Bugzilla – Attachment 904 Details for
Bug 1022
arcfourfixes cipher support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Revised diff
arcfourfixes2.diff (text/plain), 6.37 KB, created by
Damien Miller
on 2005-05-10 18:39:45 AEST
(
hide
)
Description:
Revised diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-05-10 18:39:45 AEST
Size:
6.37 KB
patch
obsolete
>Index: cipher.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/cipher.c,v >retrieving revision 1.73 >diff -u -p -r1.73 cipher.c >--- cipher.c 23 Jan 2005 10:18:12 -0000 1.73 >+++ cipher.c 10 May 2005 07:57:03 -0000 >@@ -54,26 +54,29 @@ struct Cipher { > int number; /* for ssh1 only */ > u_int block_size; > u_int key_len; >+ u_int discard_len; > const EVP_CIPHER *(*evptype)(void); > } ciphers[] = { >- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, >- { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, >- { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, >- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, >- >- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, >- { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, >- { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, >- { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, >- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, >- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, >- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, >+ { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, >+ { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, >+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, >+ { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, >+ >+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, >+ { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, >+ { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, >+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, >+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, >+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, >+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, >+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, >+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, > { "rijndael-cbc@lysator.liu.se", >- SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, >- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, >- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, >- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, >- { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, >+ SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, >+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, >+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, >+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, >+ { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, > > { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } > }; >@@ -189,6 +192,7 @@ cipher_init(CipherContext *cc, Cipher *c > static int dowarn = 1; > const EVP_CIPHER *type; > int klen; >+ u_char *junk, *discard; > > if (cipher->number == SSH_CIPHER_DES) { > if (dowarn) { >@@ -226,6 +230,17 @@ cipher_init(CipherContext *cc, Cipher *c > if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) > fatal("cipher_init: EVP_CipherInit: set key failed for %s", > cipher->name); >+ >+ if (cipher->discard_len > 0) { >+ junk = xmalloc(cipher->discard_len); >+ discard = xmalloc(cipher->discard_len); >+ if (EVP_Cipher(&cc->evp, discard, junk, >+ cipher->discard_len) == 0) >+ fatal("evp_crypt: EVP_Cipher failed during discard"); >+ memset(discard, 0, cipher->discard_len); >+ xfree(junk); >+ xfree(discard); >+ } > } > > void >Index: myproposal.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v >retrieving revision 1.16 >diff -u -p -r1.16 myproposal.h >--- myproposal.h 13 Jun 2004 12:53:24 -0000 1.16 >+++ myproposal.h 10 May 2005 07:57:03 -0000 >@@ -28,7 +28,8 @@ > "diffie-hellman-group1-sha1" > #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" > #define KEX_DEFAULT_ENCRYPT \ >- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ >+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ >+ "arcfour128,arcfour256,arcfour," \ > "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ > "aes128-ctr,aes192-ctr,aes256-ctr" > #define KEX_DEFAULT_MAC \ >Index: ssh.1 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.1,v >retrieving revision 1.207 >diff -u -p -r1.207 ssh.1 >--- ssh.1 21 Apr 2005 06:17:50 -0000 1.207 >+++ ssh.1 10 May 2005 07:57:04 -0000 >@@ -479,14 +479,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Fl D Ar port > Specifies a local >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.51 >diff -u -p -r1.51 ssh_config.5 >--- ssh_config.5 26 Apr 2005 13:08:37 -0000 1.51 >+++ ssh_config.5 10 May 2005 07:57:04 -0000 >@@ -193,14 +193,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Cm ClearAllForwardings > Specifies that all local, remote and dynamic port forwardings >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.41 >diff -u -p -r1.41 sshd_config.5 >--- sshd_config.5 21 Apr 2005 06:17:50 -0000 1.41 >+++ sshd_config.5 10 May 2005 07:57:04 -0000 >@@ -168,14 +168,17 @@ The supported ciphers are > .Dq aes128-ctr , > .Dq aes192-ctr , > .Dq aes256-ctr , >+.Dq arcfour128 , >+.Dq arcfour256 , > .Dq arcfour , > .Dq blowfish-cbc , > and > .Dq cast128-cbc . > The default is > .Bd -literal >- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, >- aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' >+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, >+ arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, >+ aes192-ctr,aes256-ctr'' > .Ed > .It Cm ClientAliveInterval > Sets a timeout interval in seconds after which if no data has been received
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=904">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1022
:
885
| 904