diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-02-15 03:01:59 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-02-15 03:01:59 +0000 |
| commit | 06b33aa0e83163f3dcd679317afec1ee95910512 (patch) | |
| tree | eae5cbd1cd71619bdd1e5d4a28e6bb96057f4479 /packet.c | |
| parent | 4272ed803ff309f1fdb9c149b9cf083769f53744 (diff) | |
- markus@cvs.openbsd.org 2001/02/11 12:59:25
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
1) clean up the MAC support for SSH-2
2) allow you to specify the MAC with 'ssh -m'
3) or the 'MACs' keyword in ssh(d)_config
4) add hmac-{md5,sha1}-96
ok stevesk@, provos@
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 25 |
1 files changed, 9 insertions, 16 deletions
| @@ -37,7 +37,7 @@ | |||
| 37 | */ | 37 | */ |
| 38 | 38 | ||
| 39 | #include "includes.h" | 39 | #include "includes.h" |
| 40 | RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.50 2001/02/11 12:59:25 markus Exp $"); |
| 41 | 41 | ||
| 42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
| 43 | #include "buffer.h" | 43 | #include "buffer.h" |
| @@ -54,12 +54,9 @@ RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $"); | |||
| 54 | #include "ssh1.h" | 54 | #include "ssh1.h" |
| 55 | #include "ssh2.h" | 55 | #include "ssh2.h" |
| 56 | 56 | ||
| 57 | #include <openssl/bn.h> | ||
| 58 | #include <openssl/dh.h> | ||
| 59 | #include <openssl/hmac.h> | ||
| 60 | #include "cipher.h" | 57 | #include "cipher.h" |
| 61 | #include "kex.h" | 58 | #include "kex.h" |
| 62 | #include "hmac.h" | 59 | #include "mac.h" |
| 63 | #include "log.h" | 60 | #include "log.h" |
| 64 | #include "canohost.h" | 61 | #include "canohost.h" |
| 65 | 62 | ||
| @@ -531,12 +528,12 @@ packet_send1(void) | |||
| 531 | void | 528 | void |
| 532 | packet_send2(void) | 529 | packet_send2(void) |
| 533 | { | 530 | { |
| 531 | static u_int32_t seqnr = 0; | ||
| 534 | u_char *macbuf = NULL; | 532 | u_char *macbuf = NULL; |
| 535 | char *cp; | 533 | char *cp; |
| 536 | u_int packet_length = 0; | 534 | u_int packet_length = 0; |
| 537 | u_int i, padlen, len; | 535 | u_int i, padlen, len; |
| 538 | u_int32_t rand = 0; | 536 | u_int32_t rand = 0; |
| 539 | static u_int seqnr = 0; | ||
| 540 | int type; | 537 | int type; |
| 541 | Enc *enc = NULL; | 538 | Enc *enc = NULL; |
| 542 | Mac *mac = NULL; | 539 | Mac *mac = NULL; |
| @@ -604,11 +601,9 @@ packet_send2(void) | |||
| 604 | 601 | ||
| 605 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ | 602 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
| 606 | if (mac && mac->enabled) { | 603 | if (mac && mac->enabled) { |
| 607 | macbuf = hmac( mac->md, seqnr, | 604 | macbuf = mac_compute(mac, seqnr, |
| 608 | (u_char *) buffer_ptr(&outgoing_packet), | 605 | (u_char *) buffer_ptr(&outgoing_packet), |
| 609 | buffer_len(&outgoing_packet), | 606 | buffer_len(&outgoing_packet)); |
| 610 | mac->key, mac->key_len | ||
| 611 | ); | ||
| 612 | DBG(debug("done calc MAC out #%d", seqnr)); | 607 | DBG(debug("done calc MAC out #%d", seqnr)); |
| 613 | } | 608 | } |
| 614 | /* encrypt packet and append to output buffer. */ | 609 | /* encrypt packet and append to output buffer. */ |
| @@ -818,12 +813,12 @@ packet_read_poll1(int *payload_len_ptr) | |||
| 818 | int | 813 | int |
| 819 | packet_read_poll2(int *payload_len_ptr) | 814 | packet_read_poll2(int *payload_len_ptr) |
| 820 | { | 815 | { |
| 816 | static u_int32_t seqnr = 0; | ||
| 817 | static u_int packet_length = 0; | ||
| 821 | u_int padlen, need; | 818 | u_int padlen, need; |
| 822 | u_char buf[8], *macbuf; | 819 | u_char buf[8], *macbuf; |
| 823 | u_char *ucp; | 820 | u_char *ucp; |
| 824 | char *cp; | 821 | char *cp; |
| 825 | static u_int packet_length = 0; | ||
| 826 | static u_int seqnr = 0; | ||
| 827 | int type; | 822 | int type; |
| 828 | int maclen, block_size; | 823 | int maclen, block_size; |
| 829 | Enc *enc = NULL; | 824 | Enc *enc = NULL; |
| @@ -883,11 +878,9 @@ packet_read_poll2(int *payload_len_ptr) | |||
| 883 | * increment sequence number for incoming packet | 878 | * increment sequence number for incoming packet |
| 884 | */ | 879 | */ |
| 885 | if (mac && mac->enabled) { | 880 | if (mac && mac->enabled) { |
| 886 | macbuf = hmac( mac->md, seqnr, | 881 | macbuf = mac_compute(mac, seqnr, |
| 887 | (u_char *) buffer_ptr(&incoming_packet), | 882 | (u_char *) buffer_ptr(&incoming_packet), |
| 888 | buffer_len(&incoming_packet), | 883 | buffer_len(&incoming_packet)); |
| 889 | mac->key, mac->key_len | ||
| 890 | ); | ||
| 891 | if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) | 884 | if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) |
| 892 | packet_disconnect("Corrupted MAC on input."); | 885 | packet_disconnect("Corrupted MAC on input."); |
| 893 | DBG(debug("MAC #%d ok", seqnr)); | 886 | DBG(debug("MAC #%d ok", seqnr)); |