diff options
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 68 |
1 files changed, 38 insertions, 30 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.263 2017/07/23 23:37:02 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2090,35 +2090,6 @@ ssh_packet_get_maxsize(struct ssh *ssh) | |||
2090 | return ssh->state->max_packet_size; | 2090 | return ssh->state->max_packet_size; |
2091 | } | 2091 | } |
2092 | 2092 | ||
2093 | /* | ||
2094 | * 9.2. Ignored Data Message | ||
2095 | * | ||
2096 | * byte SSH_MSG_IGNORE | ||
2097 | * string data | ||
2098 | * | ||
2099 | * All implementations MUST understand (and ignore) this message at any | ||
2100 | * time (after receiving the protocol version). No implementation is | ||
2101 | * required to send them. This message can be used as an additional | ||
2102 | * protection measure against advanced traffic analysis techniques. | ||
2103 | */ | ||
2104 | void | ||
2105 | ssh_packet_send_ignore(struct ssh *ssh, int nbytes) | ||
2106 | { | ||
2107 | u_int32_t rnd = 0; | ||
2108 | int r, i; | ||
2109 | |||
2110 | if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || | ||
2111 | (r = sshpkt_put_u32(ssh, nbytes)) != 0) | ||
2112 | fatal("%s: %s", __func__, ssh_err(r)); | ||
2113 | for (i = 0; i < nbytes; i++) { | ||
2114 | if (i % 4 == 0) | ||
2115 | rnd = arc4random(); | ||
2116 | if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0) | ||
2117 | fatal("%s: %s", __func__, ssh_err(r)); | ||
2118 | rnd >>= 8; | ||
2119 | } | ||
2120 | } | ||
2121 | |||
2122 | void | 2093 | void |
2123 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) | 2094 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) |
2124 | { | 2095 | { |
@@ -2539,6 +2510,12 @@ sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp) | |||
2539 | } | 2510 | } |
2540 | 2511 | ||
2541 | int | 2512 | int |
2513 | sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp) | ||
2514 | { | ||
2515 | return sshbuf_peek_string_direct(ssh->state->incoming_packet, valp, lenp); | ||
2516 | } | ||
2517 | |||
2518 | int | ||
2542 | sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp) | 2519 | sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp) |
2543 | { | 2520 | { |
2544 | return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp); | 2521 | return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp); |
@@ -2621,6 +2598,37 @@ ssh_packet_send_mux(struct ssh *ssh) | |||
2621 | return 0; | 2598 | return 0; |
2622 | } | 2599 | } |
2623 | 2600 | ||
2601 | /* | ||
2602 | * 9.2. Ignored Data Message | ||
2603 | * | ||
2604 | * byte SSH_MSG_IGNORE | ||
2605 | * string data | ||
2606 | * | ||
2607 | * All implementations MUST understand (and ignore) this message at any | ||
2608 | * time (after receiving the protocol version). No implementation is | ||
2609 | * required to send them. This message can be used as an additional | ||
2610 | * protection measure against advanced traffic analysis techniques. | ||
2611 | */ | ||
2612 | int | ||
2613 | sshpkt_msg_ignore(struct ssh *ssh, u_int nbytes) | ||
2614 | { | ||
2615 | u_int32_t rnd = 0; | ||
2616 | int r; | ||
2617 | u_int i; | ||
2618 | |||
2619 | if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || | ||
2620 | (r = sshpkt_put_u32(ssh, nbytes)) != 0) | ||
2621 | return r; | ||
2622 | for (i = 0; i < nbytes; i++) { | ||
2623 | if (i % 4 == 0) | ||
2624 | rnd = arc4random(); | ||
2625 | if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0) | ||
2626 | return r; | ||
2627 | rnd >>= 8; | ||
2628 | } | ||
2629 | return 0; | ||
2630 | } | ||
2631 | |||
2624 | /* send it */ | 2632 | /* send it */ |
2625 | 2633 | ||
2626 | int | 2634 | int |