diff --git a/ChangeLog b/ChangeLog
index a6fc3d82634560ba901a6fc37bb467e80cf56d35..81f103778fa937c0b03b221a87993b8bcbd1155e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,27 @@
+2000-09-11 Niels M�ller <nisse@cuckoo.localdomain>
+
+ * src/symmetric/rijndael.c: Use static const for all lookup
+ tables.
+
+ * src/parse.c (parse_bignum): Fixed off-by-one error when sanity
+ checking string length.
+
+ * src/symmetric/serpent.c: Replaced the AES "All rights reserved"
+ copyright blurb with the vanilla GPL blurb, after confirming with
+ the authors that the code really is GPL:ed.
+ * src/symmetric/serpentsboxes.h: Likewise.
+
+ * src/symmetric/serpentsboxes.h: Replaced unsigned long with
+ UINT32.
+
+ * src/symmetric/serpent.c (serpent_setup): Don't use array syntax
+ for function argument types.
+
+2000-09-10 Niels M�ller <nisse@cuckoo.localdomain>
+
+ * doc/lsh.texinfo (Algorithm options): Updated the default
+ algorithm list.
+
2000-09-05 Rafael R. Sevilla <dido@pacific.net.ph>
* src/symmetric/rijndael.c, src/symmetric/include/rijndael.h: New.
diff --git a/doc/TODO b/doc/TODO
index ca2917f2fb8aeabd6e24ec54d59163db2236ba3d..f5d910361bb826a4168670dd28490bbaaa0709ae 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -234,3 +234,11 @@ and sexp_get_un().
There are dsa-specific details in many places, lsh.c
server_publickey.c, server_authorization.c, server_keyexchange.c. Try
to write more generic functions that can deal with both dsa and rsa.
+
+Review the default algorithm preference list in
+algorithms.c:default_crypto_algorithms(). Perhaps make the list more
+conservative, and add a "pseudo-algorithm" all to include all
+supported algorithms in the list?
+
+Use static objects for crypto algorithms with fixed key sizes and
+other parameters.
diff --git a/src/algorithms.c b/src/algorithms.c
index b73fec39d3a375e68093618186c6b70f475a117d..a1acecc43d01a3d048b08ed6cb68b25ad7898229 100644
--- a/src/algorithms.c
+++ b/src/algorithms.c
@@ -248,7 +248,9 @@ lookup_hash(struct alist *algorithms, const char *name,
}
}
-struct int_list *default_crypto_algorithms(void)
+/* FIXME: Review the default list. */
+struct int_list *
+default_crypto_algorithms(void)
{
return make_int_list(7
#if WITH_IDEA
@@ -265,12 +267,14 @@ struct int_list *default_crypto_algorithms(void)
ATOM_TWOFISH_CBC, ATOM_ARCFOUR, -1);
}
-struct int_list *default_mac_algorithms(void)
+struct int_list *
+default_mac_algorithms(void)
{
return make_int_list(2, ATOM_HMAC_SHA1, ATOM_HMAC_MD5, -1);
}
-struct int_list *default_compression_algorithms(void)
+struct int_list *
+default_compression_algorithms(void)
{
#if WITH_ZLIB
return make_int_list(2, ATOM_NONE, ATOM_ZLIB, -1);
diff --git a/src/atoms.in b/src/atoms.in
index fa4b9ebca2139381a538bd1958959d43d62665cf..35151f9b813e1c4cbba5d6c7604cc86bfd04d513 100644
--- a/src/atoms.in
+++ b/src/atoms.in
@@ -11,12 +11,12 @@ zlib
3des-cbc REQUIRED three-key 3DES in CBC mode
blowfish-cbc RECOMMENDED Blowfish in CBC mode
twofish-cbc RECOMMENDED TwoFish cipher in CBC mode
-rijndael-cbc RECOMMENDED Rijndael cipher in CBC mode
-serpent-cbc RECOMMENDED Serpent cipher in CBC mode
+rijndael-cbc EXPERIMENTAL Rijndael cipher in CBC mode
+serpent-cbc EXPERIMENTAL Serpent cipher in CBC mode
arcfour OPTIONAL the ARCFOUR stream cipher
idea-cbc OPTIONAL IDEA in CBC mode
cast128-cbc OPTIONAL CAST-128 in CBC mode
-# none OPTIONAL no encryption; NOT RECOMMENDED
+# none OPTIONAL no encryption; NOT RECOMMENDED
## The following are not in the current secsh draft, but are in SSH 2.0.11;
## some of them will probably be included in an updated secsh draft.
diff --git a/src/blowfish.c b/src/blowfish.c
index 0816b9351432229e01d385125d3d58eeecab18c7..c2c6db98e18cc5211a9e3522f1c6455de0eb76a6 100644
--- a/src/blowfish.c
+++ b/src/blowfish.c
@@ -41,8 +41,9 @@
(ctx . "BLOWFISH_context")))
*/
-static void do_blowfish_encrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_blowfish_encrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(blowfish_instance, self, s);
@@ -50,8 +51,9 @@ static void do_blowfish_encrypt(struct crypto_instance *s,
bf_encrypt_block(&self->ctx, dst, src);
}
-static void do_blowfish_decrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_blowfish_decrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(blowfish_instance, self, s);
@@ -81,7 +83,8 @@ make_blowfish_instance(struct crypto_algorithm *algorithm, int mode,
}
}
-struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size)
+struct crypto_algorithm *
+make_blowfish_algorithm(UINT32 key_size)
{
NEW(crypto_algorithm, algorithm);
@@ -96,7 +99,8 @@ struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size)
return algorithm;
}
-struct crypto_algorithm *make_blowfish(void)
+struct crypto_algorithm *
+make_blowfish(void)
{
return make_blowfish_algorithm(BLOWFISH_KEYSIZE);
}
diff --git a/src/crypto.h b/src/crypto.h
index 48eee5d7b74a5b17582fc13f2a10b48ed515b5db..1a49bf11ac54c86827a763a5d1f6dcaaad1b5c11 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -69,4 +69,4 @@ pkcs5_derive_key(struct mac_algorithm *prf,
UINT32 iterations,
UINT32 key_length, UINT8 *key);
-#endif
+#endif /* LSH_CRYPTO_H_INCLUDED */
diff --git a/src/rijndael.c b/src/rijndael.c
index c567d9ecdb82ffbf62dc00c3abc8c66e3e02b6d9..9848bd83e229b9f53450f813101733b9ef84dd50 100644
--- a/src/rijndael.c
+++ b/src/rijndael.c
@@ -22,10 +22,12 @@
*/
#include "crypto.h"
+#include "rijndael.h"
#include "werror.h"
#include "xalloc.h"
-#include "rijndael.h"
+
#include <assert.h>
+
#include "rijndael.c.x"
/* Rijndael */
@@ -38,8 +40,9 @@
(ctx . "RIJNDAEL_context")))
*/
-static void do_rijndael_encrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_rijndael_encrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(rijndael_instance, self, s);
@@ -47,8 +50,9 @@ static void do_rijndael_encrypt(struct crypto_instance *s,
rijndael_encrypt(&self->ctx, src, dst);
}
-static void do_rijndael_decrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_rijndael_decrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(rijndael_instance, self, s);
@@ -67,8 +71,8 @@ make_rijndael_instance(struct crypto_algorithm *algorithm, int mode,
? do_rijndael_encrypt
: do_rijndael_decrypt);
- /* We don't have to deal with weak keys - as a second round AES candidate,
- Rijndael doesn't have any. */
+ /* We don't have to deal with weak keys - as a second round AES
+ * candidate, Rijndael doesn't have any. */
rijndael_setup(&self->ctx, algorithm->key_size, key);
return(&self->super);
@@ -90,7 +94,8 @@ make_rijndael_algorithm(UINT32 key_size)
return algorithm;
}
-struct crypto_algorithm *make_rijndael(void)
+struct crypto_algorithm *
+make_rijndael(void)
{
return(make_rijndael_algorithm(RIJNDAEL_KEYSIZE));
}
diff --git a/src/serpent.c b/src/serpent.c
index 9000a1bca83deffa49737a7c6b50dcadc4d47ec3..96368f16db6e0b975a9eda2ee3f1ce8bab9b2eca 100644
--- a/src/serpent.c
+++ b/src/serpent.c
@@ -1,6 +1,7 @@
/* serpent.c
*
* $Id$ */
+
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 1999, 2000 Niels M�ller, Rafael R. Sevilla
@@ -19,12 +20,15 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+
#include "crypto.h"
+#include "serpent.h"
#include "werror.h"
#include "xalloc.h"
-#include "serpent.h"
+
#include <assert.h>
+
#include "serpent.c.x"
/* Serpent */
@@ -36,8 +40,9 @@
(ctx . "SERPENT_context")))
*/
-static void do_serpent_encrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_serpent_encrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(serpent_instance, self, s);
@@ -45,8 +50,9 @@ static void do_serpent_encrypt(struct crypto_instance *s,
serpent_encrypt(&self->ctx, src, dst);
}
-static void do_serpent_decrypt(struct crypto_instance *s,
- UINT32 length, const UINT8 *src, UINT8 *dst)
+static void
+do_serpent_decrypt(struct crypto_instance *s,
+ UINT32 length, const UINT8 *src, UINT8 *dst)
{
CAST(serpent_instance, self, s);
@@ -65,15 +71,17 @@ make_serpent_instance(struct crypto_algorithm *algorithm, int mode,
? do_serpent_encrypt
: do_serpent_decrypt);
- /* We don't have to deal with weak keys - as a second round AES candidate,
- Serpent doesn't have any, but it can only use 256 bit keys so we do
- an assertion check. */
+ /* We don't have to deal with weak keys - as a second round AES
+ * candidate, Serpent doesn't have any, but it can only use 256 bit
+ * keys so we do an assertion check. */
assert(algorithm->key_size == SERPENT_KEYSIZE);
serpent_setup(&self->ctx, key);
return(&self->super);
}
+/* FIXME: This function seems a little redundant, when we don't
+ * support variable key size for serpent. */
struct crypto_algorithm *
make_serpent_algorithm(UINT32 key_size)
{
@@ -89,7 +97,8 @@ make_serpent_algorithm(UINT32 key_size)
return algorithm;
}
-struct crypto_algorithm *make_serpent(void)
+struct crypto_algorithm *
+make_serpent(void)
{
return(make_serpent_algorithm(SERPENT_KEYSIZE));
}
diff --git a/src/symmetric/arcfour.c b/src/symmetric/arcfour.c
index f5d7054003113225ea2d6b14d9f7df222a8dbfa0..100f9cc01447f88638e91cd61d6adee172da8783 100644
--- a/src/symmetric/arcfour.c
+++ b/src/symmetric/arcfour.c
@@ -7,6 +7,25 @@
*
*/
+/* lsh, an implementation of the ssh protocol
+ *
+ * Copyright (C) 1998 Niels M�ller
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
#include "arcfour.h"
#ifdef RCSID