diff options
author | Alex Wilson <[email protected]> | 2014-08-28 11:13:57 +1000 |
---|---|---|
committer | Alex Wilson <[email protected]> | 2014-08-28 11:13:57 +1000 |
commit | cf53a360685b1a01a5c7fc0e06660ce8d76d96b0 (patch) | |
tree | 82f187ca8b58b21ff3ca72ace1dc51a2d7bbe75b /lib/ssh/src/ssh_transport.erl | |
parent | ccf1e0385fe0877279141acdcb0ac4f43e5596e4 (diff) | |
download | otp-cf53a360685b1a01a5c7fc0e06660ce8d76d96b0.tar.gz otp-cf53a360685b1a01a5c7fc0e06660ce8d76d96b0.tar.bz2 otp-cf53a360685b1a01a5c7fc0e06660ce8d76d96b0.zip |
SSH: only enable ciphers/MACs when they are available in crypto
Also adjusts tests to only expect a positive outcome when
crypto supports the relevant base ciphers/MACs.
Diffstat (limited to 'lib/ssh/src/ssh_transport.erl')
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 805114f792..ea05c849b7 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -113,15 +113,28 @@ key_init(client, Ssh, Value) -> key_init(server, Ssh, Value) -> Ssh#ssh{s_keyinit = Value}. +available_ssh_algos() -> + Supports = crypto:supports(), + CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}], + Ciphers = [SshAlgo || + {CryptoAlgo, SshAlgo} <- CipherAlgos, + lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))], + HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}], + Hashs = [SshAlgo || + {CryptoAlgo, SshAlgo} <- HashAlgos, + lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))], + {Ciphers, Hashs}. + kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> + {CipherAlgs, HashAlgs} = available_ssh_algos(), #ssh_msg_kexinit{ cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], + encryption_algorithms_client_to_server = CipherAlgs, + encryption_algorithms_server_to_client = CipherAlgs, + mac_algorithms_client_to_server = HashAlgs, + mac_algorithms_server_to_client = HashAlgs, compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], @@ -129,14 +142,15 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> }; kexinit_messsage(server, Random, Compression, HostKeyAlgs) -> + {CipherAlgs, HashAlgs} = available_ssh_algos(), #ssh_msg_kexinit{ cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], + encryption_algorithms_client_to_server = CipherAlgs, + encryption_algorithms_server_to_client = CipherAlgs, + mac_algorithms_client_to_server = HashAlgs, + mac_algorithms_server_to_client = HashAlgs, compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], |