Stupid djm commits experimental code to head instead of branch

revert
author: Damien Miller <djm@mindrot.org> 2002-03-13 13:19:42 +1100
committer: Damien Miller <djm@mindrot.org> 2002-03-13 13:19:42 +1100
commit: 3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch)
tree: 86478addb63771a9a1be0e13cfbdea9f964f963a /packet.c
parent: 3225fb454d0e79cf6f824dd00ff478749620277b (diff)
1 files changed, 12 insertions, 94 deletions
diff --git a/packet.c b/packet.c
index 1c80af128..045d5a105 100644
--- a/packet.c
+++ b/packet.c
@@ -115,8 +115,6 @@ static int interactive_mode = 0;
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
-static u_int32_t read_seqnr = 0;
-static u_int32_t send_seqnr = 0;
 /* roundup current message to extra_pad bytes */
 static u_char extra_pad = 0;
@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
        return 1;
 }
-/* 
- * Exports an IV from the CipherContext required to export the key
- * state back from the unprivileged child to the privileged parent
- * process.
- */
-void
-packet_get_keyiv(int mode, u_char *iv, u_int len)
-{
-        CipherContext *cc;
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-        cipher_get_keyiv(cc, iv, len);
-}
-int
-packet_get_keycontext(int mode, u_char *dat)
-{
-        int plen;
-        CipherContext *cc;
-        
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        plen = sizeof(cc->evp.c);
-#else
-        plen = cc->evp.cipher->ctx_size;
-#endif
-        if (dat == NULL)
-                return (plen);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
-#else
-        memcpy(dat, &cc->evp.cipher_data, plen);
-#endif
-        return (plen);
-}
-void
-packet_set_keycontext(int mode, u_char *dat)
-{
-        CipherContext *cc;
-        
-        if (mode == MODE_OUT)
-                cc = &send_context;
-        else
-                cc = &receive_context;
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
-#else
-        memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
-#endif
-}
-u_int32_t
-packet_get_seqnr(int mode)
-{
-        return (mode == MODE_IN ? read_seqnr : send_seqnr);
-}
-void
-packet_set_seqnr(int mode, u_int32_t seqnr)
-{
-        if (mode == MODE_IN)
-                read_seqnr = seqnr;
-        else if (mode == MODE_OUT)
-                send_seqnr = seqnr;
-        else
-                fatal("%s: bad mode %d", __FUNCTION__, mode);
-}
 /* returns 1 if connection is via ipv4 */
 int
@@ -516,7 +433,7 @@ packet_send1(void)
         */
 }
-void
+static void
 set_newkeys(int mode)
 {
        Enc *enc;
@@ -560,9 +477,8 @@ set_newkeys(int mode)
        DBG(debug("cipher_init_context: %d", mode));
        cipher_init(cc, enc->cipher, enc->key, enc->key_len,
            enc->iv, enc->block_size, encrypt);
-        /* Deleting the keys does not gain extra security */
+        memset(enc->iv,  0, enc->block_size);
-        /* memset(enc->iv,  0, enc->block_size);
+        memset(enc->key, 0, enc->key_len);
-           memset(enc->key, 0, enc->key_len); */
        if (comp->type != 0 && comp->enabled == 0) {
                packet_init_compression();
                if (mode == MODE_OUT)
@@ -579,6 +495,7 @@ set_newkeys(int mode)
 static void
 packet_send2(void)
 {
+        static u_int32_t seqnr = 0;
        u_char type, *cp, *macbuf = NULL;
        u_char padlen, pad;
        u_int packet_length = 0;
@@ -659,10 +576,10 @@ packet_send2(void)
        /* compute MAC over seqnr and packet(length fields, payload, padding) */
        if (mac && mac->enabled) {
-                macbuf = mac_compute(mac, send_seqnr,
+                macbuf = mac_compute(mac, seqnr,
                    buffer_ptr(&outgoing_packet),
                    buffer_len(&outgoing_packet));
-                DBG(debug("done calc MAC out #%d", send_seqnr));
+                DBG(debug("done calc MAC out #%d", seqnr));
        }
        /* encrypt packet and append to output buffer. */
        cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@@ -676,7 +593,7 @@ packet_send2(void)
        buffer_dump(&output);
 #endif
        /* increment sequence number for outgoing packets */
-        if (++send_seqnr == 0)
+        if (++seqnr == 0)
                log("outgoing seqnr wraps around");
        buffer_clear(&outgoing_packet);
@@ -866,6 +783,7 @@ packet_read_poll1(void)
 static int
 packet_read_poll2(u_int32_t *seqnr_p)
 {
+        static u_int32_t seqnr = 0;
        static u_int packet_length = 0;
        u_int padlen, need;
        u_char *macbuf, *cp, type;
@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
         * increment sequence number for incoming packet
         */
        if (mac && mac->enabled) {
-                macbuf = mac_compute(mac, read_seqnr,
+                macbuf = mac_compute(mac, seqnr,
                    buffer_ptr(&incoming_packet),
                    buffer_len(&incoming_packet));
                if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
                        packet_disconnect("Corrupted MAC on input.");
-                DBG(debug("MAC #%d ok", read_seqnr));
+                DBG(debug("MAC #%d ok", seqnr));
                buffer_consume(&input, mac->mac_len);
        }
        if (seqnr_p != NULL)
-                *seqnr_p = read_seqnr;
+                *seqnr_p = seqnr;
-        if (++read_seqnr == 0)
+        if (++seqnr == 0)
                log("incoming seqnr wraps around");
        /* get padlen */
author	Damien Miller <djm@mindrot.org>	2002-03-13 13:19:42 +1100
committer	Damien Miller <djm@mindrot.org>	2002-03-13 13:19:42 +1100
commit	3a5b0233306a3db3a5db5b9ddc187c55e9b251f4 (patch)
tree	86478addb63771a9a1be0e13cfbdea9f964f963a /packet.c
parent	3225fb454d0e79cf6f824dd00ff478749620277b (diff)

diff --git a/packet.c b/packet.c index 1c80af128..045d5a105 100644 --- a/packet.c +++ b/packet.c
@@ -115,8 +115,6 @@ static int interactive_mode = 0;
115		115
116	/* Session key information for Encryption and MAC */	116	/* Session key information for Encryption and MAC */
117	Newkeys *newkeys[MODE_MAX];	117	Newkeys *newkeys[MODE_MAX];
118	static u_int32_t read_seqnr = 0;
119	static u_int32_t send_seqnr = 0;
120		118
121	/* roundup current message to extra_pad bytes */	119	/* roundup current message to extra_pad bytes */
122	static u_char extra_pad = 0;	120	static u_char extra_pad = 0;
@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
173	return 1;	171	return 1;
174	}	172	}
175		173
176	/*
177	* Exports an IV from the CipherContext required to export the key
178	* state back from the unprivileged child to the privileged parent
179	* process.
180	*/
181
182	void
183	packet_get_keyiv(int mode, u_char *iv, u_int len)
184	{
185	CipherContext *cc;
186
187	if (mode == MODE_OUT)
188	cc = &send_context;
189	else
190	cc = &receive_context;
191
192	cipher_get_keyiv(cc, iv, len);
193	}
194
195	int
196	packet_get_keycontext(int mode, u_char *dat)
197	{
198	int plen;
199	CipherContext *cc;
200
201	if (mode == MODE_OUT)
202	cc = &send_context;
203	else
204	cc = &receive_context;
205
206	#if OPENSSL_VERSION_NUMBER < 0x00907000L
207	plen = sizeof(cc->evp.c);
208	#else
209	plen = cc->evp.cipher->ctx_size;
210	#endif
211
212	if (dat == NULL)
213	return (plen);
214
215	#if OPENSSL_VERSION_NUMBER < 0x00907000L
216	memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
217	#else
218	memcpy(dat, &cc->evp.cipher_data, plen);
219	#endif
220	return (plen);
221	}
222
223	void
224	packet_set_keycontext(int mode, u_char *dat)
225	{
226	CipherContext *cc;
227
228	if (mode == MODE_OUT)
229	cc = &send_context;
230	else
231	cc = &receive_context;
232
233	#if OPENSSL_VERSION_NUMBER < 0x00907000L
234	memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
235	#else
236	memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
237	#endif
238	}
239
240	u_int32_t
241	packet_get_seqnr(int mode)
242	{
243	return (mode == MODE_IN ? read_seqnr : send_seqnr);
244	}
245
246	void
247	packet_set_seqnr(int mode, u_int32_t seqnr)
248	{
249	if (mode == MODE_IN)
250	read_seqnr = seqnr;
251	else if (mode == MODE_OUT)
252	send_seqnr = seqnr;
253	else
254	fatal("%s: bad mode %d", __FUNCTION__, mode);
255	}
256
257	/* returns 1 if connection is via ipv4 */	174	/* returns 1 if connection is via ipv4 */
258		175
259	int	176	int
@@ -516,7 +433,7 @@ packet_send1(void)
516	*/	433	*/
517	}	434	}
518		435
519	void	436	static void
520	set_newkeys(int mode)	437	set_newkeys(int mode)
521	{	438	{
522	Enc *enc;	439	Enc *enc;
@@ -560,9 +477,8 @@ set_newkeys(int mode)
560	DBG(debug("cipher_init_context: %d", mode));	477	DBG(debug("cipher_init_context: %d", mode));
561	cipher_init(cc, enc->cipher, enc->key, enc->key_len,	478	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
562	enc->iv, enc->block_size, encrypt);	479	enc->iv, enc->block_size, encrypt);
563	/* Deleting the keys does not gain extra security */	480	memset(enc->iv, 0, enc->block_size);
564	/* memset(enc->iv, 0, enc->block_size);	481	memset(enc->key, 0, enc->key_len);
565	memset(enc->key, 0, enc->key_len); */
566	if (comp->type != 0 && comp->enabled == 0) {	482	if (comp->type != 0 && comp->enabled == 0) {
567	packet_init_compression();	483	packet_init_compression();
568	if (mode == MODE_OUT)	484	if (mode == MODE_OUT)
@@ -579,6 +495,7 @@ set_newkeys(int mode)
579	static void	495	static void
580	packet_send2(void)	496	packet_send2(void)
581	{	497	{
		498	static u_int32_t seqnr = 0;
582	u_char type, cp, macbuf = NULL;	499	u_char type, cp, macbuf = NULL;
583	u_char padlen, pad;	500	u_char padlen, pad;
584	u_int packet_length = 0;	501	u_int packet_length = 0;
@@ -659,10 +576,10 @@ packet_send2(void)
659		576
660	/* compute MAC over seqnr and packet(length fields, payload, padding) */	577	/* compute MAC over seqnr and packet(length fields, payload, padding) */
661	if (mac && mac->enabled) {	578	if (mac && mac->enabled) {
662	macbuf = mac_compute(mac, send_seqnr,	579	macbuf = mac_compute(mac, seqnr,
663	buffer_ptr(&outgoing_packet),	580	buffer_ptr(&outgoing_packet),
664	buffer_len(&outgoing_packet));	581	buffer_len(&outgoing_packet));
665	DBG(debug("done calc MAC out #%d", send_seqnr));	582	DBG(debug("done calc MAC out #%d", seqnr));
666	}	583	}
667	/* encrypt packet and append to output buffer. */	584	/* encrypt packet and append to output buffer. */
668	cp = buffer_append_space(&output, buffer_len(&outgoing_packet));	585	cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@@ -676,7 +593,7 @@ packet_send2(void)
676	buffer_dump(&output);	593	buffer_dump(&output);
677	#endif	594	#endif
678	/* increment sequence number for outgoing packets */	595	/* increment sequence number for outgoing packets */
679	if (++send_seqnr == 0)	596	if (++seqnr == 0)
680	log("outgoing seqnr wraps around");	597	log("outgoing seqnr wraps around");
681	buffer_clear(&outgoing_packet);	598	buffer_clear(&outgoing_packet);
682		599
@@ -866,6 +783,7 @@ packet_read_poll1(void)
866	static int	783	static int
867	packet_read_poll2(u_int32_t *seqnr_p)	784	packet_read_poll2(u_int32_t *seqnr_p)
868	{	785	{
		786	static u_int32_t seqnr = 0;
869	static u_int packet_length = 0;	787	static u_int packet_length = 0;
870	u_int padlen, need;	788	u_int padlen, need;
871	u_char macbuf, cp, type;	789	u_char macbuf, cp, type;
@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
927	* increment sequence number for incoming packet	845	* increment sequence number for incoming packet
928	*/	846	*/
929	if (mac && mac->enabled) {	847	if (mac && mac->enabled) {
930	macbuf = mac_compute(mac, read_seqnr,	848	macbuf = mac_compute(mac, seqnr,
931	buffer_ptr(&incoming_packet),	849	buffer_ptr(&incoming_packet),
932	buffer_len(&incoming_packet));	850	buffer_len(&incoming_packet));
933	if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)	851	if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
934	packet_disconnect("Corrupted MAC on input.");	852	packet_disconnect("Corrupted MAC on input.");
935	DBG(debug("MAC #%d ok", read_seqnr));	853	DBG(debug("MAC #%d ok", seqnr));
936	buffer_consume(&input, mac->mac_len);	854	buffer_consume(&input, mac->mac_len);
937	}	855	}
938	if (seqnr_p != NULL)	856	if (seqnr_p != NULL)
939	*seqnr_p = read_seqnr;	857	*seqnr_p = seqnr;
940	if (++read_seqnr == 0)	858	if (++seqnr == 0)
941	log("incoming seqnr wraps around");	859	log("incoming seqnr wraps around");
942		860
943	/* get padlen */	861	/* get padlen */