- markus@cvs.openbsd.org 2009/01/26 09:58:15

     [cipher.c cipher.h packet.c]
     Work around the CPNI-957037 Plaintext Recovery Attack by always
     reading 256K of data on packet size or HMAC errors (in CBC mode only).
     Help, feedback and ok djm@
     Feedback from Martin Albrecht and Paterson Kenny

1 files changed, 2 insertions, 1 deletions

diff --git a/cipher.h b/cipher.h
index 49bbc1682..3dd2270bb 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -81,6 +81,7 @@ void	 cipher_cleanup(CipherContext *);
 void     cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
 u_int    cipher_blocksize(const Cipher *);
 u_int    cipher_keylen(const Cipher *);
+u_int    cipher_is_cbc(const Cipher *);
 
 u_int    cipher_get_number(const Cipher *);
 void     cipher_get_keyiv(CipherContext *, u_char *, u_int);