- markus@cvs.openbsd.org 2013/01/08 18:49:04

[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
author: Damien Miller <djm@mindrot.org> 2013-01-09 16:12:19 +1100
committer: Damien Miller <djm@mindrot.org> 2013-01-09 16:12:19 +1100
commit: 1d75abfe23cadf8cdba0bd2cfd54f3bc1ca80dc5 (patch)
tree: b717aa08dcc3c018d6fdae575017b3cb5fd92767 /monitor_wrap.c
parent: aa7ad3039c671c157bb99217d60674dad8154a22 (diff)
1 files changed, 20 insertions, 19 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index c22d0a2a6..ea654a73f 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.74 2012/10/01 13:59:51 naddy Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -491,25 +491,24 @@ mm_newkeys_from_blob(u_char *blob, int blen)
        enc->enabled = buffer_get_int(&b);
        enc->block_size = buffer_get_int(&b);
        enc->key = buffer_get_string(&b, &enc->key_len);
-        enc->iv = buffer_get_string(&b, &len);
+        enc->iv = buffer_get_string(&b, &enc->iv_len);
-        if (len != enc->block_size)
-                fatal("%s: bad ivlen: expected %u != %u", __func__,
-                    enc->block_size, len);
        if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
                fatal("%s: bad cipher name %s or pointer %p", __func__,
                    enc->name, enc->cipher);
        /* Mac structure */
-        mac->name = buffer_get_string(&b, NULL);
+        if (cipher_authlen(enc->cipher) == 0) {
-        if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
+                mac->name = buffer_get_string(&b, NULL);
-                fatal("%s: can not setup mac %s", __func__, mac->name);
+                if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
-        mac->enabled = buffer_get_int(&b);
+                        fatal("%s: can not setup mac %s", __func__, mac->name);
-        mac->key = buffer_get_string(&b, &len);
+                mac->enabled = buffer_get_int(&b);
-        if (len > mac->key_len)
+                mac->key = buffer_get_string(&b, &len);
-                fatal("%s: bad mac key length: %u > %d", __func__, len,
+                if (len > mac->key_len)
-                    mac->key_len);
+                        fatal("%s: bad mac key length: %u > %d", __func__, len,
-        mac->key_len = len;
+                            mac->key_len);
+                mac->key_len = len;
+        }
        /* Comp structure */
        comp->type = buffer_get_int(&b);
@@ -551,13 +550,15 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
        buffer_put_int(&b, enc->enabled);
        buffer_put_int(&b, enc->block_size);
        buffer_put_string(&b, enc->key, enc->key_len);
-        packet_get_keyiv(mode, enc->iv, enc->block_size);
+        packet_get_keyiv(mode, enc->iv, enc->iv_len);
-        buffer_put_string(&b, enc->iv, enc->block_size);
+        buffer_put_string(&b, enc->iv, enc->iv_len);
        /* Mac structure */
-        buffer_put_cstring(&b, mac->name);
+        if (cipher_authlen(enc->cipher) == 0) {
-        buffer_put_int(&b, mac->enabled);
+                buffer_put_cstring(&b, mac->name);
-        buffer_put_string(&b, mac->key, mac->key_len);
+                buffer_put_int(&b, mac->enabled);
+                buffer_put_string(&b, mac->key, mac->key_len);
+        }
        /* Comp structure */
        buffer_put_int(&b, comp->type);
author	Damien Miller <djm@mindrot.org>	2013-01-09 16:12:19 +1100
committer	Damien Miller <djm@mindrot.org>	2013-01-09 16:12:19 +1100
commit	1d75abfe23cadf8cdba0bd2cfd54f3bc1ca80dc5 (patch)
tree	b717aa08dcc3c018d6fdae575017b3cb5fd92767 /monitor_wrap.c
parent	aa7ad3039c671c157bb99217d60674dad8154a22 (diff)