summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-05-07 23:12:57 +0000
committerDamien Miller <djm@mindrot.org>2017-05-08 09:21:00 +1000
commitacaf34fd823235d549c633c0146ee03ac5956e82 (patch)
treeb6e350c58134d35c9a51533349404ee1463192eb /packet.c
parent3e371bd2124427403971db853fb2e36ce789b6fd (diff)
upstream commit
As promised in last release announcement: remove support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c35
1 files changed, 4 insertions, 31 deletions
diff --git a/packet.c b/packet.c
index 533bd1e61..ec0eb0cd3 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */ 1/* $OpenBSD: packet.c,v 1.254 2017/05/07 23:12:57 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -884,7 +884,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
884 } 884 }
885 /* 885 /*
886 * The 2^(blocksize*2) limit is too expensive for 3DES, 886 * The 2^(blocksize*2) limit is too expensive for 3DES,
887 * blowfish, etc, so enforce a 1GB limit for small blocksizes. 887 * so enforce a 1GB limit for small blocksizes.
888 */ 888 */
889 if (enc->block_size >= 16) 889 if (enc->block_size >= 16)
890 *max_blocks = (u_int64_t)1 << (enc->block_size*2); 890 *max_blocks = (u_int64_t)1 << (enc->block_size*2);
@@ -2223,8 +2223,6 @@ int
2223ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) 2223ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
2224{ 2224{
2225 struct session_state *state = ssh->state; 2225 struct session_state *state = ssh->state;
2226 u_char *p;
2227 size_t slen, rlen;
2228 int r; 2226 int r;
2229 2227
2230 if ((r = kex_to_blob(m, ssh->kex)) != 0 || 2228 if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
@@ -2242,22 +2240,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
2242 (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0) 2240 (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0)
2243 return r; 2241 return r;
2244 2242
2245 slen = cipher_get_keycontext(state->send_context, NULL);
2246 rlen = cipher_get_keycontext(state->receive_context, NULL);
2247 if ((r = sshbuf_put_u32(m, slen)) != 0 ||
2248 (r = sshbuf_reserve(m, slen, &p)) != 0)
2249 return r;
2250 if (cipher_get_keycontext(state->send_context, p) != (int)slen)
2251 return SSH_ERR_INTERNAL_ERROR;
2252 if ((r = sshbuf_put_u32(m, rlen)) != 0 ||
2253 (r = sshbuf_reserve(m, rlen, &p)) != 0)
2254 return r;
2255 if (cipher_get_keycontext(state->receive_context, p) != (int)rlen)
2256 return SSH_ERR_INTERNAL_ERROR;
2257 if ((r = sshbuf_put_stringb(m, state->input)) != 0 ||
2258 (r = sshbuf_put_stringb(m, state->output)) != 0)
2259 return r;
2260
2261 return 0; 2243 return 0;
2262} 2244}
2263 2245
@@ -2379,8 +2361,8 @@ int
2379ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) 2361ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2380{ 2362{
2381 struct session_state *state = ssh->state; 2363 struct session_state *state = ssh->state;
2382 const u_char *keyin, *keyout, *input, *output; 2364 const u_char *input, *output;
2383 size_t rlen, slen, ilen, olen; 2365 size_t ilen, olen;
2384 int r; 2366 int r;
2385 2367
2386 if ((r = kex_from_blob(m, &ssh->kex)) != 0 || 2368 if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
@@ -2407,15 +2389,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2407 (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) 2389 (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
2408 return r; 2390 return r;
2409 2391
2410 if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 ||
2411 (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0)
2412 return r;
2413 if (cipher_get_keycontext(state->send_context, NULL) != (int)slen ||
2414 cipher_get_keycontext(state->receive_context, NULL) != (int)rlen)
2415 return SSH_ERR_INVALID_FORMAT;
2416 cipher_set_keycontext(state->send_context, keyout);
2417 cipher_set_keycontext(state->receive_context, keyin);
2418
2419 if ((r = ssh_packet_set_postauth(ssh)) != 0) 2392 if ((r = ssh_packet_set_postauth(ssh)) != 0)
2420 return r; 2393 return r;
2421 2394