From 874d77bb134a21a5cf625956b60173376a993ba8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 14 Oct 2000 16:23:11 +1100
Subject:  - (djm) Big OpenBSD sync:    - markus@cvs.openbsd.org  2000/09/30
 10:27:44      [log.c]      allow loglevel debug    - markus@cvs.openbsd.org 
 2000/10/03 11:59:57      [packet.c]      hmac->mac    -
 markus@cvs.openbsd.org  2000/10/03 12:03:03      [auth-krb4.c auth-passwd.c
 auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]      move fake-auth from
 auth1.c to individual auth methods, disables s/key in      debug-msg    -
 markus@cvs.openbsd.org  2000/10/03 12:16:48      ssh.c      do not resolve
 canonname, i have no idea why this was added oin ossh    -
 markus@cvs.openbsd.org  2000/10/09 15:30:44      ssh-keygen.1 ssh-keygen.c   
   -X now reads private ssh.com DSA keys, too.    - markus@cvs.openbsd.org 
 2000/10/09 15:32:34      auth-options.c      clear options on every call.   
 - markus@cvs.openbsd.org  2000/10/09 15:51:00      authfd.c authfd.h     
 interop with ssh-agent2, from <res@shore.net>    - markus@cvs.openbsd.org 
 2000/10/10 14:20:45      compat.c      use rexexp for version string matching
    - provos@cvs.openbsd.org  2000/10/10 22:02:18      [kex.c kex.h
 myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]      First rough
 implementation of the diffie-hellman group exchange.  The      client can ask
 the server for bigger groups to perform the diffie-hellman      in, thus
 increasing the attack complexity when using ciphers with longer      keys. 
 University of Windsor provided network, T the company.    -
 markus@cvs.openbsd.org  2000/10/11 13:59:52      [auth-rsa.c auth2.c]     
 clear auth options unless auth sucessfull    - markus@cvs.openbsd.org 
 2000/10/11 14:00:27      [auth-options.h]      clear auth options unless auth
 sucessfull    - markus@cvs.openbsd.org  2000/10/11 14:03:27      [scp.1
 scp.c]      support 'scp -o' with help from mouring@pconline.com    -
 markus@cvs.openbsd.org  2000/10/11 14:11:35      [dh.c]      Wall    -
 markus@cvs.openbsd.org  2000/10/11 14:14:40      [auth.h auth2.c readconf.c
 readconf.h readpass.c servconf.c servconf.h]      [ssh.h sshconnect2.c
 sshd_config auth2-skey.c cli.c cli.h]      add support for s/key
 (kbd-interactive) to ssh2, based on work by      mkiernan@avantgo.com and me 
   - markus@cvs.openbsd.org  2000/10/11 14:27:24      [auth.c auth1.c auth2.c
 authfile.c cipher.c cipher.h kex.c kex.h]      [myproposal.h packet.c
 readconf.c session.c ssh.c ssh.h sshconnect1.c]      [sshconnect2.c sshd.c]  
    new cipher framework    - markus@cvs.openbsd.org  2000/10/11 14:45:21     
 [cipher.c]      remove DES    - markus@cvs.openbsd.org  2000/10/12 03:59:20  
    [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]      enable DES in
 SSH-1 clients only    - markus@cvs.openbsd.org  2000/10/12 08:21:13     
 [kex.h packet.c]      remove unused    - markus@cvs.openbsd.org  2000/10/13
 12:34:46      [sshd.c]      Kludge for F-Secure Macintosh < 1.0.2;
 appro@fy.chalmers.se    - markus@cvs.openbsd.org  2000/10/13 12:59:15     
 [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]      rijndael/aes
 support    - markus@cvs.openbsd.org  2000/10/13 13:10:54      [sshd.8]     
 more info about -V    - markus@cvs.openbsd.org  2000/10/13 13:12:02     
 [myproposal.h]      prefer no compression

---
 authfile.c | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

(limited to 'authfile.c')

diff --git a/authfile.c b/authfile.c
index afedd7bb..d1a97d77 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.20 2000/10/11 20:27:23 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: authfile.c,v 1.19 2000/09/07 20:27:49 deraadt Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
-#include "cipher.h"
 #include "ssh.h"
 #include "key.h"
 
@@ -68,8 +67,8 @@ save_private_key_rsa(const char *filename, const char *passphrase,
 	Buffer buffer, encrypted;
 	char buf[100], *cp;
 	int fd, i;
-	CipherContext cipher;
-	int cipher_type;
+	CipherContext ciphercontext;
+	Cipher *cipher;
 	u_int32_t rand;
 
 	/*
@@ -77,9 +76,11 @@ save_private_key_rsa(const char *filename, const char *passphrase,
 	 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
 	 */
 	if (strcmp(passphrase, "") == 0)
-		cipher_type = SSH_CIPHER_NONE;
+		cipher = cipher_by_number(SSH_CIPHER_NONE);
 	else
-		cipher_type = SSH_AUTHFILE_CIPHER;
+		cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
+	if (cipher == NULL)
+		fatal("save_private_key_rsa: bad cipher");
 
 	/* This buffer is used to built the secret part of the private key. */
 	buffer_init(&buffer);
@@ -116,7 +117,7 @@ save_private_key_rsa(const char *filename, const char *passphrase,
 	buffer_put_char(&encrypted, 0);
 
 	/* Store cipher type. */
-	buffer_put_char(&encrypted, cipher_type);
+	buffer_put_char(&encrypted, cipher->number);
 	buffer_put_int(&encrypted, 0);	/* For future extension */
 
 	/* Store public key.  This will be in plain text. */
@@ -128,11 +129,10 @@ save_private_key_rsa(const char *filename, const char *passphrase,
 	/* Allocate space for the private part of the key in the buffer. */
 	buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
 
-	cipher_set_key_string(&cipher, cipher_type, passphrase);
-	cipher_encrypt(&cipher, (unsigned char *) cp,
-		       (unsigned char *) buffer_ptr(&buffer),
-		       buffer_len(&buffer));
-	memset(&cipher, 0, sizeof(cipher));
+	cipher_set_key_string(&ciphercontext, cipher, passphrase);
+	cipher_encrypt(&ciphercontext, (unsigned char *) cp,
+	    (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer));
+	memset(&ciphercontext, 0, sizeof(ciphercontext));
 
 	/* Destroy temporary data. */
 	memset(buf, 0, sizeof(buf));
@@ -313,7 +313,8 @@ load_private_key_rsa(int fd, const char *filename,
 	off_t len;
 	Buffer buffer, decrypted;
 	char *cp;
-	CipherContext cipher;
+	CipherContext ciphercontext;
+	Cipher *cipher;
 	BN_CTX *ctx;
 	BIGNUM *aux;
 
@@ -364,10 +365,10 @@ load_private_key_rsa(int fd, const char *filename,
 		xfree(buffer_get_string(&buffer, NULL));
 
 	/* Check that it is a supported cipher. */
-	if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) &
-	     (1 << cipher_type)) == 0) {
-		debug("Unsupported cipher %.100s used in key file %.200s.",
-		      cipher_name(cipher_type), filename);
+	cipher = cipher_by_number(cipher_type);
+	if (cipher == NULL) {
+		debug("Unsupported cipher %d used in key file %.200s.",
+		    cipher_type, filename);
 		buffer_free(&buffer);
 		goto fail;
 	}
@@ -376,11 +377,10 @@ load_private_key_rsa(int fd, const char *filename,
 	buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
 
 	/* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */
-	cipher_set_key_string(&cipher, cipher_type, passphrase);
-	cipher_decrypt(&cipher, (unsigned char *) cp,
-		       (unsigned char *) buffer_ptr(&buffer),
-		       buffer_len(&buffer));
-
+	cipher_set_key_string(&ciphercontext, cipher, passphrase);
+	cipher_decrypt(&ciphercontext, (unsigned char *) cp,
+	    (unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer));
+	memset(&ciphercontext, 0, sizeof(ciphercontext));
 	buffer_free(&buffer);
 
 	check1 = buffer_get_char(&decrypted);
-- 
cgit v1.2.3