search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dropbear 2016.73
[tomato.git] / release / src / router / dropbear / common-algo.c
blob10d60c9b519d4cfd62c883728da2eca79e00aa43
1 /*
2 * Dropbear SSH
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * Copyright (c) 2004 by Mihnea Stoenescu
6 * All rights reserved.
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24 * SOFTWARE. */
25
26 #include "includes.h"
27 #include "algo.h"
28 #include "session.h"
29 #include "dbutil.h"
30 #include "dh_groups.h"
31 #include "ltc_prng.h"
32 #include "ecc.h"
33
34 /* This file (algo.c) organises the ciphers which can be used, and is used to
35 * decide which ciphers/hashes/compression/signing to use during key exchange*/
36
37 static int void_cipher(const unsigned char* in, unsigned char* out,
38 unsigned long len, void* UNUSED(cipher_state)) {
39 if (in != out) {
40 memmove(out, in, len);
41 }
42 return CRYPT_OK;
43 }
44
45 static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV),
46 const unsigned char* UNUSED(key),
47 int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) {
48 return CRYPT_OK;
49 }
50
51 /* Mappings for ciphers, parameters are
52 {&cipher_desc, keysize, blocksize} */
53
54 /* Remember to add new ciphers/hashes to regciphers/reghashes too */
55
56 #ifdef DROPBEAR_AES256
57 static const struct dropbear_cipher dropbear_aes256 =
58 {&aes_desc, 32, 16};
59 #endif
60 #ifdef DROPBEAR_AES128
61 static const struct dropbear_cipher dropbear_aes128 =
62 {&aes_desc, 16, 16};
63 #endif
64 #ifdef DROPBEAR_BLOWFISH
65 static const struct dropbear_cipher dropbear_blowfish =
66 {&blowfish_desc, 16, 8};
67 #endif
68 #ifdef DROPBEAR_TWOFISH256
69 static const struct dropbear_cipher dropbear_twofish256 =
70 {&twofish_desc, 32, 16};
71 #endif
72 #ifdef DROPBEAR_TWOFISH128
73 static const struct dropbear_cipher dropbear_twofish128 =
74 {&twofish_desc, 16, 16};
75 #endif
76 #ifdef DROPBEAR_3DES
77 static const struct dropbear_cipher dropbear_3des =
78 {&des3_desc, 24, 8};
79 #endif
80
81 /* used to indicate no encryption, as defined in rfc2410 */
82 const struct dropbear_cipher dropbear_nocipher =
83 {NULL, 16, 8};
84
85 /* A few void* s are required to silence warnings
86 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
87 #ifdef DROPBEAR_ENABLE_CBC_MODE
88 const struct dropbear_cipher_mode dropbear_mode_cbc =
89 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
90 #endif /* DROPBEAR_ENABLE_CBC_MODE */
91
92 const struct dropbear_cipher_mode dropbear_mode_none =
93 {void_start, void_cipher, void_cipher};
94
95 #ifdef DROPBEAR_ENABLE_CTR_MODE
96 /* a wrapper to make ctr_start and cbc_start look the same */
97 static int dropbear_big_endian_ctr_start(int cipher,
98 const unsigned char *IV,
99 const unsigned char *key, int keylen,
100 int num_rounds, symmetric_CTR *ctr) {
101 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr);
102 }
103 const struct dropbear_cipher_mode dropbear_mode_ctr =
104 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
105 #endif /* DROPBEAR_ENABLE_CTR_MODE */
106
107 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
108 {&hash_desc, keysize, hashsize} */
109
110 #ifdef DROPBEAR_SHA1_HMAC
111 static const struct dropbear_hash dropbear_sha1 =
112 {&sha1_desc, 20, 20};
113 #endif
114 #ifdef DROPBEAR_SHA1_96_HMAC
115 static const struct dropbear_hash dropbear_sha1_96 =
116 {&sha1_desc, 20, 12};
117 #endif
118 #ifdef DROPBEAR_SHA2_256_HMAC
119 static const struct dropbear_hash dropbear_sha2_256 =
120 {&sha256_desc, 32, 32};
121 #endif
122 #ifdef DROPBEAR_SHA2_512_HMAC
123 static const struct dropbear_hash dropbear_sha2_512 =
124 {&sha512_desc, 64, 64};
125 #endif
126 #ifdef DROPBEAR_MD5_HMAC
127 static const struct dropbear_hash dropbear_md5 =
128 {&md5_desc, 16, 16};
129 #endif
130
131 const struct dropbear_hash dropbear_nohash =
132 {NULL, 16, 0}; /* used initially */
133
134
135 /* The following map ssh names to internal values.
136 * The ordering here is important for the client - the first mode
137 * that is also supported by the server will get used. */
138
139 algo_type sshciphers[] = {
140 #ifdef DROPBEAR_ENABLE_CTR_MODE
141 #ifdef DROPBEAR_AES128
142 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
143 #endif
144 #ifdef DROPBEAR_AES256
145 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
146 #endif
147 #ifdef DROPBEAR_TWOFISH_CTR
148 /* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */
149 #ifdef DROPBEAR_TWOFISH256
150 {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr},
151 #endif
152 #ifdef DROPBEAR_TWOFISH128
153 {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr},
154 #endif
155 #endif /* DROPBEAR_TWOFISH_CTR */
156 #endif /* DROPBEAR_ENABLE_CTR_MODE */
157
158 #ifdef DROPBEAR_ENABLE_CBC_MODE
159 #ifdef DROPBEAR_AES128
160 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
161 #endif
162 #ifdef DROPBEAR_AES256
163 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
164 #endif
165 #ifdef DROPBEAR_TWOFISH256
166 {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
167 {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
168 #endif
169 #ifdef DROPBEAR_TWOFISH128
170 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
171 #endif
172 #ifdef DROPBEAR_3DES
173 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
174 #endif
175 #ifdef DROPBEAR_3DES
176 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
177 #endif
178 #ifdef DROPBEAR_BLOWFISH
179 {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
180 #endif
181 #endif /* DROPBEAR_ENABLE_CBC_MODE */
182 #ifdef DROPBEAR_NONE_CIPHER
183 {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
184 #endif
185 {NULL, 0, NULL, 0, NULL}
186 };
187
188 algo_type sshhashes[] = {
189 #ifdef DROPBEAR_SHA1_96_HMAC
190 {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL},
191 #endif
192 #ifdef DROPBEAR_SHA1_HMAC
193 {"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
194 #endif
195 #ifdef DROPBEAR_SHA2_256_HMAC
196 {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
197 #endif
198 #ifdef DROPBEAR_SHA2_512_HMAC
199 {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
200 #endif
201 #ifdef DROPBEAR_MD5_HMAC
202 {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
203 #endif
204 #ifdef DROPBEAR_NONE_INTEGRITY
205 {"none", 0, (void*)&dropbear_nohash, 1, NULL},
206 #endif
207 {NULL, 0, NULL, 0, NULL}
208 };
209
210 #ifndef DISABLE_ZLIB
211 algo_type ssh_compress[] = {
212 {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
213 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
214 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
215 {NULL, 0, NULL, 0, NULL}
216 };
217
218 algo_type ssh_delaycompress[] = {
219 {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
220 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
221 {NULL, 0, NULL, 0, NULL}
222 };
223 #endif
224
225 algo_type ssh_nocompress[] = {
226 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
227 {NULL, 0, NULL, 0, NULL}
228 };
229
230 algo_type sshhostkey[] = {
231 #ifdef DROPBEAR_ECDSA
232 #ifdef DROPBEAR_ECC_256
233 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL},
234 #endif
235 #ifdef DROPBEAR_ECC_384
236 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL},
237 #endif
238 #ifdef DROPBEAR_ECC_521
239 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL},
240 #endif
241 #endif
242 #ifdef DROPBEAR_RSA
243 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
244 #endif
245 #ifdef DROPBEAR_DSS
246 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL},
247 #endif
248 {NULL, 0, NULL, 0, NULL}
249 };
250
251 #if DROPBEAR_DH_GROUP1
252 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
253 #endif
254 #if DROPBEAR_DH_GROUP14
255 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
256 #if DROPBEAR_DH_GROUP14_256
257 static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
258 #endif
259 #endif
260 #if DROPBEAR_DH_GROUP16
261 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
262 #endif
263
264 /* These can't be const since dropbear_ecc_fill_dp() fills out
265 ecc_curve at runtime */
266 #ifdef DROPBEAR_ECDH
267 #ifdef DROPBEAR_ECC_256
268 static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
269 #endif
270 #ifdef DROPBEAR_ECC_384
271 static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
272 #endif
273 #ifdef DROPBEAR_ECC_521
274 static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
275 #endif
276 #endif /* DROPBEAR_ECDH */
277
278 #ifdef DROPBEAR_CURVE25519
279 /* Referred to directly */
280 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
281 #endif
282
283 algo_type sshkex[] = {
284 #ifdef DROPBEAR_CURVE25519
285 {"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
286 #endif
287 #ifdef DROPBEAR_ECDH
288 #ifdef DROPBEAR_ECC_521
289 {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
290 #endif
291 #ifdef DROPBEAR_ECC_384
292 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
293 #endif
294 #ifdef DROPBEAR_ECC_256
295 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
296 #endif
297 #endif
298 #if DROPBEAR_DH_GROUP14
299 #if DROPBEAR_DH_GROUP14_256
300 {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
301 #endif
302 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
303 #endif
304 #if DROPBEAR_DH_GROUP1
305 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
306 #endif
307 #if DROPBEAR_DH_GROUP16
308 {"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL},
309 #endif
310 #ifdef USE_KEXGUESS2
311 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
312 #endif
313 {NULL, 0, NULL, 0, NULL}
314 };
315
316 /* algolen specifies the length of algo, algos is our local list to match
317 * against.
318 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
319 * otherwise */
320 int have_algo(char* algo, size_t algolen, algo_type algos[]) {
321
322 int i;
323
324 for (i = 0; algos[i].name != NULL; i++) {
325 if (strlen(algos[i].name) == algolen
326 && (strncmp(algos[i].name, algo, algolen) == 0)) {
327 return DROPBEAR_SUCCESS;
328 }
329 }
330
331 return DROPBEAR_FAILURE;
332 }
333
334 /* Output a comma separated list of algorithms to a buffer */
335 void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
336
337 unsigned int i, len;
338 unsigned int donefirst = 0;
339 buffer *algolist = NULL;
340
341 algolist = buf_new(300);
342 for (i = 0; localalgos[i].name != NULL; i++) {
343 if (localalgos[i].usable) {
344 if (donefirst)
345 buf_putbyte(algolist, ',');
346 donefirst = 1;
347 len = strlen(localalgos[i].name);
348 buf_putbytes(algolist, (const unsigned char *) localalgos[i].name, len);
349 }
350 }
351 buf_putstring(buf, (const char*)algolist->data, algolist->len);
352 buf_free(algolist);
353 }
354
355 /* match the first algorithm in the comma-separated list in buf which is
356 * also in localalgos[], or return NULL on failure.
357 * (*goodguess) is set to 1 if the preferred client/server algos match,
358 * 0 otherwise. This is used for checking if the kexalgo/hostkeyalgos are
359 * guessed correctly */
360 algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
361 enum kexguess2_used *kexguess2, int *goodguess)
362 {
363
364 char * algolist = NULL;
365 const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO];
366 unsigned int len;
367 unsigned int remotecount, localcount, clicount, servcount, i, j;
368 algo_type * ret = NULL;
369 const char **clinames, **servnames;
370
371 if (goodguess) {
372 *goodguess = 0;
373 }
374
375 /* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */
376 algolist = buf_getstring(buf, &len);
377 TRACE(("buf_match_algo: %s", algolist))
378 if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) {
379 goto out;
380 }
381
382 /* remotenames will contain a list of the strings parsed out */
383 /* We will have at least one string (even if it's just "") */
384 remotenames[0] = algolist;
385 remotecount = 1;
386 for (i = 0; i < len; i++) {
387 if (algolist[i] == '\0') {
388 /* someone is trying something strange */
389 goto out;
390 }
391 if (algolist[i] == ',') {
392 algolist[i] = '\0';
393 remotenames[remotecount] = &algolist[i+1];
394 remotecount++;
395 }
396 if (remotecount >= MAX_PROPOSED_ALGO) {
397 break;
398 }
399 }
400 if (kexguess2 && *kexguess2 == KEXGUESS2_LOOK) {
401 for (i = 0; i < remotecount; i++)
402 {
403 if (strcmp(remotenames[i], KEXGUESS2_ALGO_NAME) == 0) {
404 *kexguess2 = KEXGUESS2_YES;
405 break;
406 }
407 }
408 if (*kexguess2 == KEXGUESS2_LOOK) {
409 *kexguess2 = KEXGUESS2_NO;
410 }
411 }
412
413 for (i = 0; localalgos[i].name != NULL; i++) {
414 if (localalgos[i].usable) {
415 localnames[i] = localalgos[i].name;
416 } else {
417 localnames[i] = NULL;
418 }
419 }
420 localcount = i;
421
422 if (IS_DROPBEAR_SERVER) {
423 clinames = remotenames;
424 clicount = remotecount;
425 servnames = localnames;
426 servcount = localcount;
427 } else {
428 clinames = localnames;
429 clicount = localcount;
430 servnames = remotenames;
431 servcount = remotecount;
432 }
433
434 /* iterate and find the first match */
435 for (i = 0; i < clicount; i++) {
436 for (j = 0; j < servcount; j++) {
437 if (!(servnames[j] && clinames[i])) {
438 /* unusable algos are NULL */
439 continue;
440 }
441 if (strcmp(servnames[j], clinames[i]) == 0) {
442 /* set if it was a good guess */
443 if (goodguess && kexguess2) {
444 if (*kexguess2 == KEXGUESS2_YES) {
445 if (i == 0) {
446 *goodguess = 1;
447 }
448
449 } else {
450 if (i == 0 && j == 0) {
451 *goodguess = 1;
452 }
453 }
454 }
455 /* set the algo to return */
456 if (IS_DROPBEAR_SERVER) {
457 ret = &localalgos[j];
458 } else {
459 ret = &localalgos[i];
460 }
461 goto out;
462 }
463 }
464 }
465
466 out:
467 m_free(algolist);
468 return ret;
469 }
470
471 #ifdef DROPBEAR_NONE_CIPHER
472
473 void
474 set_algo_usable(algo_type algos[], const char * algo_name, int usable)
475 {
476 algo_type *a;
477 for (a = algos; a->name != NULL; a++)
478 {
479 if (strcmp(a->name, algo_name) == 0)
480 {
481 a->usable = usable;
482 return;
483 }
484 }
485 }
486
487 int
488 get_algo_usable(algo_type algos[], const char * algo_name)
489 {
490 algo_type *a;
491 for (a = algos; a->name != NULL; a++)
492 {
493 if (strcmp(a->name, algo_name) == 0)
494 {
495 return a->usable;
496 }
497 }
498 return 0;
499 }
500
501 #endif /* DROPBEAR_NONE_CIPHER */
502
503 #ifdef ENABLE_USER_ALGO_LIST
504
505 char *
506 algolist_string(algo_type algos[])
507 {
508 char *ret_list;
509 buffer *b = buf_new(200);
510 buf_put_algolist(b, algos);
511 buf_setpos(b, b->len);
512 buf_putbyte(b, '\0');
513 buf_setpos(b, 4);
514 ret_list = m_strdup((const char *) buf_getptr(b, b->len - b->pos));
515 buf_free(b);
516 return ret_list;
517 }
518
519 static algo_type*
520 check_algo(const char* algo_name, algo_type *algos)
521 {
522 algo_type *a;
523 for (a = algos; a->name != NULL; a++)
524 {
525 if (strcmp(a->name, algo_name) == 0)
526 {
527 return a;
528 }
529 }
530
531 return NULL;
532 }
533
534 static void
535 try_add_algo(const char *algo_name, algo_type *algos,
536 const char *algo_desc, algo_type * new_algos, int *num_ret)
537 {
538 algo_type *match_algo = check_algo(algo_name, algos);
539 if (!match_algo)
540 {
541 dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc);
542 return;
543 }
544
545 new_algos[*num_ret] = *match_algo;
546 (*num_ret)++;
547 }
548
549 /* Checks a user provided comma-separated algorithm list for available
550 * options. Any that are not acceptable are removed in-place. Returns the
551 * number of valid algorithms. */
552 int
553 check_user_algos(const char* user_algo_list, algo_type * algos,
554 const char *algo_desc)
555 {
556 algo_type new_algos[MAX_PROPOSED_ALGO];
557 /* this has two passes. first we sweep through the given list of
558 * algorithms and mark them as usable=2 in the algo_type[] array... */
559 int num_ret = 0;
560 char *work_list = m_strdup(user_algo_list);
561 char *last_name = work_list;
562 char *c;
563 for (c = work_list; *c; c++)
564 {
565 if (*c == ',')
566 {
567 *c = '\0';
568 try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
569 c++;
570 last_name = c;
571 }
572 }
573 try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
574 m_free(work_list);
575
576 new_algos[num_ret].name = NULL;
577
578 /* Copy one more as a blank delimiter */
579 memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
580 return num_ret;
581 }
582 #endif /* ENABLE_USER_ALGO_LIST */
Tomato firmware and modifications.