mirror of
https://github.com/clearml/dropbear
synced 2025-04-09 23:24:18 +00:00
ENABLE_USER_ALGO_LIST should work for the client
This commit is contained in:
Matt Johnston
parent
036edd6206
commit
db34044c7f
2
algo.h
2
algo.h
@ -89,7 +89,7 @@ algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
|
|||||||
int *goodguess);
|
int *goodguess);
|
||||||
|
|
||||||
#ifdef ENABLE_USER_ALGO_LIST
|
#ifdef ENABLE_USER_ALGO_LIST
|
||||||
int check_user_algos(char* user_algo_list, algo_type * algos,
|
int check_user_algos(const char* user_algo_list, algo_type * algos,
|
||||||
const char *algo_desc);
|
const char *algo_desc);
|
||||||
char * algolist_string(algo_type algos[]);
|
char * algolist_string(algo_type algos[]);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -297,7 +297,7 @@ algolist_string(algo_type algos[])
|
|||||||
return ret_list;
|
return ret_list;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static algo_type*
|
||||||
check_algo(const char* algo_name, algo_type *algos)
|
check_algo(const char* algo_name, algo_type *algos)
|
||||||
{
|
{
|
||||||
algo_type *a;
|
algo_type *a;
|
||||||
@ -305,32 +305,25 @@ check_algo(const char* algo_name, algo_type *algos)
|
|||||||
{
|
{
|
||||||
if (strcmp(a->name, algo_name) == 0)
|
if (strcmp(a->name, algo_name) == 0)
|
||||||
{
|
{
|
||||||
a->usable = 2;
|
return a;
|
||||||
return DROPBEAR_SUCCESS;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return DROPBEAR_FAILURE;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* helper for check_user_algos */
|
|
||||||
static void
|
static void
|
||||||
try_add_algo(const char *algo_name, algo_type *algos,
|
try_add_algo(const char *algo_name, algo_type *algos,
|
||||||
const char *algo_desc, char ** out_list, int *num_ret)
|
const char *algo_desc, algo_type * new_algos, int *num_ret)
|
||||||
{
|
{
|
||||||
if (check_algo(algo_name, algos) == DROPBEAR_FAILURE)
|
algo_type *match_algo = check_algo(algo_name, algos);
|
||||||
|
if (!match_algo)
|
||||||
{
|
{
|
||||||
dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc);
|
dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*num_ret != 0)
|
new_algos[*num_ret] = *match_algo;
|
||||||
{
|
|
||||||
**out_list = ',';
|
|
||||||
(*out_list)++;
|
|
||||||
}
|
|
||||||
|
|
||||||
*out_list += sprintf(*out_list, "%s", algo_name);
|
|
||||||
(*num_ret)++;
|
(*num_ret)++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -338,41 +331,32 @@ try_add_algo(const char *algo_name, algo_type *algos,
|
|||||||
* options. Any that are not acceptable are removed in-place. Returns the
|
* options. Any that are not acceptable are removed in-place. Returns the
|
||||||
* number of valid algorithms. */
|
* number of valid algorithms. */
|
||||||
int
|
int
|
||||||
check_user_algos(char* user_algo_list, algo_type * algos,
|
check_user_algos(const char* user_algo_list, algo_type * algos,
|
||||||
const char *algo_desc)
|
const char *algo_desc)
|
||||||
{
|
{
|
||||||
|
algo_type new_algos[MAX_PROPOSED_ALGO];
|
||||||
/* this has two passes. first we sweep through the given list of
|
/* this has two passes. first we sweep through the given list of
|
||||||
* algorithms and mark them as usable=2 in the algo_type[] array... */
|
* algorithms and mark them as usable=2 in the algo_type[] array... */
|
||||||
int num_ret = 0;
|
int num_ret = 0;
|
||||||
char *work_list = m_strdup(user_algo_list);
|
char *work_list = m_strdup(user_algo_list);
|
||||||
char *last_name = work_list;
|
char *last_name = work_list;
|
||||||
char *out_list = user_algo_list;
|
|
||||||
char *c;
|
char *c;
|
||||||
for (c = work_list; *c; c++)
|
for (c = work_list; *c; c++)
|
||||||
{
|
{
|
||||||
if (*c == ',')
|
if (*c == ',')
|
||||||
{
|
{
|
||||||
*c = '\0';
|
*c = '\0';
|
||||||
try_add_algo(last_name, algos, algo_desc, &out_list, &num_ret);
|
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
|
||||||
last_name = c++;
|
last_name = c++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
try_add_algo(last_name, algos, algo_desc, &out_list, &num_ret);
|
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
|
||||||
m_free(work_list);
|
m_free(work_list);
|
||||||
|
|
||||||
/* ...then we mark anything with usable==1 as usable=0, and
|
new_algos[num_ret].name = NULL;
|
||||||
* usable==2 as usable=1. */
|
|
||||||
algo_type *a;
|
/* Copy one more as a blank delimiter */
|
||||||
for (a = algos; a->name != NULL; a++)
|
memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
|
||||||
{
|
|
||||||
if (a->usable == 1)
|
|
||||||
{
|
|
||||||
a->usable = 0;
|
|
||||||
} else if (a->usable == 2)
|
|
||||||
{
|
|
||||||
a->usable = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return num_ret;
|
return num_ret;
|
||||||
}
|
}
|
||||||
#endif // ENABLE_USER_ALGO_LIST
|
#endif // ENABLE_USER_ALGO_LIST
|
||||||
|
|||||||
42
common-kex.c
42
common-kex.c
@ -106,39 +106,17 @@ void send_msg_kexinit() {
|
|||||||
/* server_host_key_algorithms */
|
/* server_host_key_algorithms */
|
||||||
buf_put_algolist(ses.writepayload, sshhostkey);
|
buf_put_algolist(ses.writepayload, sshhostkey);
|
||||||
|
|
||||||
#ifdef ENABLE_USER_ALGO_LIST
|
/* encryption_algorithms_client_to_server */
|
||||||
if (opts.cipher_list)
|
buf_put_algolist(ses.writepayload, sshciphers);
|
||||||
{
|
|
||||||
/* encryption_algorithms_client_to_server */
|
|
||||||
buf_putbytes(ses.writepayload, opts.cipher_list, strlen(opts.cipher_list));
|
|
||||||
/* encryption_algorithms_server_to_client */
|
|
||||||
buf_putbytes(ses.writepayload, opts.cipher_list, strlen(opts.cipher_list));
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
/* encryption_algorithms_client_to_server */
|
|
||||||
buf_put_algolist(ses.writepayload, sshciphers);
|
|
||||||
/* encryption_algorithms_server_to_client */
|
|
||||||
buf_put_algolist(ses.writepayload, sshciphers);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef ENABLE_USER_ALGO_LIST
|
/* encryption_algorithms_server_to_client */
|
||||||
if (opts.mac_list)
|
buf_put_algolist(ses.writepayload, sshciphers);
|
||||||
{
|
|
||||||
/* mac_algorithms_client_to_server */
|
/* mac_algorithms_client_to_server */
|
||||||
buf_putbytes(ses.writepayload, opts.mac_list, strlen(opts.mac_list));
|
buf_put_algolist(ses.writepayload, sshhashes);
|
||||||
/* mac_algorithms_server_to_client */
|
|
||||||
buf_putbytes(ses.writepayload, opts.mac_list, strlen(opts.mac_list));
|
/* mac_algorithms_server_to_client */
|
||||||
}
|
buf_put_algolist(ses.writepayload, sshhashes);
|
||||||
else
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
/* mac_algorithms_client_to_server */
|
|
||||||
buf_put_algolist(ses.writepayload, sshhashes);
|
|
||||||
/* mac_algorithms_server_to_client */
|
|
||||||
buf_put_algolist(ses.writepayload, sshhashes);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* compression_algorithms_client_to_server */
|
/* compression_algorithms_client_to_server */
|
||||||
|
|||||||
@ -81,7 +81,7 @@ much traffic. */
|
|||||||
#define ENABLE_CLI_NETCAT
|
#define ENABLE_CLI_NETCAT
|
||||||
|
|
||||||
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
|
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
|
||||||
/* #define ENABLE_USER_ALGO_LIST*/
|
#define ENABLE_USER_ALGO_LIST
|
||||||
|
|
||||||
/* Encryption - at least one required.
|
/* Encryption - at least one required.
|
||||||
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
|
* Protocol RFC requires 3DES and recommends AES128 for interoperability.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user