mirror of
https://github.com/clearml/dropbear
synced 2025-04-05 13:15:06 +00:00
ENABLE_USER_ALGO_LIST should work for the client
This commit is contained in:
Matt Johnston
parent
036edd6206
commit
db34044c7f
2
algo.h
2
algo.h
@ -89,7 +89,7 @@ algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
|
||||
int *goodguess);
|
||||
|
||||
#ifdef ENABLE_USER_ALGO_LIST
|
||||
int check_user_algos(char* user_algo_list, algo_type * algos,
|
||||
int check_user_algos(const char* user_algo_list, algo_type * algos,
|
||||
const char *algo_desc);
|
||||
char * algolist_string(algo_type algos[]);
|
||||
#endif
|
||||
|
||||
@ -297,7 +297,7 @@ algolist_string(algo_type algos[])
|
||||
return ret_list;
|
||||
}
|
||||
|
||||
static int
|
||||
static algo_type*
|
||||
check_algo(const char* algo_name, algo_type *algos)
|
||||
{
|
||||
algo_type *a;
|
||||
@ -305,32 +305,25 @@ check_algo(const char* algo_name, algo_type *algos)
|
||||
{
|
||||
if (strcmp(a->name, algo_name) == 0)
|
||||
{
|
||||
a->usable = 2;
|
||||
return DROPBEAR_SUCCESS;
|
||||
return a;
|
||||
}
|
||||
}
|
||||
|
||||
return DROPBEAR_FAILURE;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* helper for check_user_algos */
|
||||
static void
|
||||
try_add_algo(const char *algo_name, algo_type *algos,
|
||||
const char *algo_desc, char ** out_list, int *num_ret)
|
||||
const char *algo_desc, algo_type * new_algos, int *num_ret)
|
||||
{
|
||||
if (check_algo(algo_name, algos) == DROPBEAR_FAILURE)
|
||||
algo_type *match_algo = check_algo(algo_name, algos);
|
||||
if (!match_algo)
|
||||
{
|
||||
dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc);
|
||||
return;
|
||||
}
|
||||
|
||||
if (*num_ret != 0)
|
||||
{
|
||||
**out_list = ',';
|
||||
(*out_list)++;
|
||||
}
|
||||
|
||||
*out_list += sprintf(*out_list, "%s", algo_name);
|
||||
new_algos[*num_ret] = *match_algo;
|
||||
(*num_ret)++;
|
||||
}
|
||||
|
||||
@ -338,41 +331,32 @@ try_add_algo(const char *algo_name, algo_type *algos,
|
||||
* options. Any that are not acceptable are removed in-place. Returns the
|
||||
* number of valid algorithms. */
|
||||
int
|
||||
check_user_algos(char* user_algo_list, algo_type * algos,
|
||||
check_user_algos(const char* user_algo_list, algo_type * algos,
|
||||
const char *algo_desc)
|
||||
{
|
||||
algo_type new_algos[MAX_PROPOSED_ALGO];
|
||||
/* this has two passes. first we sweep through the given list of
|
||||
* algorithms and mark them as usable=2 in the algo_type[] array... */
|
||||
int num_ret = 0;
|
||||
char *work_list = m_strdup(user_algo_list);
|
||||
char *last_name = work_list;
|
||||
char *out_list = user_algo_list;
|
||||
char *c;
|
||||
for (c = work_list; *c; c++)
|
||||
{
|
||||
if (*c == ',')
|
||||
{
|
||||
*c = '\0';
|
||||
try_add_algo(last_name, algos, algo_desc, &out_list, &num_ret);
|
||||
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
|
||||
last_name = c++;
|
||||
}
|
||||
}
|
||||
try_add_algo(last_name, algos, algo_desc, &out_list, &num_ret);
|
||||
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
|
||||
m_free(work_list);
|
||||
|
||||
/* ...then we mark anything with usable==1 as usable=0, and
|
||||
* usable==2 as usable=1. */
|
||||
algo_type *a;
|
||||
for (a = algos; a->name != NULL; a++)
|
||||
{
|
||||
if (a->usable == 1)
|
||||
{
|
||||
a->usable = 0;
|
||||
} else if (a->usable == 2)
|
||||
{
|
||||
a->usable = 1;
|
||||
}
|
||||
}
|
||||
new_algos[num_ret].name = NULL;
|
||||
|
||||
/* Copy one more as a blank delimiter */
|
||||
memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
|
||||
return num_ret;
|
||||
}
|
||||
#endif // ENABLE_USER_ALGO_LIST
|
||||
|
||||
42
common-kex.c
42
common-kex.c
@ -106,39 +106,17 @@ void send_msg_kexinit() {
|
||||
/* server_host_key_algorithms */
|
||||
buf_put_algolist(ses.writepayload, sshhostkey);
|
||||
|
||||
#ifdef ENABLE_USER_ALGO_LIST
|
||||
if (opts.cipher_list)
|
||||
{
|
||||
/* encryption_algorithms_client_to_server */
|
||||
buf_putbytes(ses.writepayload, opts.cipher_list, strlen(opts.cipher_list));
|
||||
/* encryption_algorithms_server_to_client */
|
||||
buf_putbytes(ses.writepayload, opts.cipher_list, strlen(opts.cipher_list));
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
/* encryption_algorithms_client_to_server */
|
||||
buf_put_algolist(ses.writepayload, sshciphers);
|
||||
/* encryption_algorithms_server_to_client */
|
||||
buf_put_algolist(ses.writepayload, sshciphers);
|
||||
}
|
||||
/* encryption_algorithms_client_to_server */
|
||||
buf_put_algolist(ses.writepayload, sshciphers);
|
||||
|
||||
#ifdef ENABLE_USER_ALGO_LIST
|
||||
if (opts.mac_list)
|
||||
{
|
||||
/* mac_algorithms_client_to_server */
|
||||
buf_putbytes(ses.writepayload, opts.mac_list, strlen(opts.mac_list));
|
||||
/* mac_algorithms_server_to_client */
|
||||
buf_putbytes(ses.writepayload, opts.mac_list, strlen(opts.mac_list));
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
/* mac_algorithms_client_to_server */
|
||||
buf_put_algolist(ses.writepayload, sshhashes);
|
||||
/* mac_algorithms_server_to_client */
|
||||
buf_put_algolist(ses.writepayload, sshhashes);
|
||||
}
|
||||
/* encryption_algorithms_server_to_client */
|
||||
buf_put_algolist(ses.writepayload, sshciphers);
|
||||
|
||||
/* mac_algorithms_client_to_server */
|
||||
buf_put_algolist(ses.writepayload, sshhashes);
|
||||
|
||||
/* mac_algorithms_server_to_client */
|
||||
buf_put_algolist(ses.writepayload, sshhashes);
|
||||
|
||||
|
||||
/* compression_algorithms_client_to_server */
|
||||
|
||||
@ -81,7 +81,7 @@ much traffic. */
|
||||
#define ENABLE_CLI_NETCAT
|
||||
|
||||
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
|
||||
/* #define ENABLE_USER_ALGO_LIST*/
|
||||
#define ENABLE_USER_ALGO_LIST
|
||||
|
||||
/* Encryption - at least one required.
|
||||
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user