SSH2: build supported cipher list off of files that are present

2024-12-13 09:37:37 +01:00 · 2013-06-20 20:51:50 -05:00 · 2013-06-20 20:51:50 -05:00 · adf8afd4eb
commit adf8afd4eb
parent 2edc9fc0a9
1 changed files with 55 additions and 26 deletions
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@ -942,41 +942,70 @@ class Net_SSH2 {
            'ssh-dss'  // REQUIRED     sign   Raw DSS Key
        );
-        static $encryption_algorithms = array(
+        static $encryption_algorithms = false;
-            // from <http://tools.ietf.org/html/rfc4345#section-4>:
+        if ($encryption_algorithms === false) {
-            'arcfour256',
+            $encryption_algorithms = array(
-            'arcfour128',
+                // from <http://tools.ietf.org/html/rfc4345#section-4>:
                'arcfour256',
                'arcfour128',
-            'arcfour',        // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key
+                'arcfour',        // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key
-            // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
+                // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
-            'aes128-ctr',     // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
+                'aes128-ctr',     // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
-            'aes192-ctr',     // RECOMMENDED       AES with 192-bit key
+                'aes192-ctr',     // RECOMMENDED       AES with 192-bit key
-            'aes256-ctr',     // RECOMMENDED       AES with 256-bit key
+                'aes256-ctr',     // RECOMMENDED       AES with 256-bit key
-            'twofish128-ctr', // OPTIONAL          Twofish in SDCTR mode, with 128-bit key
+                'twofish128-ctr', // OPTIONAL          Twofish in SDCTR mode, with 128-bit key
-            'twofish192-ctr', // OPTIONAL          Twofish with 192-bit key
+                'twofish192-ctr', // OPTIONAL          Twofish with 192-bit key
-            'twofish256-ctr', // OPTIONAL          Twofish with 256-bit key
+                'twofish256-ctr', // OPTIONAL          Twofish with 256-bit key
-            'aes128-cbc',     // RECOMMENDED       AES with a 128-bit key
+                'aes128-cbc',     // RECOMMENDED       AES with a 128-bit key
-            'aes192-cbc',     // OPTIONAL          AES with a 192-bit key
+                'aes192-cbc',     // OPTIONAL          AES with a 192-bit key
-            'aes256-cbc',     // OPTIONAL          AES in CBC mode, with a 256-bit key
+                'aes256-cbc',     // OPTIONAL          AES in CBC mode, with a 256-bit key
-            'twofish128-cbc', // OPTIONAL          Twofish with a 128-bit key
+                'twofish128-cbc', // OPTIONAL          Twofish with a 128-bit key
-            'twofish192-cbc', // OPTIONAL          Twofish with a 192-bit key
+                'twofish192-cbc', // OPTIONAL          Twofish with a 192-bit key
-            'twofish256-cbc',
+                'twofish256-cbc',
-            'twofish-cbc',    // OPTIONAL          alias for "twofish256-cbc"
+                'twofish-cbc',    // OPTIONAL          alias for "twofish256-cbc"
-                              //                   (this is being retained for historical reasons)
+                                  //                   (this is being retained for historical reasons)
-            'blowfish-ctr',   // OPTIONAL          Blowfish in SDCTR mode
+                'blowfish-ctr',   // OPTIONAL          Blowfish in SDCTR mode
-            'blowfish-cbc',   // OPTIONAL          Blowfish in CBC mode
+                'blowfish-cbc',   // OPTIONAL          Blowfish in CBC mode
-            '3des-ctr',       // RECOMMENDED       Three-key 3DES in SDCTR mode
+                '3des-ctr',       // RECOMMENDED       Three-key 3DES in SDCTR mode
-            '3des-cbc',       // REQUIRED          three-key 3DES in CBC mode
+                '3des-cbc',       // REQUIRED          three-key 3DES in CBC mode
-            'none'            // OPTIONAL          no encryption; NOT RECOMMENDED
+                'none'            // OPTIONAL          no encryption; NOT RECOMMENDED
-        );
+            );
            if (!file_exists('Crypt/AES.php')) {
                $encryption_algorithms = array_diff(
                    $encryption_algorithms,
                    array('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc')
                );
            }
            if (!file_exists('Crypt/Twofish.php')) {
                $encryption_algorithms = array_diff(
                    $encryption_algorithms,
                    array('twofish128-ctr', 'twofish192-ctr', 'twofish256-ctr', 'twofish128-cbc', 'twofish192-cbc', 'twofish256-cbc', 'twofish-cbc')
                );
            }
            if (!file_exists('Crypt/Blowfish.php')) {
                $encryption_algorithms = array_diff(
                    $encryption_algorithms,
                    array('blowfish-ctr', 'blowfish-cbc')
                );
            }
            if (!file_exists('Crypt/TripleDES.php')) {
                $encryption_algorithms = array_diff(
                    $encryption_algorithms,
                    array('3des-ctr', '3des-cbc')
                );
            }
            $encryption_algorithms = array_values($encryption_algorithms);
        }
        static $mac_algorithms = array(
            'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)