Bugzilla – Attachment 904 Details for
Bug 1022
arcfourfixes cipher support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Revised diff
arcfourfixes2.diff (text/plain), 6.37 KB, created by
Damien Miller
on 2005-05-10 18:39:45 AEST
(
hide
)
Description:
Revised diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-05-10 18:39:45 AEST
Size:
6.37 KB
patch
obsolete
>Index: cipher.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/cipher.c,v >retrieving revision 1.73 >diff -u -p -r1.73 cipher.c >--- cipher.c 23 Jan 2005 10:18:12 -0000 1.73 >+++ cipher.c 10 May 2005 07:57:03 -0000 >@@ -54,26 +54,29 @@ struct Cipher { > int number; /* for ssh1 only */ > u_int block_size; > u_int key_len; >+ u_int discard_len; > const EVP_CIPHER *(*evptype)(void); > } ciphers[] = { >- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, >- { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, >- { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, >- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, >- >- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, >- { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, >- { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, >- { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, >- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, >- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, >- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, >+ { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, >+ { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, >+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, >+ { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, >+ >+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, >+ { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, >+ { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, >+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, >+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, >+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, >+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, >+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, >+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, > { "rijndael-cbc@lysator.liu.se", >- SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, >- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, >- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, >- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, >- { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, >+ SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, >+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, >+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, >+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, >+ { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, > > { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } > }; >@@ -189,6 +192,7 @@ cipher_init(CipherContext *cc, Cipher *c > static int dowarn = 1; > const EVP_CIPHER *type; > int klen; >+ u_char *junk, *discard; > > if (cipher->number == SSH_CIPHER_DES) { > if (dowarn) { >@@ -226,6 +230,17 @@ cipher_init(CipherContext *cc, Cipher *c > if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) > fatal("cipher_init: EVP_CipherInit: set key failed for %s", > cipher->name); >+ >+ if (cipher->discard_len > 0) { >+ junk = xmalloc(cipher->discard_len); >+ discard = xmalloc(cipher->discard_len); >+ if (EVP_Cipher(&cc->evp, discard, junk, >+ cipher->discard_len) == 0) >+ fatal("evp_crypt: EVP_Cipher failed during discard"); >+ memset(discard, 0, cipher->discard_len); >+ xfree(junk); >+ xfree(discard); >+ } > } > > void >Index: myproposal.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v >retrieving revision 1.16 >diff -u -p -r1.16 myproposal.h >--- myproposal.h 13 Jun 2004 12:53:24 -0000 1.16 >+++ myproposal.h 10 May 2005 07:57:03 -0000 >@@ -28,7 +28,8 @@ > "diffie-hellman-group1-sha1" > #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" > #define KEX_DEFAULT_ENCRYPT \ >- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ >+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ >+ "arcfour128,arcfour256,arcfour," \ > "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ > "aes128-ctr,aes192-ctr,aes256-ctr" > #define KEX_DEFAULT_MAC \ >Index: ssh.1 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.1,v >retrieving revision 1.207 >diff -u -p -r1.207 ssh.1 >--- ssh.1 21 Apr 2005 06:17:50 -0000 1.207 >+++ ssh.1 10 May 2005 07:57:04 -0000 >@@ -479,14 +479,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Fl D Ar port > Specifies a local >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.51 >diff -u -p -r1.51 ssh_config.5 >--- ssh_config.5 26 Apr 2005 13:08:37 -0000 1.51 >+++ ssh_config.5 10 May 2005 07:57:04 -0000 >@@ -193,14 +193,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Cm ClearAllForwardings > Specifies that all local, remote and dynamic port forwardings >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.41 >diff -u -p -r1.41 sshd_config.5 >--- sshd_config.5 21 Apr 2005 06:17:50 -0000 1.41 >+++ sshd_config.5 10 May 2005 07:57:04 -0000 >@@ -168,14 +168,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Cm ClientAliveInterval > Sets a timeout interval in seconds after which if no data has been received
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1022
:
885
| 904