diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-01-13 19:31:40 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-14 20:43:11 +1100 |
commit | 128343bcdb0b60fc826f2733df8cf979ec1627b4 (patch) | |
tree | ec2b30d15b28ee4e5f3822493989fad1e00199f6 /packet.c | |
parent | e7fd952f4ea01f09ceb068721a5431ac2fd416ed (diff) |
upstream commit
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 35 |
1 files changed, 23 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.199 2014/10/24 02:01:20 lteo Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.200 2015/01/13 19:31:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -72,6 +72,7 @@ | |||
72 | #include "cipher.h" | 72 | #include "cipher.h" |
73 | #include "key.h" | 73 | #include "key.h" |
74 | #include "kex.h" | 74 | #include "kex.h" |
75 | #include "digest.h" | ||
75 | #include "mac.h" | 76 | #include "mac.h" |
76 | #include "log.h" | 77 | #include "log.h" |
77 | #include "canohost.h" | 78 | #include "canohost.h" |
@@ -275,7 +276,7 @@ packet_stop_discard(void) | |||
275 | (void) mac_compute(active_state->packet_discard_mac, | 276 | (void) mac_compute(active_state->packet_discard_mac, |
276 | active_state->p_read.seqnr, | 277 | active_state->p_read.seqnr, |
277 | buffer_ptr(&active_state->incoming_packet), | 278 | buffer_ptr(&active_state->incoming_packet), |
278 | PACKET_MAX_SIZE); | 279 | PACKET_MAX_SIZE, NULL, 0); |
279 | } | 280 | } |
280 | logit("Finished discarding for %.200s", get_remote_ipaddr()); | 281 | logit("Finished discarding for %.200s", get_remote_ipaddr()); |
281 | cleanup_exit(255); | 282 | cleanup_exit(255); |
@@ -863,7 +864,7 @@ packet_enable_delayed_compress(void) | |||
863 | static void | 864 | static void |
864 | packet_send2_wrapped(void) | 865 | packet_send2_wrapped(void) |
865 | { | 866 | { |
866 | u_char type, *cp, *macbuf = NULL; | 867 | u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
867 | u_char padlen, pad = 0; | 868 | u_char padlen, pad = 0; |
868 | u_int i, len, authlen = 0, aadlen = 0; | 869 | u_int i, len, authlen = 0, aadlen = 0; |
869 | u_int32_t rnd = 0; | 870 | u_int32_t rnd = 0; |
@@ -871,6 +872,7 @@ packet_send2_wrapped(void) | |||
871 | Mac *mac = NULL; | 872 | Mac *mac = NULL; |
872 | Comp *comp = NULL; | 873 | Comp *comp = NULL; |
873 | int block_size; | 874 | int block_size; |
875 | int r; | ||
874 | 876 | ||
875 | if (active_state->newkeys[MODE_OUT] != NULL) { | 877 | if (active_state->newkeys[MODE_OUT] != NULL) { |
876 | enc = &active_state->newkeys[MODE_OUT]->enc; | 878 | enc = &active_state->newkeys[MODE_OUT]->enc; |
@@ -953,8 +955,10 @@ packet_send2_wrapped(void) | |||
953 | 955 | ||
954 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ | 956 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
955 | if (mac && mac->enabled && !mac->etm) { | 957 | if (mac && mac->enabled && !mac->etm) { |
956 | macbuf = mac_compute(mac, active_state->p_send.seqnr, | 958 | if ((r = mac_compute(mac, active_state->p_send.seqnr, |
957 | buffer_ptr(&active_state->outgoing_packet), len); | 959 | buffer_ptr(&active_state->outgoing_packet), len, |
960 | macbuf, sizeof(macbuf))) != 0) | ||
961 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
958 | DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); | 962 | DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
959 | } | 963 | } |
960 | /* encrypt packet and append to output buffer. */ | 964 | /* encrypt packet and append to output buffer. */ |
@@ -967,8 +971,10 @@ packet_send2_wrapped(void) | |||
967 | if (mac && mac->enabled) { | 971 | if (mac && mac->enabled) { |
968 | if (mac->etm) { | 972 | if (mac->etm) { |
969 | /* EtM: compute mac over aadlen + cipher text */ | 973 | /* EtM: compute mac over aadlen + cipher text */ |
970 | macbuf = mac_compute(mac, | 974 | if ((r = mac_compute(mac, |
971 | active_state->p_send.seqnr, cp, len); | 975 | active_state->p_send.seqnr, cp, len, |
976 | macbuf, sizeof(macbuf))) != 0) | ||
977 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
972 | DBG(debug("done calc MAC(EtM) out #%d", | 978 | DBG(debug("done calc MAC(EtM) out #%d", |
973 | active_state->p_send.seqnr)); | 979 | active_state->p_send.seqnr)); |
974 | } | 980 | } |
@@ -1272,8 +1278,9 @@ static int | |||
1272 | packet_read_poll2(u_int32_t *seqnr_p) | 1278 | packet_read_poll2(u_int32_t *seqnr_p) |
1273 | { | 1279 | { |
1274 | u_int padlen, need; | 1280 | u_int padlen, need; |
1275 | u_char *macbuf = NULL, *cp, type; | 1281 | u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
1276 | u_int maclen, authlen = 0, aadlen = 0, block_size; | 1282 | u_int maclen, authlen = 0, aadlen = 0, block_size; |
1283 | int r; | ||
1277 | Enc *enc = NULL; | 1284 | Enc *enc = NULL; |
1278 | Mac *mac = NULL; | 1285 | Mac *mac = NULL; |
1279 | Comp *comp = NULL; | 1286 | Comp *comp = NULL; |
@@ -1373,8 +1380,10 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1373 | #endif | 1380 | #endif |
1374 | /* EtM: compute mac over encrypted input */ | 1381 | /* EtM: compute mac over encrypted input */ |
1375 | if (mac && mac->enabled && mac->etm) | 1382 | if (mac && mac->enabled && mac->etm) |
1376 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1383 | if ((r = mac_compute(mac, active_state->p_read.seqnr, |
1377 | buffer_ptr(&active_state->input), aadlen + need); | 1384 | buffer_ptr(&active_state->input), aadlen + need, |
1385 | macbuf, sizeof(macbuf))) != 0) | ||
1386 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
1378 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); | 1387 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
1379 | if (cipher_crypt(&active_state->receive_context, | 1388 | if (cipher_crypt(&active_state->receive_context, |
1380 | active_state->p_read.seqnr, cp, | 1389 | active_state->p_read.seqnr, cp, |
@@ -1387,9 +1396,11 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1387 | */ | 1396 | */ |
1388 | if (mac && mac->enabled) { | 1397 | if (mac && mac->enabled) { |
1389 | if (!mac->etm) | 1398 | if (!mac->etm) |
1390 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1399 | if ((r = mac_compute(mac, active_state->p_read.seqnr, |
1391 | buffer_ptr(&active_state->incoming_packet), | 1400 | buffer_ptr(&active_state->incoming_packet), |
1392 | buffer_len(&active_state->incoming_packet)); | 1401 | buffer_len(&active_state->incoming_packet), |
1402 | macbuf, sizeof(macbuf))) != 0) | ||
1403 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
1393 | if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), | 1404 | if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
1394 | mac->mac_len) != 0) { | 1405 | mac->mac_len) != 0) { |
1395 | logit("Corrupted MAC on input."); | 1406 | logit("Corrupted MAC on input."); |