summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c39
1 files changed, 24 insertions, 15 deletions
diff --git a/packet.c b/packet.c
index 90db33bdd..6cf7edbb8 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.189 2013/11/08 00:39:15 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -713,9 +713,10 @@ packet_send1(void)
713 buffer_append(&active_state->output, buf, 4); 713 buffer_append(&active_state->output, buf, 4);
714 cp = buffer_append_space(&active_state->output, 714 cp = buffer_append_space(&active_state->output,
715 buffer_len(&active_state->outgoing_packet)); 715 buffer_len(&active_state->outgoing_packet));
716 cipher_crypt(&active_state->send_context, cp, 716 if (cipher_crypt(&active_state->send_context, 0, cp,
717 buffer_ptr(&active_state->outgoing_packet), 717 buffer_ptr(&active_state->outgoing_packet),
718 buffer_len(&active_state->outgoing_packet), 0, 0); 718 buffer_len(&active_state->outgoing_packet), 0, 0) != 0)
719 fatal("%s: cipher_crypt failed", __func__);
719 720
720#ifdef PACKET_DEBUG 721#ifdef PACKET_DEBUG
721 fprintf(stderr, "encrypted: "); 722 fprintf(stderr, "encrypted: ");
@@ -946,9 +947,10 @@ packet_send2_wrapped(void)
946 } 947 }
947 /* encrypt packet and append to output buffer. */ 948 /* encrypt packet and append to output buffer. */
948 cp = buffer_append_space(&active_state->output, len + authlen); 949 cp = buffer_append_space(&active_state->output, len + authlen);
949 cipher_crypt(&active_state->send_context, cp, 950 if (cipher_crypt(&active_state->send_context, active_state->p_send.seqnr,
950 buffer_ptr(&active_state->outgoing_packet), 951 cp, buffer_ptr(&active_state->outgoing_packet),
951 len - aadlen, aadlen, authlen); 952 len - aadlen, aadlen, authlen) != 0)
953 fatal("%s: cipher_crypt failed", __func__);
952 /* append unencrypted MAC */ 954 /* append unencrypted MAC */
953 if (mac && mac->enabled) { 955 if (mac && mac->enabled) {
954 if (mac->etm) { 956 if (mac->etm) {
@@ -1208,8 +1210,9 @@ packet_read_poll1(void)
1208 /* Decrypt data to incoming_packet. */ 1210 /* Decrypt data to incoming_packet. */
1209 buffer_clear(&active_state->incoming_packet); 1211 buffer_clear(&active_state->incoming_packet);
1210 cp = buffer_append_space(&active_state->incoming_packet, padded_len); 1212 cp = buffer_append_space(&active_state->incoming_packet, padded_len);
1211 cipher_crypt(&active_state->receive_context, cp, 1213 if (cipher_crypt(&active_state->receive_context, 0, cp,
1212 buffer_ptr(&active_state->input), padded_len, 0, 0); 1214 buffer_ptr(&active_state->input), padded_len, 0, 0) != 0)
1215 fatal("%s: cipher_crypt failed", __func__);
1213 1216
1214 buffer_consume(&active_state->input, padded_len); 1217 buffer_consume(&active_state->input, padded_len);
1215 1218
@@ -1279,10 +1282,12 @@ packet_read_poll2(u_int32_t *seqnr_p)
1279 aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; 1282 aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
1280 1283
1281 if (aadlen && active_state->packlen == 0) { 1284 if (aadlen && active_state->packlen == 0) {
1282 if (buffer_len(&active_state->input) < 4) 1285 if (cipher_get_length(&active_state->receive_context,
1286 &active_state->packlen,
1287 active_state->p_read.seqnr,
1288 buffer_ptr(&active_state->input),
1289 buffer_len(&active_state->input)) != 0)
1283 return SSH_MSG_NONE; 1290 return SSH_MSG_NONE;
1284 cp = buffer_ptr(&active_state->input);
1285 active_state->packlen = get_u32(cp);
1286 if (active_state->packlen < 1 + 4 || 1291 if (active_state->packlen < 1 + 4 ||
1287 active_state->packlen > PACKET_MAX_SIZE) { 1292 active_state->packlen > PACKET_MAX_SIZE) {
1288#ifdef PACKET_DEBUG 1293#ifdef PACKET_DEBUG
@@ -1302,8 +1307,10 @@ packet_read_poll2(u_int32_t *seqnr_p)
1302 buffer_clear(&active_state->incoming_packet); 1307 buffer_clear(&active_state->incoming_packet);
1303 cp = buffer_append_space(&active_state->incoming_packet, 1308 cp = buffer_append_space(&active_state->incoming_packet,
1304 block_size); 1309 block_size);
1305 cipher_crypt(&active_state->receive_context, cp, 1310 if (cipher_crypt(&active_state->receive_context,
1306 buffer_ptr(&active_state->input), block_size, 0, 0); 1311 active_state->p_read.seqnr, cp,
1312 buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
1313 fatal("Decryption integrity check failed");
1307 cp = buffer_ptr(&active_state->incoming_packet); 1314 cp = buffer_ptr(&active_state->incoming_packet);
1308 active_state->packlen = get_u32(cp); 1315 active_state->packlen = get_u32(cp);
1309 if (active_state->packlen < 1 + 4 || 1316 if (active_state->packlen < 1 + 4 ||
@@ -1357,8 +1364,10 @@ packet_read_poll2(u_int32_t *seqnr_p)
1357 macbuf = mac_compute(mac, active_state->p_read.seqnr, 1364 macbuf = mac_compute(mac, active_state->p_read.seqnr,
1358 buffer_ptr(&active_state->input), aadlen + need); 1365 buffer_ptr(&active_state->input), aadlen + need);
1359 cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); 1366 cp = buffer_append_space(&active_state->incoming_packet, aadlen + need);
1360 cipher_crypt(&active_state->receive_context, cp, 1367 if (cipher_crypt(&active_state->receive_context,
1361 buffer_ptr(&active_state->input), need, aadlen, authlen); 1368 active_state->p_read.seqnr, cp,
1369 buffer_ptr(&active_state->input), need, aadlen, authlen) != 0)
1370 fatal("Decryption integrity check failed");
1362 buffer_consume(&active_state->input, aadlen + need + authlen); 1371 buffer_consume(&active_state->input, aadlen + need + authlen);
1363 /* 1372 /*
1364 * compute MAC over seqnr and packet, 1373 * compute MAC over seqnr and packet,
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:48:55 +0000