X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/2f92b7170f74a58d1e33d7913e154f9f47852683..71ed591e9e049cf1c64ec9ddc10e2158c2f76c89:/sshdes.c

diff --git a/sshdes.c b/sshdes.c
index ce4bdfe3..fa5d91cd 100644
--- a/sshdes.c
+++ b/sshdes.c
@@ -746,24 +746,24 @@ static void des_cbc3_decrypt(unsigned char *dest, const unsigned char *src,
 
 static void *des3_make_context(void)
 {
-    return smalloc(3*sizeof(DESContext));
+    return snewn(3, DESContext);
 }
 
 static void *des3_ssh1_make_context(void)
 {
     /* Need 3 keys for each direction, in SSH1 */
-    return smalloc(6*sizeof(DESContext));
+    return snewn(6, DESContext);
 }
 
 static void *des_make_context(void)
 {
-    return smalloc(sizeof(DESContext));
+    return snew(DESContext);
 }
 
 static void *des_ssh1_make_context(void)
 {
     /* Need one key for each direction, in SSH1 */
-    return smalloc(2*sizeof(DESContext));
+    return snewn(2, DESContext);
 }
 
 static void des3_free_context(void *handle)   /* used for both 3DES and DES */
@@ -897,10 +897,9 @@ void des3_encrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
     memset(ourkeys, 0, sizeof(ourkeys));
 }
 
-void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+static void des_keysetup_xdmauth(unsigned char *keydata, DESContext *dc)
 {
     unsigned char key[8];
-    DESContext dc;
     int i, nbits, j;
     unsigned int bits;
 
@@ -918,11 +917,23 @@ void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
 	nbits -= 7;
     }
 
-    des_key_setup(GET_32BIT_MSB_FIRST(key), GET_32BIT_MSB_FIRST(key + 4),
-		  &dc);
+    des_key_setup(GET_32BIT_MSB_FIRST(key), GET_32BIT_MSB_FIRST(key + 4), dc);
+}
+
+void des_encrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+{
+    DESContext dc;
+    des_keysetup_xdmauth(keydata, &dc);
     des_cbc_encrypt(blk, blk, 24, &dc);
 }
 
+void des_decrypt_xdmauth(unsigned char *keydata, unsigned char *blk, int len)
+{
+    DESContext dc;
+    des_keysetup_xdmauth(keydata, &dc);
+    des_cbc_decrypt(blk, blk, 24, &dc);
+}
+
 static const struct ssh2_cipher ssh_3des_ssh2 = {
     des3_make_context, des3_free_context, des3_iv, des3_key,
     des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk,
@@ -931,9 +942,12 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
 };
 
 /*
- * Single DES in ssh2. It isn't clear that "des-cbc" is an official
- * cipher name, but ssh.com support it and apparently aren't the
- * only people to do so, so we sigh and implement it anyway.
+ * Single DES in ssh2. "des-cbc" is marked as HISTORIC in
+ * draft-ietf-secsh-assignednumbers-04.txt, referring to
+ * FIPS-46-3.  ("Single DES (i.e., DES) will be permitted 
+ * for legacy systems only.") , but ssh.com support it and 
+ * apparently aren't the only people to do so, so we sigh 
+ * and implement it anyway.
  */
 static const struct ssh2_cipher ssh_des_ssh2 = {
     des_make_context, des3_free_context, des3_iv, des_key,
@@ -942,6 +956,13 @@ static const struct ssh2_cipher ssh_des_ssh2 = {
     8, 56, "single-DES"
 };
 
+static const struct ssh2_cipher ssh_des_sshcom_ssh2 = {
+    des_make_context, des3_free_context, des3_iv, des_key,
+    des_ssh2_encrypt_blk, des_ssh2_decrypt_blk,
+    "des-cbc@ssh.com",
+    8, 56, "single-DES"
+};
+
 static const struct ssh2_cipher *const des3_list[] = {
     &ssh_3des_ssh2
 };
@@ -952,11 +973,12 @@ const struct ssh2_ciphers ssh2_3des = {
 };
 
 static const struct ssh2_cipher *const des_list[] = {
-    &ssh_des_ssh2
+    &ssh_des_ssh2,
+    &ssh_des_sshcom_ssh2
 };
 
 const struct ssh2_ciphers ssh2_des = {
-    sizeof(des3_list) / sizeof(*des_list),
+    sizeof(des_list) / sizeof(*des_list),
     des_list
 };