5 files changed, 66 insertions, 159 deletions
diff --git a/ChangeLog b/ChangeLog
index 374099790..86ac1e342 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,9 @@
   - markus@cvs.openbsd.org 2001/05/28 23:25:24 
     [channels.c]                               
     cleanup, typo                              
+   - markus@cvs.openbsd.org 2001/05/28 23:58:35
+     [packet.c packet.h sshconnect.c sshd.c]   
+     remove some lines, simplify.              
 20010528
 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
@@ -5502,4 +5505,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1244 2001/06/05 20:56:47 mouring Exp $
+$Id: ChangeLog,v 1.1245 2001/06/05 21:09:18 mouring Exp $
diff --git a/packet.c b/packet.c
index e816cb947..bf8fa549e 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.61 2001/04/05 10:42:51 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.62 2001/05/28 23:58:35 markus Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -75,12 +75,6 @@ RCSID("$OpenBSD: packet.c,v 1.61 2001/04/05 10:42:51 markus Exp $");
 static int connection_in = -1;
 static int connection_out = -1;
-/*
- * Cipher type.  This value is only used to determine whether to pad the
- * packets with zeroes or random data.
- */
-static int cipher_type = SSH_CIPHER_NONE;
 /* Protocol flags for the remote side. */
 static u_int remote_protocol_flags = 0;
@@ -118,20 +112,9 @@ static int initialized = 0;
 /* Set to true if the connection is interactive. */
 static int interactive_mode = 0;
-/* True if SSH2 packet format is used */
-int use_ssh2_packet_format = 0;
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
-void
-packet_set_ssh2_format(void)
-{
-        DBG(debug("use_ssh2_packet_format"));
-        use_ssh2_packet_format = 1;
-        newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
-}
 /*
 * Sets the descriptors used for communication.  Disables encryption until
 * packet_set_encryption_key is called.
@@ -144,9 +127,9 @@ packet_set_connection(int fd_in, int fd_out)
                fatal("packet_set_connection: cannot load cipher 'none'");
        connection_in = fd_in;
        connection_out = fd_out;
-        cipher_type = SSH_CIPHER_NONE;
        cipher_init(&send_context, none, (u_char *) "", 0, NULL, 0);
        cipher_init(&receive_context, none, (u_char *) "", 0, NULL, 0);
+        newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
        if (!initialized) {
                initialized = 1;
                buffer_init(&input);
@@ -290,7 +273,7 @@ packet_init_compression()
 void
 packet_start_compression(int level)
 {
-        if (packet_compression && !use_ssh2_packet_format)
+        if (packet_compression && !compat20)
                fatal("Compression already enabled.");
        packet_compression = 1;
        packet_init_compression();
@@ -299,43 +282,10 @@ packet_start_compression(int level)
 }
 /*
- * Encrypts the given number of bytes, copying from src to dest. bytes is
- * known to be a multiple of 8.
- */
-void
-packet_encrypt(CipherContext * cc, void *dest, void *src,
-    u_int bytes)
-{
-        cipher_encrypt(cc, dest, src, bytes);
-}
-/*
- * Decrypts the given number of bytes, copying from src to dest. bytes is
- * known to be a multiple of 8.
- */
-void
-packet_decrypt(CipherContext *context, void *dest, void *src, u_int bytes)
-{
-        /*
-         * Cryptographic attack detector for ssh - Modifications for packet.c
-         * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com)
-         */
-        if (!compat20 &&
-            context->cipher->number != SSH_CIPHER_NONE &&
-            detect_attack(src, bytes, NULL) == DEATTACK_DETECTED)
-                packet_disconnect("crc32 compensation attack: network attack detected");
-        cipher_decrypt(context, dest, src, bytes);
-}
-/*
 * Causes any further packets to be encrypted using the given key.  The same
 * key is used for both sending and reception.  However, both directions are
 * encrypted independently of each other.
 */
 void
 packet_set_encryption_key(const u_char *key, u_int keylen,
    int number)
@@ -349,61 +299,33 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
        cipher_init(&send_context, cipher, key, keylen, NULL, 0);
 }
-/* Starts constructing a packet to send. */
+/* Start constructing a packet to send. */
 void
-packet_start1(int type)
+packet_start(u_char type)
 {
-        char buf[9];
+        u_char buf[9];
+        int len;
-        buffer_clear(&outgoing_packet);
-        memset(buf, 0, 8);
-        buf[8] = type;
-        buffer_append(&outgoing_packet, buf, 9);
-}
-void
-packet_start2(int type)
-{
-        char buf[4+1+1];
-        buffer_clear(&outgoing_packet);
-        memset(buf, 0, sizeof buf);
-        /* buf[0..3] = payload_len; */
-        /* buf[4] =    pad_len; */
-        buf[5] = type & 0xff;
-        buffer_append(&outgoing_packet, buf, sizeof buf);
-}
-void
-packet_start(int type)
-{
        DBG(debug("packet_start[%d]", type));
-        if (use_ssh2_packet_format)
+        len = compat20 ? 6 : 9;
-                packet_start2(type);
+        memset(buf, 0, len - 1);
-        else
+        buf[len - 1] = type;
-                packet_start1(type);
+        buffer_clear(&outgoing_packet);
+        buffer_append(&outgoing_packet, buf, len);
 }
-/* Appends a character to the packet data. */
+/* Append payload. */
 void
 packet_put_char(int value)
 {
        char ch = value;
        buffer_append(&outgoing_packet, &ch, 1);
 }
-/* Appends an integer to the packet data. */
 void
 packet_put_int(u_int value)
 {
        buffer_put_int(&outgoing_packet, value);
 }
-/* Appends a string to packet data. */
 void
 packet_put_string(const char *buf, u_int len)
 {
@@ -414,16 +336,11 @@ packet_put_cstring(const char *str)
 {
        buffer_put_string(&outgoing_packet, str, strlen(str));
 }
 void
 packet_put_raw(const char *buf, u_int len)
 {
        buffer_append(&outgoing_packet, buf, len);
 }
-/* Appends an arbitrary precision integer to packet data. */
 void
 packet_put_bignum(BIGNUM * value)
 {
@@ -468,7 +385,7 @@ packet_send1(void)
        /* Insert padding. Initialized to zero in packet_start1() */
        padding = 8 - len % 8;
-        if (cipher_type != SSH_CIPHER_NONE) {
+        if (send_context.cipher->number != SSH_CIPHER_NONE) {
                cp = buffer_ptr(&outgoing_packet);
                for (i = 0; i < padding; i++) {
                        if (i % 4 == 0)
@@ -494,7 +411,7 @@ packet_send1(void)
        PUT_32BIT(buf, len);
        buffer_append(&output, buf, 4);
        buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
-        packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
+        cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
                       buffer_len(&outgoing_packet));
 #ifdef PACKET_DEBUG
@@ -568,12 +485,11 @@ void
 packet_send2(void)
 {
        static u_int32_t seqnr = 0;
-        u_char *macbuf = NULL;
+        u_char type, *ucp, *macbuf = NULL;
        char *cp;
        u_int packet_length = 0;
        u_int i, padlen, len;
        u_int32_t rand = 0;
-        int type;
        Enc *enc   = NULL;
        Mac *mac   = NULL;
        Comp *comp = NULL;
@@ -586,8 +502,8 @@ packet_send2(void)
        }
        block_size = enc ? enc->cipher->block_size : 8;
-        cp = buffer_ptr(&outgoing_packet);
+        ucp = (u_char *) buffer_ptr(&outgoing_packet);
-        type = cp[5] & 0xff;
+        type = ucp[5];
 #ifdef PACKET_DEBUG
        fprintf(stderr, "plain:     ");
@@ -633,9 +549,9 @@ packet_send2(void)
        }
        /* packet_length includes payload, padding and padding length field */
        packet_length = buffer_len(&outgoing_packet) - 4;
-        cp = buffer_ptr(&outgoing_packet);
+        ucp = (u_char *)buffer_ptr(&outgoing_packet);
-        PUT_32BIT(cp, packet_length);
+        PUT_32BIT(ucp, packet_length);
-        cp[4] = padlen & 0xff;
+        ucp[4] = padlen;
        DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
        /* compute MAC over seqnr and packet(length fields, payload, padding) */
@@ -647,7 +563,7 @@ packet_send2(void)
        }
        /* encrypt packet and append to output buffer. */
        buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
-        packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
+        cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
            buffer_len(&outgoing_packet));
        /* append unencrypted MAC */
        if (mac && mac->enabled)
@@ -668,7 +584,7 @@ packet_send2(void)
 void
 packet_send()
 {
-        if (use_ssh2_packet_format)
+        if (compat20)
                packet_send2();
        else
                packet_send1();
@@ -699,7 +615,7 @@ packet_read(int *payload_len_ptr)
        for (;;) {
                /* Try to read a packet from the buffer. */
                type = packet_read_poll(payload_len_ptr);
-                if (!use_ssh2_packet_format && (
+                if (!compat20 && (
                    type == SSH_SMSG_SUCCESS
                    || type == SSH_SMSG_FAILURE
                    || type == SSH_CMSG_EOF
@@ -772,8 +688,8 @@ int
 packet_read_poll1(int *payload_len_ptr)
 {
        u_int len, padded_len;
-        u_char *ucp;
+        u_char *ucp, type;
-        char buf[8], *cp;
+        char *cp;
        u_int checksum, stored_checksum;
        /* Check if input size is less than minimum packet size. */
@@ -795,10 +711,20 @@ packet_read_poll1(int *payload_len_ptr)
        /* Consume packet length. */
        buffer_consume(&input, 4);
-        /* Copy data to incoming_packet. */
+        /*
+         * Cryptographic attack detector for ssh
+         * (C)1998 CORE-SDI, Buenos Aires Argentina
+         * Ariel Futoransky(futo@core-sdi.com)
+         */
+        if (receive_context.cipher->number != SSH_CIPHER_NONE &&
+            detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+                packet_disconnect("crc32 compensation attack: network attack detected");
+        /* Decrypt data to incoming_packet. */
        buffer_clear(&incoming_packet);
        buffer_append_space(&incoming_packet, &cp, padded_len);
-        packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len);
+        cipher_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len);
        buffer_consume(&input, padded_len);
 #ifdef PACKET_DEBUG
@@ -814,7 +740,6 @@ packet_read_poll1(int *payload_len_ptr)
        buffer_consume(&incoming_packet, 8 - len % 8);
        /* Test check bytes. */
        if (len != buffer_len(&incoming_packet))
                packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
                    len, buffer_len(&incoming_packet));
@@ -825,7 +750,6 @@ packet_read_poll1(int *payload_len_ptr)
                packet_disconnect("Corrupted check bytes on input.");
        buffer_consume_end(&incoming_packet, 4);
-        /* If using packet compression, decompress the packet. */
        if (packet_compression) {
                buffer_clear(&compression_buffer);
                buffer_uncompress(&incoming_packet, &compression_buffer);
@@ -833,14 +757,9 @@ packet_read_poll1(int *payload_len_ptr)
                buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
                    buffer_len(&compression_buffer));
        }
-        /* Get packet type. */
+        type = buffer_get_char(&incoming_packet);
-        buffer_get(&incoming_packet, &buf[0], 1);
-        /* Return length of payload (without type field). */
        *payload_len_ptr = buffer_len(&incoming_packet);
+        return type;
-        /* Return type. */
-        return (u_char) buf[0];
 }
 int
@@ -849,10 +768,8 @@ packet_read_poll2(int *payload_len_ptr)
        static u_int32_t seqnr = 0;
        static u_int packet_length = 0;
        u_int padlen, need;
-        u_char buf[8], *macbuf;
+        u_char *macbuf, *ucp, type;
-        u_char *ucp;
        char *cp;
-        int type;
        int maclen, block_size;
        Enc *enc   = NULL;
        Mac *mac   = NULL;
@@ -875,7 +792,7 @@ packet_read_poll2(int *payload_len_ptr)
                        return SSH_MSG_NONE;
                buffer_clear(&incoming_packet);
                buffer_append_space(&incoming_packet, &cp, block_size);
-                packet_decrypt(&receive_context, cp, buffer_ptr(&input),
+                cipher_decrypt(&receive_context, cp, buffer_ptr(&input),
                    block_size);
                ucp = (u_char *) buffer_ptr(&incoming_packet);
                packet_length = GET_32BIT(ucp);
@@ -904,7 +821,7 @@ packet_read_poll2(int *payload_len_ptr)
        buffer_dump(&input);
 #endif
        buffer_append_space(&incoming_packet, &cp, need);
-        packet_decrypt(&receive_context, cp, buffer_ptr(&input), need);
+        cipher_decrypt(&receive_context, cp, buffer_ptr(&input), need);
        buffer_consume(&input, need);
        /*
         * compute MAC over seqnr and packet,
@@ -924,7 +841,7 @@ packet_read_poll2(int *payload_len_ptr)
        /* get padlen */
        cp = buffer_ptr(&incoming_packet) + 4;
-        padlen = *cp & 0xff;
+        padlen = (u_char) *cp;
        DBG(debug("input: padlen %d", padlen));
        if (padlen < 4)
                packet_disconnect("Corrupted padlen %d on input.", padlen);
@@ -946,37 +863,30 @@ packet_read_poll2(int *payload_len_ptr)
         * get packet type, implies consume.
         * return length of payload (without type field)
         */
-        buffer_get(&incoming_packet, (char *)&buf[0], 1);
+        type = buffer_get_char(&incoming_packet);
-        *payload_len_ptr = buffer_len(&incoming_packet);
-        /* reset for next packet */
-        packet_length = 0;
-        /* extract packet type */
-        type = (u_char)buf[0];
        if (type == SSH2_MSG_NEWKEYS)
                set_newkeys(MODE_IN);
+        *payload_len_ptr = buffer_len(&incoming_packet);
 #ifdef PACKET_DEBUG
        fprintf(stderr, "read/plain[%d]:\r\n", type);
        buffer_dump(&incoming_packet);
 #endif
-        return (u_char)type;
+        /* reset for next packet */
+        packet_length = 0;
+        return type;
 }
 int
 packet_read_poll(int *payload_len_ptr)
 {
+        int reason;
+        u_char type;
        char *msg;
-        for (;;) {
-                int type = use_ssh2_packet_format ?
-                    packet_read_poll2(payload_len_ptr):
-                    packet_read_poll1(payload_len_ptr);
-                if(compat20) {
+        for (;;) {
-                        int reason;
+                if (compat20) {
-                        if (type != 0)
+                        type = packet_read_poll2(payload_len_ptr);
+                        if (type)
                                DBG(debug("received packet type %d", type));
                        switch(type) {
                        case SSH2_MSG_IGNORE:
@@ -1002,6 +912,7 @@ packet_read_poll(int *payload_len_ptr)
                                break;
                        }
                } else {
+                        type = packet_read_poll1(payload_len_ptr);
                        switch(type) {
                        case SSH_MSG_IGNORE:
                                break;
@@ -1018,7 +929,7 @@ packet_read_poll(int *payload_len_ptr)
                                xfree(msg);
                                break;
                        default:
-                                if (type != 0)
+                                if (type)
                                        DBG(debug("received packet type %d", type));
                                return type;
                                break;
@@ -1345,7 +1256,7 @@ packet_inject_ignore(int sumlen)
        int blocksize, padlen, have, need, nb, mini, nbytes;
        Enc *enc = NULL;
-        if (use_ssh2_packet_format == 0)
+        if (compat20 == 0)
                return;
        have = buffer_len(&outgoing_packet);
diff --git a/packet.h b/packet.h
index 0f5e71049..6430bb0be 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: packet.h,v 1.22 2001/04/14 16:33:20 stevesk Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.23 2001/05/28 23:58:35 markus Exp $"); */
 #ifndef PACKET_H
 #define PACKET_H
@@ -71,7 +71,7 @@ void    packet_set_interactive(int interactive);
 int     packet_is_interactive(void);
 /* Starts constructing a packet to send. */
-void    packet_start(int type);
+void    packet_start(u_char type);
 /* Appends a character to the packet data. */
 void    packet_put_char(int ch);
@@ -208,9 +208,6 @@ do { \
 int     packet_connection_is_on_socket(void);
 int     packet_connection_is_ipv4(void);
-/* enable SSH2 packet format */
-void    packet_set_ssh2_format(void);
 /* returns remaining payload bytes */
 int     packet_remaining(void);
diff --git a/sshconnect.c b/sshconnect.c
index 3397d6c06..fc7920ee8 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.105 2001/04/30 11:18:52 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.106 2001/05/28 23:58:35 markus Exp $");
 #include <openssl/bn.h>
@@ -430,8 +430,6 @@ ssh_exchange_identification(void)
                fatal("Protocol major versions differ: %d vs. %d",
                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
                    remote_major);
-        if (compat20)
-                packet_set_ssh2_format();
        /* Send our own protocol version identification. */
        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
            compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
diff --git a/sshd.c b/sshd.c
index 135c08bb0..869c12011 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.197 2001/05/19 19:43:57 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.198 2001/05/28 23:58:35 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -435,8 +435,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
                    server_version_string, client_version_string);
                fatal_cleanup();
        }
-        if (compat20)
-                packet_set_ssh2_format();
 }