summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-04-23 19:24:32 +1000
committerDamien Miller <djm@mindrot.org>2013-04-23 19:24:32 +1000
commitea11119eee3c5e2429b1f5f8688b25b028fa991a (patch)
tree5916295fcefb8665088f59a5431cb0c792fbf327 /cipher.c
parenta56086b9903b62c1c4fdedf01b68338fe4dc90e4 (diff)
downloadopenssh-git-ea11119eee3c5e2429b1f5f8688b25b028fa991a.tar.gz
- djm@cvs.openbsd.org 2013/04/19 01:06:50
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c55
1 files changed, 39 insertions, 16 deletions
diff --git a/cipher.c b/cipher.c
index 9ca1d006..5e365213 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.87 2013/01/26 06:11:05 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.88 2013/04/19 01:06:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -65,7 +65,9 @@ struct Cipher {
u_int discard_len;
u_int cbc_mode;
const EVP_CIPHER *(*evptype)(void);
-} ciphers[] = {
+};
+
+static const struct Cipher ciphers[] = {
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
@@ -98,6 +100,27 @@ struct Cipher {
/*--*/
+/* Returns a comma-separated list of supported ciphers. */
+char *
+cipher_alg_list(void)
+{
+ char *ret = NULL;
+ size_t nlen, rlen = 0;
+ const Cipher *c;
+
+ for (c = ciphers; c->name != NULL; c++) {
+ if (c->number != SSH_CIPHER_SSH2)
+ continue;
+ if (ret != NULL)
+ ret[rlen++] = '\n';
+ nlen = strlen(c->name);
+ ret = xrealloc(ret, 1, rlen + nlen + 2);
+ memcpy(ret + rlen, c->name, nlen + 1);
+ rlen += nlen;
+ }
+ return ret;
+}
+
u_int
cipher_blocksize(const Cipher *c)
{
@@ -146,20 +169,20 @@ cipher_mask_ssh1(int client)
return mask;
}
-Cipher *
+const Cipher *
cipher_by_name(const char *name)
{
- Cipher *c;
+ const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (strcmp(c->name, name) == 0)
return c;
return NULL;
}
-Cipher *
+const Cipher *
cipher_by_number(int id)
{
- Cipher *c;
+ const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (c->number == id)
return c;
@@ -170,7 +193,7 @@ cipher_by_number(int id)
int
ciphers_valid(const char *names)
{
- Cipher *c;
+ const Cipher *c;
char *cipher_list, *cp;
char *p;
@@ -201,7 +224,7 @@ ciphers_valid(const char *names)
int
cipher_number(const char *name)
{
- Cipher *c;
+ const Cipher *c;
if (name == NULL)
return -1;
for (c = ciphers; c->name != NULL; c++)
@@ -213,12 +236,12 @@ cipher_number(const char *name)
char *
cipher_name(int id)
{
- Cipher *c = cipher_by_number(id);
+ const Cipher *c = cipher_by_number(id);
return (c==NULL) ? "<unknown>" : c->name;
}
void
-cipher_init(CipherContext *cc, Cipher *cipher,
+cipher_init(CipherContext *cc, const Cipher *cipher,
const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
int do_encrypt)
{
@@ -364,7 +387,7 @@ cipher_cleanup(CipherContext *cc)
*/
void
-cipher_set_key_string(CipherContext *cc, Cipher *cipher,
+cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
const char *passphrase, int do_encrypt)
{
MD5_CTX md;
@@ -389,7 +412,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
int
cipher_get_keyiv_len(const CipherContext *cc)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int ivlen;
if (c->number == SSH_CIPHER_3DES)
@@ -402,7 +425,7 @@ cipher_get_keyiv_len(const CipherContext *cc)
void
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int evplen;
switch (c->number) {
@@ -438,7 +461,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
void
cipher_set_keyiv(CipherContext *cc, u_char *iv)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int evplen = 0;
switch (c->number) {
@@ -471,7 +494,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
int
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int plen = 0;
if (c->evptype == EVP_rc4) {
@@ -486,7 +509,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
void
cipher_set_keycontext(CipherContext *cc, u_char *dat)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int plen;
if (c->evptype == EVP_rc4) {