diff options
Diffstat (limited to 'packet.c')
| -rw-r--r-- | packet.c | 63 |
1 files changed, 58 insertions, 5 deletions
| @@ -37,7 +37,7 @@ | |||
| 37 | */ | 37 | */ |
| 38 | 38 | ||
| 39 | #include "includes.h" | 39 | #include "includes.h" |
| 40 | RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); |
| 41 | 41 | ||
| 42 | #include "openbsd-compat/sys-queue.h" | 42 | #include "openbsd-compat/sys-queue.h" |
| 43 | 43 | ||
| @@ -116,6 +116,12 @@ static int initialized = 0; | |||
| 116 | /* Set to true if the connection is interactive. */ | 116 | /* Set to true if the connection is interactive. */ |
| 117 | static int interactive_mode = 0; | 117 | static int interactive_mode = 0; |
| 118 | 118 | ||
| 119 | /* Set to true if we are the server side. */ | ||
| 120 | static int server_side = 0; | ||
| 121 | |||
| 122 | /* Set to true if we are authenticated. */ | ||
| 123 | static int after_authentication = 0; | ||
| 124 | |||
| 119 | /* Session key information for Encryption and MAC */ | 125 | /* Session key information for Encryption and MAC */ |
| 120 | Newkeys *newkeys[MODE_MAX]; | 126 | Newkeys *newkeys[MODE_MAX]; |
| 121 | static struct packet_state { | 127 | static struct packet_state { |
| @@ -624,7 +630,9 @@ set_newkeys(int mode) | |||
| 624 | /* Deleting the keys does not gain extra security */ | 630 | /* Deleting the keys does not gain extra security */ |
| 625 | /* memset(enc->iv, 0, enc->block_size); | 631 | /* memset(enc->iv, 0, enc->block_size); |
| 626 | memset(enc->key, 0, enc->key_len); */ | 632 | memset(enc->key, 0, enc->key_len); */ |
| 627 | if (comp->type != 0 && comp->enabled == 0) { | 633 | if ((comp->type == COMP_ZLIB || |
| 634 | (comp->type == COMP_DELAYED && after_authentication)) && | ||
| 635 | comp->enabled == 0) { | ||
| 628 | packet_init_compression(); | 636 | packet_init_compression(); |
| 629 | if (mode == MODE_OUT) | 637 | if (mode == MODE_OUT) |
| 630 | buffer_compress_init_send(6); | 638 | buffer_compress_init_send(6); |
| @@ -645,6 +653,35 @@ set_newkeys(int mode) | |||
| 645 | } | 653 | } |
| 646 | 654 | ||
| 647 | /* | 655 | /* |
| 656 | * Delayed compression for SSH2 is enabled after authentication: | ||
| 657 | * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, | ||
| 658 | * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. | ||
| 659 | */ | ||
| 660 | static void | ||
| 661 | packet_enable_delayed_compress(void) | ||
| 662 | { | ||
| 663 | Comp *comp = NULL; | ||
| 664 | int mode; | ||
| 665 | |||
| 666 | /* | ||
| 667 | * Remember that we are past the authentication step, so rekeying | ||
| 668 | * with COMP_DELAYED will turn on compression immediately. | ||
| 669 | */ | ||
| 670 | after_authentication = 1; | ||
| 671 | for (mode = 0; mode < MODE_MAX; mode++) { | ||
| 672 | comp = &newkeys[mode]->comp; | ||
| 673 | if (comp && !comp->enabled && comp->type == COMP_DELAYED) { | ||
| 674 | packet_init_compression(); | ||
| 675 | if (mode == MODE_OUT) | ||
| 676 | buffer_compress_init_send(6); | ||
| 677 | else | ||
| 678 | buffer_compress_init_recv(); | ||
| 679 | comp->enabled = 1; | ||
| 680 | } | ||
| 681 | } | ||
| 682 | } | ||
| 683 | |||
| 684 | /* | ||
| 648 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) | 685 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
| 649 | */ | 686 | */ |
| 650 | static void | 687 | static void |
| @@ -757,6 +794,8 @@ packet_send2_wrapped(void) | |||
| 757 | 794 | ||
| 758 | if (type == SSH2_MSG_NEWKEYS) | 795 | if (type == SSH2_MSG_NEWKEYS) |
| 759 | set_newkeys(MODE_OUT); | 796 | set_newkeys(MODE_OUT); |
| 797 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) | ||
| 798 | packet_enable_delayed_compress(); | ||
| 760 | } | 799 | } |
| 761 | 800 | ||
| 762 | static void | 801 | static void |
| @@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 992 | static u_int packet_length = 0; | 1031 | static u_int packet_length = 0; |
| 993 | u_int padlen, need; | 1032 | u_int padlen, need; |
| 994 | u_char *macbuf, *cp, type; | 1033 | u_char *macbuf, *cp, type; |
| 995 | int maclen, block_size; | 1034 | u_int maclen, block_size; |
| 996 | Enc *enc = NULL; | 1035 | Enc *enc = NULL; |
| 997 | Mac *mac = NULL; | 1036 | Mac *mac = NULL; |
| 998 | Comp *comp = NULL; | 1037 | Comp *comp = NULL; |
| @@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
| 1099 | packet_disconnect("Invalid ssh2 packet type: %d", type); | 1138 | packet_disconnect("Invalid ssh2 packet type: %d", type); |
| 1100 | if (type == SSH2_MSG_NEWKEYS) | 1139 | if (type == SSH2_MSG_NEWKEYS) |
| 1101 | set_newkeys(MODE_IN); | 1140 | set_newkeys(MODE_IN); |
| 1141 | else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) | ||
| 1142 | packet_enable_delayed_compress(); | ||
| 1102 | #ifdef PACKET_DEBUG | 1143 | #ifdef PACKET_DEBUG |
| 1103 | fprintf(stderr, "read/plain[%d]:\r\n", type); | 1144 | fprintf(stderr, "read/plain[%d]:\r\n", type); |
| 1104 | buffer_dump(&incoming_packet); | 1145 | buffer_dump(&incoming_packet); |
| @@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value) | |||
| 1229 | } | 1270 | } |
| 1230 | 1271 | ||
| 1231 | void * | 1272 | void * |
| 1232 | packet_get_raw(int *length_ptr) | 1273 | packet_get_raw(u_int *length_ptr) |
| 1233 | { | 1274 | { |
| 1234 | int bytes = buffer_len(&incoming_packet); | 1275 | u_int bytes = buffer_len(&incoming_packet); |
| 1235 | 1276 | ||
| 1236 | if (length_ptr != NULL) | 1277 | if (length_ptr != NULL) |
| 1237 | *length_ptr = bytes; | 1278 | *length_ptr = bytes; |
| @@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes) | |||
| 1524 | { | 1565 | { |
| 1525 | rekey_limit = bytes; | 1566 | rekey_limit = bytes; |
| 1526 | } | 1567 | } |
| 1568 | |||
| 1569 | void | ||
| 1570 | packet_set_server(void) | ||
| 1571 | { | ||
| 1572 | server_side = 1; | ||
| 1573 | } | ||
| 1574 | |||
| 1575 | void | ||
| 1576 | packet_set_authenticated(void) | ||
| 1577 | { | ||
| 1578 | after_authentication = 1; | ||
| 1579 | } | ||