nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-16 12:03:03 -05:00
Code Issues Projects Releases Wiki Activity

Make the nonstandard "des-cbc" cipher disabled by default

Browse Source 
[originally from svn r1429]
This commit is contained in:
Simon Tatham 2001-11-29 22:26:52 +00:00
parent 3270c74f9e
commit 994bb17c57
1 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ssh.c
View File

@ -235,16 +235,6 @@ extern void pfd_override_throttle(Socket s, int enable);
#define SSH_MAX_BACKLOG 32768 #define SSH_MAX_BACKLOG 32768
#define OUR_V2_WINSIZE 16384 #define OUR_V2_WINSIZE 16384
/*
* Ciphers for SSH2.
*/
const static struct ssh2_ciphers *ciphers[] = {
&ssh2_aes,
&ssh2_blowfish,
&ssh2_3des,
&ssh2_des,
};
const static struct ssh_kex *kex_algs[] = { const static struct ssh_kex *kex_algs[] = {
&ssh_diffiehellman_gex, &ssh_diffiehellman_gex,
&ssh_diffiehellman &ssh_diffiehellman
@ -3153,6 +3143,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
static int n_preferred_ciphers; static int n_preferred_ciphers;
static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX]; static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
static const struct ssh_compress *preferred_comp; static const struct ssh_compress *preferred_comp;
static int cipherstr_started;
static int first_kex; static int first_kex;
crBegin; crBegin;
@ -3170,8 +3161,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
n_preferred_ciphers++; n_preferred_ciphers++;
break; break;
case CIPHER_DES: case CIPHER_DES:
if (cfg.ssh2_des_cbc) {
preferred_ciphers[n_preferred_ciphers] = &ssh2_des; preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
n_preferred_ciphers++; n_preferred_ciphers++;
}
break; break;
case CIPHER_3DES: case CIPHER_3DES:
preferred_ciphers[n_preferred_ciphers] = &ssh2_3des; preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;
@ -3231,24 +3224,28 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
} }
/* List client->server encryption algorithms. */ /* List client->server encryption algorithms. */
ssh2_pkt_addstring_start(); ssh2_pkt_addstring_start();
cipherstr_started = 0;
for (i = 0; i < n_preferred_ciphers; i++) { for (i = 0; i < n_preferred_ciphers; i++) {
const struct ssh2_ciphers *c = preferred_ciphers[i]; const struct ssh2_ciphers *c = preferred_ciphers[i];
if (!c) continue; /* warning flag */ if (!c) continue; /* warning flag */
for (j = 0; j < c->nciphers; j++) { for (j = 0; j < c->nciphers; j++) {
ssh2_pkt_addstring_str(c->list[j]->name); if (cipherstr_started)
if (i < n_preferred_ciphers || j < c->nciphers - 1)
ssh2_pkt_addstring_str(","); ssh2_pkt_addstring_str(",");
ssh2_pkt_addstring_str(c->list[j]->name);
cipherstr_started = 1;
} }
} }
/* List server->client encryption algorithms. */ /* List server->client encryption algorithms. */
ssh2_pkt_addstring_start(); ssh2_pkt_addstring_start();
cipherstr_started = 0;
for (i = 0; i < n_preferred_ciphers; i++) { for (i = 0; i < n_preferred_ciphers; i++) {
const struct ssh2_ciphers *c = preferred_ciphers[i]; const struct ssh2_ciphers *c = preferred_ciphers[i];
if (!c) continue; /* warning flag */ if (!c) continue; /* warning flag */
for (j = 0; j < c->nciphers; j++) { for (j = 0; j < c->nciphers; j++) {
ssh2_pkt_addstring_str(c->list[j]->name); if (cipherstr_started)
if (i < n_preferred_ciphers || j < c->nciphers - 1)
ssh2_pkt_addstring_str(","); ssh2_pkt_addstring_str(",");
ssh2_pkt_addstring_str(c->list[j]->name);
cipherstr_started = 1;
} }
} }
/* List client->server MAC algorithms. */ /* List client->server MAC algorithms. */