summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--packet.c60
-rw-r--r--packet.h4
-rw-r--r--sshconnect2.c6
4 files changed, 33 insertions, 43 deletions
diff --git a/ChangeLog b/ChangeLog
index 17dd911f0..986c872e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,10 @@
23 - markus@cvs.openbsd.org 2001/10/30 20:29:09 23 - markus@cvs.openbsd.org 2001/10/30 20:29:09
24 [ssh.1] 24 [ssh.1]
25 ssh.1 25 ssh.1
26 - markus@cvs.openbsd.org 2001/11/07 16:03:17
27 [packet.c packet.h sshconnect2.c]
28 pad using the padding field from the ssh2 packet instead of sending
29 extra ignore messages. tested against several other ssh servers.
26 30
2720011109 3120011109
28 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) 32 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@@ -6832,4 +6836,4 @@
6832 - Wrote replacements for strlcpy and mkdtemp 6836 - Wrote replacements for strlcpy and mkdtemp
6833 - Released 1.0pre1 6837 - Released 1.0pre1
6834 6838
6835$Id: ChangeLog,v 1.1641 2001/11/12 00:02:25 djm Exp $ 6839$Id: ChangeLog,v 1.1642 2001/11/12 00:02:52 djm Exp $
diff --git a/packet.c b/packet.c
index 95a72182e..f34593fe5 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.70 2001/09/27 11:59:37 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.71 2001/11/07 16:03:17 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -115,6 +115,9 @@ static int interactive_mode = 0;
115/* Session key information for Encryption and MAC */ 115/* Session key information for Encryption and MAC */
116Newkeys *newkeys[MODE_MAX]; 116Newkeys *newkeys[MODE_MAX];
117 117
118/* roundup current message to extra_pad bytes */
119static u_char extra_pad = 0;
120
118/* 121/*
119 * Sets the descriptors used for communication. Disables encryption until 122 * Sets the descriptors used for communication. Disables encryption until
120 * packet_set_encryption_key is called. 123 * packet_set_encryption_key is called.
@@ -485,9 +488,10 @@ packet_send2(void)
485{ 488{
486 static u_int32_t seqnr = 0; 489 static u_int32_t seqnr = 0;
487 u_char type, *ucp, *macbuf = NULL; 490 u_char type, *ucp, *macbuf = NULL;
491 u_char padlen, pad;
488 char *cp; 492 char *cp;
489 u_int packet_length = 0; 493 u_int packet_length = 0;
490 u_int i, padlen, len; 494 u_int i, len;
491 u_int32_t rand = 0; 495 u_int32_t rand = 0;
492 Enc *enc = NULL; 496 Enc *enc = NULL;
493 Mac *mac = NULL; 497 Mac *mac = NULL;
@@ -533,6 +537,15 @@ packet_send2(void)
533 padlen = block_size - (len % block_size); 537 padlen = block_size - (len % block_size);
534 if (padlen < 4) 538 if (padlen < 4)
535 padlen += block_size; 539 padlen += block_size;
540 if (extra_pad) {
541 /* will wrap if extra_pad+padlen > 255 */
542 extra_pad = roundup(extra_pad, block_size);
543 pad = extra_pad - ((len + padlen) % extra_pad);
544 debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
545 pad, len, padlen, extra_pad);
546 padlen += pad;
547 extra_pad = 0;
548 }
536 buffer_append_space(&outgoing_packet, &cp, padlen); 549 buffer_append_space(&outgoing_packet, &cp, padlen);
537 if (enc && enc->cipher->number != SSH_CIPHER_NONE) { 550 if (enc && enc->cipher->number != SSH_CIPHER_NONE) {
538 /* random padding */ 551 /* random padding */
@@ -1109,6 +1122,7 @@ packet_write_poll()
1109 else 1122 else
1110 fatal("Write failed: %.100s", strerror(errno)); 1123 fatal("Write failed: %.100s", strerror(errno));
1111 } 1124 }
1125debug("packet_write_poll: sent %d bytes", len);
1112 buffer_consume(&output, len); 1126 buffer_consume(&output, len);
1113 } 1127 }
1114} 1128}
@@ -1238,6 +1252,13 @@ packet_set_maxsize(int s)
1238 return s; 1252 return s;
1239} 1253}
1240 1254
1255/* roundup current message to pad bytes */
1256void
1257packet_add_padding(u_char pad)
1258{
1259 extra_pad = pad;
1260}
1261
1241/* 1262/*
1242 * 9.2. Ignored Data Message 1263 * 9.2. Ignored Data Message
1243 * 1264 *
@@ -1249,41 +1270,6 @@ packet_set_maxsize(int s)
1249 * required to send them. This message can be used as an additional 1270 * required to send them. This message can be used as an additional
1250 * protection measure against advanced traffic analysis techniques. 1271 * protection measure against advanced traffic analysis techniques.
1251 */ 1272 */
1252/* size of current + ignore message should be n*sumlen bytes (w/o mac) */
1253void
1254packet_inject_ignore(int sumlen)
1255{
1256 int blocksize, padlen, have, need, nb, mini, nbytes;
1257 Enc *enc = NULL;
1258
1259 if (compat20 == 0)
1260 return;
1261
1262 have = buffer_len(&outgoing_packet);
1263 debug2("packet_inject_ignore: current %d", have);
1264 if (newkeys[MODE_OUT] != NULL)
1265 enc = &newkeys[MODE_OUT]->enc;
1266 blocksize = enc ? enc->cipher->block_size : 8;
1267 padlen = blocksize - (have % blocksize);
1268 if (padlen < 4)
1269 padlen += blocksize;
1270 have += padlen;
1271 have /= blocksize; /* # of blocks for current message */
1272
1273 nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */
1274 mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */
1275 need = nb - (have % nb); /* blocks for ignore */
1276 if (need <= mini)
1277 need += nb;
1278 nbytes = (need - mini) * blocksize; /* size of ignore payload */
1279 debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",
1280 blocksize, have, nb, mini, need);
1281
1282 /* enqueue current message and append a ignore message */
1283 packet_send();
1284 packet_send_ignore(nbytes);
1285}
1286
1287void 1273void
1288packet_send_ignore(int nbytes) 1274packet_send_ignore(int nbytes)
1289{ 1275{
diff --git a/packet.h b/packet.h
index ffae736d6..d5473001c 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
11 * called by a name other than "ssh" or "Secure Shell". 11 * called by a name other than "ssh" or "Secure Shell".
12 */ 12 */
13 13
14/* RCSID("$OpenBSD: packet.h,v 1.25 2001/06/26 17:27:24 markus Exp $"); */ 14/* RCSID("$OpenBSD: packet.h,v 1.26 2001/11/07 16:03:17 markus Exp $"); */
15 15
16#ifndef PACKET_H 16#ifndef PACKET_H
17#define PACKET_H 17#define PACKET_H
@@ -63,7 +63,7 @@ int packet_connection_is_on_socket(void);
63int packet_connection_is_ipv4(void); 63int packet_connection_is_ipv4(void);
64int packet_remaining(void); 64int packet_remaining(void);
65void packet_send_ignore(int); 65void packet_send_ignore(int);
66void packet_inject_ignore(int); 66void packet_add_padding(u_char);
67 67
68void tty_make_modes(int, struct termios *); 68void tty_make_modes(int, struct termios *);
69void tty_parse_modes(int, int *); 69void tty_parse_modes(int, int *);
diff --git a/sshconnect2.c b/sshconnect2.c
index 66dccf600..310788538 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.85 2001/11/07 16:03:17 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/md5.h> 29#include <openssl/md5.h>
@@ -460,7 +460,7 @@ userauth_passwd(Authctxt *authctxt)
460 packet_put_cstring(password); 460 packet_put_cstring(password);
461 memset(password, 0, strlen(password)); 461 memset(password, 0, strlen(password));
462 xfree(password); 462 xfree(password);
463 packet_inject_ignore(64); 463 packet_add_padding(64);
464 packet_send(); 464 packet_send();
465 return 1; 465 return 1;
466} 466}
@@ -817,7 +817,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
817 } 817 }
818 packet_done(); /* done with parsing incoming message. */ 818 packet_done(); /* done with parsing incoming message. */
819 819
820 packet_inject_ignore(64); 820 packet_add_padding(64);
821 packet_send(); 821 packet_send();
822} 822}
823 823
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-03 00:22:11 +0000