diff options
author | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-09-14 12:45:47 +0000 |
commit | 9b71add4cecf753c45f5fbd6ff0913bc95b3e95d (patch) | |
tree | d4ea8fdb30c7949c6433f5277c39548ea579d4dc /packet.c | |
parent | ed07bcbea56007ab5b218ddf3aa6a7d4e21966e0 (diff) | |
parent | 16704d57999d987fb8d9ba53379841a79f016d67 (diff) |
Merge 4.2p1 to the trunk.
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 63 |
1 files changed, 58 insertions, 5 deletions
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); |
41 | 41 | ||
42 | #include "openbsd-compat/sys-queue.h" | 42 | #include "openbsd-compat/sys-queue.h" |
43 | 43 | ||
@@ -118,6 +118,12 @@ static int initialized = 0; | |||
118 | /* Set to true if the connection is interactive. */ | 118 | /* Set to true if the connection is interactive. */ |
119 | static int interactive_mode = 0; | 119 | static int interactive_mode = 0; |
120 | 120 | ||
121 | /* Set to true if we are the server side. */ | ||
122 | static int server_side = 0; | ||
123 | |||
124 | /* Set to true if we are authenticated. */ | ||
125 | static int after_authentication = 0; | ||
126 | |||
121 | /* Session key information for Encryption and MAC */ | 127 | /* Session key information for Encryption and MAC */ |
122 | Newkeys *newkeys[MODE_MAX]; | 128 | Newkeys *newkeys[MODE_MAX]; |
123 | static struct packet_state { | 129 | static struct packet_state { |
@@ -627,7 +633,9 @@ set_newkeys(int mode) | |||
627 | /* Deleting the keys does not gain extra security */ | 633 | /* Deleting the keys does not gain extra security */ |
628 | /* memset(enc->iv, 0, enc->block_size); | 634 | /* memset(enc->iv, 0, enc->block_size); |
629 | memset(enc->key, 0, enc->key_len); */ | 635 | memset(enc->key, 0, enc->key_len); */ |
630 | if (comp->type != 0 && comp->enabled == 0) { | 636 | if ((comp->type == COMP_ZLIB || |
637 | (comp->type == COMP_DELAYED && after_authentication)) && | ||
638 | comp->enabled == 0) { | ||
631 | packet_init_compression(); | 639 | packet_init_compression(); |
632 | if (mode == MODE_OUT) | 640 | if (mode == MODE_OUT) |
633 | buffer_compress_init_send(6); | 641 | buffer_compress_init_send(6); |
@@ -648,6 +656,35 @@ set_newkeys(int mode) | |||
648 | } | 656 | } |
649 | 657 | ||
650 | /* | 658 | /* |
659 | * Delayed compression for SSH2 is enabled after authentication: | ||
660 | * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, | ||
661 | * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. | ||
662 | */ | ||
663 | static void | ||
664 | packet_enable_delayed_compress(void) | ||
665 | { | ||
666 | Comp *comp = NULL; | ||
667 | int mode; | ||
668 | |||
669 | /* | ||
670 | * Remember that we are past the authentication step, so rekeying | ||
671 | * with COMP_DELAYED will turn on compression immediately. | ||
672 | */ | ||
673 | after_authentication = 1; | ||
674 | for (mode = 0; mode < MODE_MAX; mode++) { | ||
675 | comp = &newkeys[mode]->comp; | ||
676 | if (comp && !comp->enabled && comp->type == COMP_DELAYED) { | ||
677 | packet_init_compression(); | ||
678 | if (mode == MODE_OUT) | ||
679 | buffer_compress_init_send(6); | ||
680 | else | ||
681 | buffer_compress_init_recv(); | ||
682 | comp->enabled = 1; | ||
683 | } | ||
684 | } | ||
685 | } | ||
686 | |||
687 | /* | ||
651 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) | 688 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
652 | */ | 689 | */ |
653 | static void | 690 | static void |
@@ -760,6 +797,8 @@ packet_send2_wrapped(void) | |||
760 | 797 | ||
761 | if (type == SSH2_MSG_NEWKEYS) | 798 | if (type == SSH2_MSG_NEWKEYS) |
762 | set_newkeys(MODE_OUT); | 799 | set_newkeys(MODE_OUT); |
800 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) | ||
801 | packet_enable_delayed_compress(); | ||
763 | } | 802 | } |
764 | 803 | ||
765 | static void | 804 | static void |
@@ -1006,7 +1045,7 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1006 | static u_int packet_length = 0; | 1045 | static u_int packet_length = 0; |
1007 | u_int padlen, need; | 1046 | u_int padlen, need; |
1008 | u_char *macbuf, *cp, type; | 1047 | u_char *macbuf, *cp, type; |
1009 | int maclen, block_size; | 1048 | u_int maclen, block_size; |
1010 | Enc *enc = NULL; | 1049 | Enc *enc = NULL; |
1011 | Mac *mac = NULL; | 1050 | Mac *mac = NULL; |
1012 | Comp *comp = NULL; | 1051 | Comp *comp = NULL; |
@@ -1113,6 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1113 | packet_disconnect("Invalid ssh2 packet type: %d", type); | 1152 | packet_disconnect("Invalid ssh2 packet type: %d", type); |
1114 | if (type == SSH2_MSG_NEWKEYS) | 1153 | if (type == SSH2_MSG_NEWKEYS) |
1115 | set_newkeys(MODE_IN); | 1154 | set_newkeys(MODE_IN); |
1155 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) | ||
1156 | packet_enable_delayed_compress(); | ||
1116 | #ifdef PACKET_DEBUG | 1157 | #ifdef PACKET_DEBUG |
1117 | fprintf(stderr, "read/plain[%d]:\r\n", type); | 1158 | fprintf(stderr, "read/plain[%d]:\r\n", type); |
1118 | buffer_dump(&incoming_packet); | 1159 | buffer_dump(&incoming_packet); |
@@ -1243,9 +1284,9 @@ packet_get_bignum2(BIGNUM * value) | |||
1243 | } | 1284 | } |
1244 | 1285 | ||
1245 | void * | 1286 | void * |
1246 | packet_get_raw(int *length_ptr) | 1287 | packet_get_raw(u_int *length_ptr) |
1247 | { | 1288 | { |
1248 | int bytes = buffer_len(&incoming_packet); | 1289 | u_int bytes = buffer_len(&incoming_packet); |
1249 | 1290 | ||
1250 | if (length_ptr != NULL) | 1291 | if (length_ptr != NULL) |
1251 | *length_ptr = bytes; | 1292 | *length_ptr = bytes; |
@@ -1538,3 +1579,15 @@ packet_set_rekey_limit(u_int32_t bytes) | |||
1538 | { | 1579 | { |
1539 | rekey_limit = bytes; | 1580 | rekey_limit = bytes; |
1540 | } | 1581 | } |
1582 | |||
1583 | void | ||
1584 | packet_set_server(void) | ||
1585 | { | ||
1586 | server_side = 1; | ||
1587 | } | ||
1588 | |||
1589 | void | ||
1590 | packet_set_authenticated(void) | ||
1591 | { | ||
1592 | after_authentication = 1; | ||
1593 | } | ||