[Ttssh2-commit] [8527] ttssh2 コンパイル時の警告に対応した

scmno****@osdn***** scmno****@osdn*****
2020年 2月 6日 (木) 00:25:00 JST


Revision: 8527
          https://osdn.net/projects/ttssh2/scm/svn/commits/8527
Author:   zmatsuo
Date:     2020-02-06 00:25:00 +0900 (Thu, 06 Feb 2020)
Log Message:
-----------
ttssh2 コンパイル時の警告に対応した

- テーブル(変数)、複数のファイルから参照されていないtypedefなどを.hから.c移動
- 不変のテーブル(変数)にconst追加
- ファイル外に見せる必要がない変数、関数に static 追加

Modified Paths:
--------------
    trunk/ttssh2/ttxssh/crypt.c
    trunk/ttssh2/ttxssh/ed25519_ge25519.h
    trunk/ttssh2/ttxssh/keyfiles.c
    trunk/ttssh2/ttxssh/keyfiles.h
    trunk/ttssh2/ttxssh/ssh.c
    trunk/ttssh2/ttxssh/ssh.h
    trunk/ttssh2/ttxssh/ttxssh.c
    trunk/ttssh2/ttxssh/ttxssh.h

-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/crypt.c
===================================================================
--- trunk/ttssh2/ttxssh/crypt.c	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/crypt.c	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2017 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1137,7 +1137,7 @@
 	struct Enc *enc;
 	char *encryption_key = pvar->crypt_state.sender_cipher_key;
 	char *decryption_key = pvar->crypt_state.receiver_cipher_key;
-	SSH2Cipher *cipher;
+	const SSH2Cipher *cipher;
 	BOOL isOK = TRUE;
 
 	if (sender_flag) {

Modified: trunk/ttssh2/ttxssh/ed25519_ge25519.h
===================================================================
--- trunk/ttssh2/ttxssh/ed25519_ge25519.h	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/ed25519_ge25519.h	2020-02-05 15:25:00 UTC (rev 8527)
@@ -48,7 +48,7 @@
   fe25519 t;
 } ge25519;
 
-const ge25519 ge25519_base;
+extern const ge25519 ge25519_base;
 
 int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
 

Modified: trunk/ttssh2/ttxssh/keyfiles.c
===================================================================
--- trunk/ttssh2/ttxssh/keyfiles.c	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/keyfiles.c	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2017 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52,6 +52,23 @@
 
 static char ID_string[] = "SSH PRIVATE KEY FILE FORMAT 1.1\n";
 
+typedef struct keyfile_header {
+	ssh2_keyfile_type type;
+	char *header;
+} keyfile_header_t;
+
+static keyfile_header_t keyfile_headers[] = {
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN RSA PRIVATE KEY-----"},
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN DSA PRIVATE KEY-----"},
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN EC PRIVATE KEY-----"},
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN ENCRYPTED PRIVATE KEY-----"},
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN PRIVATE KEY-----"},
+	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN OPENSSH PRIVATE KEY-----"},	
+	{SSH2_KEYFILE_TYPE_PUTTY,   "PuTTY-User-Key-File-2"},
+	{SSH2_KEYFILE_TYPE_SECSH,   "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"},
+	{SSH2_KEYFILE_TYPE_NONE,    NULL},
+};
+
 static BIGNUM *get_bignum(unsigned char *bytes)
 {
 	int bits = get_ushort16_MSBfirst(bytes);
@@ -379,7 +396,7 @@
 	unsigned int len, klen, nkeys, blocksize, keylen, ivlen, slen, rounds;
 	unsigned int check1, check2, m1len, m2len; 
 	int dlen, i;
-	SSH2Cipher *cipher;
+	const SSH2Cipher *cipher;
 	size_t authlen;
 	EVP_CIPHER_CTX *cipher_ctx = NULL;
 	int ret;

Modified: trunk/ttssh2/ttxssh/keyfiles.h
===================================================================
--- trunk/ttssh2/ttxssh/keyfiles.h	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/keyfiles.h	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2017 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -77,24 +77,6 @@
                                    char *errmsg,
                                    int errmsg_len);
 
-typedef struct keyfile_header {
-	ssh2_keyfile_type type;
-	char *header;
-} keyfile_header_t;
-
-static keyfile_header_t keyfile_headers[] = {
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN RSA PRIVATE KEY-----"},
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN DSA PRIVATE KEY-----"},
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN EC PRIVATE KEY-----"},
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN ENCRYPTED PRIVATE KEY-----"},
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN PRIVATE KEY-----"},
-	{SSH2_KEYFILE_TYPE_OPENSSH, "-----BEGIN OPENSSH PRIVATE KEY-----"},	
-	{SSH2_KEYFILE_TYPE_PUTTY,   "PuTTY-User-Key-File-2"},
-	{SSH2_KEYFILE_TYPE_SECSH,   "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"},
-	{SSH2_KEYFILE_TYPE_NONE,    NULL},
-
-};
-
 /* openssh private key file format */
 #define MARK_BEGIN		"-----BEGIN OPENSSH PRIVATE KEY-----\n"
 #define MARK_END		"-----END OPENSSH PRIVATE KEY-----\n"

Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/ssh.c	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2017 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -91,6 +91,94 @@
 	GetPayloadTruncate = 2
 } PayloadStat;
 
+typedef struct ssh2_comp {
+	compression_type type;
+	char *name;
+} ssh2_comp_t;
+
+static const ssh2_comp_t ssh2_comps[] = {
+	{COMP_NOCOMP,  "none"},             // RFC4253
+	{COMP_ZLIB,    "zlib"},             // RFC4253
+	{COMP_DELAYED, "zlib****@opens*****"},
+	{COMP_NONE,    NULL},
+};
+
+static const SSH2Mac ssh2_macs[] = {
+	{HMAC_SHA1,         "hmac-sha1",                     EVP_sha1,      0,  0}, // RFC4253
+	{HMAC_MD5,          "hmac-md5",                      EVP_md5,       0,  0}, // RFC4253
+	{HMAC_SHA1_96,      "hmac-sha1-96",                  EVP_sha1,      96, 0}, // RFC4253
+	{HMAC_MD5_96,       "hmac-md5-96",                   EVP_md5,       96, 0}, // RFC4253
+	{HMAC_RIPEMD160,    "hmac-****@opens*****",    EVP_ripemd160, 0,  0},
+	{HMAC_SHA2_256,     "hmac-sha2-256",                 EVP_sha256,    0,  0}, // RFC6668
+//	{HMAC_SHA2_256_96,  "hmac-sha2-256-96",              EVP_sha256,    96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06
+	{HMAC_SHA2_512,     "hmac-sha2-512",                 EVP_sha512,    0,  0}, // RFC6668
+//	{HMAC_SHA2_512_96,  "hmac-sha2-512-96",              EVP_sha512,    96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06
+	{HMAC_SHA1_EtM,     "hmac-****@opens*****",     EVP_sha1,      0,  1},
+	{HMAC_MD5_EtM,      "hmac-****@opens*****",      EVP_md5,       0,  1},
+	{HMAC_SHA1_96_EtM,  "hmac-****@opens*****",  EVP_sha1,      96, 1},
+	{HMAC_MD5_96_EtM,   "hmac-****@opens*****",   EVP_md5,       96, 1},
+	{HMAC_RIPEMD160_EtM,"hmac-****@opens*****",EVP_ripemd160, 0,  1},
+	{HMAC_SHA2_256_EtM, "hmac-****@opens*****", EVP_sha256,    0,  1},
+	{HMAC_SHA2_512_EtM, "hmac-****@opens*****", EVP_sha512,    0,  1},
+	{HMAC_IMPLICIT,     "<implicit>",                    EVP_md_null,   0,  0}, // for AEAD cipher
+	{HMAC_NONE,         NULL,                            NULL,          0,  0},
+};
+
+static const SSH2Cipher ssh2_ciphers[] = {
+	{SSH2_CIPHER_3DES_CBC,        "3des-cbc",         8, 24,    0, 0, 0, EVP_des_ede3_cbc},     // RFC4253
+	{SSH2_CIPHER_AES128_CBC,      "aes128-cbc",      16, 16,    0, 0, 0, EVP_aes_128_cbc},      // RFC4253
+	{SSH2_CIPHER_AES192_CBC,      "aes192-cbc",      16, 24,    0, 0, 0, EVP_aes_192_cbc},      // RFC4253
+	{SSH2_CIPHER_AES256_CBC,      "aes256-cbc",      16, 32,    0, 0, 0, EVP_aes_256_cbc},      // RFC4253
+	{SSH2_CIPHER_BLOWFISH_CBC,    "blowfish-cbc",     8, 16,    0, 0, 0, EVP_bf_cbc},           // RFC4253
+	{SSH2_CIPHER_AES128_CTR,      "aes128-ctr",      16, 16,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
+	{SSH2_CIPHER_AES192_CTR,      "aes192-ctr",      16, 24,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
+	{SSH2_CIPHER_AES256_CTR,      "aes256-ctr",      16, 32,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
+	{SSH2_CIPHER_ARCFOUR,         "arcfour",          8, 16,    0, 0, 0, EVP_rc4},              // RFC4253
+	{SSH2_CIPHER_ARCFOUR128,      "arcfour128",       8, 16, 1536, 0, 0, EVP_rc4},              // RFC4345
+	{SSH2_CIPHER_ARCFOUR256,      "arcfour256",       8, 32, 1536, 0, 0, EVP_rc4},              // RFC4345
+	{SSH2_CIPHER_CAST128_CBC,     "cast128-cbc",      8, 16,    0, 0, 0, EVP_cast5_cbc},        // RFC4253
+	{SSH2_CIPHER_3DES_CTR,        "3des-ctr",         8, 24,    0, 0, 0, evp_des3_ctr},         // RFC4344
+	{SSH2_CIPHER_BLOWFISH_CTR,    "blowfish-ctr",     8, 32,    0, 0, 0, evp_bf_ctr},           // RFC4344
+	{SSH2_CIPHER_CAST128_CTR,     "cast128-ctr",      8, 16,    0, 0, 0, evp_cast5_ctr},        // RFC4344
+	{SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc", 16, 16,    0, 0, 0, EVP_camellia_128_cbc}, // draft-kanno-secsh-camellia-02
+	{SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc", 16, 24,    0, 0, 0, EVP_camellia_192_cbc}, // draft-kanno-secsh-camellia-02
+	{SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc", 16, 32,    0, 0, 0, EVP_camellia_256_cbc}, // draft-kanno-secsh-camellia-02
+	{SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
+	{SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
+	{SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
+#ifdef WITH_CAMELLIA_PRIVATE
+	{SSH2_CIPHER_CAMELLIA128_CBC, "camel****@opens*****", 16, 16, 0,  0,  0, EVP_camellia_128_cbc},
+	{SSH2_CIPHER_CAMELLIA192_CBC, "camel****@opens*****", 16, 24, 0,  0,  0, EVP_camellia_192_cbc},
+	{SSH2_CIPHER_CAMELLIA256_CBC, "camel****@opens*****", 16, 32, 0,  0,  0, EVP_camellia_256_cbc},
+	{SSH2_CIPHER_CAMELLIA128_CTR, "camel****@opens*****", 16, 16, 0,  0,  0, evp_camellia_128_ctr},
+	{SSH2_CIPHER_CAMELLIA192_CTR, "camel****@opens*****", 16, 24, 0,  0,  0, evp_camellia_128_ctr},
+	{SSH2_CIPHER_CAMELLIA256_CTR, "camel****@opens*****", 16, 32, 0,  0,  0, evp_camellia_128_ctr},
+#endif // WITH_CAMELLIA_PRIVATE
+	{SSH2_CIPHER_AES128_GCM,      "aes12****@opens*****",      16, 16, 0, 12, 16, EVP_aes_128_gcm}, // not RFC5647, PROTOCOL of OpenSSH
+	{SSH2_CIPHER_AES256_GCM,      "aes25****@opens*****",      16, 32, 0, 12, 16, EVP_aes_256_gcm}, // not RFC5647, PROTOCOL of OpenSSH
+	{SSH_CIPHER_NONE,             NULL,               0,  0,    0, 0, 0, NULL},
+};
+
+typedef struct ssh2_kex_algorithm {
+	kex_algorithm kextype;
+	char *name;
+	const EVP_MD *(*evp_md)(void);
+} ssh2_kex_algorithm_t;
+
+static const ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
+	{KEX_DH_GRP1_SHA1,  "diffie-hellman-group1-sha1",           EVP_sha1},   // RFC4253
+	{KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1",          EVP_sha1},   // RFC4253
+	{KEX_DH_GEX_SHA1,   "diffie-hellman-group-exchange-sha1",   EVP_sha1},   // RFC4419
+	{KEX_DH_GEX_SHA256, "diffie-hellman-group-exchange-sha256", EVP_sha256}, // RFC4419
+	{KEX_ECDH_SHA2_256, "ecdh-sha2-nistp256",                   EVP_sha256}, // RFC5656
+	{KEX_ECDH_SHA2_384, "ecdh-sha2-nistp384",                   EVP_sha384}, // RFC5656
+	{KEX_ECDH_SHA2_521, "ecdh-sha2-nistp521",                   EVP_sha512}, // RFC5656
+	{KEX_DH_GRP14_SHA256, "diffie-hellman-group14-sha256",      EVP_sha256}, // RFC8268
+	{KEX_DH_GRP16_SHA512, "diffie-hellman-group16-sha512",      EVP_sha512}, // RFC8268
+	{KEX_DH_GRP18_SHA512, "diffie-hellman-group18-sha512",      EVP_sha512}, // RFC8268
+	{KEX_DH_NONE      , NULL,                                   NULL},
+};
+
 static struct global_confirm global_confirms;
 
 static Channel_t channels[CHANNEL_MAX];
@@ -99,6 +187,26 @@
 
 static CRITICAL_SECTION g_ssh_scp_lock;   /* SCP\x8E\xF3\x90M\x97p\x83\x8D\x83b\x83N */
 
+#define KEX_DEFAULT_KEX     ""
+#define KEX_DEFAULT_PK_ALG  ""
+#define KEX_DEFAULT_ENCRYPT ""
+#define KEX_DEFAULT_MAC     ""
+#define KEX_DEFAULT_COMP    ""
+#define KEX_DEFAULT_LANG    ""
+
+static char *myproposal[PROPOSAL_MAX] = {
+	KEX_DEFAULT_KEX,
+	KEX_DEFAULT_PK_ALG,
+	KEX_DEFAULT_ENCRYPT,
+	KEX_DEFAULT_ENCRYPT,
+	KEX_DEFAULT_MAC,
+	KEX_DEFAULT_MAC,
+	KEX_DEFAULT_COMP,
+	KEX_DEFAULT_COMP,
+	KEX_DEFAULT_LANG,
+	KEX_DEFAULT_LANG,
+};
+
 static void try_send_credentials(PTInstVar pvar);
 static void prep_compression(PTInstVar pvar);
 
@@ -4345,7 +4453,7 @@
 // general
 //
 
-int get_cipher_block_size(SSH2Cipher *cipher)
+int get_cipher_block_size(const SSH2Cipher *cipher)
 {
 	int blocksize = 0;
 	
@@ -4356,7 +4464,7 @@
 	return max(blocksize, 8);
 }
 
-int get_cipher_key_len(SSH2Cipher *cipher)
+int get_cipher_key_len(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		return cipher->key_len;
@@ -4366,7 +4474,7 @@
 	}
 }
 
-int get_cipher_discard_len(SSH2Cipher *cipher)
+int get_cipher_discard_len(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		return cipher->discard_len;
@@ -4376,7 +4484,7 @@
 	}
 }
 
-int get_cipher_iv_len(SSH2Cipher *cipher)
+int get_cipher_iv_len(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		if (cipher->iv_len != 0) {
@@ -4391,7 +4499,7 @@
 	}
 }
 
-int get_cipher_auth_len(SSH2Cipher *cipher)
+int get_cipher_auth_len(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		return cipher->auth_len;
@@ -4402,9 +4510,9 @@
 }
 
 // \x88Í\x86\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\x82\xA9\x82猟\x8D\x{142DC2}\xE9\x81B
-SSH2Cipher *get_cipher_by_name(char *name)
+const SSH2Cipher *get_cipher_by_name(char *name)
 {
-	SSH2Cipher *ptr = ssh2_ciphers;
+	const SSH2Cipher *ptr = ssh2_ciphers;
 
 	if (name == NULL || name[0] == '\0')
 		return NULL;
@@ -4420,7 +4528,7 @@
 	return NULL;
 }
 
-static char * get_cipher_string(SSH2Cipher *cipher)
+static char * get_cipher_string(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		return cipher->name;
@@ -4430,7 +4538,7 @@
 	}
 }
 
-const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher)
+const EVP_CIPHER* get_cipher_EVP_CIPHER(const SSH2Cipher *cipher)
 {
 	if (cipher) {
 		return cipher->func();
@@ -4442,7 +4550,7 @@
 
 char* get_kex_algorithm_name(kex_algorithm kextype)
 {
-	ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
+	const ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
 
 	while (ptr->name != NULL) {
 		if (kextype == ptr->kextype) {
@@ -4457,7 +4565,7 @@
 
 const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype)
 {
-	ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
+	const ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
 
 	while (ptr->name != NULL) {
 		if (kextype == ptr->kextype) {
@@ -4470,9 +4578,9 @@
 	return EVP_md_null();
 }
 
-SSH2Mac *get_ssh2_mac(SSH2MacId id)
+const SSH2Mac *get_ssh2_mac(SSH2MacId id)
 {
-	SSH2Mac *ptr = ssh2_macs;
+	const SSH2Mac *ptr = ssh2_macs;
 
 	while (ptr->name != NULL) {
 		if (ptr->id == id) {
@@ -4484,7 +4592,7 @@
 	return NULL;
 }
 
-char* get_ssh2_mac_name(SSH2Mac *mac)
+char* get_ssh2_mac_name(const SSH2Mac *mac)
 {
 	if (mac) {
 		return mac->name;
@@ -4494,12 +4602,12 @@
 	}
 }
 
-char* get_ssh2_mac_name_by_id(SSH2MacId id)
+const char* get_ssh2_mac_name_by_id(SSH2MacId id)
 {
 	return get_ssh2_mac_name(get_ssh2_mac(id));
 }
 
-const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac)
+const EVP_MD* get_ssh2_mac_EVP_MD(const SSH2Mac *mac)
 {
 	if (mac) {
 		return mac->evp_md();
@@ -4509,7 +4617,7 @@
 	}
 }
 
-int get_ssh2_mac_truncatebits(SSH2Mac *mac)
+int get_ssh2_mac_truncatebits(const SSH2Mac *mac)
 {
 	if (mac) {
 		return mac->truncatebits;
@@ -4519,7 +4627,7 @@
 	}
 }
 
-int get_ssh2_mac_etm(SSH2Mac *mac)
+int get_ssh2_mac_etm(const SSH2Mac *mac)
 {
 	if (mac) {
 		return mac->etm;
@@ -4531,7 +4639,7 @@
 
 char* get_ssh2_comp_name(compression_type type)
 {
-	ssh2_comp_t *ptr = ssh2_comps;
+	const ssh2_comp_t *ptr = ssh2_comps;
 
 	while (ptr->name != NULL) {
 		if (type == ptr->type) {
@@ -4546,8 +4654,25 @@
 
 char* get_ssh_keytype_name(ssh_keytype type)
 {
-	ssh2_host_key_t *ptr = ssh2_host_key;
+	typedef struct ssh2_host_key {
+		ssh_keytype type;
+		char *name;
+	} ssh2_host_key_t;
 
+	static const ssh2_host_key_t ssh2_host_key[] = {
+		{KEY_RSA1,     "ssh-rsa1"},            // for SSH1 only
+		{KEY_RSA,      "ssh-rsa"},             // RFC4253
+		{KEY_DSA,      "ssh-dss"},             // RFC4253
+		{KEY_ECDSA256, "ecdsa-sha2-nistp256"}, // RFC5656
+		{KEY_ECDSA384, "ecdsa-sha2-nistp384"}, // RFC5656
+		{KEY_ECDSA521, "ecdsa-sha2-nistp521"}, // RFC5656
+		{KEY_ED25519,  "ssh-ed25519"},         // draft-bjh21-ssh-ed25519-02
+		{KEY_UNSPEC,   "ssh-unknown"},
+		{KEY_NONE,     NULL},
+	};
+
+	const ssh2_host_key_t *ptr = ssh2_host_key;
+
 	while (ptr->name != NULL) {
 		if (type == ptr->type) {
 			return ptr->name;
@@ -4561,8 +4686,23 @@
 
 char* get_digest_algorithm_name(digest_algorithm id)
 {
-	ssh_digest_t *ptr = ssh_digests;
+	typedef struct ssh_digest {
+		digest_algorithm id;
+		char *name;
+	} ssh_digest_t;
 
+	/* NB. Indexed directly by algorithm number */
+	static const ssh_digest_t ssh_digests[] = {
+		{ SSH_DIGEST_MD5,       "MD5" },
+		{ SSH_DIGEST_RIPEMD160, "RIPEMD160" },
+		{ SSH_DIGEST_SHA1,      "SHA1" },
+		{ SSH_DIGEST_SHA256,    "SHA256" },
+		{ SSH_DIGEST_SHA384,    "SHA384" },
+		{ SSH_DIGEST_SHA512,    "SHA512" },
+		{ SSH_DIGEST_MAX,       NULL },
+	};
+	const ssh_digest_t *ptr = ssh_digests;
+
 	while (ptr->name != NULL) {
 		if (id == ptr->id) {
 			return ptr->name;
@@ -4958,7 +5098,7 @@
 {
 	kex_algorithm type = KEX_DH_UNKNOWN;
 	char str_kextype[40];
-	ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
+	const ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
 
 	choose_SSH2_proposal(server_proposal, my_proposal, str_kextype, sizeof(str_kextype));
 
@@ -4973,10 +5113,10 @@
 	return (type);
 }
 
-static SSH2Cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
+static const SSH2Cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
 {
 	char str_cipher[32];
-	SSH2Cipher *ptr = ssh2_ciphers;
+	const SSH2Cipher *ptr = ssh2_ciphers;
 
 	choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher));
 	return get_cipher_by_name(str_cipher);
@@ -4983,10 +5123,10 @@
 }
 
 
-static SSH2Mac *choose_SSH2_mac_algorithm(char *server_proposal, char *my_proposal)
+static const SSH2Mac *choose_SSH2_mac_algorithm(char *server_proposal, char *my_proposal)
 {
 	char str_hmac[64];
-	SSH2Mac *ptr = ssh2_macs;
+	const SSH2Mac *ptr = ssh2_macs;
 
 	choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac));
 
@@ -5005,7 +5145,7 @@
 {
 	compression_type type = COMP_UNKNOWN;
 	char str_comp[20];
-	ssh2_comp_t *ptr = ssh2_comps;
+	const ssh2_comp_t *ptr = ssh2_comps;
 
 	// OpenSSH 4.3\x82ł͒x\x89\x84\x83p\x83P\x83b\x83g\x88\xB3\x8Fk("zlib****@opens*****")\x82\xAA\x90V\x8BK\x92lj\xC1\x82\xB3\x82\xEA\x82Ă\xA2\x82邽\x82߁A
 	// \x83}\x83b\x83`\x82\xB5\x82Ȃ\xA2\x82悤\x82ɏC\x90\xB3\x82\xB5\x82\xBD\x81B
@@ -5033,8 +5173,8 @@
 	int mode, val;
 	unsigned int need = 0;
 	const EVP_MD *md;
-	SSH2Cipher *cipher;
-	SSH2Mac *mac;
+	const SSH2Cipher *cipher;
+	const SSH2Mac *mac;
 
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		cipher = pvar->ciphers[mode];

Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/ssh.h	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2017 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -313,27 +313,6 @@
 	PROPOSAL_MAX
 };
 
-#define KEX_DEFAULT_KEX     ""
-#define KEX_DEFAULT_PK_ALG  ""
-#define KEX_DEFAULT_ENCRYPT ""
-#define KEX_DEFAULT_MAC     ""
-#define KEX_DEFAULT_COMP    ""
-#define KEX_DEFAULT_LANG    ""
-
-static char *myproposal[PROPOSAL_MAX] = {
-	KEX_DEFAULT_KEX,
-	KEX_DEFAULT_PK_ALG,
-	KEX_DEFAULT_ENCRYPT,
-	KEX_DEFAULT_ENCRYPT,
-	KEX_DEFAULT_MAC,
-	KEX_DEFAULT_MAC,
-	KEX_DEFAULT_COMP,
-	KEX_DEFAULT_COMP,
-	KEX_DEFAULT_LANG,
-	KEX_DEFAULT_LANG,
-};
-
-
 typedef enum {
 	KEY_NONE,
 	KEY_RSA1,
@@ -348,23 +327,6 @@
 } ssh_keytype;
 #define isFixedLengthKey(type)	((type) >= KEY_DSA && (type) <= KEY_ED25519)
 
-typedef struct ssh2_host_key {
-	ssh_keytype type;
-	char *name;
-} ssh2_host_key_t;
-
-static ssh2_host_key_t ssh2_host_key[] = {
-	{KEY_RSA1,     "ssh-rsa1"},            // for SSH1 only
-	{KEY_RSA,      "ssh-rsa"},             // RFC4253
-	{KEY_DSA,      "ssh-dss"},             // RFC4253
-	{KEY_ECDSA256, "ecdsa-sha2-nistp256"}, // RFC5656
-	{KEY_ECDSA384, "ecdsa-sha2-nistp384"}, // RFC5656
-	{KEY_ECDSA521, "ecdsa-sha2-nistp521"}, // RFC5656
-	{KEY_ED25519,  "ssh-ed25519"},         // draft-bjh21-ssh-ed25519-02
-	{KEY_UNSPEC,   "ssh-unknown"},
-	{KEY_NONE,     NULL},
-};
-
 /* Minimum modulus size (n) for RSA keys. */
 #define SSH_RSA_MINIMUM_MODULUS_SIZE    768
 
@@ -387,42 +349,6 @@
 	const EVP_CIPHER *(*func)(void);
 } SSH2Cipher;
 
-static SSH2Cipher ssh2_ciphers[] = {
-	{SSH2_CIPHER_3DES_CBC,        "3des-cbc",         8, 24,    0, 0, 0, EVP_des_ede3_cbc},     // RFC4253
-	{SSH2_CIPHER_AES128_CBC,      "aes128-cbc",      16, 16,    0, 0, 0, EVP_aes_128_cbc},      // RFC4253
-	{SSH2_CIPHER_AES192_CBC,      "aes192-cbc",      16, 24,    0, 0, 0, EVP_aes_192_cbc},      // RFC4253
-	{SSH2_CIPHER_AES256_CBC,      "aes256-cbc",      16, 32,    0, 0, 0, EVP_aes_256_cbc},      // RFC4253
-	{SSH2_CIPHER_BLOWFISH_CBC,    "blowfish-cbc",     8, 16,    0, 0, 0, EVP_bf_cbc},           // RFC4253
-	{SSH2_CIPHER_AES128_CTR,      "aes128-ctr",      16, 16,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
-	{SSH2_CIPHER_AES192_CTR,      "aes192-ctr",      16, 24,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
-	{SSH2_CIPHER_AES256_CTR,      "aes256-ctr",      16, 32,    0, 0, 0, evp_aes_128_ctr},      // RFC4344
-	{SSH2_CIPHER_ARCFOUR,         "arcfour",          8, 16,    0, 0, 0, EVP_rc4},              // RFC4253
-	{SSH2_CIPHER_ARCFOUR128,      "arcfour128",       8, 16, 1536, 0, 0, EVP_rc4},              // RFC4345
-	{SSH2_CIPHER_ARCFOUR256,      "arcfour256",       8, 32, 1536, 0, 0, EVP_rc4},              // RFC4345
-	{SSH2_CIPHER_CAST128_CBC,     "cast128-cbc",      8, 16,    0, 0, 0, EVP_cast5_cbc},        // RFC4253
-	{SSH2_CIPHER_3DES_CTR,        "3des-ctr",         8, 24,    0, 0, 0, evp_des3_ctr},         // RFC4344
-	{SSH2_CIPHER_BLOWFISH_CTR,    "blowfish-ctr",     8, 32,    0, 0, 0, evp_bf_ctr},           // RFC4344
-	{SSH2_CIPHER_CAST128_CTR,     "cast128-ctr",      8, 16,    0, 0, 0, evp_cast5_ctr},        // RFC4344
-	{SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc", 16, 16,    0, 0, 0, EVP_camellia_128_cbc}, // draft-kanno-secsh-camellia-02
-	{SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc", 16, 24,    0, 0, 0, EVP_camellia_192_cbc}, // draft-kanno-secsh-camellia-02
-	{SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc", 16, 32,    0, 0, 0, EVP_camellia_256_cbc}, // draft-kanno-secsh-camellia-02
-	{SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
-	{SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
-	{SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32,    0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
-#ifdef WITH_CAMELLIA_PRIVATE
-	{SSH2_CIPHER_CAMELLIA128_CBC, "camel****@opens*****", 16, 16, 0,  0,  0, EVP_camellia_128_cbc},
-	{SSH2_CIPHER_CAMELLIA192_CBC, "camel****@opens*****", 16, 24, 0,  0,  0, EVP_camellia_192_cbc},
-	{SSH2_CIPHER_CAMELLIA256_CBC, "camel****@opens*****", 16, 32, 0,  0,  0, EVP_camellia_256_cbc},
-	{SSH2_CIPHER_CAMELLIA128_CTR, "camel****@opens*****", 16, 16, 0,  0,  0, evp_camellia_128_ctr},
-	{SSH2_CIPHER_CAMELLIA192_CTR, "camel****@opens*****", 16, 24, 0,  0,  0, evp_camellia_128_ctr},
-	{SSH2_CIPHER_CAMELLIA256_CTR, "camel****@opens*****", 16, 32, 0,  0,  0, evp_camellia_128_ctr},
-#endif // WITH_CAMELLIA_PRIVATE
-	{SSH2_CIPHER_AES128_GCM,      "aes12****@opens*****",      16, 16, 0, 12, 16, EVP_aes_128_gcm}, // not RFC5647, PROTOCOL of OpenSSH
-	{SSH2_CIPHER_AES256_GCM,      "aes25****@opens*****",      16, 32, 0, 12, 16, EVP_aes_256_gcm}, // not RFC5647, PROTOCOL of OpenSSH
-	{SSH_CIPHER_NONE,             NULL,               0,  0,    0, 0, 0, NULL},
-};
-
-
 typedef enum {
 	KEX_DH_NONE,       /* disabled line */
 	KEX_DH_GRP1_SHA1,
@@ -439,27 +365,6 @@
 	KEX_DH_MAX = KEX_DH_UNKNOWN,
 } kex_algorithm;
 
-typedef struct ssh2_kex_algorithm {
-	kex_algorithm kextype;
-	char *name;
-	const EVP_MD *(*evp_md)(void);
-} ssh2_kex_algorithm_t;
-
-static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
-	{KEX_DH_GRP1_SHA1,  "diffie-hellman-group1-sha1",           EVP_sha1},   // RFC4253
-	{KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1",          EVP_sha1},   // RFC4253
-	{KEX_DH_GEX_SHA1,   "diffie-hellman-group-exchange-sha1",   EVP_sha1},   // RFC4419
-	{KEX_DH_GEX_SHA256, "diffie-hellman-group-exchange-sha256", EVP_sha256}, // RFC4419
-	{KEX_ECDH_SHA2_256, "ecdh-sha2-nistp256",                   EVP_sha256}, // RFC5656
-	{KEX_ECDH_SHA2_384, "ecdh-sha2-nistp384",                   EVP_sha384}, // RFC5656
-	{KEX_ECDH_SHA2_521, "ecdh-sha2-nistp521",                   EVP_sha512}, // RFC5656
-	{KEX_DH_GRP14_SHA256, "diffie-hellman-group14-sha256",      EVP_sha256}, // RFC8268
-	{KEX_DH_GRP16_SHA512, "diffie-hellman-group16-sha512",      EVP_sha512}, // RFC8268
-	{KEX_DH_GRP18_SHA512, "diffie-hellman-group18-sha512",      EVP_sha512}, // RFC8268
-	{KEX_DH_NONE      , NULL,                                   NULL},
-};
-
-
 typedef enum {
 	HMAC_NONE,      /* disabled line */
 	HMAC_SHA1,
@@ -491,28 +396,6 @@
 	int etm;
 } SSH2Mac;
 
-static SSH2Mac ssh2_macs[] = {
-	{HMAC_SHA1,         "hmac-sha1",                     EVP_sha1,      0,  0}, // RFC4253
-	{HMAC_MD5,          "hmac-md5",                      EVP_md5,       0,  0}, // RFC4253
-	{HMAC_SHA1_96,      "hmac-sha1-96",                  EVP_sha1,      96, 0}, // RFC4253
-	{HMAC_MD5_96,       "hmac-md5-96",                   EVP_md5,       96, 0}, // RFC4253
-	{HMAC_RIPEMD160,    "hmac-****@opens*****",    EVP_ripemd160, 0,  0},
-	{HMAC_SHA2_256,     "hmac-sha2-256",                 EVP_sha256,    0,  0}, // RFC6668
-//	{HMAC_SHA2_256_96,  "hmac-sha2-256-96",              EVP_sha256,    96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06
-	{HMAC_SHA2_512,     "hmac-sha2-512",                 EVP_sha512,    0,  0}, // RFC6668
-//	{HMAC_SHA2_512_96,  "hmac-sha2-512-96",              EVP_sha512,    96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06
-	{HMAC_SHA1_EtM,     "hmac-****@opens*****",     EVP_sha1,      0,  1},
-	{HMAC_MD5_EtM,      "hmac-****@opens*****",      EVP_md5,       0,  1},
-	{HMAC_SHA1_96_EtM,  "hmac-****@opens*****",  EVP_sha1,      96, 1},
-	{HMAC_MD5_96_EtM,   "hmac-****@opens*****",   EVP_md5,       96, 1},
-	{HMAC_RIPEMD160_EtM,"hmac-****@opens*****",EVP_ripemd160, 0,  1},
-	{HMAC_SHA2_256_EtM, "hmac-****@opens*****", EVP_sha256,    0,  1},
-	{HMAC_SHA2_512_EtM, "hmac-****@opens*****", EVP_sha512,    0,  1},
-	{HMAC_IMPLICIT,     "<implicit>",                    EVP_md_null,   0,  0}, // for AEAD cipher
-	{HMAC_NONE,         NULL,                            NULL,          0,  0},
-};
-
-
 typedef enum {
 	COMP_NONE,      /* disabled line */
 	COMP_NOCOMP,
@@ -522,19 +405,6 @@
 	COMP_MAX = COMP_UNKNOWN,
 } compression_type;
 
-typedef struct ssh2_comp {
-	compression_type type;
-	char *name;
-} ssh2_comp_t;
-
-static ssh2_comp_t ssh2_comps[] = {
-	{COMP_NOCOMP,  "none"},             // RFC4253
-	{COMP_ZLIB,    "zlib"},             // RFC4253
-	{COMP_DELAYED, "zlib****@opens*****"},
-	{COMP_NONE,    NULL},
-};
-
-
 struct Enc {
 	u_char          *key;
 	u_char          *iv;
@@ -620,22 +490,6 @@
 	SSH_DIGEST_MAX,
 } digest_algorithm;
 
-typedef struct ssh_digest {
-	digest_algorithm id;
-	char *name;
-} ssh_digest_t;
-
-/* NB. Indexed directly by algorithm number */
-static ssh_digest_t ssh_digests[] = {
-	{ SSH_DIGEST_MD5,       "MD5" },
-	{ SSH_DIGEST_RIPEMD160, "RIPEMD160" },
-	{ SSH_DIGEST_SHA1,      "SHA1" },
-	{ SSH_DIGEST_SHA256,    "SHA256" },
-	{ SSH_DIGEST_SHA384,    "SHA384" },
-	{ SSH_DIGEST_SHA512,    "SHA512" },
-	{ SSH_DIGEST_MAX,       NULL },
-};
-
 enum scp_dir {
 	TOREMOTE, FROMREMOTE,
 };
@@ -776,23 +630,23 @@
 BOOL do_SSH2_userauth(PTInstVar pvar);
 BOOL do_SSH2_authrequest(PTInstVar pvar);
 void debug_print(int no, char *msg, int len);
-int get_cipher_block_size(SSH2Cipher *cipher);
-int get_cipher_key_len(SSH2Cipher *cipher);
-int get_cipher_iv_len(SSH2Cipher *cipher);
-int get_cipher_auth_len(SSH2Cipher *cipher);
-SSH2Cipher *get_cipher_by_name(char *name);
+int get_cipher_block_size(const SSH2Cipher *cipher);
+int get_cipher_key_len(const SSH2Cipher *cipher);
+int get_cipher_iv_len(const SSH2Cipher *cipher);
+int get_cipher_auth_len(const SSH2Cipher *cipher);
+const SSH2Cipher *get_cipher_by_name(char *name);
 char* get_kex_algorithm_name(kex_algorithm kextype);
-const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher);
+const EVP_CIPHER* get_cipher_EVP_CIPHER(const SSH2Cipher *cipher);
 const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype);
-SSH2Mac *get_ssh2_mac(SSH2MacId id);
-char* get_ssh2_mac_name(SSH2Mac *mac);
-char* get_ssh2_mac_name_by_id(SSH2MacId id);
-const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac);
-int get_ssh2_mac_truncatebits(SSH2Mac *mac);
+const SSH2Mac *get_ssh2_mac(SSH2MacId id);
+char* get_ssh2_mac_name(const SSH2Mac *mac);
+const char* get_ssh2_mac_name_by_id(SSH2MacId id);
+const EVP_MD* get_ssh2_mac_EVP_MD(const SSH2Mac *mac);
+int get_ssh2_mac_truncatebits(const SSH2Mac *mac);
 char* get_ssh2_comp_name(compression_type type);
 char* get_ssh_keytype_name(ssh_keytype type);
 char* get_digest_algorithm_name(digest_algorithm id);
-int get_cipher_discard_len(SSH2Cipher *cipher);
+int get_cipher_discard_len(const SSH2Cipher *cipher);
 void ssh_heartbeat_lock_initialize(void);
 void ssh_heartbeat_lock_finalize(void);
 void ssh_heartbeat_lock(void);

Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/ttxssh.c	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2001, Robert O'Callahan
+ * Copyright (c) 1998-2020, Robert O'Callahan
  * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
@@ -2747,7 +2747,7 @@
 	normalize_mac_order(pvar->settings.MacOrder);
 	for (i = 0; pvar->settings.MacOrder[i] != 0; i++) {
 		int index = pvar->settings.MacOrder[i] - '0';
-		char *name = NULL;
+		const char *name = NULL;
 
 		if (index == 0)	{
 			UTIL_get_lang_msg("DLG_SSHSETUP_MAC_BORDER", pvar,
@@ -4031,7 +4031,7 @@
 // based on OpenSSH 6.5:key_save_private(), key_private_to_blob2()
 static void save_bcrypt_private_key(char *passphrase, char *filename, char *comment, HWND dlg, PTInstVar pvar, int rounds)
 {
-	SSH2Cipher *cipher = NULL;
+	const SSH2Cipher *cipher = NULL;
 	char *ciphername = DEFAULT_CIPHERNAME;
 	buffer_t *b = NULL;
 	buffer_t *kdf = NULL;

Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h	2020-02-04 13:34:09 UTC (rev 8526)
+++ trunk/ttssh2/ttxssh/ttxssh.h	2020-02-05 15:25:00 UTC (rev 8527)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1998-2001, Robert O'Callahan
- * (C) 2004-2019 TeraTerm Project
+ * (C) 2004-2020 TeraTerm Project
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -268,8 +268,8 @@
 	buffer_t *peer_kex;
 	kex_algorithm kex_type; // KEX algorithm
 	ssh_keytype hostkey_type;
-	SSH2Cipher *ciphers[MODE_MAX];
-	SSH2Mac *macs[MODE_MAX];
+	const SSH2Cipher *ciphers[MODE_MAX];
+	const SSH2Mac *macs[MODE_MAX];
 	compression_type ctos_compression;
 	compression_type stoc_compression;
 	int we_need;


Ttssh2-commit メーリングリストの案内