summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c70
1 files changed, 52 insertions, 18 deletions
diff --git a/packet.c b/packet.c
index 54c0558f9..6e7b87757 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -66,7 +66,6 @@
66#include "crc32.h" 66#include "crc32.h"
67#include "compress.h" 67#include "compress.h"
68#include "deattack.h" 68#include "deattack.h"
69#include "channels.h"
70#include "compat.h" 69#include "compat.h"
71#include "ssh1.h" 70#include "ssh1.h"
72#include "ssh2.h" 71#include "ssh2.h"
@@ -77,7 +76,9 @@
77#include "log.h" 76#include "log.h"
78#include "canohost.h" 77#include "canohost.h"
79#include "misc.h" 78#include "misc.h"
79#include "channels.h"
80#include "ssh.h" 80#include "ssh.h"
81#include "ssherr.h"
81#include "roaming.h" 82#include "roaming.h"
82 83
83#ifdef PACKET_DEBUG 84#ifdef PACKET_DEBUG
@@ -222,6 +223,7 @@ void
222packet_set_connection(int fd_in, int fd_out) 223packet_set_connection(int fd_in, int fd_out)
223{ 224{
224 const Cipher *none = cipher_by_name("none"); 225 const Cipher *none = cipher_by_name("none");
226 int r;
225 227
226 if (none == NULL) 228 if (none == NULL)
227 fatal("packet_set_connection: cannot load cipher 'none'"); 229 fatal("packet_set_connection: cannot load cipher 'none'");
@@ -229,10 +231,11 @@ packet_set_connection(int fd_in, int fd_out)
229 active_state = alloc_session_state(); 231 active_state = alloc_session_state();
230 active_state->connection_in = fd_in; 232 active_state->connection_in = fd_in;
231 active_state->connection_out = fd_out; 233 active_state->connection_out = fd_out;
232 cipher_init(&active_state->send_context, none, (const u_char *)"", 234 if ((r = cipher_init(&active_state->send_context, none,
233 0, NULL, 0, CIPHER_ENCRYPT); 235 (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 ||
234 cipher_init(&active_state->receive_context, none, (const u_char *)"", 236 (r = cipher_init(&active_state->receive_context, none,
235 0, NULL, 0, CIPHER_DECRYPT); 237 (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0)
238 fatal("%s: cipher_init: %s", __func__, ssh_err(r));
236 active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL; 239 active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL;
237 if (!active_state->initialized) { 240 if (!active_state->initialized) {
238 active_state->initialized = 1; 241 active_state->initialized = 1;
@@ -329,13 +332,15 @@ void
329packet_get_keyiv(int mode, u_char *iv, u_int len) 332packet_get_keyiv(int mode, u_char *iv, u_int len)
330{ 333{
331 CipherContext *cc; 334 CipherContext *cc;
335 int r;
332 336
333 if (mode == MODE_OUT) 337 if (mode == MODE_OUT)
334 cc = &active_state->send_context; 338 cc = &active_state->send_context;
335 else 339 else
336 cc = &active_state->receive_context; 340 cc = &active_state->receive_context;
337 341
338 cipher_get_keyiv(cc, iv, len); 342 if ((r = cipher_get_keyiv(cc, iv, len)) != 0)
343 fatal("%s: cipher_get_keyiv: %s", __func__, ssh_err(r));
339} 344}
340 345
341int 346int
@@ -381,13 +386,15 @@ void
381packet_set_iv(int mode, u_char *dat) 386packet_set_iv(int mode, u_char *dat)
382{ 387{
383 CipherContext *cc; 388 CipherContext *cc;
389 int r;
384 390
385 if (mode == MODE_OUT) 391 if (mode == MODE_OUT)
386 cc = &active_state->send_context; 392 cc = &active_state->send_context;
387 else 393 else
388 cc = &active_state->receive_context; 394 cc = &active_state->receive_context;
389 395
390 cipher_set_keyiv(cc, dat); 396 if ((r = cipher_set_keyiv(cc, dat)) != 0)
397 fatal("%s: cipher_set_keyiv: %s", __func__, ssh_err(r));
391} 398}
392 399
393int 400int
@@ -552,6 +559,7 @@ void
552packet_set_encryption_key(const u_char *key, u_int keylen, int number) 559packet_set_encryption_key(const u_char *key, u_int keylen, int number)
553{ 560{
554 const Cipher *cipher = cipher_by_number(number); 561 const Cipher *cipher = cipher_by_number(number);
562 int r;
555 563
556 if (cipher == NULL) 564 if (cipher == NULL)
557 fatal("packet_set_encryption_key: unknown cipher number %d", number); 565 fatal("packet_set_encryption_key: unknown cipher number %d", number);
@@ -561,10 +569,11 @@ packet_set_encryption_key(const u_char *key, u_int keylen, int number)
561 fatal("packet_set_encryption_key: keylen too big: %d", keylen); 569 fatal("packet_set_encryption_key: keylen too big: %d", keylen);
562 memcpy(active_state->ssh1_key, key, keylen); 570 memcpy(active_state->ssh1_key, key, keylen);
563 active_state->ssh1_keylen = keylen; 571 active_state->ssh1_keylen = keylen;
564 cipher_init(&active_state->send_context, cipher, key, keylen, NULL, 572 if ((r = cipher_init(&active_state->send_context, cipher,
565 0, CIPHER_ENCRYPT); 573 key, keylen, NULL, 0, CIPHER_ENCRYPT)) != 0 ||
566 cipher_init(&active_state->receive_context, cipher, key, keylen, NULL, 574 (r = cipher_init(&active_state->receive_context, cipher,
567 0, CIPHER_DECRYPT); 575 key, keylen, NULL, 0, CIPHER_DECRYPT)) != 0)
576 fatal("%s: cipher_init: %s", __func__, ssh_err(r));
568} 577}
569 578
570u_int 579u_int
@@ -630,6 +639,7 @@ packet_put_raw(const void *buf, u_int len)
630 buffer_append(&active_state->outgoing_packet, buf, len); 639 buffer_append(&active_state->outgoing_packet, buf, len);
631} 640}
632 641
642#ifdef WITH_OPENSSL
633void 643void
634packet_put_bignum(BIGNUM * value) 644packet_put_bignum(BIGNUM * value)
635{ 645{
@@ -641,6 +651,7 @@ packet_put_bignum2(BIGNUM * value)
641{ 651{
642 buffer_put_bignum2(&active_state->outgoing_packet, value); 652 buffer_put_bignum2(&active_state->outgoing_packet, value);
643} 653}
654#endif
644 655
645#ifdef OPENSSL_HAS_ECC 656#ifdef OPENSSL_HAS_ECC
646void 657void
@@ -742,7 +753,7 @@ set_newkeys(int mode)
742 Comp *comp; 753 Comp *comp;
743 CipherContext *cc; 754 CipherContext *cc;
744 u_int64_t *max_blocks; 755 u_int64_t *max_blocks;
745 int crypt_type; 756 int r, crypt_type;
746 757
747 debug2("set_newkeys: mode %d", mode); 758 debug2("set_newkeys: mode %d", mode);
748 759
@@ -784,8 +795,9 @@ set_newkeys(int mode)
784 if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0) 795 if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0)
785 mac->enabled = 1; 796 mac->enabled = 1;
786 DBG(debug("cipher_init_context: %d", mode)); 797 DBG(debug("cipher_init_context: %d", mode));
787 cipher_init(cc, enc->cipher, enc->key, enc->key_len, 798 if ((r = cipher_init(cc, enc->cipher, enc->key, enc->key_len,
788 enc->iv, enc->iv_len, crypt_type); 799 enc->iv, enc->iv_len, crypt_type)) != 0)
800 fatal("%s: cipher_init: %s", __func__, ssh_err(r));
789 /* Deleting the keys does not gain extra security */ 801 /* Deleting the keys does not gain extra security */
790 /* explicit_bzero(enc->iv, enc->block_size); 802 /* explicit_bzero(enc->iv, enc->block_size);
791 explicit_bzero(enc->key, enc->key_len); 803 explicit_bzero(enc->key, enc->key_len);
@@ -912,8 +924,8 @@ packet_send2_wrapped(void)
912 roundup(active_state->extra_pad, block_size); 924 roundup(active_state->extra_pad, block_size);
913 pad = active_state->extra_pad - 925 pad = active_state->extra_pad -
914 ((len + padlen) % active_state->extra_pad); 926 ((len + padlen) % active_state->extra_pad);
915 debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)", 927 DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)",
916 pad, len, padlen, active_state->extra_pad); 928 __func__, pad, len, padlen, active_state->extra_pad));
917 padlen += pad; 929 padlen += pad;
918 active_state->extra_pad = 0; 930 active_state->extra_pad = 0;
919 } 931 }
@@ -1569,6 +1581,7 @@ packet_get_int64(void)
1569 * must have been initialized before this call. 1581 * must have been initialized before this call.
1570 */ 1582 */
1571 1583
1584#ifdef WITH_OPENSSL
1572void 1585void
1573packet_get_bignum(BIGNUM * value) 1586packet_get_bignum(BIGNUM * value)
1574{ 1587{
@@ -1598,6 +1611,7 @@ packet_get_raw(u_int *length_ptr)
1598 *length_ptr = bytes; 1611 *length_ptr = bytes;
1599 return buffer_ptr(&active_state->incoming_packet); 1612 return buffer_ptr(&active_state->incoming_packet);
1600} 1613}
1614#endif
1601 1615
1602int 1616int
1603packet_remaining(void) 1617packet_remaining(void)
@@ -1618,7 +1632,7 @@ packet_get_string(u_int *length_ptr)
1618 return buffer_get_string(&active_state->incoming_packet, length_ptr); 1632 return buffer_get_string(&active_state->incoming_packet, length_ptr);
1619} 1633}
1620 1634
1621void * 1635const void *
1622packet_get_string_ptr(u_int *length_ptr) 1636packet_get_string_ptr(u_int *length_ptr)
1623{ 1637{
1624 return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr); 1638 return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr);
@@ -2055,3 +2069,23 @@ packet_restore_state(void)
2055 add_recv_bytes(len); 2069 add_recv_bytes(len);
2056 } 2070 }
2057} 2071}
2072
2073/* Reset after_authentication and reset compression in post-auth privsep */
2074void
2075packet_set_postauth(void)
2076{
2077 Comp *comp;
2078 int mode;
2079
2080 debug("%s: called", __func__);
2081 /* This was set in net child, but is not visible in user child */
2082 active_state->after_authentication = 1;
2083 active_state->rekeying = 0;
2084 for (mode = 0; mode < MODE_MAX; mode++) {
2085 if (active_state->newkeys[mode] == NULL)
2086 continue;
2087 comp = &active_state->newkeys[mode]->comp;
2088 if (comp && comp->enabled)
2089 packet_init_compression();
2090 }
2091}
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 12:14:31 +0000