summaryrefslogtreecommitdiff
path: root/packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'packet.c')
-rw-r--r--packet.c973
1 files changed, 572 insertions, 401 deletions
diff --git a/packet.c b/packet.c
index 5afc84ce0..994e35b6d 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.160 2009/02/13 11:50:21 markus Exp $ */ 1/* $OpenBSD: packet.c,v 1.166 2009/06/27 09:29:06 andreas Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -77,6 +77,7 @@
77#include "canohost.h" 77#include "canohost.h"
78#include "misc.h" 78#include "misc.h"
79#include "ssh.h" 79#include "ssh.h"
80#include "roaming.h"
80 81
81#ifdef PACKET_DEBUG 82#ifdef PACKET_DEBUG
82#define DBG(x) x 83#define DBG(x) x
@@ -86,92 +87,126 @@
86 87
87#define PACKET_MAX_SIZE (256 * 1024) 88#define PACKET_MAX_SIZE (256 * 1024)
88 89
89/* 90struct packet_state {
90 * This variable contains the file descriptors used for communicating with 91 u_int32_t seqnr;
91 * the other side. connection_in is used for reading; connection_out for 92 u_int32_t packets;
92 * writing. These can be the same descriptor, in which case it is assumed to 93 u_int64_t blocks;
93 * be a socket. 94 u_int64_t bytes;
94 */ 95};
95static int connection_in = -1;
96static int connection_out = -1;
97 96
98/* Protocol flags for the remote side. */ 97struct packet {
99static u_int remote_protocol_flags = 0; 98 TAILQ_ENTRY(packet) next;
99 u_char type;
100 Buffer payload;
101};
100 102
101/* Encryption context for receiving data. This is only used for decryption. */ 103struct session_state {
102static CipherContext receive_context; 104 /*
105 * This variable contains the file descriptors used for
106 * communicating with the other side. connection_in is used for
107 * reading; connection_out for writing. These can be the same
108 * descriptor, in which case it is assumed to be a socket.
109 */
110 int connection_in;
111 int connection_out;
103 112
104/* Encryption context for sending data. This is only used for encryption. */ 113 /* Protocol flags for the remote side. */
105static CipherContext send_context; 114 u_int remote_protocol_flags;
106 115
107/* Buffer for raw input data from the socket. */ 116 /* Encryption context for receiving data. Only used for decryption. */
108Buffer input; 117 CipherContext receive_context;
109 118
110/* Buffer for raw output data going to the socket. */ 119 /* Encryption context for sending data. Only used for encryption. */
111Buffer output; 120 CipherContext send_context;
112 121
113/* Buffer for the partial outgoing packet being constructed. */ 122 /* Buffer for raw input data from the socket. */
114static Buffer outgoing_packet; 123 Buffer input;
115 124
116/* Buffer for the incoming packet currently being processed. */ 125 /* Buffer for raw output data going to the socket. */
117static Buffer incoming_packet; 126 Buffer output;
118 127
119/* Scratch buffer for packet compression/decompression. */ 128 /* Buffer for the partial outgoing packet being constructed. */
120static Buffer compression_buffer; 129 Buffer outgoing_packet;
121static int compression_buffer_ready = 0;
122 130
123/* Flag indicating whether packet compression/decompression is enabled. */ 131 /* Buffer for the incoming packet currently being processed. */
124static int packet_compression = 0; 132 Buffer incoming_packet;
125 133
126/* default maximum packet size */ 134 /* Scratch buffer for packet compression/decompression. */
127u_int max_packet_size = 32768; 135 Buffer compression_buffer;
136 int compression_buffer_ready;
128 137
129/* Flag indicating whether this module has been initialized. */ 138 /*
130static int initialized = 0; 139 * Flag indicating whether packet compression/decompression is
140 * enabled.
141 */
142 int packet_compression;
131 143
132/* Set to true if the connection is interactive. */ 144 /* default maximum packet size */
133static int interactive_mode = 0; 145 u_int max_packet_size;
134 146
135/* Set to true if we are the server side. */ 147 /* Flag indicating whether this module has been initialized. */
136static int server_side = 0; 148 int initialized;
137 149
138/* Set to true if we are authenticated. */ 150 /* Set to true if the connection is interactive. */
139static int after_authentication = 0; 151 int interactive_mode;
140 152
141int keep_alive_timeouts = 0; 153 /* Set to true if we are the server side. */
154 int server_side;
142 155
143/* Set to the maximum time that we will wait to send or receive a packet */ 156 /* Set to true if we are authenticated. */
144static int packet_timeout_ms = -1; 157 int after_authentication;
145 158
146/* Session key information for Encryption and MAC */ 159 int keep_alive_timeouts;
147Newkeys *newkeys[MODE_MAX];
148static struct packet_state {
149 u_int32_t seqnr;
150 u_int32_t packets;
151 u_int64_t blocks;
152 u_int64_t bytes;
153} p_read, p_send;
154 160
155static u_int64_t max_blocks_in, max_blocks_out; 161 /* The maximum time that we will wait to send or receive a packet */
156static u_int32_t rekey_limit; 162 int packet_timeout_ms;
157 163
158/* Session key for protocol v1 */ 164 /* Session key information for Encryption and MAC */
159static u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; 165 Newkeys *newkeys[MODE_MAX];
160static u_int ssh1_keylen; 166 struct packet_state p_read, p_send;
161 167
162/* roundup current message to extra_pad bytes */ 168 u_int64_t max_blocks_in, max_blocks_out;
163static u_char extra_pad = 0; 169 u_int32_t rekey_limit;
164 170
165/* XXX discard incoming data after MAC error */ 171 /* Session key for protocol v1 */
166static u_int packet_discard = 0; 172 u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
167static Mac *packet_discard_mac = NULL; 173 u_int ssh1_keylen;
168 174
169struct packet { 175 /* roundup current message to extra_pad bytes */
170 TAILQ_ENTRY(packet) next; 176 u_char extra_pad;
171 u_char type; 177
172 Buffer payload; 178 /* XXX discard incoming data after MAC error */
179 u_int packet_discard;
180 Mac *packet_discard_mac;
181
182 /* Used in packet_read_poll2() */
183 u_int packlen;
184
185 /* Used in packet_send2 */
186 int rekeying;
187
188 /* Used in packet_set_interactive */
189 int set_interactive_called;
190
191 /* Used in packet_set_maxsize */
192 int set_maxsize_called;
193
194 TAILQ_HEAD(, packet) outgoing;
173}; 195};
174TAILQ_HEAD(, packet) outgoing; 196
197static struct session_state *active_state, *backup_state;
198
199static struct session_state *
200alloc_session_state(void)
201{
202 struct session_state *s = xcalloc(1, sizeof(*s));
203
204 s->connection_in = -1;
205 s->connection_out = -1;
206 s->max_packet_size = 32768;
207 s->packet_timeout_ms = -1;
208 return s;
209}
175 210
176/* 211/*
177 * Sets the descriptors used for communication. Disables encryption until 212 * Sets the descriptors used for communication. Disables encryption until
@@ -184,21 +219,23 @@ packet_set_connection(int fd_in, int fd_out)
184 219
185 if (none == NULL) 220 if (none == NULL)
186 fatal("packet_set_connection: cannot load cipher 'none'"); 221 fatal("packet_set_connection: cannot load cipher 'none'");
187 connection_in = fd_in; 222 if (active_state == NULL)
188 connection_out = fd_out; 223 active_state = alloc_session_state();
189 cipher_init(&send_context, none, (const u_char *)"", 224 active_state->connection_in = fd_in;
225 active_state->connection_out = fd_out;
226 cipher_init(&active_state->send_context, none, (const u_char *)"",
190 0, NULL, 0, CIPHER_ENCRYPT); 227 0, NULL, 0, CIPHER_ENCRYPT);
191 cipher_init(&receive_context, none, (const u_char *)"", 228 cipher_init(&active_state->receive_context, none, (const u_char *)"",
192 0, NULL, 0, CIPHER_DECRYPT); 229 0, NULL, 0, CIPHER_DECRYPT);
193 newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL; 230 active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL;
194 if (!initialized) { 231 if (!active_state->initialized) {
195 initialized = 1; 232 active_state->initialized = 1;
196 buffer_init(&input); 233 buffer_init(&active_state->input);
197 buffer_init(&output); 234 buffer_init(&active_state->output);
198 buffer_init(&outgoing_packet); 235 buffer_init(&active_state->outgoing_packet);
199 buffer_init(&incoming_packet); 236 buffer_init(&active_state->incoming_packet);
200 TAILQ_INIT(&outgoing); 237 TAILQ_INIT(&active_state->outgoing);
201 p_send.packets = p_read.packets = 0; 238 active_state->p_send.packets = active_state->p_read.packets = 0;
202 } 239 }
203} 240}
204 241
@@ -206,27 +243,29 @@ void
206packet_set_timeout(int timeout, int count) 243packet_set_timeout(int timeout, int count)
207{ 244{
208 if (timeout == 0 || count == 0) { 245 if (timeout == 0 || count == 0) {
209 packet_timeout_ms = -1; 246 active_state->packet_timeout_ms = -1;
210 return; 247 return;
211 } 248 }
212 if ((INT_MAX / 1000) / count < timeout) 249 if ((INT_MAX / 1000) / count < timeout)
213 packet_timeout_ms = INT_MAX; 250 active_state->packet_timeout_ms = INT_MAX;
214 else 251 else
215 packet_timeout_ms = timeout * count * 1000; 252 active_state->packet_timeout_ms = timeout * count * 1000;
216} 253}
217 254
218static void 255static void
219packet_stop_discard(void) 256packet_stop_discard(void)
220{ 257{
221 if (packet_discard_mac) { 258 if (active_state->packet_discard_mac) {
222 char buf[1024]; 259 char buf[1024];
223 260
224 memset(buf, 'a', sizeof(buf)); 261 memset(buf, 'a', sizeof(buf));
225 while (buffer_len(&incoming_packet) < PACKET_MAX_SIZE) 262 while (buffer_len(&active_state->incoming_packet) <
226 buffer_append(&incoming_packet, buf, sizeof(buf)); 263 PACKET_MAX_SIZE)
227 (void) mac_compute(packet_discard_mac, 264 buffer_append(&active_state->incoming_packet, buf,
228 p_read.seqnr, 265 sizeof(buf));
229 buffer_ptr(&incoming_packet), 266 (void) mac_compute(active_state->packet_discard_mac,
267 active_state->p_read.seqnr,
268 buffer_ptr(&active_state->incoming_packet),
230 PACKET_MAX_SIZE); 269 PACKET_MAX_SIZE);
231 } 270 }
232 logit("Finished discarding for %.200s", get_remote_ipaddr()); 271 logit("Finished discarding for %.200s", get_remote_ipaddr());
@@ -239,10 +278,11 @@ packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard)
239 if (enc == NULL || !cipher_is_cbc(enc->cipher)) 278 if (enc == NULL || !cipher_is_cbc(enc->cipher))
240 packet_disconnect("Packet corrupt"); 279 packet_disconnect("Packet corrupt");
241 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) 280 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled)
242 packet_discard_mac = mac; 281 active_state->packet_discard_mac = mac;
243 if (buffer_len(&input) >= discard) 282 if (buffer_len(&active_state->input) >= discard)
244 packet_stop_discard(); 283 packet_stop_discard();
245 packet_discard = discard - buffer_len(&input); 284 active_state->packet_discard = discard -
285 buffer_len(&active_state->input);
246} 286}
247 287
248/* Returns 1 if remote host is connected via socket, 0 if not. */ 288/* Returns 1 if remote host is connected via socket, 0 if not. */
@@ -254,15 +294,17 @@ packet_connection_is_on_socket(void)
254 socklen_t fromlen, tolen; 294 socklen_t fromlen, tolen;
255 295
256 /* filedescriptors in and out are the same, so it's a socket */ 296 /* filedescriptors in and out are the same, so it's a socket */
257 if (connection_in == connection_out) 297 if (active_state->connection_in == active_state->connection_out)
258 return 1; 298 return 1;
259 fromlen = sizeof(from); 299 fromlen = sizeof(from);
260 memset(&from, 0, sizeof(from)); 300 memset(&from, 0, sizeof(from));
261 if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) 301 if (getpeername(active_state->connection_in, (struct sockaddr *)&from,
302 &fromlen) < 0)
262 return 0; 303 return 0;
263 tolen = sizeof(to); 304 tolen = sizeof(to);
264 memset(&to, 0, sizeof(to)); 305 memset(&to, 0, sizeof(to));
265 if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) 306 if (getpeername(active_state->connection_out, (struct sockaddr *)&to,
307 &tolen) < 0)
266 return 0; 308 return 0;
267 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 309 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
268 return 0; 310 return 0;
@@ -283,9 +325,9 @@ packet_get_keyiv(int mode, u_char *iv, u_int len)
283 CipherContext *cc; 325 CipherContext *cc;
284 326
285 if (mode == MODE_OUT) 327 if (mode == MODE_OUT)
286 cc = &send_context; 328 cc = &active_state->send_context;
287 else 329 else
288 cc = &receive_context; 330 cc = &active_state->receive_context;
289 331
290 cipher_get_keyiv(cc, iv, len); 332 cipher_get_keyiv(cc, iv, len);
291} 333}
@@ -296,9 +338,9 @@ packet_get_keycontext(int mode, u_char *dat)
296 CipherContext *cc; 338 CipherContext *cc;
297 339
298 if (mode == MODE_OUT) 340 if (mode == MODE_OUT)
299 cc = &send_context; 341 cc = &active_state->send_context;
300 else 342 else
301 cc = &receive_context; 343 cc = &active_state->receive_context;
302 344
303 return (cipher_get_keycontext(cc, dat)); 345 return (cipher_get_keycontext(cc, dat));
304} 346}
@@ -309,9 +351,9 @@ packet_set_keycontext(int mode, u_char *dat)
309 CipherContext *cc; 351 CipherContext *cc;
310 352
311 if (mode == MODE_OUT) 353 if (mode == MODE_OUT)
312 cc = &send_context; 354 cc = &active_state->send_context;
313 else 355 else
314 cc = &receive_context; 356 cc = &active_state->receive_context;
315 357
316 cipher_set_keycontext(cc, dat); 358 cipher_set_keycontext(cc, dat);
317} 359}
@@ -322,9 +364,9 @@ packet_get_keyiv_len(int mode)
322 CipherContext *cc; 364 CipherContext *cc;
323 365
324 if (mode == MODE_OUT) 366 if (mode == MODE_OUT)
325 cc = &send_context; 367 cc = &active_state->send_context;
326 else 368 else
327 cc = &receive_context; 369 cc = &active_state->receive_context;
328 370
329 return (cipher_get_keyiv_len(cc)); 371 return (cipher_get_keyiv_len(cc));
330} 372}
@@ -335,9 +377,9 @@ packet_set_iv(int mode, u_char *dat)
335 CipherContext *cc; 377 CipherContext *cc;
336 378
337 if (mode == MODE_OUT) 379 if (mode == MODE_OUT)
338 cc = &send_context; 380 cc = &active_state->send_context;
339 else 381 else
340 cc = &receive_context; 382 cc = &active_state->receive_context;
341 383
342 cipher_set_keyiv(cc, dat); 384 cipher_set_keyiv(cc, dat);
343} 385}
@@ -345,7 +387,7 @@ packet_set_iv(int mode, u_char *dat)
345int 387int
346packet_get_ssh1_cipher(void) 388packet_get_ssh1_cipher(void)
347{ 389{
348 return (cipher_get_number(receive_context.cipher)); 390 return (cipher_get_number(active_state->receive_context.cipher));
349} 391}
350 392
351void 393void
@@ -354,7 +396,8 @@ packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packe
354{ 396{
355 struct packet_state *state; 397 struct packet_state *state;
356 398
357 state = (mode == MODE_IN) ? &p_read : &p_send; 399 state = (mode == MODE_IN) ?
400 &active_state->p_read : &active_state->p_send;
358 if (seqnr) 401 if (seqnr)
359 *seqnr = state->seqnr; 402 *seqnr = state->seqnr;
360 if (blocks) 403 if (blocks)
@@ -371,7 +414,8 @@ packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
371{ 414{
372 struct packet_state *state; 415 struct packet_state *state;
373 416
374 state = (mode == MODE_IN) ? &p_read : &p_send; 417 state = (mode == MODE_IN) ?
418 &active_state->p_read : &active_state->p_send;
375 state->seqnr = seqnr; 419 state->seqnr = seqnr;
376 state->blocks = blocks; 420 state->blocks = blocks;
377 state->packets = packets; 421 state->packets = packets;
@@ -387,7 +431,8 @@ packet_connection_is_ipv4(void)
387 socklen_t tolen = sizeof(to); 431 socklen_t tolen = sizeof(to);
388 432
389 memset(&to, 0, sizeof(to)); 433 memset(&to, 0, sizeof(to));
390 if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) 434 if (getsockname(active_state->connection_out, (struct sockaddr *)&to,
435 &tolen) < 0)
391 return 0; 436 return 0;
392 if (to.ss_family == AF_INET) 437 if (to.ss_family == AF_INET)
393 return 1; 438 return 1;
@@ -405,10 +450,10 @@ void
405packet_set_nonblocking(void) 450packet_set_nonblocking(void)
406{ 451{
407 /* Set the socket into non-blocking mode. */ 452 /* Set the socket into non-blocking mode. */
408 set_nonblock(connection_in); 453 set_nonblock(active_state->connection_in);
409 454
410 if (connection_out != connection_in) 455 if (active_state->connection_out != active_state->connection_in)
411 set_nonblock(connection_out); 456 set_nonblock(active_state->connection_out);
412} 457}
413 458
414/* Returns the socket used for reading. */ 459/* Returns the socket used for reading. */
@@ -416,7 +461,7 @@ packet_set_nonblocking(void)
416int 461int
417packet_get_connection_in(void) 462packet_get_connection_in(void)
418{ 463{
419 return connection_in; 464 return active_state->connection_in;
420} 465}
421 466
422/* Returns the descriptor used for writing. */ 467/* Returns the descriptor used for writing. */
@@ -424,7 +469,7 @@ packet_get_connection_in(void)
424int 469int
425packet_get_connection_out(void) 470packet_get_connection_out(void)
426{ 471{
427 return connection_out; 472 return active_state->connection_out;
428} 473}
429 474
430/* Closes the connection and clears and frees internal data structures. */ 475/* Closes the connection and clears and frees internal data structures. */
@@ -432,26 +477,26 @@ packet_get_connection_out(void)
432void 477void
433packet_close(void) 478packet_close(void)
434{ 479{
435 if (!initialized) 480 if (!active_state->initialized)
436 return; 481 return;
437 initialized = 0; 482 active_state->initialized = 0;
438 if (connection_in == connection_out) { 483 if (active_state->connection_in == active_state->connection_out) {
439 shutdown(connection_out, SHUT_RDWR); 484 shutdown(active_state->connection_out, SHUT_RDWR);
440 close(connection_out); 485 close(active_state->connection_out);
441 } else { 486 } else {
442 close(connection_in); 487 close(active_state->connection_in);
443 close(connection_out); 488 close(active_state->connection_out);
444 } 489 }
445 buffer_free(&input); 490 buffer_free(&active_state->input);
446 buffer_free(&output); 491 buffer_free(&active_state->output);
447 buffer_free(&outgoing_packet); 492 buffer_free(&active_state->outgoing_packet);
448 buffer_free(&incoming_packet); 493 buffer_free(&active_state->incoming_packet);
449 if (compression_buffer_ready) { 494 if (active_state->compression_buffer_ready) {
450 buffer_free(&compression_buffer); 495 buffer_free(&active_state->compression_buffer);
451 buffer_compress_uninit(); 496 buffer_compress_uninit();
452 } 497 }
453 cipher_cleanup(&send_context); 498 cipher_cleanup(&active_state->send_context);
454 cipher_cleanup(&receive_context); 499 cipher_cleanup(&active_state->receive_context);
455} 500}
456 501
457/* Sets remote side protocol flags. */ 502/* Sets remote side protocol flags. */
@@ -459,7 +504,7 @@ packet_close(void)
459void 504void
460packet_set_protocol_flags(u_int protocol_flags) 505packet_set_protocol_flags(u_int protocol_flags)
461{ 506{
462 remote_protocol_flags = protocol_flags; 507 active_state->remote_protocol_flags = protocol_flags;
463} 508}
464 509
465/* Returns the remote protocol flags set earlier by the above function. */ 510/* Returns the remote protocol flags set earlier by the above function. */
@@ -467,7 +512,7 @@ packet_set_protocol_flags(u_int protocol_flags)
467u_int 512u_int
468packet_get_protocol_flags(void) 513packet_get_protocol_flags(void)
469{ 514{
470 return remote_protocol_flags; 515 return active_state->remote_protocol_flags;
471} 516}
472 517
473/* 518/*
@@ -478,18 +523,18 @@ packet_get_protocol_flags(void)
478static void 523static void
479packet_init_compression(void) 524packet_init_compression(void)
480{ 525{
481 if (compression_buffer_ready == 1) 526 if (active_state->compression_buffer_ready == 1)
482 return; 527 return;
483 compression_buffer_ready = 1; 528 active_state->compression_buffer_ready = 1;
484 buffer_init(&compression_buffer); 529 buffer_init(&active_state->compression_buffer);
485} 530}
486 531
487void 532void
488packet_start_compression(int level) 533packet_start_compression(int level)
489{ 534{
490 if (packet_compression && !compat20) 535 if (active_state->packet_compression && !compat20)
491 fatal("Compression already enabled."); 536 fatal("Compression already enabled.");
492 packet_compression = 1; 537 active_state->packet_compression = 1;
493 packet_init_compression(); 538 packet_init_compression();
494 buffer_compress_init_send(level); 539 buffer_compress_init_send(level);
495 buffer_compress_init_recv(); 540 buffer_compress_init_recv();
@@ -513,19 +558,21 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
513 fatal("packet_set_encryption_key: keylen too small: %d", keylen); 558 fatal("packet_set_encryption_key: keylen too small: %d", keylen);
514 if (keylen > SSH_SESSION_KEY_LENGTH) 559 if (keylen > SSH_SESSION_KEY_LENGTH)
515 fatal("packet_set_encryption_key: keylen too big: %d", keylen); 560 fatal("packet_set_encryption_key: keylen too big: %d", keylen);
516 memcpy(ssh1_key, key, keylen); 561 memcpy(active_state->ssh1_key, key, keylen);
517 ssh1_keylen = keylen; 562 active_state->ssh1_keylen = keylen;
518 cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT); 563 cipher_init(&active_state->send_context, cipher, key, keylen, NULL,
519 cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT); 564 0, CIPHER_ENCRYPT);
565 cipher_init(&active_state->receive_context, cipher, key, keylen, NULL,
566 0, CIPHER_DECRYPT);
520} 567}
521 568
522u_int 569u_int
523packet_get_encryption_key(u_char *key) 570packet_get_encryption_key(u_char *key)
524{ 571{
525 if (key == NULL) 572 if (key == NULL)
526 return (ssh1_keylen); 573 return (active_state->ssh1_keylen);
527 memcpy(key, ssh1_key, ssh1_keylen); 574 memcpy(key, active_state->ssh1_key, active_state->ssh1_keylen);
528 return (ssh1_keylen); 575 return (active_state->ssh1_keylen);
529} 576}
530 577
531/* Start constructing a packet to send. */ 578/* Start constructing a packet to send. */
@@ -539,8 +586,8 @@ packet_start(u_char type)
539 len = compat20 ? 6 : 9; 586 len = compat20 ? 6 : 9;
540 memset(buf, 0, len - 1); 587 memset(buf, 0, len - 1);
541 buf[len - 1] = type; 588 buf[len - 1] = type;
542 buffer_clear(&outgoing_packet); 589 buffer_clear(&active_state->outgoing_packet);
543 buffer_append(&outgoing_packet, buf, len); 590 buffer_append(&active_state->outgoing_packet, buf, len);
544} 591}
545 592
546/* Append payload. */ 593/* Append payload. */
@@ -549,43 +596,49 @@ packet_put_char(int value)
549{ 596{
550 char ch = value; 597 char ch = value;
551 598
552 buffer_append(&outgoing_packet, &ch, 1); 599 buffer_append(&active_state->outgoing_packet, &ch, 1);
553} 600}
554 601
555void 602void
556packet_put_int(u_int value) 603packet_put_int(u_int value)
557{ 604{
558 buffer_put_int(&outgoing_packet, value); 605 buffer_put_int(&active_state->outgoing_packet, value);
606}
607
608void
609packet_put_int64(u_int64_t value)
610{
611 buffer_put_int64(&active_state->outgoing_packet, value);
559} 612}
560 613
561void 614void
562packet_put_string(const void *buf, u_int len) 615packet_put_string(const void *buf, u_int len)
563{ 616{
564 buffer_put_string(&outgoing_packet, buf, len); 617 buffer_put_string(&active_state->outgoing_packet, buf, len);
565} 618}
566 619
567void 620void
568packet_put_cstring(const char *str) 621packet_put_cstring(const char *str)
569{ 622{
570 buffer_put_cstring(&outgoing_packet, str); 623 buffer_put_cstring(&active_state->outgoing_packet, str);
571} 624}
572 625
573void 626void
574packet_put_raw(const void *buf, u_int len) 627packet_put_raw(const void *buf, u_int len)
575{ 628{
576 buffer_append(&outgoing_packet, buf, len); 629 buffer_append(&active_state->outgoing_packet, buf, len);
577} 630}
578 631
579void 632void
580packet_put_bignum(BIGNUM * value) 633packet_put_bignum(BIGNUM * value)
581{ 634{
582 buffer_put_bignum(&outgoing_packet, value); 635 buffer_put_bignum(&active_state->outgoing_packet, value);
583} 636}
584 637
585void 638void
586packet_put_bignum2(BIGNUM * value) 639packet_put_bignum2(BIGNUM * value)
587{ 640{
588 buffer_put_bignum2(&outgoing_packet, value); 641 buffer_put_bignum2(&active_state->outgoing_packet, value);
589} 642}
590 643
591/* 644/*
@@ -605,24 +658,27 @@ packet_send1(void)
605 * If using packet compression, compress the payload of the outgoing 658 * If using packet compression, compress the payload of the outgoing
606 * packet. 659 * packet.
607 */ 660 */
608 if (packet_compression) { 661 if (active_state->packet_compression) {
609 buffer_clear(&compression_buffer); 662 buffer_clear(&active_state->compression_buffer);
610 /* Skip padding. */ 663 /* Skip padding. */
611 buffer_consume(&outgoing_packet, 8); 664 buffer_consume(&active_state->outgoing_packet, 8);
612 /* padding */ 665 /* padding */
613 buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8); 666 buffer_append(&active_state->compression_buffer,
614 buffer_compress(&outgoing_packet, &compression_buffer); 667 "\0\0\0\0\0\0\0\0", 8);
615 buffer_clear(&outgoing_packet); 668 buffer_compress(&active_state->outgoing_packet,
616 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 669 &active_state->compression_buffer);
617 buffer_len(&compression_buffer)); 670 buffer_clear(&active_state->outgoing_packet);
671 buffer_append(&active_state->outgoing_packet,
672 buffer_ptr(&active_state->compression_buffer),
673 buffer_len(&active_state->compression_buffer));
618 } 674 }
619 /* Compute packet length without padding (add checksum, remove padding). */ 675 /* Compute packet length without padding (add checksum, remove padding). */
620 len = buffer_len(&outgoing_packet) + 4 - 8; 676 len = buffer_len(&active_state->outgoing_packet) + 4 - 8;
621 677
622 /* Insert padding. Initialized to zero in packet_start1() */ 678 /* Insert padding. Initialized to zero in packet_start1() */
623 padding = 8 - len % 8; 679 padding = 8 - len % 8;
624 if (!send_context.plaintext) { 680 if (!active_state->send_context.plaintext) {
625 cp = buffer_ptr(&outgoing_packet); 681 cp = buffer_ptr(&active_state->outgoing_packet);
626 for (i = 0; i < padding; i++) { 682 for (i = 0; i < padding; i++) {
627 if (i % 4 == 0) 683 if (i % 4 == 0)
628 rnd = arc4random(); 684 rnd = arc4random();
@@ -630,33 +686,36 @@ packet_send1(void)
630 rnd >>= 8; 686 rnd >>= 8;
631 } 687 }
632 } 688 }
633 buffer_consume(&outgoing_packet, 8 - padding); 689 buffer_consume(&active_state->outgoing_packet, 8 - padding);
634 690
635 /* Add check bytes. */ 691 /* Add check bytes. */
636 checksum = ssh_crc32(buffer_ptr(&outgoing_packet), 692 checksum = ssh_crc32(buffer_ptr(&active_state->outgoing_packet),
637 buffer_len(&outgoing_packet)); 693 buffer_len(&active_state->outgoing_packet));
638 put_u32(buf, checksum); 694 put_u32(buf, checksum);
639 buffer_append(&outgoing_packet, buf, 4); 695 buffer_append(&active_state->outgoing_packet, buf, 4);
640 696
641#ifdef PACKET_DEBUG 697#ifdef PACKET_DEBUG
642 fprintf(stderr, "packet_send plain: "); 698 fprintf(stderr, "packet_send plain: ");
643 buffer_dump(&outgoing_packet); 699 buffer_dump(&active_state->outgoing_packet);
644#endif 700#endif
645 701
646 /* Append to output. */ 702 /* Append to output. */
647 put_u32(buf, len); 703 put_u32(buf, len);
648 buffer_append(&output, buf, 4); 704 buffer_append(&active_state->output, buf, 4);
649 cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); 705 cp = buffer_append_space(&active_state->output,
650 cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet), 706 buffer_len(&active_state->outgoing_packet));
651 buffer_len(&outgoing_packet)); 707 cipher_crypt(&active_state->send_context, cp,
708 buffer_ptr(&active_state->outgoing_packet),
709 buffer_len(&active_state->outgoing_packet));
652 710
653#ifdef PACKET_DEBUG 711#ifdef PACKET_DEBUG
654 fprintf(stderr, "encrypted: "); 712 fprintf(stderr, "encrypted: ");
655 buffer_dump(&output); 713 buffer_dump(&active_state->output);
656#endif 714#endif
657 p_send.packets++; 715 active_state->p_send.packets++;
658 p_send.bytes += len + buffer_len(&outgoing_packet); 716 active_state->p_send.bytes += len +
659 buffer_clear(&outgoing_packet); 717 buffer_len(&active_state->outgoing_packet);
718 buffer_clear(&active_state->outgoing_packet);
660 719
661 /* 720 /*
662 * Note that the packet is now only buffered in output. It won't be 721 * Note that the packet is now only buffered in output. It won't be
@@ -678,22 +737,22 @@ set_newkeys(int mode)
678 debug2("set_newkeys: mode %d", mode); 737 debug2("set_newkeys: mode %d", mode);
679 738
680 if (mode == MODE_OUT) { 739 if (mode == MODE_OUT) {
681 cc = &send_context; 740 cc = &active_state->send_context;
682 crypt_type = CIPHER_ENCRYPT; 741 crypt_type = CIPHER_ENCRYPT;
683 p_send.packets = p_send.blocks = 0; 742 active_state->p_send.packets = active_state->p_send.blocks = 0;
684 max_blocks = &max_blocks_out; 743 max_blocks = &active_state->max_blocks_out;
685 } else { 744 } else {
686 cc = &receive_context; 745 cc = &active_state->receive_context;
687 crypt_type = CIPHER_DECRYPT; 746 crypt_type = CIPHER_DECRYPT;
688 p_read.packets = p_read.blocks = 0; 747 active_state->p_read.packets = active_state->p_read.blocks = 0;
689 max_blocks = &max_blocks_in; 748 max_blocks = &active_state->max_blocks_in;
690 } 749 }
691 if (newkeys[mode] != NULL) { 750 if (active_state->newkeys[mode] != NULL) {
692 debug("set_newkeys: rekeying"); 751 debug("set_newkeys: rekeying");
693 cipher_cleanup(cc); 752 cipher_cleanup(cc);
694 enc = &newkeys[mode]->enc; 753 enc = &active_state->newkeys[mode]->enc;
695 mac = &newkeys[mode]->mac; 754 mac = &active_state->newkeys[mode]->mac;
696 comp = &newkeys[mode]->comp; 755 comp = &active_state->newkeys[mode]->comp;
697 mac_clear(mac); 756 mac_clear(mac);
698 xfree(enc->name); 757 xfree(enc->name);
699 xfree(enc->iv); 758 xfree(enc->iv);
@@ -701,14 +760,14 @@ set_newkeys(int mode)
701 xfree(mac->name); 760 xfree(mac->name);
702 xfree(mac->key); 761 xfree(mac->key);
703 xfree(comp->name); 762 xfree(comp->name);
704 xfree(newkeys[mode]); 763 xfree(active_state->newkeys[mode]);
705 } 764 }
706 newkeys[mode] = kex_get_newkeys(mode); 765 active_state->newkeys[mode] = kex_get_newkeys(mode);
707 if (newkeys[mode] == NULL) 766 if (active_state->newkeys[mode] == NULL)
708 fatal("newkeys: no keys for mode %d", mode); 767 fatal("newkeys: no keys for mode %d", mode);
709 enc = &newkeys[mode]->enc; 768 enc = &active_state->newkeys[mode]->enc;
710 mac = &newkeys[mode]->mac; 769 mac = &active_state->newkeys[mode]->mac;
711 comp = &newkeys[mode]->comp; 770 comp = &active_state->newkeys[mode]->comp;
712 if (mac_init(mac) == 0) 771 if (mac_init(mac) == 0)
713 mac->enabled = 1; 772 mac->enabled = 1;
714 DBG(debug("cipher_init_context: %d", mode)); 773 DBG(debug("cipher_init_context: %d", mode));
@@ -719,8 +778,8 @@ set_newkeys(int mode)
719 memset(enc->key, 0, enc->key_len); 778 memset(enc->key, 0, enc->key_len);
720 memset(mac->key, 0, mac->key_len); */ 779 memset(mac->key, 0, mac->key_len); */
721 if ((comp->type == COMP_ZLIB || 780 if ((comp->type == COMP_ZLIB ||
722 (comp->type == COMP_DELAYED && after_authentication)) && 781 (comp->type == COMP_DELAYED &&
723 comp->enabled == 0) { 782 active_state->after_authentication)) && comp->enabled == 0) {
724 packet_init_compression(); 783 packet_init_compression();
725 if (mode == MODE_OUT) 784 if (mode == MODE_OUT)
726 buffer_compress_init_send(6); 785 buffer_compress_init_send(6);
@@ -736,8 +795,9 @@ set_newkeys(int mode)
736 *max_blocks = (u_int64_t)1 << (enc->block_size*2); 795 *max_blocks = (u_int64_t)1 << (enc->block_size*2);
737 else 796 else
738 *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; 797 *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
739 if (rekey_limit) 798 if (active_state->rekey_limit)
740 *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size); 799 *max_blocks = MIN(*max_blocks,
800 active_state->rekey_limit / enc->block_size);
741} 801}
742 802
743/* 803/*
@@ -755,12 +815,12 @@ packet_enable_delayed_compress(void)
755 * Remember that we are past the authentication step, so rekeying 815 * Remember that we are past the authentication step, so rekeying
756 * with COMP_DELAYED will turn on compression immediately. 816 * with COMP_DELAYED will turn on compression immediately.
757 */ 817 */
758 after_authentication = 1; 818 active_state->after_authentication = 1;
759 for (mode = 0; mode < MODE_MAX; mode++) { 819 for (mode = 0; mode < MODE_MAX; mode++) {
760 /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */ 820 /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
761 if (newkeys[mode] == NULL) 821 if (active_state->newkeys[mode] == NULL)
762 continue; 822 continue;
763 comp = &newkeys[mode]->comp; 823 comp = &active_state->newkeys[mode]->comp;
764 if (comp && !comp->enabled && comp->type == COMP_DELAYED) { 824 if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
765 packet_init_compression(); 825 packet_init_compression();
766 if (mode == MODE_OUT) 826 if (mode == MODE_OUT)
@@ -788,37 +848,39 @@ packet_send2_wrapped(void)
788 Comp *comp = NULL; 848 Comp *comp = NULL;
789 int block_size; 849 int block_size;
790 850
791 if (newkeys[MODE_OUT] != NULL) { 851 if (active_state->newkeys[MODE_OUT] != NULL) {
792 enc = &newkeys[MODE_OUT]->enc; 852 enc = &active_state->newkeys[MODE_OUT]->enc;
793 mac = &newkeys[MODE_OUT]->mac; 853 mac = &active_state->newkeys[MODE_OUT]->mac;
794 comp = &newkeys[MODE_OUT]->comp; 854 comp = &active_state->newkeys[MODE_OUT]->comp;
795 } 855 }
796 block_size = enc ? enc->block_size : 8; 856 block_size = enc ? enc->block_size : 8;
797 857
798 cp = buffer_ptr(&outgoing_packet); 858 cp = buffer_ptr(&active_state->outgoing_packet);
799 type = cp[5]; 859 type = cp[5];
800 860
801#ifdef PACKET_DEBUG 861#ifdef PACKET_DEBUG
802 fprintf(stderr, "plain: "); 862 fprintf(stderr, "plain: ");
803 buffer_dump(&outgoing_packet); 863 buffer_dump(&active_state->outgoing_packet);
804#endif 864#endif
805 865
806 if (comp && comp->enabled) { 866 if (comp && comp->enabled) {
807 len = buffer_len(&outgoing_packet); 867 len = buffer_len(&active_state->outgoing_packet);
808 /* skip header, compress only payload */ 868 /* skip header, compress only payload */
809 buffer_consume(&outgoing_packet, 5); 869 buffer_consume(&active_state->outgoing_packet, 5);
810 buffer_clear(&compression_buffer); 870 buffer_clear(&active_state->compression_buffer);
811 buffer_compress(&outgoing_packet, &compression_buffer); 871 buffer_compress(&active_state->outgoing_packet,
812 buffer_clear(&outgoing_packet); 872 &active_state->compression_buffer);
813 buffer_append(&outgoing_packet, "\0\0\0\0\0", 5); 873 buffer_clear(&active_state->outgoing_packet);
814 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 874 buffer_append(&active_state->outgoing_packet, "\0\0\0\0\0", 5);
815 buffer_len(&compression_buffer)); 875 buffer_append(&active_state->outgoing_packet,
876 buffer_ptr(&active_state->compression_buffer),
877 buffer_len(&active_state->compression_buffer));
816 DBG(debug("compression: raw %d compressed %d", len, 878 DBG(debug("compression: raw %d compressed %d", len,
817 buffer_len(&outgoing_packet))); 879 buffer_len(&active_state->outgoing_packet)));
818 } 880 }
819 881
820 /* sizeof (packet_len + pad_len + payload) */ 882 /* sizeof (packet_len + pad_len + payload) */
821 len = buffer_len(&outgoing_packet); 883 len = buffer_len(&active_state->outgoing_packet);
822 884
823 /* 885 /*
824 * calc size of padding, alloc space, get random data, 886 * calc size of padding, alloc space, get random data,
@@ -827,17 +889,19 @@ packet_send2_wrapped(void)
827 padlen = block_size - (len % block_size); 889 padlen = block_size - (len % block_size);
828 if (padlen < 4) 890 if (padlen < 4)
829 padlen += block_size; 891 padlen += block_size;
830 if (extra_pad) { 892 if (active_state->extra_pad) {
831 /* will wrap if extra_pad+padlen > 255 */ 893 /* will wrap if extra_pad+padlen > 255 */
832 extra_pad = roundup(extra_pad, block_size); 894 active_state->extra_pad =
833 pad = extra_pad - ((len + padlen) % extra_pad); 895 roundup(active_state->extra_pad, block_size);
896 pad = active_state->extra_pad -
897 ((len + padlen) % active_state->extra_pad);
834 debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)", 898 debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
835 pad, len, padlen, extra_pad); 899 pad, len, padlen, active_state->extra_pad);
836 padlen += pad; 900 padlen += pad;
837 extra_pad = 0; 901 active_state->extra_pad = 0;
838 } 902 }
839 cp = buffer_append_space(&outgoing_packet, padlen); 903 cp = buffer_append_space(&active_state->outgoing_packet, padlen);
840 if (enc && !send_context.plaintext) { 904 if (enc && !active_state->send_context.plaintext) {
841 /* random padding */ 905 /* random padding */
842 for (i = 0; i < padlen; i++) { 906 for (i = 0; i < padlen; i++) {
843 if (i % 4 == 0) 907 if (i % 4 == 0)
@@ -850,86 +914,88 @@ packet_send2_wrapped(void)
850 memset(cp, 0, padlen); 914 memset(cp, 0, padlen);
851 } 915 }
852 /* packet_length includes payload, padding and padding length field */ 916 /* packet_length includes payload, padding and padding length field */
853 packet_length = buffer_len(&outgoing_packet) - 4; 917 packet_length = buffer_len(&active_state->outgoing_packet) - 4;
854 cp = buffer_ptr(&outgoing_packet); 918 cp = buffer_ptr(&active_state->outgoing_packet);
855 put_u32(cp, packet_length); 919 put_u32(cp, packet_length);
856 cp[4] = padlen; 920 cp[4] = padlen;
857 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 921 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
858 922
859 /* compute MAC over seqnr and packet(length fields, payload, padding) */ 923 /* compute MAC over seqnr and packet(length fields, payload, padding) */
860 if (mac && mac->enabled) { 924 if (mac && mac->enabled) {
861 macbuf = mac_compute(mac, p_send.seqnr, 925 macbuf = mac_compute(mac, active_state->p_send.seqnr,
862 buffer_ptr(&outgoing_packet), 926 buffer_ptr(&active_state->outgoing_packet),
863 buffer_len(&outgoing_packet)); 927 buffer_len(&active_state->outgoing_packet));
864 DBG(debug("done calc MAC out #%d", p_send.seqnr)); 928 DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr));
865 } 929 }
866 /* encrypt packet and append to output buffer. */ 930 /* encrypt packet and append to output buffer. */
867 cp = buffer_append_space(&output, buffer_len(&outgoing_packet)); 931 cp = buffer_append_space(&active_state->output,
868 cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet), 932 buffer_len(&active_state->outgoing_packet));
869 buffer_len(&outgoing_packet)); 933 cipher_crypt(&active_state->send_context, cp,
934 buffer_ptr(&active_state->outgoing_packet),
935 buffer_len(&active_state->outgoing_packet));
870 /* append unencrypted MAC */ 936 /* append unencrypted MAC */
871 if (mac && mac->enabled) 937 if (mac && mac->enabled)
872 buffer_append(&output, macbuf, mac->mac_len); 938 buffer_append(&active_state->output, macbuf, mac->mac_len);
873#ifdef PACKET_DEBUG 939#ifdef PACKET_DEBUG
874 fprintf(stderr, "encrypted: "); 940 fprintf(stderr, "encrypted: ");
875 buffer_dump(&output); 941 buffer_dump(&active_state->output);
876#endif 942#endif
877 /* increment sequence number for outgoing packets */ 943 /* increment sequence number for outgoing packets */
878 if (++p_send.seqnr == 0) 944 if (++active_state->p_send.seqnr == 0)
879 logit("outgoing seqnr wraps around"); 945 logit("outgoing seqnr wraps around");
880 if (++p_send.packets == 0) 946 if (++active_state->p_send.packets == 0)
881 if (!(datafellows & SSH_BUG_NOREKEY)) 947 if (!(datafellows & SSH_BUG_NOREKEY))
882 fatal("XXX too many packets with same key"); 948 fatal("XXX too many packets with same key");
883 p_send.blocks += (packet_length + 4) / block_size; 949 active_state->p_send.blocks += (packet_length + 4) / block_size;
884 p_send.bytes += packet_length + 4; 950 active_state->p_send.bytes += packet_length + 4;
885 buffer_clear(&outgoing_packet); 951 buffer_clear(&active_state->outgoing_packet);
886 952
887 if (type == SSH2_MSG_NEWKEYS) 953 if (type == SSH2_MSG_NEWKEYS)
888 set_newkeys(MODE_OUT); 954 set_newkeys(MODE_OUT);
889 else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) 955 else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
890 packet_enable_delayed_compress(); 956 packet_enable_delayed_compress();
891} 957}
892 958
893static void 959static void
894packet_send2(void) 960packet_send2(void)
895{ 961{
896 static int rekeying = 0;
897 struct packet *p; 962 struct packet *p;
898 u_char type, *cp; 963 u_char type, *cp;
899 964
900 cp = buffer_ptr(&outgoing_packet); 965 cp = buffer_ptr(&active_state->outgoing_packet);
901 type = cp[5]; 966 type = cp[5];
902 967
903 /* during rekeying we can only send key exchange messages */ 968 /* during rekeying we can only send key exchange messages */
904 if (rekeying) { 969 if (active_state->rekeying) {
905 if (!((type >= SSH2_MSG_TRANSPORT_MIN) && 970 if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
906 (type <= SSH2_MSG_TRANSPORT_MAX))) { 971 (type <= SSH2_MSG_TRANSPORT_MAX))) {
907 debug("enqueue packet: %u", type); 972 debug("enqueue packet: %u", type);
908 p = xmalloc(sizeof(*p)); 973 p = xmalloc(sizeof(*p));
909 p->type = type; 974 p->type = type;
910 memcpy(&p->payload, &outgoing_packet, sizeof(Buffer)); 975 memcpy(&p->payload, &active_state->outgoing_packet,
911 buffer_init(&outgoing_packet); 976 sizeof(Buffer));
912 TAILQ_INSERT_TAIL(&outgoing, p, next); 977 buffer_init(&active_state->outgoing_packet);
978 TAILQ_INSERT_TAIL(&active_state->outgoing, p, next);
913 return; 979 return;
914 } 980 }
915 } 981 }
916 982
917 /* rekeying starts with sending KEXINIT */ 983 /* rekeying starts with sending KEXINIT */
918 if (type == SSH2_MSG_KEXINIT) 984 if (type == SSH2_MSG_KEXINIT)
919 rekeying = 1; 985 active_state->rekeying = 1;
920 986
921 packet_send2_wrapped(); 987 packet_send2_wrapped();
922 988
923 /* after a NEWKEYS message we can send the complete queue */ 989 /* after a NEWKEYS message we can send the complete queue */
924 if (type == SSH2_MSG_NEWKEYS) { 990 if (type == SSH2_MSG_NEWKEYS) {
925 rekeying = 0; 991 active_state->rekeying = 0;
926 while ((p = TAILQ_FIRST(&outgoing))) { 992 while ((p = TAILQ_FIRST(&active_state->outgoing))) {
927 type = p->type; 993 type = p->type;
928 debug("dequeue packet: %u", type); 994 debug("dequeue packet: %u", type);
929 buffer_free(&outgoing_packet); 995 buffer_free(&active_state->outgoing_packet);
930 memcpy(&outgoing_packet, &p->payload, 996 memcpy(&active_state->outgoing_packet, &p->payload,
931 sizeof(Buffer)); 997 sizeof(Buffer));
932 TAILQ_REMOVE(&outgoing, p, next); 998 TAILQ_REMOVE(&active_state->outgoing, p, next);
933 xfree(p); 999 xfree(p);
934 packet_send2_wrapped(); 1000 packet_send2_wrapped();
935 } 1001 }
@@ -955,15 +1021,15 @@ packet_send(void)
955int 1021int
956packet_read_seqnr(u_int32_t *seqnr_p) 1022packet_read_seqnr(u_int32_t *seqnr_p)
957{ 1023{
958 int type, len, ret, ms_remain; 1024 int type, len, ret, ms_remain, cont;
959 fd_set *setp; 1025 fd_set *setp;
960 char buf[8192]; 1026 char buf[8192];
961 struct timeval timeout, start, *timeoutp = NULL; 1027 struct timeval timeout, start, *timeoutp = NULL;
962 1028
963 DBG(debug("packet_read()")); 1029 DBG(debug("packet_read()"));
964 1030
965 setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS), 1031 setp = (fd_set *)xcalloc(howmany(active_state->connection_in + 1,
966 sizeof(fd_mask)); 1032 NFDBITS), sizeof(fd_mask));
967 1033
968 /* Since we are blocking, ensure that all written packets have been sent. */ 1034 /* Since we are blocking, ensure that all written packets have been sent. */
969 packet_write_wait(); 1035 packet_write_wait();
@@ -987,27 +1053,27 @@ packet_read_seqnr(u_int32_t *seqnr_p)
987 * Otherwise, wait for some data to arrive, add it to the 1053 * Otherwise, wait for some data to arrive, add it to the
988 * buffer, and try again. 1054 * buffer, and try again.
989 */ 1055 */
990 memset(setp, 0, howmany(connection_in + 1, NFDBITS) * 1056 memset(setp, 0, howmany(active_state->connection_in + 1,
991 sizeof(fd_mask)); 1057 NFDBITS) * sizeof(fd_mask));
992 FD_SET(connection_in, setp); 1058 FD_SET(active_state->connection_in, setp);
993 1059
994 if (packet_timeout_ms > 0) { 1060 if (active_state->packet_timeout_ms > 0) {
995 ms_remain = packet_timeout_ms; 1061 ms_remain = active_state->packet_timeout_ms;
996 timeoutp = &timeout; 1062 timeoutp = &timeout;
997 } 1063 }
998 /* Wait for some data to arrive. */ 1064 /* Wait for some data to arrive. */
999 for (;;) { 1065 for (;;) {
1000 if (packet_timeout_ms != -1) { 1066 if (active_state->packet_timeout_ms != -1) {
1001 ms_to_timeval(&timeout, ms_remain); 1067 ms_to_timeval(&timeout, ms_remain);
1002 gettimeofday(&start, NULL); 1068 gettimeofday(&start, NULL);
1003 } 1069 }
1004 if ((ret = select(connection_in + 1, setp, NULL, 1070 if ((ret = select(active_state->connection_in + 1, setp,
1005 NULL, timeoutp)) >= 0) 1071 NULL, NULL, timeoutp)) >= 0)
1006 break; 1072 break;
1007 if (errno != EAGAIN && errno != EINTR && 1073 if (errno != EAGAIN && errno != EINTR &&
1008 errno != EWOULDBLOCK) 1074 errno != EWOULDBLOCK)
1009 break; 1075 break;
1010 if (packet_timeout_ms == -1) 1076 if (active_state->packet_timeout_ms == -1)
1011 continue; 1077 continue;
1012 ms_subtract_diff(&start, &ms_remain); 1078 ms_subtract_diff(&start, &ms_remain);
1013 if (ms_remain <= 0) { 1079 if (ms_remain <= 0) {
@@ -1021,7 +1087,11 @@ packet_read_seqnr(u_int32_t *seqnr_p)
1021 cleanup_exit(255); 1087 cleanup_exit(255);
1022 } 1088 }
1023 /* Read data from the socket. */ 1089 /* Read data from the socket. */
1024 len = read(connection_in, buf, sizeof(buf)); 1090 do {
1091 cont = 0;
1092 len = roaming_read(active_state->connection_in, buf,
1093 sizeof(buf), &cont);
1094 } while (len == 0 && cont);
1025 if (len == 0) { 1095 if (len == 0) {
1026 logit("Connection closed by %.200s", get_remote_ipaddr()); 1096 logit("Connection closed by %.200s", get_remote_ipaddr());
1027 cleanup_exit(255); 1097 cleanup_exit(255);
@@ -1073,31 +1143,32 @@ packet_read_poll1(void)
1073 u_int checksum, stored_checksum; 1143 u_int checksum, stored_checksum;
1074 1144
1075 /* Check if input size is less than minimum packet size. */ 1145 /* Check if input size is less than minimum packet size. */
1076 if (buffer_len(&input) < 4 + 8) 1146 if (buffer_len(&active_state->input) < 4 + 8)
1077 return SSH_MSG_NONE; 1147 return SSH_MSG_NONE;
1078 /* Get length of incoming packet. */ 1148 /* Get length of incoming packet. */
1079 cp = buffer_ptr(&input); 1149 cp = buffer_ptr(&active_state->input);
1080 len = get_u32(cp); 1150 len = get_u32(cp);
1081 if (len < 1 + 2 + 2 || len > 256 * 1024) 1151 if (len < 1 + 2 + 2 || len > 256 * 1024)
1082 packet_disconnect("Bad packet length %u.", len); 1152 packet_disconnect("Bad packet length %u.", len);
1083 padded_len = (len + 8) & ~7; 1153 padded_len = (len + 8) & ~7;
1084 1154
1085 /* Check if the packet has been entirely received. */ 1155 /* Check if the packet has been entirely received. */
1086 if (buffer_len(&input) < 4 + padded_len) 1156 if (buffer_len(&active_state->input) < 4 + padded_len)
1087 return SSH_MSG_NONE; 1157 return SSH_MSG_NONE;
1088 1158
1089 /* The entire packet is in buffer. */ 1159 /* The entire packet is in buffer. */
1090 1160
1091 /* Consume packet length. */ 1161 /* Consume packet length. */
1092 buffer_consume(&input, 4); 1162 buffer_consume(&active_state->input, 4);
1093 1163
1094 /* 1164 /*
1095 * Cryptographic attack detector for ssh 1165 * Cryptographic attack detector for ssh
1096 * (C)1998 CORE-SDI, Buenos Aires Argentina 1166 * (C)1998 CORE-SDI, Buenos Aires Argentina
1097 * Ariel Futoransky(futo@core-sdi.com) 1167 * Ariel Futoransky(futo@core-sdi.com)
1098 */ 1168 */
1099 if (!receive_context.plaintext) { 1169 if (!active_state->receive_context.plaintext) {
1100 switch (detect_attack(buffer_ptr(&input), padded_len)) { 1170 switch (detect_attack(buffer_ptr(&active_state->input),
1171 padded_len)) {
1101 case DEATTACK_DETECTED: 1172 case DEATTACK_DETECTED:
1102 packet_disconnect("crc32 compensation attack: " 1173 packet_disconnect("crc32 compensation attack: "
1103 "network attack detected"); 1174 "network attack detected");
@@ -1108,45 +1179,48 @@ packet_read_poll1(void)
1108 } 1179 }
1109 1180
1110 /* Decrypt data to incoming_packet. */ 1181 /* Decrypt data to incoming_packet. */
1111 buffer_clear(&incoming_packet); 1182 buffer_clear(&active_state->incoming_packet);
1112 cp = buffer_append_space(&incoming_packet, padded_len); 1183 cp = buffer_append_space(&active_state->incoming_packet, padded_len);
1113 cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len); 1184 cipher_crypt(&active_state->receive_context, cp,
1185 buffer_ptr(&active_state->input), padded_len);
1114 1186
1115 buffer_consume(&input, padded_len); 1187 buffer_consume(&active_state->input, padded_len);
1116 1188
1117#ifdef PACKET_DEBUG 1189#ifdef PACKET_DEBUG
1118 fprintf(stderr, "read_poll plain: "); 1190 fprintf(stderr, "read_poll plain: ");
1119 buffer_dump(&incoming_packet); 1191 buffer_dump(&active_state->incoming_packet);
1120#endif 1192#endif
1121 1193
1122 /* Compute packet checksum. */ 1194 /* Compute packet checksum. */
1123 checksum = ssh_crc32(buffer_ptr(&incoming_packet), 1195 checksum = ssh_crc32(buffer_ptr(&active_state->incoming_packet),
1124 buffer_len(&incoming_packet) - 4); 1196 buffer_len(&active_state->incoming_packet) - 4);
1125 1197
1126 /* Skip padding. */ 1198 /* Skip padding. */
1127 buffer_consume(&incoming_packet, 8 - len % 8); 1199 buffer_consume(&active_state->incoming_packet, 8 - len % 8);
1128 1200
1129 /* Test check bytes. */ 1201 /* Test check bytes. */
1130 if (len != buffer_len(&incoming_packet)) 1202 if (len != buffer_len(&active_state->incoming_packet))
1131 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.", 1203 packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1132 len, buffer_len(&incoming_packet)); 1204 len, buffer_len(&active_state->incoming_packet));
1133 1205
1134 cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4; 1206 cp = (u_char *)buffer_ptr(&active_state->incoming_packet) + len - 4;
1135 stored_checksum = get_u32(cp); 1207 stored_checksum = get_u32(cp);
1136 if (checksum != stored_checksum) 1208 if (checksum != stored_checksum)
1137 packet_disconnect("Corrupted check bytes on input."); 1209 packet_disconnect("Corrupted check bytes on input.");
1138 buffer_consume_end(&incoming_packet, 4); 1210 buffer_consume_end(&active_state->incoming_packet, 4);
1139 1211
1140 if (packet_compression) { 1212 if (active_state->packet_compression) {
1141 buffer_clear(&compression_buffer); 1213 buffer_clear(&active_state->compression_buffer);
1142 buffer_uncompress(&incoming_packet, &compression_buffer); 1214 buffer_uncompress(&active_state->incoming_packet,
1143 buffer_clear(&incoming_packet); 1215 &active_state->compression_buffer);
1144 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 1216 buffer_clear(&active_state->incoming_packet);
1145 buffer_len(&compression_buffer)); 1217 buffer_append(&active_state->incoming_packet,
1218 buffer_ptr(&active_state->compression_buffer),
1219 buffer_len(&active_state->compression_buffer));
1146 } 1220 }
1147 p_read.packets++; 1221 active_state->p_read.packets++;
1148 p_read.bytes += padded_len + 4; 1222 active_state->p_read.bytes += padded_len + 4;
1149 type = buffer_get_char(&incoming_packet); 1223 type = buffer_get_char(&active_state->incoming_packet);
1150 if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) 1224 if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
1151 packet_disconnect("Invalid ssh1 packet type: %d", type); 1225 packet_disconnect("Invalid ssh1 packet type: %d", type);
1152 return type; 1226 return type;
@@ -1155,7 +1229,6 @@ packet_read_poll1(void)
1155static int 1229static int
1156packet_read_poll2(u_int32_t *seqnr_p) 1230packet_read_poll2(u_int32_t *seqnr_p)
1157{ 1231{
1158 static u_int packet_length = 0;
1159 u_int padlen, need; 1232 u_int padlen, need;
1160 u_char *macbuf, *cp, type; 1233 u_char *macbuf, *cp, type;
1161 u_int maclen, block_size; 1234 u_int maclen, block_size;
@@ -1163,50 +1236,52 @@ packet_read_poll2(u_int32_t *seqnr_p)
1163 Mac *mac = NULL; 1236 Mac *mac = NULL;
1164 Comp *comp = NULL; 1237 Comp *comp = NULL;
1165 1238
1166 if (packet_discard) 1239 if (active_state->packet_discard)
1167 return SSH_MSG_NONE; 1240 return SSH_MSG_NONE;
1168 1241
1169 if (newkeys[MODE_IN] != NULL) { 1242 if (active_state->newkeys[MODE_IN] != NULL) {
1170 enc = &newkeys[MODE_IN]->enc; 1243 enc = &active_state->newkeys[MODE_IN]->enc;
1171 mac = &newkeys[MODE_IN]->mac; 1244 mac = &active_state->newkeys[MODE_IN]->mac;
1172 comp = &newkeys[MODE_IN]->comp; 1245 comp = &active_state->newkeys[MODE_IN]->comp;
1173 } 1246 }
1174 maclen = mac && mac->enabled ? mac->mac_len : 0; 1247 maclen = mac && mac->enabled ? mac->mac_len : 0;
1175 block_size = enc ? enc->block_size : 8; 1248 block_size = enc ? enc->block_size : 8;
1176 1249
1177 if (packet_length == 0) { 1250 if (active_state->packlen == 0) {
1178 /* 1251 /*
1179 * check if input size is less than the cipher block size, 1252 * check if input size is less than the cipher block size,
1180 * decrypt first block and extract length of incoming packet 1253 * decrypt first block and extract length of incoming packet
1181 */ 1254 */
1182 if (buffer_len(&input) < block_size) 1255 if (buffer_len(&active_state->input) < block_size)
1183 return SSH_MSG_NONE; 1256 return SSH_MSG_NONE;
1184 buffer_clear(&incoming_packet); 1257 buffer_clear(&active_state->incoming_packet);
1185 cp = buffer_append_space(&incoming_packet, block_size); 1258 cp = buffer_append_space(&active_state->incoming_packet,
1186 cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1187 block_size); 1259 block_size);
1188 cp = buffer_ptr(&incoming_packet); 1260 cipher_crypt(&active_state->receive_context, cp,
1189 packet_length = get_u32(cp); 1261 buffer_ptr(&active_state->input), block_size);
1190 if (packet_length < 1 + 4 || packet_length > PACKET_MAX_SIZE) { 1262 cp = buffer_ptr(&active_state->incoming_packet);
1263 active_state->packlen = get_u32(cp);
1264 if (active_state->packlen < 1 + 4 ||
1265 active_state->packlen > PACKET_MAX_SIZE) {
1191#ifdef PACKET_DEBUG 1266#ifdef PACKET_DEBUG
1192 buffer_dump(&incoming_packet); 1267 buffer_dump(&active_state->incoming_packet);
1193#endif 1268#endif
1194 logit("Bad packet length %u.", packet_length); 1269 logit("Bad packet length %u.", active_state->packlen);
1195 packet_start_discard(enc, mac, packet_length, 1270 packet_start_discard(enc, mac, active_state->packlen,
1196 PACKET_MAX_SIZE); 1271 PACKET_MAX_SIZE);
1197 return SSH_MSG_NONE; 1272 return SSH_MSG_NONE;
1198 } 1273 }
1199 DBG(debug("input: packet len %u", packet_length+4)); 1274 DBG(debug("input: packet len %u", active_state->packlen+4));
1200 buffer_consume(&input, block_size); 1275 buffer_consume(&active_state->input, block_size);
1201 } 1276 }
1202 /* we have a partial packet of block_size bytes */ 1277 /* we have a partial packet of block_size bytes */
1203 need = 4 + packet_length - block_size; 1278 need = 4 + active_state->packlen - block_size;
1204 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 1279 DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1205 need, maclen)); 1280 need, maclen));
1206 if (need % block_size != 0) { 1281 if (need % block_size != 0) {
1207 logit("padding error: need %d block %d mod %d", 1282 logit("padding error: need %d block %d mod %d",
1208 need, block_size, need % block_size); 1283 need, block_size, need % block_size);
1209 packet_start_discard(enc, mac, packet_length, 1284 packet_start_discard(enc, mac, active_state->packlen,
1210 PACKET_MAX_SIZE - block_size); 1285 PACKET_MAX_SIZE - block_size);
1211 return SSH_MSG_NONE; 1286 return SSH_MSG_NONE;
1212 } 1287 }
@@ -1214,84 +1289,90 @@ packet_read_poll2(u_int32_t *seqnr_p)
1214 * check if the entire packet has been received and 1289 * check if the entire packet has been received and
1215 * decrypt into incoming_packet 1290 * decrypt into incoming_packet
1216 */ 1291 */
1217 if (buffer_len(&input) < need + maclen) 1292 if (buffer_len(&active_state->input) < need + maclen)
1218 return SSH_MSG_NONE; 1293 return SSH_MSG_NONE;
1219#ifdef PACKET_DEBUG 1294#ifdef PACKET_DEBUG
1220 fprintf(stderr, "read_poll enc/full: "); 1295 fprintf(stderr, "read_poll enc/full: ");
1221 buffer_dump(&input); 1296 buffer_dump(&active_state->input);
1222#endif 1297#endif
1223 cp = buffer_append_space(&incoming_packet, need); 1298 cp = buffer_append_space(&active_state->incoming_packet, need);
1224 cipher_crypt(&receive_context, cp, buffer_ptr(&input), need); 1299 cipher_crypt(&active_state->receive_context, cp,
1225 buffer_consume(&input, need); 1300 buffer_ptr(&active_state->input), need);
1301 buffer_consume(&active_state->input, need);
1226 /* 1302 /*
1227 * compute MAC over seqnr and packet, 1303 * compute MAC over seqnr and packet,
1228 * increment sequence number for incoming packet 1304 * increment sequence number for incoming packet
1229 */ 1305 */
1230 if (mac && mac->enabled) { 1306 if (mac && mac->enabled) {
1231 macbuf = mac_compute(mac, p_read.seqnr, 1307 macbuf = mac_compute(mac, active_state->p_read.seqnr,
1232 buffer_ptr(&incoming_packet), 1308 buffer_ptr(&active_state->incoming_packet),
1233 buffer_len(&incoming_packet)); 1309 buffer_len(&active_state->incoming_packet));
1234 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) { 1310 if (memcmp(macbuf, buffer_ptr(&active_state->input),
1311 mac->mac_len) != 0) {
1235 logit("Corrupted MAC on input."); 1312 logit("Corrupted MAC on input.");
1236 if (need > PACKET_MAX_SIZE) 1313 if (need > PACKET_MAX_SIZE)
1237 fatal("internal error need %d", need); 1314 fatal("internal error need %d", need);
1238 packet_start_discard(enc, mac, packet_length, 1315 packet_start_discard(enc, mac, active_state->packlen,
1239 PACKET_MAX_SIZE - need); 1316 PACKET_MAX_SIZE - need);
1240 return SSH_MSG_NONE; 1317 return SSH_MSG_NONE;
1241 } 1318 }
1242 1319
1243 DBG(debug("MAC #%d ok", p_read.seqnr)); 1320 DBG(debug("MAC #%d ok", active_state->p_read.seqnr));
1244 buffer_consume(&input, mac->mac_len); 1321 buffer_consume(&active_state->input, mac->mac_len);
1245 } 1322 }
1246 /* XXX now it's safe to use fatal/packet_disconnect */ 1323 /* XXX now it's safe to use fatal/packet_disconnect */
1247 if (seqnr_p != NULL) 1324 if (seqnr_p != NULL)
1248 *seqnr_p = p_read.seqnr; 1325 *seqnr_p = active_state->p_read.seqnr;
1249 if (++p_read.seqnr == 0) 1326 if (++active_state->p_read.seqnr == 0)
1250 logit("incoming seqnr wraps around"); 1327 logit("incoming seqnr wraps around");
1251 if (++p_read.packets == 0) 1328 if (++active_state->p_read.packets == 0)
1252 if (!(datafellows & SSH_BUG_NOREKEY)) 1329 if (!(datafellows & SSH_BUG_NOREKEY))
1253 fatal("XXX too many packets with same key"); 1330 fatal("XXX too many packets with same key");
1254 p_read.blocks += (packet_length + 4) / block_size; 1331 active_state->p_read.blocks += (active_state->packlen + 4) / block_size;
1255 p_read.bytes += packet_length + 4; 1332 active_state->p_read.bytes += active_state->packlen + 4;
1256 1333
1257 /* get padlen */ 1334 /* get padlen */
1258 cp = buffer_ptr(&incoming_packet); 1335 cp = buffer_ptr(&active_state->incoming_packet);
1259 padlen = cp[4]; 1336 padlen = cp[4];
1260 DBG(debug("input: padlen %d", padlen)); 1337 DBG(debug("input: padlen %d", padlen));
1261 if (padlen < 4) 1338 if (padlen < 4)
1262 packet_disconnect("Corrupted padlen %d on input.", padlen); 1339 packet_disconnect("Corrupted padlen %d on input.", padlen);
1263 1340
1264 /* skip packet size + padlen, discard padding */ 1341 /* skip packet size + padlen, discard padding */
1265 buffer_consume(&incoming_packet, 4 + 1); 1342 buffer_consume(&active_state->incoming_packet, 4 + 1);
1266 buffer_consume_end(&incoming_packet, padlen); 1343 buffer_consume_end(&active_state->incoming_packet, padlen);
1267 1344
1268 DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet))); 1345 DBG(debug("input: len before de-compress %d",
1346 buffer_len(&active_state->incoming_packet)));
1269 if (comp && comp->enabled) { 1347 if (comp && comp->enabled) {
1270 buffer_clear(&compression_buffer); 1348 buffer_clear(&active_state->compression_buffer);
1271 buffer_uncompress(&incoming_packet, &compression_buffer); 1349 buffer_uncompress(&active_state->incoming_packet,
1272 buffer_clear(&incoming_packet); 1350 &active_state->compression_buffer);
1273 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 1351 buffer_clear(&active_state->incoming_packet);
1274 buffer_len(&compression_buffer)); 1352 buffer_append(&active_state->incoming_packet,
1353 buffer_ptr(&active_state->compression_buffer),
1354 buffer_len(&active_state->compression_buffer));
1275 DBG(debug("input: len after de-compress %d", 1355 DBG(debug("input: len after de-compress %d",
1276 buffer_len(&incoming_packet))); 1356 buffer_len(&active_state->incoming_packet)));
1277 } 1357 }
1278 /* 1358 /*
1279 * get packet type, implies consume. 1359 * get packet type, implies consume.
1280 * return length of payload (without type field) 1360 * return length of payload (without type field)
1281 */ 1361 */
1282 type = buffer_get_char(&incoming_packet); 1362 type = buffer_get_char(&active_state->incoming_packet);
1283 if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) 1363 if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
1284 packet_disconnect("Invalid ssh2 packet type: %d", type); 1364 packet_disconnect("Invalid ssh2 packet type: %d", type);
1285 if (type == SSH2_MSG_NEWKEYS) 1365 if (type == SSH2_MSG_NEWKEYS)
1286 set_newkeys(MODE_IN); 1366 set_newkeys(MODE_IN);
1287 else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) 1367 else if (type == SSH2_MSG_USERAUTH_SUCCESS &&
1368 !active_state->server_side)
1288 packet_enable_delayed_compress(); 1369 packet_enable_delayed_compress();
1289#ifdef PACKET_DEBUG 1370#ifdef PACKET_DEBUG
1290 fprintf(stderr, "read/plain[%d]:\r\n", type); 1371 fprintf(stderr, "read/plain[%d]:\r\n", type);
1291 buffer_dump(&incoming_packet); 1372 buffer_dump(&active_state->incoming_packet);
1292#endif 1373#endif
1293 /* reset for next packet */ 1374 /* reset for next packet */
1294 packet_length = 0; 1375 active_state->packlen = 0;
1295 return type; 1376 return type;
1296} 1377}
1297 1378
@@ -1306,7 +1387,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1306 if (compat20) { 1387 if (compat20) {
1307 type = packet_read_poll2(seqnr_p); 1388 type = packet_read_poll2(seqnr_p);
1308 if (type) { 1389 if (type) {
1309 keep_alive_timeouts = 0; 1390 active_state->keep_alive_timeouts = 0;
1310 DBG(debug("received packet type %d", type)); 1391 DBG(debug("received packet type %d", type));
1311 } 1392 }
1312 switch (type) { 1393 switch (type) {
@@ -1376,14 +1457,14 @@ packet_read_poll(void)
1376void 1457void
1377packet_process_incoming(const char *buf, u_int len) 1458packet_process_incoming(const char *buf, u_int len)
1378{ 1459{
1379 if (packet_discard) { 1460 if (active_state->packet_discard) {
1380 keep_alive_timeouts = 0; /* ?? */ 1461 active_state->keep_alive_timeouts = 0; /* ?? */
1381 if (len >= packet_discard) 1462 if (len >= active_state->packet_discard)
1382 packet_stop_discard(); 1463 packet_stop_discard();
1383 packet_discard -= len; 1464 active_state->packet_discard -= len;
1384 return; 1465 return;
1385 } 1466 }
1386 buffer_append(&input, buf, len); 1467 buffer_append(&active_state->input, buf, len);
1387} 1468}
1388 1469
1389/* Returns a character from the packet. */ 1470/* Returns a character from the packet. */
@@ -1393,7 +1474,7 @@ packet_get_char(void)
1393{ 1474{
1394 char ch; 1475 char ch;
1395 1476
1396 buffer_get(&incoming_packet, &ch, 1); 1477 buffer_get(&active_state->incoming_packet, &ch, 1);
1397 return (u_char) ch; 1478 return (u_char) ch;
1398} 1479}
1399 1480
@@ -1402,7 +1483,15 @@ packet_get_char(void)
1402u_int 1483u_int
1403packet_get_int(void) 1484packet_get_int(void)
1404{ 1485{
1405 return buffer_get_int(&incoming_packet); 1486 return buffer_get_int(&active_state->incoming_packet);
1487}
1488
1489/* Returns an 64 bit integer from the packet data. */
1490
1491u_int64_t
1492packet_get_int64(void)
1493{
1494 return buffer_get_int64(&active_state->incoming_packet);
1406} 1495}
1407 1496
1408/* 1497/*
@@ -1413,29 +1502,29 @@ packet_get_int(void)
1413void 1502void
1414packet_get_bignum(BIGNUM * value) 1503packet_get_bignum(BIGNUM * value)
1415{ 1504{
1416 buffer_get_bignum(&incoming_packet, value); 1505 buffer_get_bignum(&active_state->incoming_packet, value);
1417} 1506}
1418 1507
1419void 1508void
1420packet_get_bignum2(BIGNUM * value) 1509packet_get_bignum2(BIGNUM * value)
1421{ 1510{
1422 buffer_get_bignum2(&incoming_packet, value); 1511 buffer_get_bignum2(&active_state->incoming_packet, value);
1423} 1512}
1424 1513
1425void * 1514void *
1426packet_get_raw(u_int *length_ptr) 1515packet_get_raw(u_int *length_ptr)
1427{ 1516{
1428 u_int bytes = buffer_len(&incoming_packet); 1517 u_int bytes = buffer_len(&active_state->incoming_packet);
1429 1518
1430 if (length_ptr != NULL) 1519 if (length_ptr != NULL)
1431 *length_ptr = bytes; 1520 *length_ptr = bytes;
1432 return buffer_ptr(&incoming_packet); 1521 return buffer_ptr(&active_state->incoming_packet);
1433} 1522}
1434 1523
1435int 1524int
1436packet_remaining(void) 1525packet_remaining(void)
1437{ 1526{
1438 return buffer_len(&incoming_packet); 1527 return buffer_len(&active_state->incoming_packet);
1439} 1528}
1440 1529
1441/* 1530/*
@@ -1448,13 +1537,13 @@ packet_remaining(void)
1448void * 1537void *
1449packet_get_string(u_int *length_ptr) 1538packet_get_string(u_int *length_ptr)
1450{ 1539{
1451 return buffer_get_string(&incoming_packet, length_ptr); 1540 return buffer_get_string(&active_state->incoming_packet, length_ptr);
1452} 1541}
1453 1542
1454void * 1543void *
1455packet_get_string_ptr(u_int *length_ptr) 1544packet_get_string_ptr(u_int *length_ptr)
1456{ 1545{
1457 return buffer_get_string_ptr(&incoming_packet, length_ptr); 1546 return buffer_get_string_ptr(&active_state->incoming_packet, length_ptr);
1458} 1547}
1459 1548
1460/* 1549/*
@@ -1547,23 +1636,25 @@ packet_disconnect(const char *fmt,...)
1547void 1636void
1548packet_write_poll(void) 1637packet_write_poll(void)
1549{ 1638{
1550 int len = buffer_len(&output); 1639 int len = buffer_len(&active_state->output);
1640 int cont;
1551 1641
1552 if (len > 0) { 1642 if (len > 0) {
1553 len = write(connection_out, buffer_ptr(&output), len); 1643 cont = 0;
1644 len = roaming_write(active_state->connection_out,
1645 buffer_ptr(&active_state->output), len, &cont);
1554 if (len == -1) { 1646 if (len == -1) {
1555 if (errno == EINTR || errno == EAGAIN || 1647 if (errno == EINTR || errno == EAGAIN ||
1556 errno == EWOULDBLOCK) 1648 errno == EWOULDBLOCK)
1557 return; 1649 return;
1558 fatal("Write failed: %.100s", strerror(errno)); 1650 fatal("Write failed: %.100s", strerror(errno));
1559 } 1651 }
1560 if (len == 0) 1652 if (len == 0 && !cont)
1561 fatal("Write connection closed"); 1653 fatal("Write connection closed");
1562 buffer_consume(&output, len); 1654 buffer_consume(&active_state->output, len);
1563 } 1655 }
1564} 1656}
1565 1657
1566
1567/* 1658/*
1568 * Calls packet_write_poll repeatedly until all pending output data has been 1659 * Calls packet_write_poll repeatedly until all pending output data has been
1569 * written. 1660 * written.
@@ -1576,30 +1667,30 @@ packet_write_wait(void)
1576 int ret, ms_remain; 1667 int ret, ms_remain;
1577 struct timeval start, timeout, *timeoutp = NULL; 1668 struct timeval start, timeout, *timeoutp = NULL;
1578 1669
1579 setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS), 1670 setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
1580 sizeof(fd_mask)); 1671 NFDBITS), sizeof(fd_mask));
1581 packet_write_poll(); 1672 packet_write_poll();
1582 while (packet_have_data_to_write()) { 1673 while (packet_have_data_to_write()) {
1583 memset(setp, 0, howmany(connection_out + 1, NFDBITS) * 1674 memset(setp, 0, howmany(active_state->connection_out + 1,
1584 sizeof(fd_mask)); 1675 NFDBITS) * sizeof(fd_mask));
1585 FD_SET(connection_out, setp); 1676 FD_SET(active_state->connection_out, setp);
1586 1677
1587 if (packet_timeout_ms > 0) { 1678 if (active_state->packet_timeout_ms > 0) {
1588 ms_remain = packet_timeout_ms; 1679 ms_remain = active_state->packet_timeout_ms;
1589 timeoutp = &timeout; 1680 timeoutp = &timeout;
1590 } 1681 }
1591 for (;;) { 1682 for (;;) {
1592 if (packet_timeout_ms != -1) { 1683 if (active_state->packet_timeout_ms != -1) {
1593 ms_to_timeval(&timeout, ms_remain); 1684 ms_to_timeval(&timeout, ms_remain);
1594 gettimeofday(&start, NULL); 1685 gettimeofday(&start, NULL);
1595 } 1686 }
1596 if ((ret = select(connection_out + 1, NULL, setp, 1687 if ((ret = select(active_state->connection_out + 1,
1597 NULL, timeoutp)) >= 0) 1688 NULL, setp, NULL, timeoutp)) >= 0)
1598 break; 1689 break;
1599 if (errno != EAGAIN && errno != EINTR && 1690 if (errno != EAGAIN && errno != EINTR &&
1600 errno != EWOULDBLOCK) 1691 errno != EWOULDBLOCK)
1601 break; 1692 break;
1602 if (packet_timeout_ms == -1) 1693 if (active_state->packet_timeout_ms == -1)
1603 continue; 1694 continue;
1604 ms_subtract_diff(&start, &ms_remain); 1695 ms_subtract_diff(&start, &ms_remain);
1605 if (ms_remain <= 0) { 1696 if (ms_remain <= 0) {
@@ -1622,7 +1713,7 @@ packet_write_wait(void)
1622int 1713int
1623packet_have_data_to_write(void) 1714packet_have_data_to_write(void)
1624{ 1715{
1625 return buffer_len(&output) != 0; 1716 return buffer_len(&active_state->output) != 0;
1626} 1717}
1627 1718
1628/* Returns true if there is not too much data to write to the connection. */ 1719/* Returns true if there is not too much data to write to the connection. */
@@ -1630,13 +1721,12 @@ packet_have_data_to_write(void)
1630int 1721int
1631packet_not_very_much_data_to_write(void) 1722packet_not_very_much_data_to_write(void)
1632{ 1723{
1633 if (interactive_mode) 1724 if (active_state->interactive_mode)
1634 return buffer_len(&output) < 16384; 1725 return buffer_len(&active_state->output) < 16384;
1635 else 1726 else
1636 return buffer_len(&output) < 128 * 1024; 1727 return buffer_len(&active_state->output) < 128 * 1024;
1637} 1728}
1638 1729
1639
1640static void 1730static void
1641packet_set_tos(int interactive) 1731packet_set_tos(int interactive)
1642{ 1732{
@@ -1646,7 +1736,7 @@ packet_set_tos(int interactive)
1646 if (!packet_connection_is_on_socket() || 1736 if (!packet_connection_is_on_socket() ||
1647 !packet_connection_is_ipv4()) 1737 !packet_connection_is_ipv4())
1648 return; 1738 return;
1649 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos, 1739 if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos,
1650 sizeof(tos)) < 0) 1740 sizeof(tos)) < 0)
1651 error("setsockopt IP_TOS %d: %.100s:", 1741 error("setsockopt IP_TOS %d: %.100s:",
1652 tos, strerror(errno)); 1742 tos, strerror(errno));
@@ -1658,19 +1748,17 @@ packet_set_tos(int interactive)
1658void 1748void
1659packet_set_interactive(int interactive) 1749packet_set_interactive(int interactive)
1660{ 1750{
1661 static int called = 0; 1751 if (active_state->set_interactive_called)
1662
1663 if (called)
1664 return; 1752 return;
1665 called = 1; 1753 active_state->set_interactive_called = 1;
1666 1754
1667 /* Record that we are in interactive mode. */ 1755 /* Record that we are in interactive mode. */
1668 interactive_mode = interactive; 1756 active_state->interactive_mode = interactive;
1669 1757
1670 /* Only set socket options if using a socket. */ 1758 /* Only set socket options if using a socket. */
1671 if (!packet_connection_is_on_socket()) 1759 if (!packet_connection_is_on_socket())
1672 return; 1760 return;
1673 set_nodelay(connection_in); 1761 set_nodelay(active_state->connection_in);
1674 packet_set_tos(interactive); 1762 packet_set_tos(interactive);
1675} 1763}
1676 1764
@@ -1679,34 +1767,50 @@ packet_set_interactive(int interactive)
1679int 1767int
1680packet_is_interactive(void) 1768packet_is_interactive(void)
1681{ 1769{
1682 return interactive_mode; 1770 return active_state->interactive_mode;
1683} 1771}
1684 1772
1685int 1773int
1686packet_set_maxsize(u_int s) 1774packet_set_maxsize(u_int s)
1687{ 1775{
1688 static int called = 0; 1776 if (active_state->set_maxsize_called) {
1689
1690 if (called) {
1691 logit("packet_set_maxsize: called twice: old %d new %d", 1777 logit("packet_set_maxsize: called twice: old %d new %d",
1692 max_packet_size, s); 1778 active_state->max_packet_size, s);
1693 return -1; 1779 return -1;
1694 } 1780 }
1695 if (s < 4 * 1024 || s > 1024 * 1024) { 1781 if (s < 4 * 1024 || s > 1024 * 1024) {
1696 logit("packet_set_maxsize: bad size %d", s); 1782 logit("packet_set_maxsize: bad size %d", s);
1697 return -1; 1783 return -1;
1698 } 1784 }
1699 called = 1; 1785 active_state->set_maxsize_called = 1;
1700 debug("packet_set_maxsize: setting to %d", s); 1786 debug("packet_set_maxsize: setting to %d", s);
1701 max_packet_size = s; 1787 active_state->max_packet_size = s;
1702 return s; 1788 return s;
1703} 1789}
1704 1790
1791int
1792packet_inc_alive_timeouts(void)
1793{
1794 return ++active_state->keep_alive_timeouts;
1795}
1796
1797void
1798packet_set_alive_timeouts(int ka)
1799{
1800 active_state->keep_alive_timeouts = ka;
1801}
1802
1803u_int
1804packet_get_maxsize(void)
1805{
1806 return active_state->max_packet_size;
1807}
1808
1705/* roundup current message to pad bytes */ 1809/* roundup current message to pad bytes */
1706void 1810void
1707packet_add_padding(u_char pad) 1811packet_add_padding(u_char pad)
1708{ 1812{
1709 extra_pad = pad; 1813 active_state->extra_pad = pad;
1710} 1814}
1711 1815
1712/* 1816/*
@@ -1743,26 +1847,93 @@ packet_need_rekeying(void)
1743 if (datafellows & SSH_BUG_NOREKEY) 1847 if (datafellows & SSH_BUG_NOREKEY)
1744 return 0; 1848 return 0;
1745 return 1849 return
1746 (p_send.packets > MAX_PACKETS) || 1850 (active_state->p_send.packets > MAX_PACKETS) ||
1747 (p_read.packets > MAX_PACKETS) || 1851 (active_state->p_read.packets > MAX_PACKETS) ||
1748 (max_blocks_out && (p_send.blocks > max_blocks_out)) || 1852 (active_state->max_blocks_out &&
1749 (max_blocks_in && (p_read.blocks > max_blocks_in)); 1853 (active_state->p_send.blocks > active_state->max_blocks_out)) ||
1854 (active_state->max_blocks_in &&
1855 (active_state->p_read.blocks > active_state->max_blocks_in));
1750} 1856}
1751 1857
1752void 1858void
1753packet_set_rekey_limit(u_int32_t bytes) 1859packet_set_rekey_limit(u_int32_t bytes)
1754{ 1860{
1755 rekey_limit = bytes; 1861 active_state->rekey_limit = bytes;
1756} 1862}
1757 1863
1758void 1864void
1759packet_set_server(void) 1865packet_set_server(void)
1760{ 1866{
1761 server_side = 1; 1867 active_state->server_side = 1;
1762} 1868}
1763 1869
1764void 1870void
1765packet_set_authenticated(void) 1871packet_set_authenticated(void)
1766{ 1872{
1767 after_authentication = 1; 1873 active_state->after_authentication = 1;
1874}
1875
1876void *
1877packet_get_input(void)
1878{
1879 return (void *)&active_state->input;
1880}
1881
1882void *
1883packet_get_output(void)
1884{
1885 return (void *)&active_state->output;
1886}
1887
1888void *
1889packet_get_newkeys(int mode)
1890{
1891 return (void *)active_state->newkeys[mode];
1892}
1893
1894/*
1895 * Save the state for the real connection, and use a separate state when
1896 * resuming a suspended connection.
1897 */
1898void
1899packet_backup_state(void)
1900{
1901 struct session_state *tmp;
1902
1903 close(active_state->connection_in);
1904 active_state->connection_in = -1;
1905 close(active_state->connection_out);
1906 active_state->connection_out = -1;
1907 if (backup_state)
1908 tmp = backup_state;
1909 else
1910 tmp = alloc_session_state();
1911 backup_state = active_state;
1912 active_state = tmp;
1913}
1914
1915/*
1916 * Swap in the old state when resuming a connecion.
1917 */
1918void
1919packet_restore_state(void)
1920{
1921 struct session_state *tmp;
1922 void *buf;
1923 u_int len;
1924
1925 tmp = backup_state;
1926 backup_state = active_state;
1927 active_state = tmp;
1928 active_state->connection_in = backup_state->connection_in;
1929 backup_state->connection_in = -1;
1930 active_state->connection_out = backup_state->connection_out;
1931 backup_state->connection_out = -1;
1932 len = buffer_len(&backup_state->input);
1933 if (len > 0) {
1934 buf = buffer_ptr(&backup_state->input);
1935 buffer_append(&active_state->input, buf, len);
1936 buffer_clear(&backup_state->input);
1937 add_recv_bytes(len);
1938 }
1768} 1939}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 19:39:14 +0000