diff options
author | Damien Miller <djm@mindrot.org> | 2002-03-13 13:19:42 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-03-13 13:19:42 +1100 |
commit | 3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch) | |
tree | 86478addb63771a9a1be0e13cfbdea9f964f963a /packet.c | |
parent | 3225fb454d0e79cf6f824dd00ff478749620277b (diff) |
Stupid djm commits experimental code to head instead of branch
revert
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 106 |
1 files changed, 12 insertions, 94 deletions
@@ -115,8 +115,6 @@ static int interactive_mode = 0; | |||
115 | 115 | ||
116 | /* Session key information for Encryption and MAC */ | 116 | /* Session key information for Encryption and MAC */ |
117 | Newkeys *newkeys[MODE_MAX]; | 117 | Newkeys *newkeys[MODE_MAX]; |
118 | static u_int32_t read_seqnr = 0; | ||
119 | static u_int32_t send_seqnr = 0; | ||
120 | 118 | ||
121 | /* roundup current message to extra_pad bytes */ | 119 | /* roundup current message to extra_pad bytes */ |
122 | static u_char extra_pad = 0; | 120 | static u_char extra_pad = 0; |
@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void) | |||
173 | return 1; | 171 | return 1; |
174 | } | 172 | } |
175 | 173 | ||
176 | /* | ||
177 | * Exports an IV from the CipherContext required to export the key | ||
178 | * state back from the unprivileged child to the privileged parent | ||
179 | * process. | ||
180 | */ | ||
181 | |||
182 | void | ||
183 | packet_get_keyiv(int mode, u_char *iv, u_int len) | ||
184 | { | ||
185 | CipherContext *cc; | ||
186 | |||
187 | if (mode == MODE_OUT) | ||
188 | cc = &send_context; | ||
189 | else | ||
190 | cc = &receive_context; | ||
191 | |||
192 | cipher_get_keyiv(cc, iv, len); | ||
193 | } | ||
194 | |||
195 | int | ||
196 | packet_get_keycontext(int mode, u_char *dat) | ||
197 | { | ||
198 | int plen; | ||
199 | CipherContext *cc; | ||
200 | |||
201 | if (mode == MODE_OUT) | ||
202 | cc = &send_context; | ||
203 | else | ||
204 | cc = &receive_context; | ||
205 | |||
206 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
207 | plen = sizeof(cc->evp.c); | ||
208 | #else | ||
209 | plen = cc->evp.cipher->ctx_size; | ||
210 | #endif | ||
211 | |||
212 | if (dat == NULL) | ||
213 | return (plen); | ||
214 | |||
215 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
216 | memcpy(dat, &cc->evp.c, sizeof(cc->evp.c)); | ||
217 | #else | ||
218 | memcpy(dat, &cc->evp.cipher_data, plen); | ||
219 | #endif | ||
220 | return (plen); | ||
221 | } | ||
222 | |||
223 | void | ||
224 | packet_set_keycontext(int mode, u_char *dat) | ||
225 | { | ||
226 | CipherContext *cc; | ||
227 | |||
228 | if (mode == MODE_OUT) | ||
229 | cc = &send_context; | ||
230 | else | ||
231 | cc = &receive_context; | ||
232 | |||
233 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
234 | memcpy(&cc->evp.c, dat, sizeof(cc->evp.c)); | ||
235 | #else | ||
236 | memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size); | ||
237 | #endif | ||
238 | } | ||
239 | |||
240 | u_int32_t | ||
241 | packet_get_seqnr(int mode) | ||
242 | { | ||
243 | return (mode == MODE_IN ? read_seqnr : send_seqnr); | ||
244 | } | ||
245 | |||
246 | void | ||
247 | packet_set_seqnr(int mode, u_int32_t seqnr) | ||
248 | { | ||
249 | if (mode == MODE_IN) | ||
250 | read_seqnr = seqnr; | ||
251 | else if (mode == MODE_OUT) | ||
252 | send_seqnr = seqnr; | ||
253 | else | ||
254 | fatal("%s: bad mode %d", __FUNCTION__, mode); | ||
255 | } | ||
256 | |||
257 | /* returns 1 if connection is via ipv4 */ | 174 | /* returns 1 if connection is via ipv4 */ |
258 | 175 | ||
259 | int | 176 | int |
@@ -516,7 +433,7 @@ packet_send1(void) | |||
516 | */ | 433 | */ |
517 | } | 434 | } |
518 | 435 | ||
519 | void | 436 | static void |
520 | set_newkeys(int mode) | 437 | set_newkeys(int mode) |
521 | { | 438 | { |
522 | Enc *enc; | 439 | Enc *enc; |
@@ -560,9 +477,8 @@ set_newkeys(int mode) | |||
560 | DBG(debug("cipher_init_context: %d", mode)); | 477 | DBG(debug("cipher_init_context: %d", mode)); |
561 | cipher_init(cc, enc->cipher, enc->key, enc->key_len, | 478 | cipher_init(cc, enc->cipher, enc->key, enc->key_len, |
562 | enc->iv, enc->block_size, encrypt); | 479 | enc->iv, enc->block_size, encrypt); |
563 | /* Deleting the keys does not gain extra security */ | 480 | memset(enc->iv, 0, enc->block_size); |
564 | /* memset(enc->iv, 0, enc->block_size); | 481 | memset(enc->key, 0, enc->key_len); |
565 | memset(enc->key, 0, enc->key_len); */ | ||
566 | if (comp->type != 0 && comp->enabled == 0) { | 482 | if (comp->type != 0 && comp->enabled == 0) { |
567 | packet_init_compression(); | 483 | packet_init_compression(); |
568 | if (mode == MODE_OUT) | 484 | if (mode == MODE_OUT) |
@@ -579,6 +495,7 @@ set_newkeys(int mode) | |||
579 | static void | 495 | static void |
580 | packet_send2(void) | 496 | packet_send2(void) |
581 | { | 497 | { |
498 | static u_int32_t seqnr = 0; | ||
582 | u_char type, *cp, *macbuf = NULL; | 499 | u_char type, *cp, *macbuf = NULL; |
583 | u_char padlen, pad; | 500 | u_char padlen, pad; |
584 | u_int packet_length = 0; | 501 | u_int packet_length = 0; |
@@ -659,10 +576,10 @@ packet_send2(void) | |||
659 | 576 | ||
660 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ | 577 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
661 | if (mac && mac->enabled) { | 578 | if (mac && mac->enabled) { |
662 | macbuf = mac_compute(mac, send_seqnr, | 579 | macbuf = mac_compute(mac, seqnr, |
663 | buffer_ptr(&outgoing_packet), | 580 | buffer_ptr(&outgoing_packet), |
664 | buffer_len(&outgoing_packet)); | 581 | buffer_len(&outgoing_packet)); |
665 | DBG(debug("done calc MAC out #%d", send_seqnr)); | 582 | DBG(debug("done calc MAC out #%d", seqnr)); |
666 | } | 583 | } |
667 | /* encrypt packet and append to output buffer. */ | 584 | /* encrypt packet and append to output buffer. */ |
668 | cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); | 585 | cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); |
@@ -676,7 +593,7 @@ packet_send2(void) | |||
676 | buffer_dump(&output); | 593 | buffer_dump(&output); |
677 | #endif | 594 | #endif |
678 | /* increment sequence number for outgoing packets */ | 595 | /* increment sequence number for outgoing packets */ |
679 | if (++send_seqnr == 0) | 596 | if (++seqnr == 0) |
680 | log("outgoing seqnr wraps around"); | 597 | log("outgoing seqnr wraps around"); |
681 | buffer_clear(&outgoing_packet); | 598 | buffer_clear(&outgoing_packet); |
682 | 599 | ||
@@ -866,6 +783,7 @@ packet_read_poll1(void) | |||
866 | static int | 783 | static int |
867 | packet_read_poll2(u_int32_t *seqnr_p) | 784 | packet_read_poll2(u_int32_t *seqnr_p) |
868 | { | 785 | { |
786 | static u_int32_t seqnr = 0; | ||
869 | static u_int packet_length = 0; | 787 | static u_int packet_length = 0; |
870 | u_int padlen, need; | 788 | u_int padlen, need; |
871 | u_char *macbuf, *cp, type; | 789 | u_char *macbuf, *cp, type; |
@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
927 | * increment sequence number for incoming packet | 845 | * increment sequence number for incoming packet |
928 | */ | 846 | */ |
929 | if (mac && mac->enabled) { | 847 | if (mac && mac->enabled) { |
930 | macbuf = mac_compute(mac, read_seqnr, | 848 | macbuf = mac_compute(mac, seqnr, |
931 | buffer_ptr(&incoming_packet), | 849 | buffer_ptr(&incoming_packet), |
932 | buffer_len(&incoming_packet)); | 850 | buffer_len(&incoming_packet)); |
933 | if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) | 851 | if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) |
934 | packet_disconnect("Corrupted MAC on input."); | 852 | packet_disconnect("Corrupted MAC on input."); |
935 | DBG(debug("MAC #%d ok", read_seqnr)); | 853 | DBG(debug("MAC #%d ok", seqnr)); |
936 | buffer_consume(&input, mac->mac_len); | 854 | buffer_consume(&input, mac->mac_len); |
937 | } | 855 | } |
938 | if (seqnr_p != NULL) | 856 | if (seqnr_p != NULL) |
939 | *seqnr_p = read_seqnr; | 857 | *seqnr_p = seqnr; |
940 | if (++read_seqnr == 0) | 858 | if (++seqnr == 0) |
941 | log("incoming seqnr wraps around"); | 859 | log("incoming seqnr wraps around"); |
942 | 860 | ||
943 | /* get padlen */ | 861 | /* get padlen */ |