kex: Make existing convenience features available

Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

include/libssh/libssh.h

@@ -875,6 +875,7 @@ LIBSSH_API const char* ssh_get_cipher_in(ssh_session session);
 LIBSSH_API const char* ssh_get_cipher_out(ssh_session session);
 LIBSSH_API const char* ssh_get_hmac_in(ssh_session session);
 LIBSSH_API const char* ssh_get_hmac_out(ssh_session session);
+LIBSSH_API const char *ssh_get_supported_methods(enum ssh_kex_types_e type);
 
 LIBSSH_API ssh_buffer ssh_buffer_new(void);
 LIBSSH_API void ssh_buffer_free(ssh_buffer buffer);

src/kex.c

@@ -310,6 +310,25 @@ const char *ssh_kex_get_fips_methods(enum ssh_kex_types_e type)
     return fips_methods[type];
 }
 
+/**
+ * @brief Get a list of supported algorithms of a given type. This respects the
+ * FIPS mode status.
+ *
+ * @param[in] type The type of the algorithm to query (SSH_KEX, SSH_MAC_C_S,
+ * ...).
+ *
+ * @return The list of supported methods as comma-separated string, or NULL for
+ * unknown type.
+ */
+const char *ssh_get_supported_methods(enum ssh_kex_types_e type)
+{
+    if (ssh_fips_mode()) {
+        return ssh_kex_get_fips_methods(type);
+    } else {
+        return ssh_kex_get_supported_method(type);
+    }
+}
+
 /**
  * @internal
  * @brief returns whether the first client key exchange algorithm or

tests/client/torture_auth.c

@@ -72,7 +72,7 @@ static int session_setup(void **state)
     assert_ssh_return_code(s->ssh.session, rc);
 
     /* Enable all hostkeys */
-    all_keytypes = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+    all_keytypes = ssh_get_supported_methods(SSH_HOSTKEYS);
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes);
     assert_ssh_return_code(s->ssh.session, rc);
 

tests/client/torture_auth_cert.c

@@ -74,7 +74,7 @@ static int session_setup(void **state)
     assert_ssh_return_code(s->ssh.session, rc);
 
     /* Enable all hostkeys */
-    all_keytypes = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+    all_keytypes = ssh_get_supported_methods(SSH_HOSTKEYS);
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes);
     assert_ssh_return_code(s->ssh.session, rc);
 

tests/pkd/pkd_daemon.c

@@ -297,7 +297,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
         /* Add methods not enabled by default */
 
         /* Enable all supported key exchange methods */
-        all_kex = ssh_kex_get_supported_method(SSH_KEX);
+        all_kex = ssh_get_supported_methods(SSH_KEX);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_KEY_EXCHANGE, all_kex);
         if (rc != 0) {
             pkderr("ssh_bind_options_set kex methods: %s\n", ssh_get_error(b));
@@ -305,14 +305,14 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
         }
 
         /* Enable all supported ciphers */
-        all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_C_S);
+        all_ciphers = ssh_get_supported_methods(SSH_CRYPT_C_S);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_C_S, all_ciphers);
         if (rc != 0) {
             pkderr("ssh_bind_options_set Ciphers C-S: %s\n", ssh_get_error(b));
             goto outclose;
         }
 
-        all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_S_C);
+        all_ciphers = ssh_get_supported_methods(SSH_CRYPT_S_C);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_S_C, all_ciphers);
         if (rc != 0) {
             pkderr("ssh_bind_options_set Ciphers S-C: %s\n", ssh_get_error(b));
@@ -320,7 +320,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
         }
 
         /* Enable all hostkey algorithms */
-        all_hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+        all_hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, all_hostkeys);
         if (rc != 0) {
             pkderr("ssh_bind_options_set Hostkeys: %s\n", ssh_get_error(b));
@@ -328,14 +328,14 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
         }
 
         /* Enable all message authentication codes */
-        all_macs = ssh_kex_get_supported_method(SSH_MAC_C_S);
+        all_macs = ssh_get_supported_methods(SSH_MAC_C_S);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_C_S, all_macs);
         if (rc != 0) {
             pkderr("ssh_bind_options_set MACs C-S: %s\n", ssh_get_error(b));
             goto outclose;
         }
 
-        all_macs = ssh_kex_get_supported_method(SSH_MAC_S_C);
+        all_macs = ssh_get_supported_methods(SSH_MAC_S_C);
         rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_S_C, all_macs);
         if (rc != 0) {
             pkderr("ssh_bind_options_set MACs S-C: %s\n", ssh_get_error(b));

tests/server/torture_server_config.c

@@ -226,7 +226,7 @@ static int session_setup(void **state)
     struct test_server_st *tss = *state;
     struct torture_state *s;
     int verbosity = torture_libssh_verbosity();
-    const char *compat_hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+    const char *compat_hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
     struct passwd *pwd;
     bool b = false;
     int rc;

tests/ssh_ping.c

@@ -61,7 +61,7 @@ int main(int argc, char **argv)
     }
 
     /* Enable all supported algorithms */
-    hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+    hostkeys = ssh_get_supported_methods(SSH_HOSTKEYS);
     rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, hostkeys);
     if (rc < 0) {
         goto out;