diff options
author | Damien Miller <djm@mindrot.org> | 2000-04-12 20:17:38 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-04-12 20:17:38 +1000 |
commit | 78928793fb23a3a4c80ae62eca6a7826b2987690 (patch) | |
tree | add8a953ac4cf06877b91624fe7f647b17e6cf6f /cipher.c | |
parent | efb4afe0265333ce554f699c2a19ae249dd8d1b5 (diff) | |
download | openssh-git-78928793fb23a3a4c80ae62eca6a7826b2987690.tar.gz |
- OpenBSD CVS updates:
- [channels.c]
repair x11-fwd
- [sshconnect.c]
fix passwd prompt for ssh2, less debugging output.
- [clientloop.c compat.c dsa.c kex.c sshd.c]
less debugging output
- [kex.c kex.h sshconnect.c sshd.c]
check for reasonable public DH values
- [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
[readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
add Cipher and Protocol options to ssh/sshd, e.g.:
ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
arcfour,3des-cbc'
- [sshd.c]
print 1.99 only if server supports both
Diffstat (limited to 'cipher.c')
-rw-r--r-- | cipher.c | 37 |
1 files changed, 31 insertions, 6 deletions
@@ -12,11 +12,11 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.16 2000/04/06 02:32:39 damien Exp $"); +RCSID("$Id: cipher.c,v 1.17 2000/04/12 10:17:39 damien Exp $"); #include "ssh.h" #include "cipher.h" -#include "config.h" +#include "xmalloc.h" #ifdef HAVE_OPENSSL #include <openssl/md5.h> @@ -26,7 +26,9 @@ RCSID("$Id: cipher.c,v 1.16 2000/04/06 02:32:39 damien Exp $"); #endif /* - * What kind of tripple DES are these 2 routines? + * This is used by SSH1: + * + * What kind of triple DES are these 2 routines? * * Why is there a redundant initialization vector? * @@ -81,7 +83,7 @@ SSH_3CBC_DECRYPT(des_key_schedule ks1, } /* - * SSH uses a variation on Blowfish, all bytes must be swapped before + * SSH1 uses a variation on Blowfish, all bytes must be swapped before * and after encryption/decryption. Thus the swap_bytes stuff (yuk). */ static void @@ -167,10 +169,34 @@ cipher_name(int cipher) { if (cipher < 0 || cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) || cipher_names[cipher] == NULL) - fatal("cipher_name: bad cipher number: %d", cipher); + fatal("cipher_name: bad cipher name: %d", cipher); return cipher_names[cipher]; } +/* Returns 1 if the name of the ciphers are valid. */ + +#define CIPHER_SEP "," +int +ciphers_valid(const char *names) +{ + char *ciphers; + char *p; + int i; + + if (strcmp(names, "") == 0) + return 0; + ciphers = xstrdup(names); + for ((p = strtok(ciphers, CIPHER_SEP)); p; (p = strtok(NULL, CIPHER_SEP))) { + i = cipher_number(p); + if (i == -1 || !(cipher_mask2() & (1 << i))) { + xfree(ciphers); + return 0; + } + } + xfree(ciphers); + return 1; +} + /* * Parses the name of the cipher. Returns the number of the corresponding * cipher, or -1 on error. @@ -271,7 +297,6 @@ cipher_set_key(CipherContext *context, int cipher, const unsigned char *key, memset(padded, 0, sizeof(padded)); } - void cipher_set_key_iv(CipherContext * context, int cipher, const unsigned char *key, int keylen, |