summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2005-09-14 12:45:47 +0000
committerColin Watson <cjwatson@debian.org>2005-09-14 12:45:47 +0000
commit9b71add4cecf753c45f5fbd6ff0913bc95b3e95d (patch)
treed4ea8fdb30c7949c6433f5277c39548ea579d4dc /packet.c
parented07bcbea56007ab5b218ddf3aa6a7d4e21966e0 (diff)
parent16704d57999d987fb8d9ba53379841a79f016d67 (diff)
Merge 4.2p1 to the trunk.
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c63
1 files changed, 58 insertions, 5 deletions
diff --git a/packet.c b/packet.c
index e2607b20f..4becde0a4 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
41 41
42#include "openbsd-compat/sys-queue.h" 42#include "openbsd-compat/sys-queue.h"
43 43
@@ -118,6 +118,12 @@ static int initialized = 0;
118/* Set to true if the connection is interactive. */ 118/* Set to true if the connection is interactive. */
119static int interactive_mode = 0; 119static int interactive_mode = 0;
120 120
121/* Set to true if we are the server side. */
122static int server_side = 0;
123
124/* Set to true if we are authenticated. */
125static int after_authentication = 0;
126
121/* Session key information for Encryption and MAC */ 127/* Session key information for Encryption and MAC */
122Newkeys *newkeys[MODE_MAX]; 128Newkeys *newkeys[MODE_MAX];
123static struct packet_state { 129static struct packet_state {
@@ -627,7 +633,9 @@ set_newkeys(int mode)
627 /* Deleting the keys does not gain extra security */ 633 /* Deleting the keys does not gain extra security */
628 /* memset(enc->iv, 0, enc->block_size); 634 /* memset(enc->iv, 0, enc->block_size);
629 memset(enc->key, 0, enc->key_len); */ 635 memset(enc->key, 0, enc->key_len); */
630 if (comp->type != 0 && comp->enabled == 0) { 636 if ((comp->type == COMP_ZLIB ||
637 (comp->type == COMP_DELAYED && after_authentication)) &&
638 comp->enabled == 0) {
631 packet_init_compression(); 639 packet_init_compression();
632 if (mode == MODE_OUT) 640 if (mode == MODE_OUT)
633 buffer_compress_init_send(6); 641 buffer_compress_init_send(6);
@@ -648,6 +656,35 @@ set_newkeys(int mode)
648} 656}
649 657
650/* 658/*
659 * Delayed compression for SSH2 is enabled after authentication:
660 * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
661 * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
662 */
663static void
664packet_enable_delayed_compress(void)
665{
666 Comp *comp = NULL;
667 int mode;
668
669 /*
670 * Remember that we are past the authentication step, so rekeying
671 * with COMP_DELAYED will turn on compression immediately.
672 */
673 after_authentication = 1;
674 for (mode = 0; mode < MODE_MAX; mode++) {
675 comp = &newkeys[mode]->comp;
676 if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
677 packet_init_compression();
678 if (mode == MODE_OUT)
679 buffer_compress_init_send(6);
680 else
681 buffer_compress_init_recv();
682 comp->enabled = 1;
683 }
684 }
685}
686
687/*
651 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) 688 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
652 */ 689 */
653static void 690static void
@@ -760,6 +797,8 @@ packet_send2_wrapped(void)
760 797
761 if (type == SSH2_MSG_NEWKEYS) 798 if (type == SSH2_MSG_NEWKEYS)
762 set_newkeys(MODE_OUT); 799 set_newkeys(MODE_OUT);
800 else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
801 packet_enable_delayed_compress();
763} 802}
764 803
765static void 804static void
@@ -1006,7 +1045,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
1006 static u_int packet_length = 0; 1045 static u_int packet_length = 0;
1007 u_int padlen, need; 1046 u_int padlen, need;
1008 u_char *macbuf, *cp, type; 1047 u_char *macbuf, *cp, type;
1009 int maclen, block_size; 1048 u_int maclen, block_size;
1010 Enc *enc = NULL; 1049 Enc *enc = NULL;
1011 Mac *mac = NULL; 1050 Mac *mac = NULL;
1012 Comp *comp = NULL; 1051 Comp *comp = NULL;
@@ -1113,6 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1113 packet_disconnect("Invalid ssh2 packet type: %d", type); 1152 packet_disconnect("Invalid ssh2 packet type: %d", type);
1114 if (type == SSH2_MSG_NEWKEYS) 1153 if (type == SSH2_MSG_NEWKEYS)
1115 set_newkeys(MODE_IN); 1154 set_newkeys(MODE_IN);
1155 else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
1156 packet_enable_delayed_compress();
1116#ifdef PACKET_DEBUG 1157#ifdef PACKET_DEBUG
1117 fprintf(stderr, "read/plain[%d]:\r\n", type); 1158 fprintf(stderr, "read/plain[%d]:\r\n", type);
1118 buffer_dump(&incoming_packet); 1159 buffer_dump(&incoming_packet);
@@ -1243,9 +1284,9 @@ packet_get_bignum2(BIGNUM * value)
1243} 1284}
1244 1285
1245void * 1286void *
1246packet_get_raw(int *length_ptr) 1287packet_get_raw(u_int *length_ptr)
1247{ 1288{
1248 int bytes = buffer_len(&incoming_packet); 1289 u_int bytes = buffer_len(&incoming_packet);
1249 1290
1250 if (length_ptr != NULL) 1291 if (length_ptr != NULL)
1251 *length_ptr = bytes; 1292 *length_ptr = bytes;
@@ -1538,3 +1579,15 @@ packet_set_rekey_limit(u_int32_t bytes)
1538{ 1579{
1539 rekey_limit = bytes; 1580 rekey_limit = bytes;
1540} 1581}
1582
1583void
1584packet_set_server(void)
1585{
1586 server_side = 1;
1587}
1588
1589void
1590packet_set_authenticated(void)
1591{
1592 after_authentication = 1;
1593}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 16:23:59 +0000