aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libssh/kex.h5
-rw-r--r--src/kex.c24
-rw-r--r--src/options.c4
-rw-r--r--src/server.c2
4 files changed, 25 insertions, 10 deletions
diff --git a/include/libssh/kex.h b/include/libssh/kex.h
index 67a20061..2d8780ae 100644
--- a/include/libssh/kex.h
+++ b/include/libssh/kex.h
@@ -37,9 +37,6 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
SSH_PACKET_CALLBACK(ssh_packet_publickey1);
#endif
-extern const char *supported_methods[];
-extern const char *ssh_kex_nums[];
-
int ssh_send_kex(ssh_session session, int server_kex);
void ssh_list_kex(ssh_session session, struct ssh_kex_struct *kex);
int set_client_kex(ssh_session session);
@@ -48,5 +45,7 @@ int verify_existing_algo(int algo, const char *name);
char **space_tokenize(const char *chain);
int ssh_get_kex1(ssh_session session);
char *ssh_find_matching(const char *in_d, const char *what_d);
+const char *ssh_kex_get_supported_method(uint32_t algo);
+const char *ssh_kex_get_description(uint32_t algo);
#endif /* KEX_H_ */
diff --git a/src/kex.c b/src/kex.c
index 4da4958b..d26fd1f1 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -89,7 +89,7 @@ static const char *default_methods[] = {
};
/* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
-const char *supported_methods[] = {
+static const char *supported_methods[] = {
KEY_EXCHANGE,
HOSTKEYS,
AES BLOWFISH DES,
@@ -104,7 +104,7 @@ const char *supported_methods[] = {
};
/* descriptions of the key exchange packet */
-const char *ssh_kex_nums[] = {
+static const char *ssh_kex_descriptions[] = {
"kex algos",
"server host key algo",
"encryption client->server",
@@ -204,6 +204,22 @@ char **space_tokenize(const char *chain){
return tokens;
}
+const char *ssh_kex_get_supported_method(uint32_t algo) {
+ if (algo >= KEX_METHODS_SIZE) {
+ return NULL;
+ }
+
+ return supported_methods[algo];
+}
+
+const char *ssh_kex_get_description(uint32_t algo) {
+ if (algo >= KEX_METHODS_SIZE) {
+ return NULL;
+ }
+
+ return ssh_kex_descriptions[algo];
+}
+
/* find_matching gets 2 parameters : a list of available objects (available_d), separated by colons,*/
/* and a list of preferred objects (preferred_d) */
/* it will return a strduped pointer on the first preferred object found in the available objects list */
@@ -344,7 +360,7 @@ void ssh_list_kex(ssh_session session, struct ssh_kex_struct *kex) {
continue;
}
ssh_log(session, SSH_LOG_FUNCTIONS, "%s: %s",
- ssh_kex_nums[i], kex->methods[i]);
+ ssh_kex_descriptions[i], kex->methods[i]);
}
}
@@ -385,7 +401,7 @@ int ssh_kex_select_methods (ssh_session session){
session->next_crypto->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
if(session->next_crypto->kex_methods[i] == NULL && i < SSH_LANG_C_S){
ssh_set_error(session,SSH_FATAL,"kex error : no match for method %s: server [%s], client [%s]",
- ssh_kex_nums[i],server->methods[i],client->methods[i]);
+ ssh_kex_descriptions[i],server->methods[i],client->methods[i]);
goto error;
} else if ((i >= SSH_LANG_C_S) && (session->next_crypto->kex_methods[i] == NULL)) {
/* we can safely do that for languages */
diff --git a/src/options.c b/src/options.c
index d2580d8d..898dea62 100644
--- a/src/options.c
+++ b/src/options.c
@@ -173,7 +173,7 @@ int ssh_options_set_algo(ssh_session session, int algo,
if (!verify_existing_algo(algo, list)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Setting method: no algorithm for method \"%s\" (%s)\n",
- ssh_kex_nums[algo], list);
+ ssh_kex_get_description(algo), list);
return -1;
}
@@ -1205,7 +1205,7 @@ static int ssh_bind_options_set_algo(ssh_bind sshbind, int algo,
if (!verify_existing_algo(algo, list)) {
ssh_set_error(sshbind, SSH_REQUEST_DENIED,
"Setting method: no algorithm for method \"%s\" (%s)\n",
- ssh_kex_nums[algo], list);
+ ssh_kex_get_description(algo), list);
return -1;
}
diff --git a/src/server.c b/src/server.c
index 8db21b43..c7a37599 100644
--- a/src/server.c
+++ b/src/server.c
@@ -127,7 +127,7 @@ static int server_set_kex(ssh_session session) {
for (i = 0; i < 10; i++) {
if ((wanted = session->opts.wanted_methods[i]) == NULL) {
- wanted = supported_methods[i];
+ wanted = ssh_kex_get_supported_method(i);
}
server->methods[i] = strdup(wanted);
if (server->methods[i] == NULL) {