diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
| commit | bcd00abd8451f36142ae2ee10cc657202149201e (patch) | |
| tree | 946db23f1ec607d9260e46b9f6f2422e0e9c970c /packet.c | |
| parent | f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d (diff) | |
- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 27 |
1 files changed, 16 insertions, 11 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: packet.c,v 1.190 2013/11/21 00:45:44 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -713,9 +713,10 @@ packet_send1(void) | |||
| 713 | buffer_append(&active_state->output, buf, 4); | 713 | buffer_append(&active_state->output, buf, 4); |
| 714 | cp = buffer_append_space(&active_state->output, | 714 | cp = buffer_append_space(&active_state->output, |
| 715 | buffer_len(&active_state->outgoing_packet)); | 715 | buffer_len(&active_state->outgoing_packet)); |
| 716 | cipher_crypt(&active_state->send_context, 0, cp, | 716 | if (cipher_crypt(&active_state->send_context, 0, cp, |
| 717 | buffer_ptr(&active_state->outgoing_packet), | 717 | buffer_ptr(&active_state->outgoing_packet), |
| 718 | buffer_len(&active_state->outgoing_packet), 0, 0); | 718 | buffer_len(&active_state->outgoing_packet), 0, 0) != 0) |
| 719 | fatal("%s: cipher_crypt failed", __func__); | ||
| 719 | 720 | ||
| 720 | #ifdef PACKET_DEBUG | 721 | #ifdef PACKET_DEBUG |
| 721 | fprintf(stderr, "encrypted: "); | 722 | fprintf(stderr, "encrypted: "); |
| @@ -946,9 +947,10 @@ packet_send2_wrapped(void) | |||
| 946 | } | 947 | } |
| 947 | /* encrypt packet and append to output buffer. */ | 948 | /* encrypt packet and append to output buffer. */ |
| 948 | cp = buffer_append_space(&active_state->output, len + authlen); | 949 | cp = buffer_append_space(&active_state->output, len + authlen); |
| 949 | cipher_crypt(&active_state->send_context, active_state->p_send.seqnr, | 950 | if (cipher_crypt(&active_state->send_context, active_state->p_send.seqnr, |
| 950 | cp, buffer_ptr(&active_state->outgoing_packet), | 951 | cp, buffer_ptr(&active_state->outgoing_packet), |
| 951 | len - aadlen, aadlen, authlen); | 952 | len - aadlen, aadlen, authlen) != 0) |
| 953 | fatal("%s: cipher_crypt failed", __func__); | ||
| 952 | /* append unencrypted MAC */ | 954 | /* append unencrypted MAC */ |
| 953 | if (mac && mac->enabled) { | 955 | if (mac && mac->enabled) { |
| 954 | if (mac->etm) { | 956 | if (mac->etm) { |
| @@ -1208,8 +1210,9 @@ packet_read_poll1(void) | |||
| 1208 | /* Decrypt data to incoming_packet. */ | 1210 | /* Decrypt data to incoming_packet. */ |
| 1209 | buffer_clear(&active_state->incoming_packet); | 1211 | buffer_clear(&active_state->incoming_packet); |
| 1210 | cp = buffer_append_space(&active_state->incoming_packet, padded_len); | 1212 | cp = buffer_append_space(&active_state->incoming_packet, padded_len); |
| 1211 | cipher_crypt(&active_state->receive_context, 0, cp, | 1213 | if (cipher_crypt(&active_state->receive_context, 0, cp, |
| 1212 | buffer_ptr(&active_state->input), padded_len, 0, 0); | 1214 | buffer_ptr(&active_state->input), padded_len, 0, 0) != 0) |
| 1215 | fatal("%s: cipher_crypt failed", __func__); | ||
| 1213 | 1216 | ||
| 1214 | buffer_consume(&active_state->input, padded_len); | 1217 | buffer_consume(&active_state->input, padded_len); |
| 1215 | 1218 | ||
| @@ -1304,9 +1307,10 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1304 | buffer_clear(&active_state->incoming_packet); | 1307 | buffer_clear(&active_state->incoming_packet); |
| 1305 | cp = buffer_append_space(&active_state->incoming_packet, | 1308 | cp = buffer_append_space(&active_state->incoming_packet, |
| 1306 | block_size); | 1309 | block_size); |
| 1307 | cipher_crypt(&active_state->receive_context, | 1310 | if (cipher_crypt(&active_state->receive_context, |
| 1308 | active_state->p_read.seqnr, cp, | 1311 | active_state->p_read.seqnr, cp, |
| 1309 | buffer_ptr(&active_state->input), block_size, 0, 0); | 1312 | buffer_ptr(&active_state->input), block_size, 0, 0) != 0) |
| 1313 | fatal("Decryption integrity check failed"); | ||
| 1310 | cp = buffer_ptr(&active_state->incoming_packet); | 1314 | cp = buffer_ptr(&active_state->incoming_packet); |
| 1311 | active_state->packlen = get_u32(cp); | 1315 | active_state->packlen = get_u32(cp); |
| 1312 | if (active_state->packlen < 1 + 4 || | 1316 | if (active_state->packlen < 1 + 4 || |
| @@ -1360,9 +1364,10 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1360 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1364 | macbuf = mac_compute(mac, active_state->p_read.seqnr, |
| 1361 | buffer_ptr(&active_state->input), aadlen + need); | 1365 | buffer_ptr(&active_state->input), aadlen + need); |
| 1362 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); | 1366 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
| 1363 | cipher_crypt(&active_state->receive_context, | 1367 | if (cipher_crypt(&active_state->receive_context, |
| 1364 | active_state->p_read.seqnr, cp, | 1368 | active_state->p_read.seqnr, cp, |
| 1365 | buffer_ptr(&active_state->input), need, aadlen, authlen); | 1369 | buffer_ptr(&active_state->input), need, aadlen, authlen) != 0) |
| 1370 | fatal("Decryption integrity check failed"); | ||
| 1366 | buffer_consume(&active_state->input, aadlen + need + authlen); | 1371 | buffer_consume(&active_state->input, aadlen + need + authlen); |
| 1367 | /* | 1372 | /* |
| 1368 | * compute MAC over seqnr and packet, | 1373 | * compute MAC over seqnr and packet, |