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -101,7 +101,7 @@ save_private_key(const char *filename, const char *passphrase,
/* Allocate space for the private part of the key in the buffer. */
buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
- cipher_set_key_string(&cipher, cipher_type, passphrase, 1);
+ cipher_set_key_string(&cipher, cipher_type, passphrase);
cipher_encrypt(&cipher, (unsigned char *) cp,
(unsigned char *) buffer_ptr(&buffer),
buffer_len(&buffer));
@@ -280,7 +280,7 @@ load_private_key(const char *filename, const char *passphrase,
xfree(buffer_get_string(&buffer, NULL));
/* Check that it is a supported cipher. */
- if (((cipher_mask() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) &
+ if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) &
(1 << cipher_type)) == 0) {
debug("Unsupported cipher %.100s used in key file %.200s.",
cipher_name(cipher_type), filename);
@@ -292,7 +292,7 @@ load_private_key(const char *filename, const char *passphrase,
buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
- cipher_set_key_string(&cipher, cipher_type, passphrase, 0);
+ cipher_set_key_string(&cipher, cipher_type, passphrase);
cipher_decrypt(&cipher, (unsigned char *) cp,
(unsigned char *) buffer_ptr(&buffer),
buffer_len(&buffer));
diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c
index cbdec264375..37ea1d75744 100644
--- a/usr.bin/ssh/cipher.c
+++ b/usr.bin/ssh/cipher.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.21 2000/03/28 20:24:49 markus Exp $");
+RCSID("$Id: cipher.c,v 1.22 2000/04/04 21:37:27 markus Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -131,17 +131,28 @@ static char *cipher_names[] =
*/
unsigned int
-cipher_mask()
+cipher_mask1()
{
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
mask |= 1 << SSH_CIPHER_BLOWFISH;
+ return mask;
+}
+unsigned int
+cipher_mask2()
+{
+ unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_BLOWFISH_CBC;
mask |= 1 << SSH_CIPHER_3DES_CBC;
mask |= 1 << SSH_CIPHER_ARCFOUR;
mask |= 1 << SSH_CIPHER_CAST128_CBC;
return mask;
}
+unsigned int
+cipher_mask()
+{
+ return cipher_mask1() | cipher_mask2();
+}
/* Returns the name of the cipher. */
@@ -176,8 +187,7 @@ cipher_number(const char *name)
*/
void
-cipher_set_key_string(CipherContext *context, int cipher,
- const char *passphrase, int for_encryption)
+cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase)
{
MD5_CTX md;
unsigned char digest[16];
@@ -186,7 +196,7 @@ cipher_set_key_string(CipherContext *context, int cipher,
MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase));
MD5_Final(digest, &md);
- cipher_set_key(context, cipher, digest, 16, for_encryption);
+ cipher_set_key(context, cipher, digest, 16);
memset(digest, 0, sizeof(digest));
memset(&md, 0, sizeof(md));
@@ -195,8 +205,8 @@ cipher_set_key_string(CipherContext *context, int cipher,
/* Selects the cipher to use and sets the key. */
void
-cipher_set_key(CipherContext *context, int cipher,
- const unsigned char *key, int keylen, int for_encryption)
+cipher_set_key(CipherContext *context, int cipher, const unsigned char *key,
+ int keylen)
{
unsigned char padded[32];
diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h
index b8e647ca67e..7831963871a 100644
--- a/usr.bin/ssh/cipher.h
+++ b/usr.bin/ssh/cipher.h
@@ -11,7 +11,7 @@
*
*/
-/* RCSID("$Id: cipher.h,v 1.12 2000/03/28 20:24:50 markus Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.13 2000/04/04 21:37:27 markus Exp $"); */
#ifndef CIPHER_H
#define CIPHER_H
@@ -66,6 +66,8 @@ typedef struct {
* supported cipher.
*/
unsigned int cipher_mask();
+unsigned int cipher_mask1();
+unsigned int cipher_mask2();
/* Returns the name of the cipher. */
const char *cipher_name(int cipher);
@@ -82,7 +84,7 @@ int cipher_number(const char *name);
*/
void
cipher_set_key(CipherContext * context, int cipher,
- const unsigned char *key, int keylen, int for_encryption);
+ const unsigned char *key, int keylen);
void
cipher_set_key_iv(CipherContext * context, int cipher,
const unsigned char *key, int keylen,
@@ -94,7 +96,7 @@ cipher_set_key_iv(CipherContext * context, int cipher,
*/
void
cipher_set_key_string(CipherContext * context, int cipher,
- const char *passphrase, int for_encryption);
+ const char *passphrase);
/* Encrypts data using the cipher. */
void
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 9925f7595dd..0e01e6ebe0f 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.25 2000/04/03 20:12:55 markus Exp $");
+RCSID("$Id: packet.c,v 1.26 2000/04/04 21:37:27 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -144,8 +144,8 @@ packet_set_connection(int fd_in, int fd_out)
connection_in = fd_in;
connection_out = fd_out;
cipher_type = SSH_CIPHER_NONE;
- cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 1);
- cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 0);
+ cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);
+ cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);
if (!initialized) {
initialized = 1;
buffer_init(&input);
@@ -344,8 +344,8 @@ packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
fatal("keylen too small: %d", keylen);
/* All other ciphers use the same key in both directions for now. */
- cipher_set_key(&receive_context, cipher, key, keylen, 0);
- cipher_set_key(&send_context, cipher, key, keylen, 1);
+ cipher_set_key(&receive_context, cipher, key, keylen);
+ cipher_set_key(&send_context, cipher, key, keylen);
}
/* Starts constructing a packet to send. */
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 972ffeee652..307689948d3 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.60 2000/04/04 15:30:51 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.61 2000/04/04 21:37:27 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -1728,7 +1728,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
RSA_free(host_key);
if (options.cipher == SSH_CIPHER_NOT_SET) {
- if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
+ if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
options.cipher = ssh_cipher_default;
else {
debug("Cipher %s not supported, using %.100s instead.",
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index a5dc749885c..e6a7327cfaf 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.96 2000/03/28 21:15:45 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.97 2000/04/04 21:37:27 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -892,7 +892,7 @@ do_ssh1_kex()
packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
/* Declare which ciphers we support. */
- packet_put_int(cipher_mask());
+ packet_put_int(cipher_mask1());
/* Declare supported authentication types. */
auth_mask = 0;