summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2009-06-21 18:12:20 +1000
committerDarren Tucker <dtucker@zip.com.au>2009-06-21 18:12:20 +1000
commitf7288d77e4e705cbbc12c2ad55ed50f9de9a87e2 (patch)
tree77f63923d1bc97e2aeda861699e1d2d00d645eda /packet.c
parent51dbe503bf92ee38f003ffde4bb0a0d85c438ea7 (diff)
- andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c] Add clear_cached_addr(), needed for upcoming changes allowing the peer address to change. ok markus@
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c871
1 files changed, 486 insertions, 385 deletions
diff --git a/packet.c b/packet.c
index 5afc84ce0..fdc648888 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.160 2009/02/13 11:50:21 markus Exp $ */ 1/* $OpenBSD: packet.c,v 1.161 2009/05/25 06:48:01 andreas Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -86,92 +86,117 @@
86 86
87#define PACKET_MAX_SIZE (256 * 1024) 87#define PACKET_MAX_SIZE (256 * 1024)
88 88
89/* 89struct packet_state {
90 * This variable contains the file descriptors used for communicating with 90 u_int32_t seqnr;
91 * the other side. connection_in is used for reading; connection_out for 91 u_int32_t packets;
92 * writing. These can be the same descriptor, in which case it is assumed to 92 u_int64_t blocks;
93 * be a socket. 93 u_int64_t bytes;
94 */ 94};
95static int connection_in = -1;
96static int connection_out = -1;
97 95
98/* Protocol flags for the remote side. */ 96struct packet {
99static u_int remote_protocol_flags = 0; 97 TAILQ_ENTRY(packet) next;
98 u_char type;
99 Buffer payload;
100};
100 101
101/* Encryption context for receiving data. This is only used for decryption. */ 102struct session_state {
102static CipherContext receive_context; 103 /*
104 * This variable contains the file descriptors used for
105 * communicating with the other side. connection_in is used for
106 * reading; connection_out for writing. These can be the same
107 * descriptor, in which case it is assumed to be a socket.
108 */
109 int connection_in;
110 int connection_out;
103 111
104/* Encryption context for sending data. This is only used for encryption. */ 112 /* Protocol flags for the remote side. */
105static CipherContext send_context; 113 u_int remote_protocol_flags;
106 114
107/* Buffer for raw input data from the socket. */ 115 /* Encryption context for receiving data. Only used for decryption. */
108Buffer input; 116 CipherContext receive_context;
109 117
110/* Buffer for raw output data going to the socket. */ 118 /* Encryption context for sending data. Only used for encryption. */
111Buffer output; 119 CipherContext send_context;
112 120
113/* Buffer for the partial outgoing packet being constructed. */ 121 /* Buffer for raw input data from the socket. */
114static Buffer outgoing_packet; 122 Buffer input;
115 123
116/* Buffer for the incoming packet currently being processed. */ 124 /* Buffer for raw output data going to the socket. */
117static Buffer incoming_packet; 125 Buffer output;
118 126
119/* Scratch buffer for packet compression/decompression. */ 127 /* Buffer for the partial outgoing packet being constructed. */
120static Buffer compression_buffer; 128 Buffer outgoing_packet;
121static int compression_buffer_ready = 0;
122 129
123/* Flag indicating whether packet compression/decompression is enabled. */ 130 /* Buffer for the incoming packet currently being processed. */
124static int packet_compression = 0; 131 Buffer incoming_packet;
125 132
126/* default maximum packet size */ 133 /* Scratch buffer for packet compression/decompression. */
127u_int max_packet_size = 32768; 134 Buffer compression_buffer;
135 int compression_buffer_ready;
128 136
129/* Flag indicating whether this module has been initialized. */ 137 /*
130static int initialized = 0; 138 * Flag indicating whether packet compression/decompression is
139 * enabled.
140 */
141 int packet_compression;
131 142
132/* Set to true if the connection is interactive. */ 143 /* default maximum packet size */
133static int interactive_mode = 0; 144 u_int max_packet_size;
134 145
135/* Set to true if we are the server side. */ 146 /* Flag indicating whether this module has been initialized. */
136static int server_side = 0; 147 int initialized;
137 148
138/* Set to true if we are authenticated. */ 149 /* Set to true if the connection is interactive. */
139static int after_authentication = 0; 150 int interactive_mode;
140 151
141int keep_alive_timeouts = 0; 152 /* Set to true if we are the server side. */
153 int server_side;
142 154
143/* Set to the maximum time that we will wait to send or receive a packet */ 155 /* Set to true if we are authenticated. */
144static int packet_timeout_ms = -1; 156 int after_authentication;
145 157
146/* Session key information for Encryption and MAC */ 158 int keep_alive_timeouts;
147Newkeys *newkeys[MODE_MAX];
148static struct packet_state {
149 u_int32_t seqnr;
150 u_int32_t packets;
151 u_int64_t blocks;
152 u_int64_t bytes;
153} p_read, p_send;
154 159
155static u_int64_t max_blocks_in, max_blocks_out; 160 /* The maximum time that we will wait to send or receive a packet */
156static u_int32_t rekey_limit; 161 int packet_timeout_ms;
157 162
158/* Session key for protocol v1 */ 163 /* Session key information for Encryption and MAC */
159static u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; 164 Newkeys *newkeys[MODE_MAX];
160static u_int ssh1_keylen; 165 struct packet_state p_read, p_send;
161 166
162/* roundup current message to extra_pad bytes */ 167 u_int64_t max_blocks_in, max_blocks_out;
163static u_char extra_pad = 0; 168 u_int32_t rekey_limit;
164 169
165/* XXX discard incoming data after MAC error */ 170 /* Session key for protocol v1 */
166static u_int packet_discard = 0; 171 u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
167static Mac *packet_discard_mac = NULL; 172 u_int ssh1_keylen;
168 173
169struct packet { 174 /* roundup current message to extra_pad bytes */
170 TAILQ_ENTRY(packet) next; 175 u_char extra_pad;
171 u_char type; 176
172 Buffer payload; 177 /* XXX discard incoming data after MAC error */
178 u_int packet_discard;
179 Mac *packet_discard_mac;
180
181 /* Used in packet_read_poll2() */
182 u_int packlen;
183
184 TAILQ_HEAD(, packet) outgoing;
173}; 185};
174TAILQ_HEAD(, packet) outgoing; 186
187static struct session_state *active_state;
188
189static struct session_state *
190alloc_session_state()
191{
192 struct session_state *s = xcalloc(1, sizeof(*s));
193
194 s->connection_in = -1;
195 s->connection_out = -1;
196 s->max_packet_size = 32768;
197 s->packet_timeout_ms = -1;
198 return s;
199}
175 200
176/* 201/*
177 * Sets the descriptors used for communication. Disables encryption until 202 * Sets the descriptors used for communication. Disables encryption until
@@ -184,21 +209,23 @@ packet_set_connection(int fd_in, int fd_out)
184 209
185 if (none == NULL) 210 if (none == NULL)
186 fatal("packet_set_connection: cannot load cipher 'none'"); 211 fatal("packet_set_connection: cannot load cipher 'none'");
187 connection_in = fd_in; 212 if (active_state == NULL)
188 connection_out = fd_out; 213 active_state = alloc_session_state();
189 cipher_init(&send_context, none, (const u_char *)"", 214 active_state->connection_in = fd_in;
215 active_state->connection_out = fd_out;
216 cipher_init(&active_state->send_context, none, (const u_char *)"",
190 0, NULL, 0, CIPHER_ENCRYPT); 217 0, NULL, 0, CIPHER_ENCRYPT);
191 cipher_init(&receive_context, none, (const u_char *)"", 218 cipher_init(&active_state->receive_context, none, (const u_char *)"",
192 0, NULL, 0, CIPHER_DECRYPT); 219 0, NULL, 0, CIPHER_DECRYPT);
193 newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL; 220 active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL;
194 if (!initialized) { 221 if (!active_state->initialized) {
195 initialized = 1; 222 active_state->initialized = 1;
196 buffer_init(&input); 223 buffer_init(&active_state->input);
197 buffer_init(&output); 224 buffer_init(&active_state->output);
198 buffer_init(&outgoing_packet); 225 buffer_init(&active_state->outgoing_packet);
199 buffer_init(&incoming_packet); 226 buffer_init(&active_state->incoming_packet);
200 TAILQ_INIT(&outgoing); 227 TAILQ_INIT(&active_state->outgoing);
201 p_send.packets = p_read.packets = 0; 228 active_state->p_send.packets = active_state->p_read.packets = 0;
202 } 229 }
203} 230}
204 231
@@ -206,27 +233,29 @@ void
206packet_set_timeout(int timeout, int count) 233packet_set_timeout(int timeout, int count)
207{ 234{
208 if (timeout == 0 || count == 0) { 235 if (timeout == 0 || count == 0) {
209 packet_timeout_ms = -1; 236 active_state->packet_timeout_ms = -1;
210 return; 237 return;
211 } 238 }
212 if ((INT_MAX / 1000) / count < timeout) 239 if ((INT_MAX / 1000) / count < timeout)
213 packet_timeout_ms = INT_MAX; 240 active_state->packet_timeout_ms = INT_MAX;
214 else 241 else
215 packet_timeout_ms = timeout * count * 1000; 242 active_state->packet_timeout_ms = timeout * count * 1000;
216} 243}
217 244
218static void 245static void
219packet_stop_discard(void) 246packet_stop_discard(void)
220{ 247{
221 if (packet_discard_mac) { 248 if (active_state->packet_discard_mac) {
222 char buf[1024]; 249 char buf[1024];
223 250
224 memset(buf, 'a', sizeof(buf)); 251 memset(buf, 'a', sizeof(buf));
225 while (buffer_len(&incoming_packet) < PACKET_MAX_SIZE) 252 while (buffer_len(&active_state->incoming_packet) <
226 buffer_append(&incoming_packet, buf, sizeof(buf)); 253 PACKET_MAX_SIZE)
227 (void) mac_compute(packet_discard_mac, 254 buffer_append(&active_state->incoming_packet, buf,
228 p_read.seqnr, 255 sizeof(buf));
229 buffer_ptr(&incoming_packet), 256 (void) mac_compute(active_state->packet_discard_mac,
257 active_state->p_read.seqnr,
258 buffer_ptr(&active_state->incoming_packet),
230 PACKET_MAX_SIZE); 259 PACKET_MAX_SIZE);
231 } 260 }
232 logit("Finished discarding for %.200s", get_remote_ipaddr()); 261 logit("Finished discarding for %.200s", get_remote_ipaddr());
@@ -239,10 +268,11 @@ packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard)
239 if (enc == NULL || !cipher_is_cbc(enc->cipher)) 268 if (enc == NULL || !cipher_is_cbc(enc->cipher))
240 packet_disconnect("Packet corrupt"); 269 packet_disconnect("Packet corrupt");
241 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) 270 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled)
242 packet_discard_mac = mac; 271 active_state->packet_discard_mac = mac;
243 if (buffer_len(&input) >= discard) 272 if (buffer_len(&active_state->input) >= discard)
244 packet_stop_discard(); 273 packet_stop_discard();
245 packet_discard = discard - buffer_len(&input); 274 active_state->packet_discard = discard -
275 buffer_len(&active_state->input);
246} 276}
247 277
248/* Returns 1 if remote host is connected via socket, 0 if not. */ 278/* Returns 1 if remote host is connected via socket, 0 if not. */
@@ -254,15 +284,17 @@ packet_connection_is_on_socket(void)
254 socklen_t fromlen, tolen; 284 socklen_t fromlen, tolen;
255 285
256 /* filedescriptors in and out are the same, so it's a socket */ 286 /* filedescriptors in and out are the same, so it's a socket */
257 if (connection_in == connection_out) 287 if (active_state->connection_in == active_state->connection_out)
258 return 1; 288 return 1;
259 fromlen = sizeof(from); 289 fromlen = sizeof(from);
260 memset(&from, 0, sizeof(from)); 290 memset(&from, 0, sizeof(from));
261 if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) 291 if (getpeername(active_state->connection_in, (struct sockaddr *)&from,
292 &fromlen) < 0)
262 return 0; 293 return 0;
263 tolen = sizeof(to); 294 tolen = sizeof(to);
264 memset(&to, 0, sizeof(to)); 295 memset(&to, 0, sizeof(to));
265 if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) 296 if (getpeername(active_state->connection_out, (struct sockaddr *)&to,
297 &tolen) < 0)
266 return 0; 298 return 0;
267 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 299 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
268 return 0; 300 return 0;
@@ -283,9 +315,9 @@ packet_get_keyiv(int mode, u_char *iv, u_int len)
283 CipherContext *cc; 315 CipherContext *cc;
284 316
285 if (mode == MODE_OUT) 317 if (mode == MODE_OUT)
286 cc = &send_context; 318 cc = &active_state->send_context;
287 else 319 else
288 cc = &receive_context; 320 cc = &active_state->receive_context;
289 321
290 cipher_get_keyiv(cc, iv, len); 322 cipher_get_keyiv(cc, iv, len);
291} 323}
@@ -296,9 +328,9 @@ packet_get_keycontext(int mode, u_char *dat)
296 CipherContext *cc; 328 CipherContext *cc;
297 329
298 if (mode == MODE_OUT) 330 if (mode == MODE_OUT)
299 cc = &send_context; 331 cc = &active_state->send_context;
300 else 332 else
301 cc = &receive_context; 333 cc = &active_state->receive_context;
302 334
303 return (cipher_get_keycontext(cc, dat)); 335 return (cipher_get_keycontext(cc, dat));
304} 336}
@@ -309,9 +341,9 @@ packet_set_keycontext(int mode, u_char *dat)
309 CipherContext *cc; 341 CipherContext *cc;
310 342
311 if (mode == MODE_OUT) 343 if (mode == MODE_OUT)
312 cc = &send_context; 344 cc = &active_state->send_context;
313 else 345 else
314 cc = &receive_context; 346 cc = &active_state->receive_context;
315 347
316 cipher_set_keycontext(cc, dat); 348 cipher_set_keycontext(cc, dat);
317} 349}
@@ -322,9 +354,9 @@ packet_get_keyiv_len(int mode)
322 CipherContext *cc; 354 CipherContext *cc;
323 355
324 if (mode == MODE_OUT) 356 if (mode == MODE_OUT)
325 cc = &send_context; 357 cc = &active_state->send_context;
326 else 358 else
327 cc = &receive_context; 359 cc = &active_state->receive_context;
328 360
329 return (cipher_get_keyiv_len(cc)); 361 return (cipher_get_keyiv_len(cc));
330} 362}
@@ -335,9 +367,9 @@ packet_set_iv(int mode, u_char *dat)
335 CipherContext *cc; 367 CipherContext *cc;
336 368
337 if (mode == MODE_OUT) 369 if (mode == MODE_OUT)
338 cc = &send_context; 370 cc = &active_state->send_context;
339 else 371 else
340 cc = &receive_context; 372 cc = &active_state->receive_context;
341 373
342 cipher_set_keyiv(cc, dat); 374 cipher_set_keyiv(cc, dat);
343} 375}
@@ -345,7 +377,7 @@ packet_set_iv(int mode, u_char *dat)
345int 377int
346packet_get_ssh1_cipher(void) 378packet_get_ssh1_cipher(void)
347{ 379{
348 return (cipher_get_number(receive_context.cipher)); 380 return (cipher_get_number(active_state->receive_context.cipher));
349} 381}
350 382
351void 383void
@@ -354,7 +386,8 @@ packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packe
354{ 386{
355 struct packet_state *state; 387 struct packet_state *state;
356 388
357 state = (mode == MODE_IN) ? &p_read : &p_send; 389 state = (mode == MODE_IN) ?
390 &active_state->p_read : &active_state->p_send;
358 if (seqnr) 391 if (seqnr)
359 *seqnr = state->seqnr; 392 *seqnr = state->seqnr;
360 if (blocks) 393 if (blocks)
@@ -371,7 +404,8 @@ packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
371{ 404{
372 struct packet_state *state; 405 struct packet_state *state;
373 406
374 state = (mode == MODE_IN) ? &p_read : &p_send; 407 state = (mode == MODE_IN) ?
408 &active_state->p_read : &active_state->p_send;
375 state->seqnr = seqnr; 409 state->seqnr = seqnr;
376 state->blocks = blocks; 410 state->blocks = blocks;
377 state->packets = packets; 411 state->packets = packets;
@@ -387,7 +421,8 @@ packet_connection_is_ipv4(void)
387 socklen_t tolen = sizeof(to); 421 socklen_t tolen = sizeof(to);
388 422
389 memset(&to, 0, sizeof(to)); 423 memset(&to, 0, sizeof(to));
390 if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) 424 if (getsockname(active_state->connection_out, (struct sockaddr *)&to,
425 &tolen) < 0)
391 return 0; 426 return 0;
392 if (to.ss_family == AF_INET) 427 if (to.ss_family == AF_INET)
393 return 1; 428 return 1;
@@ -405,10 +440,10 @@ void
405packet_set_nonblocking(void) 440packet_set_nonblocking(void)
406{ 441{
407 /* Set the socket into non-blocking mode. */ 442 /* Set the socket into non-blocking mode. */
408 set_nonblock(connection_in); 443 set_nonblock(active_state->connection_in);
409 444
410 if (connection_out != connection_in) 445 if (active_state->connection_out != active_state->connection_in)
411 set_nonblock(connection_out); 446 set_nonblock(active_state->connection_out);
412} 447}
413 448
414/* Returns the socket used for reading. */ 449/* Returns the socket used for reading. */
@@ -416,7 +451,7 @@ packet_set_nonblocking(void)
416int 451int
417packet_get_connection_in(void) 452packet_get_connection_in(void)
418{ 453{
419 return connection_in; 454 return active_state->connection_in;
420} 455}
421 456
422/* Returns the descriptor used for writing. */ 457/* Returns the descriptor used for writing. */
@@ -424,7 +459,7 @@ packet_get_connection_in(void)
424int 459int
425packet_get_connection_out(void) 460packet_get_connection_out(void)
426{ 461{
427 return connection_out; 462 return active_state->connection_out;
428} 463}
429 464
430/* Closes the connection and clears and frees internal data structures. */ 465/* Closes the connection and clears and frees internal data structures. */
@@ -432,26 +467,26 @@ packet_get_connection_out(void)
432void 467void
433packet_close(void) 468packet_close(void)
434{ 469{
435 if (!initialized) 470 if (!active_state->initialized)
436 return; 471 return;
437 initialized = 0; 472 active_state->initialized = 0;
438 if (connection_in == connection_out) { 473 if (active_state->connection_in == active_state->connection_out) {
439 shutdown(connection_out, SHUT_RDWR); 474 shutdown(active_state->connection_out, SHUT_RDWR);
440 close(connection_out); 475 close(active_state->connection_out);
441 } else { 476 } else {
442 close(connection_in); 477 close(active_state->connection_in);
443 close(connection_out); 478 close(active_state->connection_out);
444 } 479 }
445 buffer_free(&input); 480 buffer_free(&active_state->input);
446 buffer_free(&output); 481 buffer_free(&active_state->output);
447 buffer_free(&outgoing_packet); 482 buffer_free(&active_state->outgoing_packet);
448 buffer_free(&incoming_packet); 483 buffer_free(&active_state->incoming_packet);
449 if (compression_buffer_ready) { 484 if (active_state->compression_buffer_ready) {
450 buffer_free(&compression_buffer); 485 buffer_free(&active_state->compression_buffer);
451 buffer_compress_uninit(); 486 buffer_compress_uninit();
452 } 487 }
453 cipher_cleanup(&send_context); 488 cipher_cleanup(&active_state->send_context);
454 cipher_cleanup(&receive_context); 489 cipher_cleanup(&active_state->receive_context);
455} 490}
456 491
457/* Sets remote side protocol flags. */ 492/* Sets remote side protocol flags. */
@@ -459,7 +494,7 @@ packet_close(void)
459void 494void
460packet_set_protocol_flags(u_int protocol_flags) 495packet_set_protocol_flags(u_int protocol_flags)
461{ 496{
462 remote_protocol_flags = protocol_flags; 497 active_state->remote_protocol_flags = protocol_flags;
463} 498}
464 499
465/* Returns the remote protocol flags set earlier by the above function. */ 500/* Returns the remote protocol flags set earlier by the above function. */
@@ -467,7 +502,7 @@ packet_set_protocol_flags(u_int protocol_flags)
467u_int 502u_int
468packet_get_protocol_flags(void) 503packet_get_protocol_flags(void)
469{ 504{
470 return remote_protocol_flags; 505 return active_state->remote_protocol_flags;
471} 506}
472 507
473/* 508/*
@@ -478,18 +513,18 @@ packet_get_protocol_flags(void)
478static void 513static void
479packet_init_compression(void) 514packet_init_compression(void)
480{ 515{
481 if (compression_buffer_ready == 1) 516 if (active_state->compression_buffer_ready == 1)
482 return; 517 return;
483 compression_buffer_ready = 1; 518 active_state->compression_buffer_ready = 1;
484 buffer_init(&compression_buffer); 519 buffer_init(&active_state->compression_buffer);
485} 520}
486 521
487void 522void
488packet_start_compression(int level) 523packet_start_compression(int level)
489{ 524{
490 if (packet_compression && !compat20) 525 if (active_state->packet_compression && !compat20)
491 fatal("Compression already enabled."); 526 fatal("Compression already enabled.");
492 packet_compression = 1; 527 active_state->packet_compression = 1;
493 packet_init_compression(); 528 packet_init_compression();
494 buffer_compress_init_send(level); 529 buffer_compress_init_send(level);
495 buffer_compress_init_recv(); 530 buffer_compress_init_recv();
@@ -513,19 +548,21 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
513 fatal("packet_set_encryption_key: keylen too small: %d", keylen); 548 fatal("packet_set_encryption_key: keylen too small: %d", keylen);
514 if (keylen > SSH_SESSION_KEY_LENGTH) 549 if (keylen > SSH_SESSION_KEY_LENGTH)
515 fatal("packet_set_encryption_key: keylen too big: %d", keylen); 550 fatal("packet_set_encryption_key: keylen too big: %d", keylen);
516 memcpy(ssh1_key, key, keylen); 551 memcpy(active_state->ssh1_key, key, keylen);
517 ssh1_keylen = keylen; 552 active_state->ssh1_keylen = keylen;
518 cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT); 553 cipher_init(&active_state->send_context, cipher, key, keylen, NULL,
519 cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT); 554 0, CIPHER_ENCRYPT);
555 cipher_init(&active_state->receive_context, cipher, key, keylen, NULL,
556 0, CIPHER_DECRYPT);
520} 557}
521 558
522u_int 559u_int
523packet_get_encryption_key(u_char *key) 560packet_get_encryption_key(u_char *key)
524{ 561{
525 if (key == NULL) 562 if (key == NULL)
526 return (ssh1_keylen); 563 return (active_state->ssh1_keylen);
527 memcpy(key, ssh1_key, ssh1_keylen); 564 memcpy(key, active_state->ssh1_key, active_state->ssh1_keylen);
528 return (ssh1_keylen); 565 return (active_state->ssh1_keylen);
529} 566}
530 567
531/* Start constructing a packet to send. */ 568/* Start constructing a packet to send. */
@@ -539,8 +576,8 @@ packet_start(u_char type)
539 len = compat20 ? 6 : 9; 576 len = compat20 ? 6 : 9;
540 memset(buf, 0, len - 1); 577 memset(buf, 0, len - 1);
541 buf[len - 1] = type; 578 buf[len - 1] = type;
542 buffer_clear(&outgoing_packet); 579 buffer_clear(&active_state->outgoing_packet);
543 buffer_append(&outgoing_packet, buf, len); 580 buffer_append(&active_state->outgoing_packet, buf, len);
544} 581}
545 582
546/* Append payload. */ 583/* Append payload. */
@@ -549,43 +586,43 @@ packet_put_char(int value)
549{ 586{
550 char ch = value; 587 char ch = value;
551 588
552 buffer_append(&outgoing_packet, &ch, 1); 589 buffer_append(&active_state->outgoing_packet, &ch, 1);
553} 590}
554 591
555void 592void
556packet_put_int(u_int value) 593packet_put_int(u_int value)
557{ 594{
558 buffer_put_int(&outgoing_packet, value); 595 buffer_put_int(&active_state->outgoing_packet, value);
559} 596}
560 597
561void 598void
562packet_put_string(const void *buf, u_int len) 599packet_put_string(const void *buf, u_int len)
563{ 600{
564 buffer_put_string(&outgoing_packet, buf, len); 601 buffer_put_string(&active_state->outgoing_packet, buf, len);
565} 602}
566 603
567void 604void
568packet_put_cstring(const char *str) 605packet_put_cstring(const char *str)
569{ 606{
570 buffer_put_cstring(&outgoing_packet, str); 607 buffer_put_cstring(&active_state->outgoing_packet, str);
571} 608}
572 609
573void 610void
574packet_put_raw(const void *buf, u_int len) 611packet_put_raw(const void *buf, u_int len)
575{ 612{
576 buffer_append(&outgoing_packet, buf, len); 613 buffer_append(&active_state->outgoing_packet, buf, len);
577} 614}
578 615
579void 616void
580packet_put_bignum(BIGNUM * value) 617packet_put_bignum(BIGNUM * value)
581{ 618{
582 buffer_put_bignum(&outgoing_packet, value); 619 buffer_put_bignum(&active_state->outgoing_packet, value);
583} 620}
584 621
585void 622void
586packet_put_bignum2(BIGNUM * value) 623packet_put_bignum2(BIGNUM * value)
587{ 624{
588 buffer_put_bignum2(&outgoing_packet, value); 625 buffer_put_bignum2(&active_state->outgoing_packet, value);
589} 626}
590 627
591/* 628/*
@@ -605,24 +642,27 @@ packet_send1(void)
605 * If using packet compression, compress the payload of the outgoing 642 * If using packet compression, compress the payload of the outgoing
606 * packet. 643 * packet.
607 */ 644 */
608 if (packet_compression) { 645 if (active_state->packet_compression) {
609 buffer_clear(&compression_buffer); 646 buffer_clear(&active_state->compression_buffer);
610 /* Skip padding. */ 647 /* Skip padding. */
611 buffer_consume(&outgoing_packet, 8); 648 buffer_consume(&active_state->outgoing_packet, 8);
612 /* padding */ 649 /* padding */
613 buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8); 650 buffer_append(&active_state->compression_buffer,
614 buffer_compress(&outgoing_packet, &compression_buffer); 651 "\0\0\0\0\0\0\0\0", 8);
615 buffer_clear(&outgoing_packet); 652 buffer_compress(&active_state->outgoing_packet,
616 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 653 &active_state->compression_buffer);
617 buffer_len(&compression_buffer)); 654 buffer_clear(&active_state->outgoing_packet);
655 buffer_append(&active_state->outgoing_packet,
656 buffer_ptr(&active_state->compression_buffer),
657 buffer_len(&active_state->compression_buffer));
618 } 658 }
619 /* Compute packet length without padding (add checksum, remove padding). */ 659 /* Compute packet length without padding (add checksum, remove padding). */
620 len = buffer_len(&outgoing_packet) + 4 - 8; 660 len = buffer_len(&active_state->outgoing_packet) + 4 - 8;
621 661
622 /* Insert padding. Initialized to zero in packet_start1() */ 662 /* Insert padding. Initialized to zero in packet_start1() */
623 padding = 8 - len % 8; 663 padding = 8 - len % 8;
624 if (!send_context.plaintext) { 664 if (!active_state->send_context.plaintext) {
625 cp = buffer_ptr(&outgoing_packet); 665 cp = buffer_ptr(&active_state->outgoing_packet);
626 for (i = 0; i < padding; i++) { 666 for (i = 0; i < padding; i++) {
627 if (i % 4 == 0) 667 if (i % 4 == 0)
628 rnd = arc4random(); 668 rnd = arc4random();
@@ -630,33 +670,36 @@ packet_send1(void)
630 rnd >>= 8; 670 rnd >>= 8;
631 } 671 }
632 } 672 }
633 buffer_consume(&outgoing_packet, 8 - padding); 673 buffer_consume(&active_state->outgoing_packet, 8 - padding);
634 674
635 /* Add check bytes. */ 675 /* Add check bytes. */
636 checksum = ssh_crc32(buffer_ptr(&outgoing_packet), 676 checksum = ssh_crc32(buffer_ptr(&active_state->outgoing_packet),
637 buffer_len(&outgoing_packet)); 677 buffer_len(&active_state->outgoing_packet));
638 put_u32(buf, checksum); 678 put_u32(buf, checksum);
639 buffer_append(&outgoing_packet, buf, 4); 679 buffer_append(&active_state->outgoing_packet, buf, 4);
640 680
641#ifdef PACKET_DEBUG 681#ifdef PACKET_DEBUG
642 fprintf(stderr, "packet_send plain: "); 682 fprintf(stderr, "packet_send plain: ");
643 buffer_dump(&outgoing_packet); 683 buffer_dump(&active_state->outgoing_packet);
644#endif 684#endif
645 685
646 /* Append to output. */ 686 /* Append to output. */
647 put_u32(buf, len); 687 put_u32(buf, len);
648 buffer_append(&output, buf, 4); 688 buffer_append(&active_state->output, buf, 4);
649 cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); 689 cp = buffer_append_space(&active_state->output,
650 cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet), 690 buffer_len(&active_state->outgoing_packet));
651 buffer_len(&outgoing_packet)); 691 cipher_crypt(&active_state->send_context, cp,
692 buffer_ptr(&active_state->outgoing_packet),
693 buffer_len(&active_state->outgoing_packet));
652 694
653#ifdef PACKET_DEBUG 695#ifdef PACKET_DEBUG
654 fprintf(stderr, "encrypted: "); 696 fprintf(stderr, "encrypted: ");
655 buffer_dump(&output); 697 buffer_dump(&active_state->output);
656#endif 698#endif
657 p_send.packets++; 699 active_state->p_send.packets++;
658 p_send.bytes += len + buffer_len(&outgoing_packet); 700 active_state->p_send.bytes += len +
659 buffer_clear(&outgoing_packet); 701 buffer_len(&active_state->outgoing_packet);
702 buffer_clear(&active_state->outgoing_packet);
660 703
661 /* 704 /*
662 * Note that the packet is now only buffered in output. It won't be 705 * Note that the packet is now only buffered in output. It won't be
@@ -678,22 +721,22 @@ set_newkeys(int mode)
678 debug2("set_newkeys: mode %d", mode); 721 debug2("set_newkeys: mode %d", mode);
679 722
680 if (mode == MODE_OUT) { 723 if (mode == MODE_OUT) {
681 cc = &send_context; 724 cc = &active_state->send_context;
682 crypt_type = CIPHER_ENCRYPT; 725 crypt_type = CIPHER_ENCRYPT;
683 p_send.packets = p_send.blocks = 0; 726 active_state->p_send.packets = active_state->p_send.blocks = 0;
684 max_blocks = &max_blocks_out; 727 max_blocks = &active_state->max_blocks_out;
685 } else { 728 } else {
686 cc = &receive_context; 729 cc = &active_state->receive_context;
687 crypt_type = CIPHER_DECRYPT; 730 crypt_type = CIPHER_DECRYPT;
688 p_read.packets = p_read.blocks = 0; 731 active_state->p_read.packets = active_state->p_read.blocks = 0;
689 max_blocks = &max_blocks_in; 732 max_blocks = &active_state->max_blocks_in;
690 } 733 }
691 if (newkeys[mode] != NULL) { 734 if (active_state->newkeys[mode] != NULL) {
692 debug("set_newkeys: rekeying"); 735 debug("set_newkeys: rekeying");
693 cipher_cleanup(cc); 736 cipher_cleanup(cc);
694 enc = &newkeys[mode]->enc; 737 enc = &active_state->newkeys[mode]->enc;
695 mac = &newkeys[mode]->mac; 738 mac = &active_state->newkeys[mode]->mac;
696 comp = &newkeys[mode]->comp; 739 comp = &active_state->newkeys[mode]->comp;
697 mac_clear(mac); 740 mac_clear(mac);
698 xfree(enc->name); 741 xfree(enc->name);
699 xfree(enc->iv); 742 xfree(enc->iv);
@@ -701,14 +744,14 @@ set_newkeys(int mode)
701 xfree(mac->name); 744 xfree(mac->name);
702 xfree(mac->key); 745 xfree(mac->key);
703 xfree(comp->name); 746 xfree(comp->name);
704 xfree(newkeys[mode]); 747 xfree(active_state->newkeys[mode]);
705 } 748 }
706 newkeys[mode] = kex_get_newkeys(mode); 749 active_state->newkeys[mode] = kex_get_newkeys(mode);
707 if (newkeys[mode] == NULL) 750 if (active_state->newkeys[mode] == NULL)
708 fatal("newkeys: no keys for mode %d", mode); 751 fatal("newkeys: no keys for mode %d", mode);
709 enc = &newkeys[mode]->enc; 752 enc = &active_state->newkeys[mode]->enc;
710 mac = &newkeys[mode]->mac; 753 mac = &active_state->newkeys[mode]->mac;
711 comp = &newkeys[mode]->comp; 754 comp = &active_state->newkeys[mode]->comp;
712 if (mac_init(mac) == 0) 755 if (mac_init(mac) == 0)
713 mac->enabled = 1; 756 mac->enabled = 1;
714 DBG(debug("cipher_init_context: %d", mode)); 757 DBG(debug("cipher_init_context: %d", mode));
@@ -719,8 +762,8 @@ set_newkeys(int mode)
719 memset(enc->key, 0, enc->key_len); 762 memset(enc->key, 0, enc->key_len);
720 memset(mac->key, 0, mac->key_len); */ 763 memset(mac->key, 0, mac->key_len); */
721 if ((comp->type == COMP_ZLIB || 764 if ((comp->type == COMP_ZLIB ||
722 (comp->type == COMP_DELAYED && after_authentication)) && 765 (comp->type == COMP_DELAYED &&
723 comp->enabled == 0) { 766 active_state->after_authentication)) && comp->enabled == 0) {
724 packet_init_compression(); 767 packet_init_compression();
725 if (mode == MODE_OUT) 768 if (mode == MODE_OUT)
726 buffer_compress_init_send(6); 769 buffer_compress_init_send(6);
@@ -736,8 +779,9 @@ set_newkeys(int mode)
736 *max_blocks = (u_int64_t)1 << (enc->block_size*2); 779 *max_blocks = (u_int64_t)1 << (enc->block_size*2);
737 else 780 else
738 *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; 781 *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
739 if (rekey_limit) 782 if (active_state->rekey_limit)
740 *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size); 783 *max_blocks = MIN(*max_blocks,
784 active_state->rekey_limit / enc->block_size);
741} 785}
742 786
743/* 787/*
@@ -755,12 +799,12 @@ packet_enable_delayed_compress(void)
755 * Remember that we are past the authentication step, so rekeying 799 * Remember that we are past the authentication step, so rekeying
756 * with COMP_DELAYED will turn on compression immediately. 800 * with COMP_DELAYED will turn on compression immediately.
757 */ 801 */
758 after_authentication = 1; 802 active_state->after_authentication = 1;
759 for (mode = 0; mode < MODE_MAX; mode++) { 803 for (mode = 0; mode < MODE_MAX; mode++) {
760 /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ 804 /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
761 if (newkeys[mode] == NULL) 805 if (active_state->newkeys[mode] == NULL)
762 continue; 806 continue;
763 comp = &newkeys[mode]->comp; 807 comp = &active_state->newkeys[mode]->comp;
764 if (comp && !comp->enabled && comp->type == COMP_DELAYED) { 808 if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
765 packet_init_compression(); 809 packet_init_compression();
766 if (mode == MODE_OUT) 810 if (mode == MODE_OUT)
@@ -788,37 +832,39 @@ packet_send2_wrapped(void)
788 Comp *comp = NULL; 832 Comp *comp = NULL;
789 int block_size; 833 int block_size;
790 834
791 if (newkeys[MODE_OUT] != NULL) { 835 if (active_state->newkeys[MODE_OUT] != NULL) {
792 enc = &newkeys[MODE_OUT]->enc; 836 enc = &active_state->newkeys[MODE_OUT]->enc;
793 mac = &newkeys[MODE_OUT]->mac; 837 mac = &active_state->newkeys[MODE_OUT]->mac;
794 comp = &newkeys[MODE_OUT]->comp; 838 comp = &active_state->newkeys[MODE_OUT]->comp;
795 } 839 }
796 block_size = enc ? enc->block_size : 8; 840 block_size = enc ? enc->block_size : 8;
797 841
798 cp = buffer_ptr(&outgoing_packet); 842 cp = buffer_ptr(&active_state->outgoing_packet);
799 type = cp[5]; 843 type = cp[5];
800 844
801#ifdef PACKET_DEBUG 845#ifdef PACKET_DEBUG
802 fprintf(stderr, "plain: "); 846 fprintf(stderr, "plain: ");
803 buffer_dump(&outgoing_packet); 847 buffer_dump(&active_state->outgoing_packet);
804#endif 848#endif
805 849
806 if (comp && comp->enabled) { 850 if (comp && comp->enabled) {
807 len = buffer_len(&outgoing_packet); 851 len = buffer_len(&active_state->outgoing_packet);
808 /* skip header, compress only payload */ 852 /* skip header, compress only payload */
809 buffer_consume(&outgoing_packet, 5); 853 buffer_consume(&active_state->outgoing_packet, 5);
810 buffer_clear(&compression_buffer); 854 buffer_clear(&active_state->compression_buffer);
811 buffer_compress(&outgoing_packet, &compression_buffer); 855 buffer_compress(&active_state->outgoing_packet,
812 buffer_clear(&outgoing_packet); 856 &active_state->compression_buffer);
813 buffer_append(&outgoing_packet, "\0\0\0\0\0", 5); 857 buffer_clear(&active_state->outgoing_packet);
814 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 858 buffer_append(&active_state->outgoing_packet, "\0\0\0\0\0", 5);
815 buffer_len(&compression_buffer)); 859 buffer_append(&active_state->outgoing_packet,
860 buffer_ptr(&active_state->compression_buffer),
861 buffer_len(&active_state->compression_buffer));
816 DBG(debug("compression: raw %d compressed %d", len, 862 DBG(debug("compression: raw %d compressed %d", len,
817 buffer_len(&outgoing_packet))); 863 buffer_len(&active_state->outgoing_packet)));
818 } 864 }
819 865
820 /* sizeof (packet_len + pad_len + payload) */ 866 /* sizeof (packet_len + pad_len + payload) */
821 len = buffer_len(&outgoing_packet); 867 len = buffer_len(&active_state->outgoing_packet);
822 868
823 /* 869 /*
824 * calc size of padding, alloc space, get random data, 870 * calc size of padding, alloc space, get random data,
@@ -827,17 +873,19 @@ packet_send2_wrapped(void)
827 padlen = block_size - (len % block_size); 873 padlen = block_size - (len % block_size);
828 if (padlen < 4) 874 if (padlen < 4)
829 padlen += block_size; 875 padlen += block_size;
830 if (extra_pad) { 876 if (active_state->extra_pad) {
831 /* will wrap if extra_pad+padlen > 255 */ 877 /* will wrap if extra_pad+padlen > 255 */
832 extra_pad = roundup(extra_pad, block_size); 878 active_state->extra_pad =
833 pad = extra_pad - ((len + padlen) % extra_pad); 879 roundup(active_state->extra_pad, block_size);
880 pad = active_state->extra_pad -
881 ((len + padlen) % active_state->extra_pad);
834 debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)", 882 debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
835 pad, len, padlen, extra_pad); 883 pad, len, padlen, active_state->extra_pad);
836 padlen += pad; 884 padlen += pad;
837 extra_pad = 0; 885 active_state->extra_pad = 0;
838 } 886 }
839 cp = buffer_append_space(&outgoing_packet, padlen); 887 cp = buffer_append_space(&active_state->outgoing_packet, padlen);
840 if (enc && !send_context.plaintext) { 888 if (enc && !active_state->send_context.plaintext) {
841 /* random padding */ 889 /* random padding */
842 for (i = 0; i < padlen; i++) { 890 for (i = 0; i < padlen; i++) {
843 if (i % 4 == 0) 891 if (i % 4 == 0)
@@ -850,43 +898,45 @@ packet_send2_wrapped(void)
850 memset(cp, 0, padlen); 898 memset(cp, 0, padlen);
851 } 899 }
852 /* packet_length includes payload, padding and padding length field */ 900 /* packet_length includes payload, padding and padding length field */
853 packet_length = buffer_len(&outgoing_packet) - 4; 901 packet_length = buffer_len(&active_state->outgoing_packet) - 4;
854 cp = buffer_ptr(&outgoing_packet); 902 cp = buffer_ptr(&active_state->outgoing_packet);
855 put_u32(cp, packet_length); 903 put_u32(cp, packet_length);
856 cp[4] = padlen; 904 cp[4] = padlen;
857 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 905 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
858 906
859 /* compute MAC over seqnr and packet(length fields, payload, padding) */ 907 /* compute MAC over seqnr and packet(length fields, payload, padding) */
860 if (mac && mac->enabled) { 908 if (mac && mac->enabled) {
861 macbuf = mac_compute(mac, p_send.seqnr, 909 macbuf = mac_compute(mac, active_state->p_send.seqnr,
862 buffer_ptr(&outgoing_packet), 910 buffer_ptr(&active_state->outgoing_packet),
863 buffer_len(&outgoing_packet)); 911 buffer_len(&active_state->outgoing_packet));
864 DBG(debug("done calc MAC out #%d", p_send.seqnr)); 912 DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr));
865 } 913 }
866 /* encrypt packet and append to output buffer. */ 914 /* encrypt packet and append to output buffer. */
867 cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); 915 cp = buffer_append_space(&active_state->output,
868 cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet), 916 buffer_len(&active_state->outgoing_packet));
869 buffer_len(&outgoing_packet)); 917 cipher_crypt(&active_state->send_context, cp,
918 buffer_ptr(&active_state->outgoing_packet),
919 buffer_len(&active_state->outgoing_packet));
870 /* append unencrypted MAC */ 920 /* append unencrypted MAC */
871 if (mac && mac->enabled) 921 if (mac && mac->enabled)
872 buffer_append(&output, macbuf, mac->mac_len); 922 buffer_append(&active_state->output, macbuf, mac->mac_len);
873#ifdef PACKET_DEBUG 923#ifdef PACKET_DEBUG
874 fprintf(stderr, "encrypted: "); 924 fprintf(stderr, "encrypted: ");
875 buffer_dump(&output); 925 buffer_dump(&active_state->output);
876#endif 926#endif
877 /* increment sequence number for outgoing packets */ 927 /* increment sequence number for outgoing packets */
878 if (++p_send.seqnr == 0) 928 if (++active_state->p_send.seqnr == 0)
879 logit("outgoing seqnr wraps around"); 929 logit("outgoing seqnr wraps around");
880 if (++p_send.packets == 0) 930 if (++active_state->p_send.packets == 0)
881 if (!(datafellows & SSH_BUG_NOREKEY)) 931 if (!(datafellows & SSH_BUG_NOREKEY))
882 fatal("XXX too many packets with same key"); 932 fatal("XXX too many packets with same key");
883 p_send.blocks += (packet_length + 4) / block_size; 933 active_state->p_send.blocks += (packet_length + 4) / block_size;
884 p_send.bytes += packet_length + 4; 934 active_state->p_send.bytes += packet_length + 4;
885 buffer_clear(&outgoing_packet); 935 buffer_clear(&active_state->outgoing_packet);
886 936
887 if (type == SSH2_MSG_NEWKEYS) 937 if (type == SSH2_MSG_NEWKEYS)
888 set_newkeys(MODE_OUT); 938 set_newkeys(MODE_OUT);
889 else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) 939 else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
890 packet_enable_delayed_compress(); 940 packet_enable_delayed_compress();
891} 941}
892 942
@@ -897,7 +947,7 @@ packet_send2(void)
897 struct packet *p; 947 struct packet *p;
898 u_char type, *cp; 948 u_char type, *cp;
899 949
900 cp = buffer_ptr(&outgoing_packet); 950 cp = buffer_ptr(&active_state->outgoing_packet);
901 type = cp[5]; 951 type = cp[5];
902 952
903 /* during rekeying we can only send key exchange messages */ 953 /* during rekeying we can only send key exchange messages */
@@ -907,9 +957,10 @@ packet_send2(void)
907 debug("enqueue packet: %u", type); 957 debug("enqueue packet: %u", type);
908 p = xmalloc(sizeof(*p)); 958 p = xmalloc(sizeof(*p));
909 p->type = type; 959 p->type = type;
910 memcpy(&p->payload, &outgoing_packet, sizeof(Buffer)); 960 memcpy(&p->payload, &active_state->outgoing_packet,
911 buffer_init(&outgoing_packet); 961 sizeof(Buffer));
912 TAILQ_INSERT_TAIL(&outgoing, p, next); 962 buffer_init(&active_state->outgoing_packet);
963 TAILQ_INSERT_TAIL(&active_state->outgoing, p, next);
913 return; 964 return;
914 } 965 }
915 } 966 }
@@ -923,13 +974,13 @@ packet_send2(void)
923 /* after a NEWKEYS message we can send the complete queue */ 974 /* after a NEWKEYS message we can send the complete queue */
924 if (type == SSH2_MSG_NEWKEYS) { 975 if (type == SSH2_MSG_NEWKEYS) {
925 rekeying = 0; 976 rekeying = 0;
926 while ((p = TAILQ_FIRST(&outgoing))) { 977 while ((p = TAILQ_FIRST(&active_state->outgoing))) {
927 type = p->type; 978 type = p->type;
928 debug("dequeue packet: %u", type); 979 debug("dequeue packet: %u", type);
929 buffer_free(&outgoing_packet); 980 buffer_free(&active_state->outgoing_packet);
930 memcpy(&outgoing_packet, &p->payload, 981 memcpy(&active_state->outgoing_packet, &p->payload,
931 sizeof(Buffer)); 982 sizeof(Buffer));
932 TAILQ_REMOVE(&outgoing, p, next); 983 TAILQ_REMOVE(&active_state->outgoing, p, next);
933 xfree(p); 984 xfree(p);
934 packet_send2_wrapped(); 985 packet_send2_wrapped();
935 } 986 }
@@ -962,8 +1013,8 @@ packet_read_seqnr(u_int32_t *seqnr_p)
962 1013
963 DBG(debug("packet_read()")); 1014 DBG(debug("packet_read()"));
964 1015
965 setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), 1016 setp = (fd_set *)xcalloc(howmany(active_state->connection_in + 1,
966 sizeof(fd_mask)); 1017 NFDBITS), sizeof(fd_mask));
967 1018
968 /* Since we are blocking, ensure that all written packets have been sent. */ 1019 /* Since we are blocking, ensure that all written packets have been sent. */
969 packet_write_wait(); 1020 packet_write_wait();
@@ -987,27 +1038,27 @@ packet_read_seqnr(u_int32_t *seqnr_p)
987 * Otherwise, wait for some data to arrive, add it to the 1038 * Otherwise, wait for some data to arrive, add it to the
988 * buffer, and try again. 1039 * buffer, and try again.
989 */ 1040 */
990 memset(setp, 0, howmany(connection_in + 1, NFDBITS) * 1041 memset(setp, 0, howmany(active_state->connection_in + 1,
991 sizeof(fd_mask)); 1042 NFDBITS) * sizeof(fd_mask));
992 FD_SET(connection_in, setp); 1043 FD_SET(active_state->connection_in, setp);
993 1044
994 if (packet_timeout_ms > 0) { 1045 if (active_state->packet_timeout_ms > 0) {
995 ms_remain = packet_timeout_ms; 1046 ms_remain = active_state->packet_timeout_ms;
996 timeoutp = &timeout; 1047 timeoutp = &timeout;
997 } 1048 }
998 /* Wait for some data to arrive. */ 1049 /* Wait for some data to arrive. */
999 for (;;) { 1050 for (;;) {
1000 if (packet_timeout_ms != -1) { 1051 if (active_state->packet_timeout_ms != -1) {
1001 ms_to_timeval(&timeout, ms_remain); 1052 ms_to_timeval(&timeout, ms_remain);
1002 gettimeofday(&start, NULL); 1053 gettimeofday(&start, NULL);
1003 } 1054 }
1004 if ((ret = select(connection_in + 1, setp, NULL, 1055 if ((ret = select(active_state->connection_in + 1, setp,
1005 NULL, timeoutp)) >= 0) 1056 NULL, NULL, timeoutp)) >= 0)
1006 break; 1057 break;
1007 if (errno != EAGAIN && errno != EINTR && 1058 if (errno != EAGAIN && errno != EINTR &&
1008 errno != EWOULDBLOCK) 1059 errno != EWOULDBLOCK)
1009 break; 1060 break;
1010 if (packet_timeout_ms == -1) 1061 if (active_state->packet_timeout_ms == -1)
1011 continue; 1062 continue;
1012 ms_subtract_diff(&start, &ms_remain); 1063 ms_subtract_diff(&start, &ms_remain);
1013 if (ms_remain <= 0) { 1064 if (ms_remain <= 0) {
@@ -1021,7 +1072,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
1021 cleanup_exit(255); 1072 cleanup_exit(255);
1022 } 1073 }
1023 /* Read data from the socket. */ 1074 /* Read data from the socket. */
1024 len = read(connection_in, buf, sizeof(buf)); 1075 len = read(active_state->connection_in, buf, sizeof(buf));
1025 if (len == 0) { 1076 if (len == 0) {
1026 logit("Connection closed by %.200s", get_remote_ipaddr()); 1077 logit("Connection closed by %.200s", get_remote_ipaddr());
1027 cleanup_exit(255); 1078 cleanup_exit(255);
@@ -1073,31 +1124,32 @@ packet_read_poll1(void)
1073 u_int checksum, stored_checksum; 1124 u_int checksum, stored_checksum;
1074 1125
1075 /* Check if input size is less than minimum packet size. */ 1126 /* Check if input size is less than minimum packet size. */
1076 if (buffer_len(&input) < 4 + 8) 1127 if (buffer_len(&active_state->input) < 4 + 8)
1077 return SSH_MSG_NONE; 1128 return SSH_MSG_NONE;
1078 /* Get length of incoming packet. */ 1129 /* Get length of incoming packet. */
1079 cp = buffer_ptr(&input); 1130 cp = buffer_ptr(&active_state->input);
1080 len = get_u32(cp); 1131 len = get_u32(cp);
1081 if (len < 1 + 2 + 2 || len > 256 * 1024) 1132 if (len < 1 + 2 + 2 || len > 256 * 1024)
1082 packet_disconnect("Bad packet length %u.", len); 1133 packet_disconnect("Bad packet length %u.", len);
1083 padded_len = (len + 8) & ~7; 1134 padded_len = (len + 8) & ~7;
1084 1135
1085 /* Check if the packet has been entirely received. */ 1136 /* Check if the packet has been entirely received. */
1086 if (buffer_len(&input) < 4 + padded_len) 1137 if (buffer_len(&active_state->input) < 4 + padded_len)
1087 return SSH_MSG_NONE; 1138 return SSH_MSG_NONE;
1088 1139
1089 /* The entire packet is in buffer. */ 1140 /* The entire packet is in buffer. */
1090 1141
1091 /* Consume packet length. */ 1142 /* Consume packet length. */
1092 buffer_consume(&input, 4); 1143 buffer_consume(&active_state->input, 4);
1093 1144
1094 /* 1145 /*
1095 * Cryptographic attack detector for ssh 1146 * Cryptographic attack detector for ssh
1096 * (C)1998 CORE-SDI, Buenos Aires Argentina 1147 * (C)1998 CORE-SDI, Buenos Aires Argentina
1097 * Ariel Futoransky(futo@core-sdi.com) 1148 * Ariel Futoransky(futo@core-sdi.com)
1098 */ 1149 */
1099 if (!receive_context.plaintext) { 1150 if (!active_state->receive_context.plaintext) {
1100 switch (detect_attack(buffer_ptr(&input), padded_len)) { 1151 switch (detect_attack(buffer_ptr(&active_state->input),
1152 padded_len)) {
1101 case DEATTACK_DETECTED: 1153 case DEATTACK_DETECTED:
1102 packet_disconnect("crc32 compensation attack: " 1154 packet_disconnect("crc32 compensation attack: "
1103 "network attack detected"); 1155 "network attack detected");
@@ -1108,45 +1160,48 @@ packet_read_poll1(void)
1108 } 1160 }
1109 1161
1110 /* Decrypt data to incoming_packet. */ 1162 /* Decrypt data to incoming_packet. */
1111 buffer_clear(&incoming_packet); 1163 buffer_clear(&active_state->incoming_packet);
1112 cp = buffer_append_space(&incoming_packet, padded_len); 1164 cp = buffer_append_space(&active_state->incoming_packet, padded_len);
1113 cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len); 1165 cipher_crypt(&active_state->receive_context, cp,
1166 buffer_ptr(&active_state->input), padded_len);
1114 1167
1115 buffer_consume(&input, padded_len); 1168 buffer_consume(&active_state->input, padded_len);
1116 1169
1117#ifdef PACKET_DEBUG 1170#ifdef PACKET_DEBUG
1118 fprintf(stderr, "read_poll plain: "); 1171 fprintf(stderr, "read_poll plain: ");
1119 buffer_dump(&incoming_packet); 1172 buffer_dump(&active_state->incoming_packet);
1120#endif 1173#endif
1121 1174
1122 /* Compute packet checksum. */ 1175 /* Compute packet checksum. */
1123 checksum = ssh_crc32(buffer_ptr(&incoming_packet), 1176 checksum = ssh_crc32(buffer_ptr(&active_state->incoming_packet),
1124 buffer_len(&incoming_packet) - 4); 1177 buffer_len(&active_state->incoming_packet) - 4);
1125 1178
1126 /* Skip padding. */ 1179 /* Skip padding. */
1127 buffer_consume(&incoming_packet, 8 - len % 8); 1180 buffer_consume(&active_state->incoming_packet, 8 - len % 8);
1128 1181
1129 /* Test check bytes. */ 1182 /* Test check bytes. */
1130 if (len != buffer_len(&incoming_packet)) 1183 if (len != buffer_len(&active_state->incoming_packet))
1131 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.", 1184 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1132 len, buffer_len(&incoming_packet)); 1185 len, buffer_len(&active_state->incoming_packet));
1133 1186
1134 cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4; 1187 cp = (u_char *)buffer_ptr(&active_state->incoming_packet) + len - 4;
1135 stored_checksum = get_u32(cp); 1188 stored_checksum = get_u32(cp);
1136 if (checksum != stored_checksum) 1189 if (checksum != stored_checksum)
1137 packet_disconnect("Corrupted check bytes on input."); 1190 packet_disconnect("Corrupted check bytes on input.");
1138 buffer_consume_end(&incoming_packet, 4); 1191 buffer_consume_end(&active_state->incoming_packet, 4);
1139 1192
1140 if (packet_compression) { 1193 if (active_state->packet_compression) {
1141 buffer_clear(&compression_buffer); 1194 buffer_clear(&active_state->compression_buffer);
1142 buffer_uncompress(&incoming_packet, &compression_buffer); 1195 buffer_uncompress(&active_state->incoming_packet,
1143 buffer_clear(&incoming_packet); 1196 &active_state->compression_buffer);
1144 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 1197 buffer_clear(&active_state->incoming_packet);
1145 buffer_len(&compression_buffer)); 1198 buffer_append(&active_state->incoming_packet,
1199 buffer_ptr(&active_state->compression_buffer),
1200 buffer_len(&active_state->compression_buffer));
1146 } 1201 }
1147 p_read.packets++; 1202 active_state->p_read.packets++;
1148 p_read.bytes += padded_len + 4; 1203 active_state->p_read.bytes += padded_len + 4;
1149 type = buffer_get_char(&incoming_packet); 1204 type = buffer_get_char(&active_state->incoming_packet);
1150 if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) 1205 if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
1151 packet_disconnect("Invalid ssh1 packet type: %d", type); 1206 packet_disconnect("Invalid ssh1 packet type: %d", type);
1152 return type; 1207 return type;
@@ -1155,7 +1210,6 @@ packet_read_poll1(void)
1155static int 1210static int
1156packet_read_poll2(u_int32_t *seqnr_p) 1211packet_read_poll2(u_int32_t *seqnr_p)
1157{ 1212{
1158 static u_int packet_length = 0;
1159 u_int padlen, need; 1213 u_int padlen, need;
1160 u_char *macbuf, *cp, type; 1214 u_char *macbuf, *cp, type;
1161 u_int maclen, block_size; 1215 u_int maclen, block_size;
@@ -1163,50 +1217,52 @@ packet_read_poll2(u_int32_t *seqnr_p)
1163 Mac *mac = NULL; 1217 Mac *mac = NULL;
1164 Comp *comp = NULL; 1218 Comp *comp = NULL;
1165 1219
1166 if (packet_discard) 1220 if (active_state->packet_discard)
1167 return SSH_MSG_NONE; 1221 return SSH_MSG_NONE;
1168 1222
1169 if (newkeys[MODE_IN] != NULL) { 1223 if (active_state->newkeys[MODE_IN] != NULL) {
1170 enc = &newkeys[MODE_IN]->enc; 1224 enc = &active_state->newkeys[MODE_IN]->enc;
1171 mac = &newkeys[MODE_IN]->mac; 1225 mac = &active_state->newkeys[MODE_IN]->mac;
1172 comp = &newkeys[MODE_IN]->comp; 1226 comp = &active_state->newkeys[MODE_IN]->comp;
1173 } 1227 }
1174 maclen = mac && mac->enabled ? mac->mac_len : 0; 1228 maclen = mac && mac->enabled ? mac->mac_len : 0;
1175 block_size = enc ? enc->block_size : 8; 1229 block_size = enc ? enc->block_size : 8;
1176 1230
1177 if (packet_length == 0) { 1231 if (active_state->packlen == 0) {
1178 /* 1232 /*
1179 * check if input size is less than the cipher block size, 1233 * check if input size is less than the cipher block size,
1180 * decrypt first block and extract length of incoming packet 1234 * decrypt first block and extract length of incoming packet
1181 */ 1235 */
1182 if (buffer_len(&input) < block_size) 1236 if (buffer_len(&active_state->input) < block_size)
1183 return SSH_MSG_NONE; 1237 return SSH_MSG_NONE;
1184 buffer_clear(&incoming_packet); 1238 buffer_clear(&active_state->incoming_packet);
1185 cp = buffer_append_space(&incoming_packet, block_size); 1239 cp = buffer_append_space(&active_state->incoming_packet,
1186 cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1187 block_size); 1240 block_size);
1188 cp = buffer_ptr(&incoming_packet); 1241 cipher_crypt(&active_state->receive_context, cp,
1189 packet_length = get_u32(cp); 1242 buffer_ptr(&active_state->input), block_size);
1190 if (packet_length < 1 + 4 || packet_length > PACKET_MAX_SIZE) { 1243 cp = buffer_ptr(&active_state->incoming_packet);
1244 active_state->packlen = get_u32(cp);
1245 if (active_state->packlen < 1 + 4 ||
1246 active_state->packlen > PACKET_MAX_SIZE) {
1191#ifdef PACKET_DEBUG 1247#ifdef PACKET_DEBUG
1192 buffer_dump(&incoming_packet); 1248 buffer_dump(&active_state->incoming_packet);
1193#endif 1249#endif
1194 logit("Bad packet length %u.", packet_length); 1250 logit("Bad packet length %u.", active_state->packlen);
1195 packet_start_discard(enc, mac, packet_length, 1251 packet_start_discard(enc, mac, active_state->packlen,
1196 PACKET_MAX_SIZE); 1252 PACKET_MAX_SIZE);
1197 return SSH_MSG_NONE; 1253 return SSH_MSG_NONE;
1198 } 1254 }
1199 DBG(debug("input: packet len %u", packet_length+4)); 1255 DBG(debug("input: packet len %u", active_state->packlen+4));
1200 buffer_consume(&input, block_size); 1256 buffer_consume(&active_state->input, block_size);
1201 } 1257 }
1202 /* we have a partial packet of block_size bytes */ 1258 /* we have a partial packet of block_size bytes */
1203 need = 4 + packet_length - block_size; 1259 need = 4 + active_state->packlen - block_size;
1204 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 1260 DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1205 need, maclen)); 1261 need, maclen));
1206 if (need % block_size != 0) { 1262 if (need % block_size != 0) {
1207 logit("padding error: need %d block %d mod %d", 1263 logit("padding error: need %d block %d mod %d",
1208 need, block_size, need % block_size); 1264 need, block_size, need % block_size);
1209 packet_start_discard(enc, mac, packet_length, 1265 packet_start_discard(enc, mac, active_state->packlen,
1210 PACKET_MAX_SIZE - block_size); 1266 PACKET_MAX_SIZE - block_size);
1211 return SSH_MSG_NONE; 1267 return SSH_MSG_NONE;
1212 } 1268 }
@@ -1214,84 +1270,90 @@ packet_read_poll2(u_int32_t *seqnr_p)
1214 * check if the entire packet has been received and 1270 * check if the entire packet has been received and
1215 * decrypt into incoming_packet 1271 * decrypt into incoming_packet
1216 */ 1272 */
1217 if (buffer_len(&input) < need + maclen) 1273 if (buffer_len(&active_state->input) < need + maclen)
1218 return SSH_MSG_NONE; 1274 return SSH_MSG_NONE;
1219#ifdef PACKET_DEBUG 1275#ifdef PACKET_DEBUG
1220 fprintf(stderr, "read_poll enc/full: "); 1276 fprintf(stderr, "read_poll enc/full: ");
1221 buffer_dump(&input); 1277 buffer_dump(&active_state->input);
1222#endif 1278#endif
1223 cp = buffer_append_space(&incoming_packet, need); 1279 cp = buffer_append_space(&active_state->incoming_packet, need);
1224 cipher_crypt(&receive_context, cp, buffer_ptr(&input), need); 1280 cipher_crypt(&active_state->receive_context, cp,
1225 buffer_consume(&input, need); 1281 buffer_ptr(&active_state->input), need);
1282 buffer_consume(&active_state->input, need);
1226 /* 1283 /*
1227 * compute MAC over seqnr and packet, 1284 * compute MAC over seqnr and packet,
1228 * increment sequence number for incoming packet 1285 * increment sequence number for incoming packet
1229 */ 1286 */
1230 if (mac && mac->enabled) { 1287 if (mac && mac->enabled) {
1231 macbuf = mac_compute(mac, p_read.seqnr, 1288 macbuf = mac_compute(mac, active_state->p_read.seqnr,
1232 buffer_ptr(&incoming_packet), 1289 buffer_ptr(&active_state->incoming_packet),
1233 buffer_len(&incoming_packet)); 1290 buffer_len(&active_state->incoming_packet));
1234 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) { 1291 if (memcmp(macbuf, buffer_ptr(&active_state->input),
1292 mac->mac_len) != 0) {
1235 logit("Corrupted MAC on input."); 1293 logit("Corrupted MAC on input.");
1236 if (need > PACKET_MAX_SIZE) 1294 if (need > PACKET_MAX_SIZE)
1237 fatal("internal error need %d", need); 1295 fatal("internal error need %d", need);
1238 packet_start_discard(enc, mac, packet_length, 1296 packet_start_discard(enc, mac, active_state->packlen,
1239 PACKET_MAX_SIZE - need); 1297 PACKET_MAX_SIZE - need);
1240 return SSH_MSG_NONE; 1298 return SSH_MSG_NONE;
1241 } 1299 }
1242 1300
1243 DBG(debug("MAC #%d ok", p_read.seqnr)); 1301 DBG(debug("MAC #%d ok", active_state->p_read.seqnr));
1244 buffer_consume(&input, mac->mac_len); 1302 buffer_consume(&active_state->input, mac->mac_len);
1245 } 1303 }
1246 /* XXX now it's safe to use fatal/packet_disconnect */ 1304 /* XXX now it's safe to use fatal/packet_disconnect */
1247 if (seqnr_p != NULL) 1305 if (seqnr_p != NULL)
1248 *seqnr_p = p_read.seqnr; 1306 *seqnr_p = active_state->p_read.seqnr;
1249 if (++p_read.seqnr == 0) 1307 if (++active_state->p_read.seqnr == 0)
1250 logit("incoming seqnr wraps around"); 1308 logit("incoming seqnr wraps around");
1251 if (++p_read.packets == 0) 1309 if (++active_state->p_read.packets == 0)
1252 if (!(datafellows & SSH_BUG_NOREKEY)) 1310 if (!(datafellows & SSH_BUG_NOREKEY))
1253 fatal("XXX too many packets with same key"); 1311 fatal("XXX too many packets with same key");
1254 p_read.blocks += (packet_length + 4) / block_size; 1312 active_state->p_read.blocks += (active_state->packlen + 4) / block_size;
1255 p_read.bytes += packet_length + 4; 1313 active_state->p_read.bytes += active_state->packlen + 4;
1256 1314
1257 /* get padlen */ 1315 /* get padlen */
1258 cp = buffer_ptr(&incoming_packet); 1316 cp = buffer_ptr(&active_state->incoming_packet);
1259 padlen = cp[4]; 1317 padlen = cp[4];
1260 DBG(debug("input: padlen %d", padlen)); 1318 DBG(debug("input: padlen %d", padlen));
1261 if (padlen < 4) 1319 if (padlen < 4)
1262 packet_disconnect("Corrupted padlen %d on input.", padlen); 1320 packet_disconnect("Corrupted padlen %d on input.", padlen);
1263 1321
1264 /* skip packet size + padlen, discard padding */ 1322 /* skip packet size + padlen, discard padding */
1265 buffer_consume(&incoming_packet, 4 + 1); 1323 buffer_consume(&active_state->incoming_packet, 4 + 1);
1266 buffer_consume_end(&incoming_packet, padlen); 1324 buffer_consume_end(&active_state->incoming_packet, padlen);
1267 1325
1268 DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet))); 1326 DBG(debug("input: len before de-compress %d",
1327 buffer_len(&active_state->incoming_packet)));
1269 if (comp && comp->enabled) { 1328 if (comp && comp->enabled) {
1270 buffer_clear(&compression_buffer); 1329 buffer_clear(&active_state->compression_buffer);
1271 buffer_uncompress(&incoming_packet, &compression_buffer); 1330 buffer_uncompress(&active_state->incoming_packet,
1272 buffer_clear(&incoming_packet); 1331 &active_state->compression_buffer);
1273 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 1332 buffer_clear(&active_state->incoming_packet);
1274 buffer_len(&compression_buffer)); 1333 buffer_append(&active_state->incoming_packet,
1334 buffer_ptr(&active_state->compression_buffer),
1335 buffer_len(&active_state->compression_buffer));
1275 DBG(debug("input: len after de-compress %d", 1336 DBG(debug("input: len after de-compress %d",
1276 buffer_len(&incoming_packet))); 1337 buffer_len(&active_state->incoming_packet)));
1277 } 1338 }
1278 /* 1339 /*
1279 * get packet type, implies consume. 1340 * get packet type, implies consume.
1280 * return length of payload (without type field) 1341 * return length of payload (without type field)
1281 */ 1342 */
1282 type = buffer_get_char(&incoming_packet); 1343 type = buffer_get_char(&active_state->incoming_packet);
1283 if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) 1344 if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
1284 packet_disconnect("Invalid ssh2 packet type: %d", type); 1345 packet_disconnect("Invalid ssh2 packet type: %d", type);
1285 if (type == SSH2_MSG_NEWKEYS) 1346 if (type == SSH2_MSG_NEWKEYS)
1286 set_newkeys(MODE_IN); 1347 set_newkeys(MODE_IN);
1287 else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) 1348 else if (type == SSH2_MSG_USERAUTH_SUCCESS &&
1349 !active_state->server_side)
1288 packet_enable_delayed_compress(); 1350 packet_enable_delayed_compress();
1289#ifdef PACKET_DEBUG 1351#ifdef PACKET_DEBUG
1290 fprintf(stderr, "read/plain[%d]:\r\n", type); 1352 fprintf(stderr, "read/plain[%d]:\r\n", type);
1291 buffer_dump(&incoming_packet); 1353 buffer_dump(&active_state->incoming_packet);
1292#endif 1354#endif
1293 /* reset for next packet */ 1355 /* reset for next packet */
1294 packet_length = 0; 1356 active_state->packlen = 0;
1295 return type; 1357 return type;
1296} 1358}
1297 1359
@@ -1306,7 +1368,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1306 if (compat20) { 1368 if (compat20) {
1307 type = packet_read_poll2(seqnr_p); 1369 type = packet_read_poll2(seqnr_p);
1308 if (type) { 1370 if (type) {
1309 keep_alive_timeouts = 0; 1371 active_state->keep_alive_timeouts = 0;
1310 DBG(debug("received packet type %d", type)); 1372 DBG(debug("received packet type %d", type));
1311 } 1373 }
1312 switch (type) { 1374 switch (type) {
@@ -1376,14 +1438,14 @@ packet_read_poll(void)
1376void 1438void
1377packet_process_incoming(const char *buf, u_int len) 1439packet_process_incoming(const char *buf, u_int len)
1378{ 1440{
1379 if (packet_discard) { 1441 if (active_state->packet_discard) {
1380 keep_alive_timeouts = 0; /* ?? */ 1442 active_state->keep_alive_timeouts = 0; /* ?? */
1381 if (len >= packet_discard) 1443 if (len >= active_state->packet_discard)
1382 packet_stop_discard(); 1444 packet_stop_discard();
1383 packet_discard -= len; 1445 active_state->packet_discard -= len;
1384 return; 1446 return;
1385 } 1447 }
1386 buffer_append(&input, buf, len); 1448 buffer_append(&active_state->input, buf, len);
1387} 1449}
1388 1450
1389/* Returns a character from the packet. */ 1451/* Returns a character from the packet. */
@@ -1393,7 +1455,7 @@ packet_get_char(void)
1393{ 1455{
1394 char ch; 1456 char ch;
1395 1457
1396 buffer_get(&incoming_packet, &ch, 1); 1458 buffer_get(&active_state->incoming_packet, &ch, 1);
1397 return (u_char) ch; 1459 return (u_char) ch;
1398} 1460}
1399 1461
@@ -1402,7 +1464,7 @@ packet_get_char(void)
1402u_int 1464u_int
1403packet_get_int(void) 1465packet_get_int(void)
1404{ 1466{
1405 return buffer_get_int(&incoming_packet); 1467 return buffer_get_int(&active_state->incoming_packet);
1406} 1468}
1407 1469
1408/* 1470/*
@@ -1413,29 +1475,29 @@ packet_get_int(void)
1413void 1475void
1414packet_get_bignum(BIGNUM * value) 1476packet_get_bignum(BIGNUM * value)
1415{ 1477{
1416 buffer_get_bignum(&incoming_packet, value); 1478 buffer_get_bignum(&active_state->incoming_packet, value);
1417} 1479}
1418 1480
1419void 1481void
1420packet_get_bignum2(BIGNUM * value) 1482packet_get_bignum2(BIGNUM * value)
1421{ 1483{
1422 buffer_get_bignum2(&incoming_packet, value); 1484 buffer_get_bignum2(&active_state->incoming_packet, value);
1423} 1485}
1424 1486
1425void * 1487void *
1426packet_get_raw(u_int *length_ptr) 1488packet_get_raw(u_int *length_ptr)
1427{ 1489{
1428 u_int bytes = buffer_len(&incoming_packet); 1490 u_int bytes = buffer_len(&active_state->incoming_packet);
1429 1491
1430 if (length_ptr != NULL) 1492 if (length_ptr != NULL)
1431 *length_ptr = bytes; 1493 *length_ptr = bytes;
1432 return buffer_ptr(&incoming_packet); 1494 return buffer_ptr(&active_state->incoming_packet);
1433} 1495}
1434 1496
1435int 1497int
1436packet_remaining(void) 1498packet_remaining(void)
1437{ 1499{
1438 return buffer_len(&incoming_packet); 1500 return buffer_len(&active_state->incoming_packet);
1439} 1501}
1440 1502
1441/* 1503/*
@@ -1448,13 +1510,13 @@ packet_remaining(void)
1448void * 1510void *
1449packet_get_string(u_int *length_ptr) 1511packet_get_string(u_int *length_ptr)
1450{ 1512{
1451 return buffer_get_string(&incoming_packet, length_ptr); 1513 return buffer_get_string(&active_state->incoming_packet, length_ptr);
1452} 1514}
1453 1515
1454void * 1516void *
1455packet_get_string_ptr(u_int *length_ptr) 1517packet_get_string_ptr(u_int *length_ptr)
1456{ 1518{
1457 return buffer_get_string_ptr(&incoming_packet, length_ptr); 1519 return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr);
1458} 1520}
1459 1521
1460/* 1522/*
@@ -1547,10 +1609,11 @@ packet_disconnect(const char *fmt,...)
1547void 1609void
1548packet_write_poll(void) 1610packet_write_poll(void)
1549{ 1611{
1550 int len = buffer_len(&output); 1612 int len = buffer_len(&active_state->output);
1551 1613
1552 if (len > 0) { 1614 if (len > 0) {
1553 len = write(connection_out, buffer_ptr(&output), len); 1615 len = write(active_state->connection_out,
1616 buffer_ptr(&active_state->output), len);
1554 if (len == -1) { 1617 if (len == -1) {
1555 if (errno == EINTR || errno == EAGAIN || 1618 if (errno == EINTR || errno == EAGAIN ||
1556 errno == EWOULDBLOCK) 1619 errno == EWOULDBLOCK)
@@ -1559,7 +1622,7 @@ packet_write_poll(void)
1559 } 1622 }
1560 if (len == 0) 1623 if (len == 0)
1561 fatal("Write connection closed"); 1624 fatal("Write connection closed");
1562 buffer_consume(&output, len); 1625 buffer_consume(&active_state->output, len);
1563 } 1626 }
1564} 1627}
1565 1628
@@ -1576,30 +1639,30 @@ packet_write_wait(void)
1576 int ret, ms_remain; 1639 int ret, ms_remain;
1577 struct timeval start, timeout, *timeoutp = NULL; 1640 struct timeval start, timeout, *timeoutp = NULL;
1578 1641
1579 setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), 1642 setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
1580 sizeof(fd_mask)); 1643 NFDBITS), sizeof(fd_mask));
1581 packet_write_poll(); 1644 packet_write_poll();
1582 while (packet_have_data_to_write()) { 1645 while (packet_have_data_to_write()) {
1583 memset(setp, 0, howmany(connection_out + 1, NFDBITS) * 1646 memset(setp, 0, howmany(active_state->connection_out + 1,
1584 sizeof(fd_mask)); 1647 NFDBITS) * sizeof(fd_mask));
1585 FD_SET(connection_out, setp); 1648 FD_SET(active_state->connection_out, setp);
1586 1649
1587 if (packet_timeout_ms > 0) { 1650 if (active_state->packet_timeout_ms > 0) {
1588 ms_remain = packet_timeout_ms; 1651 ms_remain = active_state->packet_timeout_ms;
1589 timeoutp = &timeout; 1652 timeoutp = &timeout;
1590 } 1653 }
1591 for (;;) { 1654 for (;;) {
1592 if (packet_timeout_ms != -1) { 1655 if (active_state->packet_timeout_ms != -1) {
1593 ms_to_timeval(&timeout, ms_remain); 1656 ms_to_timeval(&timeout, ms_remain);
1594 gettimeofday(&start, NULL); 1657 gettimeofday(&start, NULL);
1595 } 1658 }
1596 if ((ret = select(connection_out + 1, NULL, setp, 1659 if ((ret = select(active_state->connection_out + 1,
1597 NULL, timeoutp)) >= 0) 1660 NULL, setp, NULL, timeoutp)) >= 0)
1598 break; 1661 break;
1599 if (errno != EAGAIN && errno != EINTR && 1662 if (errno != EAGAIN && errno != EINTR &&
1600 errno != EWOULDBLOCK) 1663 errno != EWOULDBLOCK)
1601 break; 1664 break;
1602 if (packet_timeout_ms == -1) 1665 if (active_state->packet_timeout_ms == -1)
1603 continue; 1666 continue;
1604 ms_subtract_diff(&start, &ms_remain); 1667 ms_subtract_diff(&start, &ms_remain);
1605 if (ms_remain <= 0) { 1668 if (ms_remain <= 0) {
@@ -1622,7 +1685,7 @@ packet_write_wait(void)
1622int 1685int
1623packet_have_data_to_write(void) 1686packet_have_data_to_write(void)
1624{ 1687{
1625 return buffer_len(&output) != 0; 1688 return buffer_len(&active_state->output) != 0;
1626} 1689}
1627 1690
1628/* Returns true if there is not too much data to write to the connection. */ 1691/* Returns true if there is not too much data to write to the connection. */
@@ -1630,10 +1693,10 @@ packet_have_data_to_write(void)
1630int 1693int
1631packet_not_very_much_data_to_write(void) 1694packet_not_very_much_data_to_write(void)
1632{ 1695{
1633 if (interactive_mode) 1696 if (active_state->interactive_mode)
1634 return buffer_len(&output) < 16384; 1697 return buffer_len(&active_state->output) < 16384;
1635 else 1698 else
1636 return buffer_len(&output) < 128 * 1024; 1699 return buffer_len(&active_state->output) < 128 * 1024;
1637} 1700}
1638 1701
1639 1702
@@ -1646,7 +1709,7 @@ packet_set_tos(int interactive)
1646 if (!packet_connection_is_on_socket() || 1709 if (!packet_connection_is_on_socket() ||
1647 !packet_connection_is_ipv4()) 1710 !packet_connection_is_ipv4())
1648 return; 1711 return;
1649 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos, 1712 if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos,
1650 sizeof(tos)) < 0) 1713 sizeof(tos)) < 0)
1651 error("setsockopt IP_TOS %d: %.100s:", 1714 error("setsockopt IP_TOS %d: %.100s:",
1652 tos, strerror(errno)); 1715 tos, strerror(errno));
@@ -1665,12 +1728,12 @@ packet_set_interactive(int interactive)
1665 called = 1; 1728 called = 1;
1666 1729
1667 /* Record that we are in interactive mode. */ 1730 /* Record that we are in interactive mode. */
1668 interactive_mode = interactive; 1731 active_state->interactive_mode = interactive;
1669 1732
1670 /* Only set socket options if using a socket. */ 1733 /* Only set socket options if using a socket. */
1671 if (!packet_connection_is_on_socket()) 1734 if (!packet_connection_is_on_socket())
1672 return; 1735 return;
1673 set_nodelay(connection_in); 1736 set_nodelay(active_state->connection_in);
1674 packet_set_tos(interactive); 1737 packet_set_tos(interactive);
1675} 1738}
1676 1739
@@ -1679,7 +1742,7 @@ packet_set_interactive(int interactive)
1679int 1742int
1680packet_is_interactive(void) 1743packet_is_interactive(void)
1681{ 1744{
1682 return interactive_mode; 1745 return active_state->interactive_mode;
1683} 1746}
1684 1747
1685int 1748int
@@ -1689,7 +1752,7 @@ packet_set_maxsize(u_int s)
1689 1752
1690 if (called) { 1753 if (called) {
1691 logit("packet_set_maxsize: called twice: old %d new %d", 1754 logit("packet_set_maxsize: called twice: old %d new %d",
1692 max_packet_size, s); 1755 active_state->max_packet_size, s);
1693 return -1; 1756 return -1;
1694 } 1757 }
1695 if (s < 4 * 1024 || s > 1024 * 1024) { 1758 if (s < 4 * 1024 || s > 1024 * 1024) {
@@ -1698,15 +1761,33 @@ packet_set_maxsize(u_int s)
1698 } 1761 }
1699 called = 1; 1762 called = 1;
1700 debug("packet_set_maxsize: setting to %d", s); 1763 debug("packet_set_maxsize: setting to %d", s);
1701 max_packet_size = s; 1764 active_state->max_packet_size = s;
1702 return s; 1765 return s;
1703} 1766}
1704 1767
1768int
1769packet_inc_alive_timeouts(void)
1770{
1771 return ++active_state->keep_alive_timeouts;
1772}
1773
1774void
1775packet_set_alive_timeouts(int ka)
1776{
1777 active_state->keep_alive_timeouts = ka;
1778}
1779
1780u_int
1781packet_get_maxsize(void)
1782{
1783 return active_state->max_packet_size;
1784}
1785
1705/* roundup current message to pad bytes */ 1786/* roundup current message to pad bytes */
1706void 1787void
1707packet_add_padding(u_char pad) 1788packet_add_padding(u_char pad)
1708{ 1789{
1709 extra_pad = pad; 1790 active_state->extra_pad = pad;
1710} 1791}
1711 1792
1712/* 1793/*
@@ -1743,26 +1824,46 @@ packet_need_rekeying(void)
1743 if (datafellows & SSH_BUG_NOREKEY) 1824 if (datafellows & SSH_BUG_NOREKEY)
1744 return 0; 1825 return 0;
1745 return 1826 return
1746 (p_send.packets > MAX_PACKETS) || 1827 (active_state->p_send.packets > MAX_PACKETS) ||
1747 (p_read.packets > MAX_PACKETS) || 1828 (active_state->p_read.packets > MAX_PACKETS) ||
1748 (max_blocks_out && (p_send.blocks > max_blocks_out)) || 1829 (active_state->max_blocks_out &&
1749 (max_blocks_in && (p_read.blocks > max_blocks_in)); 1830 (active_state->p_send.blocks > active_state->max_blocks_out)) ||
1831 (active_state->max_blocks_in &&
1832 (active_state->p_read.blocks > active_state->max_blocks_in));
1750} 1833}
1751 1834
1752void 1835void
1753packet_set_rekey_limit(u_int32_t bytes) 1836packet_set_rekey_limit(u_int32_t bytes)
1754{ 1837{
1755 rekey_limit = bytes; 1838 active_state->rekey_limit = bytes;
1756} 1839}
1757 1840
1758void 1841void
1759packet_set_server(void) 1842packet_set_server(void)
1760{ 1843{
1761 server_side = 1; 1844 active_state->server_side = 1;
1762} 1845}
1763 1846
1764void 1847void
1765packet_set_authenticated(void) 1848packet_set_authenticated(void)
1766{ 1849{
1767 after_authentication = 1; 1850 active_state->after_authentication = 1;
1851}
1852
1853void *
1854packet_get_input(void)
1855{
1856 return (void *)&active_state->input;
1857}
1858
1859void *
1860packet_get_output(void)
1861{
1862 return (void *)&active_state->output;
1863}
1864
1865void *
1866packet_get_newkeys(int mode)
1867{
1868 return (void *)active_state->newkeys[mode];
1768} 1869}