From 13ae44ce5865b720708aae9cb1d2e2f08a0d90cb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 28 Jan 2009 16:38:41 +1100 Subject: - markus@cvs.openbsd.org 2009/01/26 09:58:15 [cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny --- cipher.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cipher.h') diff --git a/cipher.h b/cipher.h index 49bbc1682..3dd2270bb 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */ /* * Author: Tatu Ylonen @@ -81,6 +81,7 @@ void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); +u_int cipher_is_cbc(const Cipher *); u_int cipher_get_number(const Cipher *); void cipher_get_keyiv(CipherContext *, u_char *, u_int); -- cgit v1.2.3