diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2015-01-13 19:31:40 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-14 20:43:11 +1100 |
| commit | 128343bcdb0b60fc826f2733df8cf979ec1627b4 (patch) | |
| tree | ec2b30d15b28ee4e5f3822493989fad1e00199f6 /packet.c | |
| parent | e7fd952f4ea01f09ceb068721a5431ac2fd416ed (diff) | |
upstream commit
adapt mac.c to ssherr.h return codes (de-fatal) and
simplify dependencies ok djm@
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 35 |
1 files changed, 23 insertions, 12 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: packet.c,v 1.199 2014/10/24 02:01:20 lteo Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.200 2015/01/13 19:31:40 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -72,6 +72,7 @@ | |||
| 72 | #include "cipher.h" | 72 | #include "cipher.h" |
| 73 | #include "key.h" | 73 | #include "key.h" |
| 74 | #include "kex.h" | 74 | #include "kex.h" |
| 75 | #include "digest.h" | ||
| 75 | #include "mac.h" | 76 | #include "mac.h" |
| 76 | #include "log.h" | 77 | #include "log.h" |
| 77 | #include "canohost.h" | 78 | #include "canohost.h" |
| @@ -275,7 +276,7 @@ packet_stop_discard(void) | |||
| 275 | (void) mac_compute(active_state->packet_discard_mac, | 276 | (void) mac_compute(active_state->packet_discard_mac, |
| 276 | active_state->p_read.seqnr, | 277 | active_state->p_read.seqnr, |
| 277 | buffer_ptr(&active_state->incoming_packet), | 278 | buffer_ptr(&active_state->incoming_packet), |
| 278 | PACKET_MAX_SIZE); | 279 | PACKET_MAX_SIZE, NULL, 0); |
| 279 | } | 280 | } |
| 280 | logit("Finished discarding for %.200s", get_remote_ipaddr()); | 281 | logit("Finished discarding for %.200s", get_remote_ipaddr()); |
| 281 | cleanup_exit(255); | 282 | cleanup_exit(255); |
| @@ -863,7 +864,7 @@ packet_enable_delayed_compress(void) | |||
| 863 | static void | 864 | static void |
| 864 | packet_send2_wrapped(void) | 865 | packet_send2_wrapped(void) |
| 865 | { | 866 | { |
| 866 | u_char type, *cp, *macbuf = NULL; | 867 | u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
| 867 | u_char padlen, pad = 0; | 868 | u_char padlen, pad = 0; |
| 868 | u_int i, len, authlen = 0, aadlen = 0; | 869 | u_int i, len, authlen = 0, aadlen = 0; |
| 869 | u_int32_t rnd = 0; | 870 | u_int32_t rnd = 0; |
| @@ -871,6 +872,7 @@ packet_send2_wrapped(void) | |||
| 871 | Mac *mac = NULL; | 872 | Mac *mac = NULL; |
| 872 | Comp *comp = NULL; | 873 | Comp *comp = NULL; |
| 873 | int block_size; | 874 | int block_size; |
| 875 | int r; | ||
| 874 | 876 | ||
| 875 | if (active_state->newkeys[MODE_OUT] != NULL) { | 877 | if (active_state->newkeys[MODE_OUT] != NULL) { |
| 876 | enc = &active_state->newkeys[MODE_OUT]->enc; | 878 | enc = &active_state->newkeys[MODE_OUT]->enc; |
| @@ -953,8 +955,10 @@ packet_send2_wrapped(void) | |||
| 953 | 955 | ||
| 954 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ | 956 | /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
| 955 | if (mac && mac->enabled && !mac->etm) { | 957 | if (mac && mac->enabled && !mac->etm) { |
| 956 | macbuf = mac_compute(mac, active_state->p_send.seqnr, | 958 | if ((r = mac_compute(mac, active_state->p_send.seqnr, |
| 957 | buffer_ptr(&active_state->outgoing_packet), len); | 959 | buffer_ptr(&active_state->outgoing_packet), len, |
| 960 | macbuf, sizeof(macbuf))) != 0) | ||
| 961 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
| 958 | DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); | 962 | DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
| 959 | } | 963 | } |
| 960 | /* encrypt packet and append to output buffer. */ | 964 | /* encrypt packet and append to output buffer. */ |
| @@ -967,8 +971,10 @@ packet_send2_wrapped(void) | |||
| 967 | if (mac && mac->enabled) { | 971 | if (mac && mac->enabled) { |
| 968 | if (mac->etm) { | 972 | if (mac->etm) { |
| 969 | /* EtM: compute mac over aadlen + cipher text */ | 973 | /* EtM: compute mac over aadlen + cipher text */ |
| 970 | macbuf = mac_compute(mac, | 974 | if ((r = mac_compute(mac, |
| 971 | active_state->p_send.seqnr, cp, len); | 975 | active_state->p_send.seqnr, cp, len, |
| 976 | macbuf, sizeof(macbuf))) != 0) | ||
| 977 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
| 972 | DBG(debug("done calc MAC(EtM) out #%d", | 978 | DBG(debug("done calc MAC(EtM) out #%d", |
| 973 | active_state->p_send.seqnr)); | 979 | active_state->p_send.seqnr)); |
| 974 | } | 980 | } |
| @@ -1272,8 +1278,9 @@ static int | |||
| 1272 | packet_read_poll2(u_int32_t *seqnr_p) | 1278 | packet_read_poll2(u_int32_t *seqnr_p) |
| 1273 | { | 1279 | { |
| 1274 | u_int padlen, need; | 1280 | u_int padlen, need; |
| 1275 | u_char *macbuf = NULL, *cp, type; | 1281 | u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
| 1276 | u_int maclen, authlen = 0, aadlen = 0, block_size; | 1282 | u_int maclen, authlen = 0, aadlen = 0, block_size; |
| 1283 | int r; | ||
| 1277 | Enc *enc = NULL; | 1284 | Enc *enc = NULL; |
| 1278 | Mac *mac = NULL; | 1285 | Mac *mac = NULL; |
| 1279 | Comp *comp = NULL; | 1286 | Comp *comp = NULL; |
| @@ -1373,8 +1380,10 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1373 | #endif | 1380 | #endif |
| 1374 | /* EtM: compute mac over encrypted input */ | 1381 | /* EtM: compute mac over encrypted input */ |
| 1375 | if (mac && mac->enabled && mac->etm) | 1382 | if (mac && mac->enabled && mac->etm) |
| 1376 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1383 | if ((r = mac_compute(mac, active_state->p_read.seqnr, |
| 1377 | buffer_ptr(&active_state->input), aadlen + need); | 1384 | buffer_ptr(&active_state->input), aadlen + need, |
| 1385 | macbuf, sizeof(macbuf))) != 0) | ||
| 1386 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
| 1378 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); | 1387 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
| 1379 | if (cipher_crypt(&active_state->receive_context, | 1388 | if (cipher_crypt(&active_state->receive_context, |
| 1380 | active_state->p_read.seqnr, cp, | 1389 | active_state->p_read.seqnr, cp, |
| @@ -1387,9 +1396,11 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1387 | */ | 1396 | */ |
| 1388 | if (mac && mac->enabled) { | 1397 | if (mac && mac->enabled) { |
| 1389 | if (!mac->etm) | 1398 | if (!mac->etm) |
| 1390 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1399 | if ((r = mac_compute(mac, active_state->p_read.seqnr, |
| 1391 | buffer_ptr(&active_state->incoming_packet), | 1400 | buffer_ptr(&active_state->incoming_packet), |
| 1392 | buffer_len(&active_state->incoming_packet)); | 1401 | buffer_len(&active_state->incoming_packet), |
| 1402 | macbuf, sizeof(macbuf))) != 0) | ||
| 1403 | fatal("%s: mac_compute: %s", __func__, ssh_err(r)); | ||
| 1393 | if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), | 1404 | if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
| 1394 | mac->mac_len) != 0) { | 1405 | mac->mac_len) != 0) { |
| 1395 | logit("Corrupted MAC on input."); | 1406 | logit("Corrupted MAC on input."); |