- (djm) Big OpenBSD sync:

   - markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression

1 files changed, 22 insertions, 22 deletions

diff --git a/authfile.c b/authfile.c
index afedd7bbb..d1a97d773 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.20 2000/10/11 20:27:23 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
-#include "cipher.h"
 #include "ssh.h"
 #include "key.h"
 
@@ -68,8 +67,8 @@ save_private_key_rsa(const char *filename, const char *passphrase,
         Buffer buffer, encrypted;
         char buf[100], *cp;
         int fd, i;
-        CipherContext cipher;
-        int cipher_type;
+        CipherContext ciphercontext;
+        Cipher *cipher;
         u_int32_t rand;
 
         /*
@@ -77,9 +76,11 @@ save_private_key_rsa(const char *filename, const char *passphrase,
          * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
          */
         if (strcmp(passphrase, "") == 0)
-                cipher_type = SSH_CIPHER_NONE;
+                cipher = cipher_by_number(SSH_CIPHER_NONE);
         else
-                cipher_type = SSH_AUTHFILE_CIPHER;
+                cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
+        if (cipher == NULL)
+                fatal("save_private_key_rsa: bad cipher");
 
         /* This buffer is used to built the secret part of the private key. */
         buffer_init(&buffer);
@@ -116,7 +117,7 @@ save_private_key_rsa(const char *filename, const char *passphrase,
         buffer_put_char(&encrypted, 0);
 
         /* Store cipher type. */
-        buffer_put_char(&encrypted, cipher_type);
+        buffer_put_char(&encrypted, cipher->number);
         buffer_put_int(&encrypted, 0);  /* For future extension */
 
         /* Store public key.  This will be in plain text. */
@@ -128,11 +129,10 @@ save_private_key_rsa(const char *filename, const char *passphrase,
         /* Allocate space for the private part of the key in the buffer. */
         buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
 
-        cipher_set_key_string(&cipher, cipher_type, passphrase);
-        cipher_encrypt(&cipher, (unsigned char *) cp,
-                       (unsigned char *) buffer_ptr(&buffer),
-                       buffer_len(&buffer));
-        memset(&cipher, 0, sizeof(cipher));
+        cipher_set_key_string(&ciphercontext, cipher, passphrase);
+        cipher_encrypt(&ciphercontext, (unsigned char *) cp,
+            (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer));
+        memset(&ciphercontext, 0, sizeof(ciphercontext));
 
         /* Destroy temporary data. */
         memset(buf, 0, sizeof(buf));
@@ -313,7 +313,8 @@ load_private_key_rsa(int fd, const char *filename,
         off_t len;
         Buffer buffer, decrypted;
         char *cp;
-        CipherContext cipher;
+        CipherContext ciphercontext;
+        Cipher *cipher;
         BN_CTX *ctx;
         BIGNUM *aux;
 
@@ -364,10 +365,10 @@ load_private_key_rsa(int fd, const char *filename,
                 xfree(buffer_get_string(&buffer, NULL));
 
         /* Check that it is a supported cipher. */
-        if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) &
-             (1 << cipher_type)) == 0) {
-                debug("Unsupported cipher %.100s used in key file %.200s.",
-                      cipher_name(cipher_type), filename);
+        cipher = cipher_by_number(cipher_type);
+        if (cipher == NULL) {
+                debug("Unsupported cipher %d used in key file %.200s.",
+                    cipher_type, filename);
                 buffer_free(&buffer);
                 goto fail;
         }
@@ -376,11 +377,10 @@ load_private_key_rsa(int fd, const char *filename,
         buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
 
         /* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */
-        cipher_set_key_string(&cipher, cipher_type, passphrase);
-        cipher_decrypt(&cipher, (unsigned char *) cp,
-                       (unsigned char *) buffer_ptr(&buffer),
-                       buffer_len(&buffer));
-
+        cipher_set_key_string(&ciphercontext, cipher, passphrase);
+        cipher_decrypt(&ciphercontext, (unsigned char *) cp,
+            (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer));
+        memset(&ciphercontext, 0, sizeof(ciphercontext));
         buffer_free(&buffer);
 
         check1 = buffer_get_char(&decrypted);