5 files changed, 3 insertions, 232 deletions
diff --git a/LICENCE b/LICENCE
index f52387139..15248212a 100644
--- a/LICENCE
+++ b/LICENCE
@@ -75,27 +75,6 @@ OpenSSH contains no GPL code.
    PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGES.
-2)
-    The 32-bit CRC compensation attack detector in deattack.c was
-    contributed by CORE SDI S.A. under a BSD-style license.
-     * Cryptographic attack detector for ssh - source code
-     *
-     * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
-     *
-     * All rights reserved. Redistribution and use in source and binary
-     * forms, with or without modification, are permitted provided that
-     * this copyright notice is retained.
-     *
-     * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
-     * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
-     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
-     * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
-     * SOFTWARE.
-     *
-     * Ariel Futoransky <futo@core-sdi.com>
-     * <http://www.core-sdi.com>
 3)
    ssh-keyscan was contributed by David Mazieres under a BSD-style
    license.
@@ -337,4 +316,4 @@ OpenSSH contains no GPL code.
 ------
-$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $
+$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index a7a6239c0..d7f17df8c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -79,7 +79,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
        authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \
        canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
        cipher-ctr.o cleanup.o \
-        compat.o crc32.o deattack.o fatal.o hostfile.o \
+        compat.o crc32.o fatal.o hostfile.o \
        log.o match.o moduli.o nchan.o packet.o opacket.o \
        readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
        atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
diff --git a/deattack.c b/deattack.c
deleted file mode 100644
index e76481a6d..000000000
--- a/deattack.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* $OpenBSD: deattack.c,v 1.32 2015/01/20 23:14:00 deraadt Exp $ */
-/*
- * Cryptographic attack detector for ssh - source code
- *
- * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
- *
- * All rights reserved. Redistribution and use in source and binary
- * forms, with or without modification, are permitted provided that
- * this copyright notice is retained.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
- * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
- * SOFTWARE.
- *
- * Ariel Futoransky <futo@core-sdi.com>
- * <http://www.core-sdi.com>
- */
-#include "includes.h"
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "deattack.h"
-#include "crc32.h"
-#include "sshbuf.h"
-#include "misc.h"
-/*
- * CRC attack detection has a worst-case behaviour that is O(N^3) over
- * the number of identical blocks in a packet. This behaviour can be 
- * exploited to create a limited denial of service attack. 
- * 
- * However, because we are dealing with encrypted data, identical
- * blocks should only occur every 2^35 maximally-sized packets or so. 
- * Consequently, we can detect this DoS by looking for identical blocks
- * in a packet.
- *
- * The parameter below determines how many identical blocks we will
- * accept in a single packet, trading off between attack detection and
- * likelihood of terminating a legitimate connection. A value of 32 
- * corresponds to an average of 2^40 messages before an attack is
- * misdetected
- */
-#define MAX_IDENTICAL   32
-/* SSH Constants */
-#define SSH_MAXBLOCKS   (32 * 1024)
-#define SSH_BLOCKSIZE   (8)
-/* Hashing constants */
-#define HASH_MINSIZE    (8 * 1024)
-#define HASH_ENTRYSIZE  (2)
-#define HASH_FACTOR(x)  ((x)*3/2)
-#define HASH_UNUSEDCHAR (0xff)
-#define HASH_UNUSED     (0xffff)
-#define HASH_IV         (0xfffe)
-#define HASH_MINBLOCKS  (7*SSH_BLOCKSIZE)
-/* Hash function (Input keys are cipher results) */
-#define HASH(x)         PEEK_U32(x)
-#define CMP(a, b)       (memcmp(a, b, SSH_BLOCKSIZE))
-static void
-crc_update(u_int32_t *a, u_int32_t b)
-{
-        b ^= *a;
-        *a = ssh_crc32((u_char *)&b, sizeof(b));
-}
-/* detect if a block is used in a particular pattern */
-static int
-check_crc(const u_char *S, const u_char *buf, u_int32_t len)
-{
-        u_int32_t crc;
-        const u_char *c;
-        crc = 0;
-        for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
-                if (!CMP(S, c)) {
-                        crc_update(&crc, 1);
-                        crc_update(&crc, 0);
-                } else {
-                        crc_update(&crc, 0);
-                        crc_update(&crc, 0);
-                }
-        }
-        return crc == 0;
-}
-void
-deattack_init(struct deattack_ctx *dctx)
-{
-        bzero(dctx, sizeof(*dctx));
-        dctx->n = HASH_MINSIZE / HASH_ENTRYSIZE;
-}
-/* Detect a crc32 compensation attack on a packet */
-int
-detect_attack(struct deattack_ctx *dctx, const u_char *buf, u_int32_t len)
-{
-        u_int32_t i, j, l, same;
-        u_int16_t *tmp;
-        const u_char *c, *d;
-        if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
-            len % SSH_BLOCKSIZE != 0)
-                return DEATTACK_ERROR;
-        for (l = dctx->n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2)
-                ;
-        if (dctx->h == NULL) {
-                if ((dctx->h = calloc(l, HASH_ENTRYSIZE)) == NULL)
-                        return DEATTACK_ERROR;
-                dctx->n = l;
-        } else {
-                if (l > dctx->n) {
-                        if ((tmp = reallocarray(dctx->h, l, HASH_ENTRYSIZE))
-                            == NULL) {
-                                free(dctx->h);
-                                dctx->h = NULL;
-                                return DEATTACK_ERROR;
-                        }
-                        dctx->h = tmp;
-                        dctx->n = l;
-                }
-        }
-        if (len <= HASH_MINBLOCKS) {
-                for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
-                        for (d = buf; d < c; d += SSH_BLOCKSIZE) {
-                                if (!CMP(c, d)) {
-                                        if ((check_crc(c, buf, len)))
-                                                return DEATTACK_DETECTED;
-                                        else
-                                                break;
-                                }
-                        }
-                }
-                return DEATTACK_OK;
-        }
-        memset(dctx->h, HASH_UNUSEDCHAR, dctx->n * HASH_ENTRYSIZE);
-        for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
-                for (i = HASH(c) & (dctx->n - 1); dctx->h[i] != HASH_UNUSED;
-                    i = (i + 1) & (dctx->n - 1)) {
-                        if (!CMP(c, buf + dctx->h[i] * SSH_BLOCKSIZE)) {
-                                if (++same > MAX_IDENTICAL)
-                                        return DEATTACK_DOS_DETECTED;
-                                if (check_crc(c, buf, len))
-                                        return DEATTACK_DETECTED;
-                                else
-                                        break;
-                        }
-                }
-                dctx->h[i] = j;
-        }
-        return DEATTACK_OK;
-}
diff --git a/deattack.h b/deattack.h
deleted file mode 100644
index ce67a30ff..000000000
--- a/deattack.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */
-/*
- * Cryptographic attack detector for ssh - Header file
- *
- * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
- *
- * All rights reserved. Redistribution and use in source and binary
- * forms, with or without modification, are permitted provided that
- * this copyright notice is retained.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
- * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
- * SOFTWARE.
- *
- * Ariel Futoransky <futo@core-sdi.com>
- * <http://www.core-sdi.com>
- */
-#ifndef _DEATTACK_H
-#define _DEATTACK_H
-/* Return codes */
-#define DEATTACK_OK             0
-#define DEATTACK_DETECTED       1
-#define DEATTACK_DOS_DETECTED   2
-#define DEATTACK_ERROR          3
-struct deattack_ctx {
-        u_int16_t *h;
-        u_int32_t n;
-};
-void     deattack_init(struct deattack_ctx *);
-int      detect_attack(struct deattack_ctx *, const u_char *, u_int32_t);
-#endif
diff --git a/packet.c b/packet.c
index 6cec93372..0e312c514 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.250 2017/04/30 23:23:54 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.251 2017/04/30 23:26:16 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -68,7 +68,6 @@
 #include "xmalloc.h"
 #include "crc32.h"
-#include "deattack.h"
 #include "compat.h"
 #include "ssh1.h"
 #include "ssh2.h"
@@ -216,9 +215,6 @@ struct session_state {
        /* One-off warning about weak ciphers */
        int cipher_warning_done;
-        /* SSH1 CRC compensation attack detector */
-        struct deattack_ctx deattack;
        /* Hook for fuzzing inbound packets */
        ssh_packet_hook_fn *hook_in;
        void *hook_in_ctx;
@@ -315,7 +311,6 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
                return NULL;
        }
        state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
-        deattack_init(&state->deattack);
        /*
         * Cache the IP address of the remote connection for use in error
         * messages that might be generated after the connection has closed.

diff --git a/LICENCE b/LICENCE index f52387139..15248212a 100644 --- a/LICENCE +++ b/LICENCE
@@ -75,27 +75,6 @@ OpenSSH contains no GPL code.
75	PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE	75	PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
76	POSSIBILITY OF SUCH DAMAGES.	76	POSSIBILITY OF SUCH DAMAGES.
77		77
78	2)
79	The 32-bit CRC compensation attack detector in deattack.c was
80	contributed by CORE SDI S.A. under a BSD-style license.
81
82	* Cryptographic attack detector for ssh - source code
83	*
84	* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
85	*
86	* All rights reserved. Redistribution and use in source and binary
87	* forms, with or without modification, are permitted provided that
88	* this copyright notice is retained.
89	*
90	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
91	* WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
92	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
93	* CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
94	* SOFTWARE.
95	*
96	* Ariel Futoransky <futo@core-sdi.com>
97	* <http://www.core-sdi.com>
98
99	3)	78	3)
100	ssh-keyscan was contributed by David Mazieres under a BSD-style	79	ssh-keyscan was contributed by David Mazieres under a BSD-style
101	license.	80	license.
@@ -337,4 +316,4 @@ OpenSSH contains no GPL code.
337		316
338		317
339	------	318	------
340	$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $	319	$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $


diff --git a/Makefile.in b/Makefile.in index a7a6239c0..d7f17df8c 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -79,7 +79,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
79	authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \	79	authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \
80	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \	80	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
81	cipher-ctr.o cleanup.o \	81	cipher-ctr.o cleanup.o \
82	compat.o crc32.o deattack.o fatal.o hostfile.o \	82	compat.o crc32.o fatal.o hostfile.o \
83	log.o match.o moduli.o nchan.o packet.o opacket.o \	83	log.o match.o moduli.o nchan.o packet.o opacket.o \
84	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \	84	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
85	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \	85	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \


diff --git a/deattack.c b/deattack.c deleted file mode 100644 index e76481a6d..000000000 --- a/deattack.c +++ /dev/null
@@ -1,165 +0,0 @@
1	/* $OpenBSD: deattack.c,v 1.32 2015/01/20 23:14:00 deraadt Exp $ */
2	/*
3	* Cryptographic attack detector for ssh - source code
4	*
5	* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
6	*
7	* All rights reserved. Redistribution and use in source and binary
8	* forms, with or without modification, are permitted provided that
9	* this copyright notice is retained.
10	*
11	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
12	* WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
13	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
14	* CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
15	* SOFTWARE.
16	*
17	* Ariel Futoransky <futo@core-sdi.com>
18	* <http://www.core-sdi.com>
19	*/
20
21	#include "includes.h"
22
23	#include <string.h>
24	#include <stdio.h>
25	#include <stdlib.h>
26
27	#include "deattack.h"
28	#include "crc32.h"
29	#include "sshbuf.h"
30	#include "misc.h"
31
32	/*
33	* CRC attack detection has a worst-case behaviour that is O(N^3) over
34	* the number of identical blocks in a packet. This behaviour can be
35	* exploited to create a limited denial of service attack.
36	*
37	* However, because we are dealing with encrypted data, identical
38	* blocks should only occur every 2^35 maximally-sized packets or so.
39	* Consequently, we can detect this DoS by looking for identical blocks
40	* in a packet.
41	*
42	* The parameter below determines how many identical blocks we will
43	* accept in a single packet, trading off between attack detection and
44	* likelihood of terminating a legitimate connection. A value of 32
45	* corresponds to an average of 2^40 messages before an attack is
46	* misdetected
47	*/
48	#define MAX_IDENTICAL 32
49
50	/* SSH Constants */
51	#define SSH_MAXBLOCKS (32 * 1024)
52	#define SSH_BLOCKSIZE (8)
53
54	/* Hashing constants */
55	#define HASH_MINSIZE (8 * 1024)
56	#define HASH_ENTRYSIZE (2)
57	#define HASH_FACTOR(x) ((x)*3/2)
58	#define HASH_UNUSEDCHAR (0xff)
59	#define HASH_UNUSED (0xffff)
60	#define HASH_IV (0xfffe)
61
62	#define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
63
64
65	/* Hash function (Input keys are cipher results) */
66	#define HASH(x) PEEK_U32(x)
67
68	#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
69
70	static void
71	crc_update(u_int32_t *a, u_int32_t b)
72	{
73	b ^= *a;
74	a = ssh_crc32((u_char )&b, sizeof(b));
75	}
76
77	/* detect if a block is used in a particular pattern */
78	static int
79	check_crc(const u_char S, const u_char buf, u_int32_t len)
80	{
81	u_int32_t crc;
82	const u_char *c;
83
84	crc = 0;
85	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
86	if (!CMP(S, c)) {
87	crc_update(&crc, 1);
88	crc_update(&crc, 0);
89	} else {
90	crc_update(&crc, 0);
91	crc_update(&crc, 0);
92	}
93	}
94	return crc == 0;
95	}
96
97	void
98	deattack_init(struct deattack_ctx *dctx)
99	{
100	bzero(dctx, sizeof(*dctx));
101	dctx->n = HASH_MINSIZE / HASH_ENTRYSIZE;
102	}
103
104	/* Detect a crc32 compensation attack on a packet */
105	int
106	detect_attack(struct deattack_ctx dctx, const u_char buf, u_int32_t len)
107	{
108	u_int32_t i, j, l, same;
109	u_int16_t *tmp;
110	const u_char c, d;
111
112	if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) \|\|
113	len % SSH_BLOCKSIZE != 0)
114	return DEATTACK_ERROR;
115	for (l = dctx->n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2)
116	;
117
118	if (dctx->h == NULL) {
119	if ((dctx->h = calloc(l, HASH_ENTRYSIZE)) == NULL)
120	return DEATTACK_ERROR;
121	dctx->n = l;
122	} else {
123	if (l > dctx->n) {
124	if ((tmp = reallocarray(dctx->h, l, HASH_ENTRYSIZE))
125	== NULL) {
126	free(dctx->h);
127	dctx->h = NULL;
128	return DEATTACK_ERROR;
129	}
130	dctx->h = tmp;
131	dctx->n = l;
132	}
133	}
134
135	if (len <= HASH_MINBLOCKS) {
136	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
137	for (d = buf; d < c; d += SSH_BLOCKSIZE) {
138	if (!CMP(c, d)) {
139	if ((check_crc(c, buf, len)))
140	return DEATTACK_DETECTED;
141	else
142	break;
143	}
144	}
145	}
146	return DEATTACK_OK;
147	}
148	memset(dctx->h, HASH_UNUSEDCHAR, dctx->n * HASH_ENTRYSIZE);
149
150	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
151	for (i = HASH(c) & (dctx->n - 1); dctx->h[i] != HASH_UNUSED;
152	i = (i + 1) & (dctx->n - 1)) {
153	if (!CMP(c, buf + dctx->h[i] * SSH_BLOCKSIZE)) {
154	if (++same > MAX_IDENTICAL)
155	return DEATTACK_DOS_DETECTED;
156	if (check_crc(c, buf, len))
157	return DEATTACK_DETECTED;
158	else
159	break;
160	}
161	}
162	dctx->h[i] = j;
163	}
164	return DEATTACK_OK;
165	}


diff --git a/deattack.h b/deattack.h deleted file mode 100644 index ce67a30ff..000000000 --- a/deattack.h +++ /dev/null
@@ -1,38 +0,0 @@
1	/* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */
2
3	/*
4	* Cryptographic attack detector for ssh - Header file
5	*
6	* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
7	*
8	* All rights reserved. Redistribution and use in source and binary
9	* forms, with or without modification, are permitted provided that
10	* this copyright notice is retained.
11	*
12	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
13	* WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
14	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
15	* CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
16	* SOFTWARE.
17	*
18	* Ariel Futoransky <futo@core-sdi.com>
19	* <http://www.core-sdi.com>
20	*/
21
22	#ifndef _DEATTACK_H
23	#define _DEATTACK_H
24
25	/* Return codes */
26	#define DEATTACK_OK 0
27	#define DEATTACK_DETECTED 1
28	#define DEATTACK_DOS_DETECTED 2
29	#define DEATTACK_ERROR 3
30
31	struct deattack_ctx {
32	u_int16_t *h;
33	u_int32_t n;
34	};
35
36	void deattack_init(struct deattack_ctx *);
37	int detect_attack(struct deattack_ctx , const u_char , u_int32_t);
38	#endif


diff --git a/packet.c b/packet.c index 6cec93372..0e312c514 100644 --- a/packet.c +++ b/packet.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: packet.c,v 1.250 2017/04/30 23:23:54 djm Exp $ */	1	/* $OpenBSD: packet.c,v 1.251 2017/04/30 23:26:16 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -68,7 +68,6 @@
68		68
69	#include "xmalloc.h"	69	#include "xmalloc.h"
70	#include "crc32.h"	70	#include "crc32.h"
71	#include "deattack.h"
72	#include "compat.h"	71	#include "compat.h"
73	#include "ssh1.h"	72	#include "ssh1.h"
74	#include "ssh2.h"	73	#include "ssh2.h"
@@ -216,9 +215,6 @@ struct session_state {
216	/* One-off warning about weak ciphers */	215	/* One-off warning about weak ciphers */
217	int cipher_warning_done;	216	int cipher_warning_done;
218		217
219	/* SSH1 CRC compensation attack detector */
220	struct deattack_ctx deattack;
221
222	/* Hook for fuzzing inbound packets */	218	/* Hook for fuzzing inbound packets */
223	ssh_packet_hook_fn *hook_in;	219	ssh_packet_hook_fn *hook_in;
224	void *hook_in_ctx;	220	void *hook_in_ctx;
@@ -315,7 +311,6 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
315	return NULL;	311	return NULL;
316	}	312	}
317	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;	313	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
318	deattack_init(&state->deattack);
319	/*	314	/*
320	* Cache the IP address of the remote connection for use in error	315	* Cache the IP address of the remote connection for use in error
321	* messages that might be generated after the connection has closed.	316	* messages that might be generated after the connection has closed.