Mercurial > dropbear
annotate packet.c @ 1665:7c17995bcdfb
Improve address logging on early exit messages (#83)
Change 'Early exit' and 'Exit before auth' messages to include the IP
address & port as part of the message.
This allows log scanning utilities such as 'fail2ban' to obtain the
offending IP address as part of the failure event instead of extracting
the PID from the message and then scanning the log again for match
'child connection from' messages
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
author | Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com> |
---|---|
date | Wed, 18 Mar 2020 15:28:56 +0000 |
parents | c4bf28ccab97 |
children | 3a97f14c0235 |
rev | line source |
---|---|
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "packet.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "session.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "dbutil.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "ssh.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "algo.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "buffer.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "kex.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
33 #include "dbrandom.h" |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "service.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "auth.h" |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "channel.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1027
diff
changeset
|
37 #include "netio.h" |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
38 #include "runopts.h" |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
40 static int read_packet_init(void); |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
41 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
42 buffer * clear_buf, unsigned int clear_len, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
43 unsigned char *output_mac); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1250
diff
changeset
|
44 static int checkmac(void); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
906
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
46 /* For exact details see http://www.zlib.net/zlib_tech.html |
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
47 * 5 bytes per 16kB block, plus 6 bytes for the stream. |
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
48 * We might allocate 5 unnecessary bytes here if it's an |
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
49 * exact multiple. */ |
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
50 #define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6) |
791 | 51 #define ZLIB_DECOMPRESS_INCR 1024 |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 #ifndef DISABLE_ZLIB |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1276
diff
changeset
|
53 static buffer* buf_decompress(const buffer* buf, unsigned int len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 static void buf_compress(buffer * dest, buffer * src, unsigned int len); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 #endif |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
531
164b7c2cd5df
disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042'
Matt Johnston <matt@ucc.asn.au>
parents:
529
diff
changeset
|
57 /* non-blocking function writing out a current encrypted packet */ |
164b7c2cd5df
disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042'
Matt Johnston <matt@ucc.asn.au>
parents:
529
diff
changeset
|
58 void write_packet() { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 |
1024
aac0095dc3b4
work in progress for async connect
Matt Johnston <matt@ucc.asn.au>
parents:
990
diff
changeset
|
60 ssize_t written; |
1618
7bd7e95ad1f8
make writev #include consistent for variable declarations too
Matt Johnston <matt@ucc.asn.au>
parents:
1489
diff
changeset
|
61 #if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV)) |
1072 | 62 /* 50 is somewhat arbitrary */ |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
63 unsigned int iov_count = 50; |
1072 | 64 struct iovec iov[50]; |
1079 | 65 #else |
66 int len; | |
67 buffer* writebuf; | |
728
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
68 #endif |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
70 TRACE2(("enter write_packet")) |
531
164b7c2cd5df
disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042'
Matt Johnston <matt@ucc.asn.au>
parents:
529
diff
changeset
|
71 dropbear_assert(!isempty(&ses.writequeue)); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 |
934
68723d66dec6
Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX
Matt Johnston <matt@ucc.asn.au>
parents:
933
diff
changeset
|
73 #if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV)) |
933
c919dbb39395
Limit size of the iovect passed to writev in packet.c
Ronny Meeus <ronny.meeus@gmail.com>
parents:
932
diff
changeset
|
74 |
1072 | 75 packet_queue_to_iovec(&ses.writequeue, iov, &iov_count); |
957 | 76 /* This may return EAGAIN. The main loop sometimes |
77 calls write_packet() without bothering to test with select() since | |
78 it's likely to be necessary */ | |
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
79 #if DROPBEAR_FUZZ |
1348 | 80 if (fuzz.fuzzing) { |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
81 /* pretend to write one packet at a time */ |
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
82 /* TODO(fuzz): randomise amount written based on the fuzz input */ |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
83 written = iov[0].iov_len; |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
84 } |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
85 else |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
86 #endif |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
87 { |
1026
59a1146e8b9d
generalise write iovec handling
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
88 written = writev(ses.sock_out, iov, iov_count); |
728
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
89 if (written < 0) { |
957 | 90 if (errno == EINTR || errno == EAGAIN) { |
1026
59a1146e8b9d
generalise write iovec handling
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
91 TRACE2(("leave write_packet: EINTR")) |
728
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
92 return; |
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
93 } else { |
932
3873b39c4de6
Print errno information in write_packet
Ronny Meeus <ronny.meeus@gmail.com>
parents:
928
diff
changeset
|
94 dropbear_exit("Error writing: %s", strerror(errno)); |
728
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
95 } |
926
b8208506322e
Use AUTH_TIMEOUT only before authdone != 1.
Yousong Zhou <yszhou4tech@gmail.com>
parents:
906
diff
changeset
|
96 } |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
97 } |
1026
59a1146e8b9d
generalise write iovec handling
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
98 |
59a1146e8b9d
generalise write iovec handling
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
99 packet_queue_consume(&ses.writequeue, written); |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
100 ses.writequeue_len -= written; |
728
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
101 |
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
102 if (written == 0) { |
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
103 ses.remoteclosed(); |
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
104 } |
f27058078d61
Try using writev() for writing packets out to tcp
Matt Johnston <matt@ucc.asn.au>
parents:
711
diff
changeset
|
105 |
934
68723d66dec6
Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX
Matt Johnston <matt@ucc.asn.au>
parents:
933
diff
changeset
|
106 #else /* No writev () */ |
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
107 #if DROPBEAR_FUZZ |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
108 _Static_assert(0, "No fuzzing code for no-writev writes"); |
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
109 #endif |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 /* Get the next buffer in the queue of encrypted packets to write*/ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 writebuf = (buffer*)examine(&ses.writequeue); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 |
1577
399d8eb961b5
get rid of unused packet_type in encrypted write queue
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
113 len = writebuf->len - writebuf->pos; |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
232
diff
changeset
|
114 dropbear_assert(len > 0); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 /* Try to write as much as possible */ |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
456
diff
changeset
|
116 written = write(ses.sock_out, buf_getptr(writebuf, len), len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 if (written < 0) { |
957 | 119 if (errno == EINTR || errno == EAGAIN) { |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
120 TRACE2(("leave writepacket: EINTR")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 return; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 } else { |
932
3873b39c4de6
Print errno information in write_packet
Ronny Meeus <ronny.meeus@gmail.com>
parents:
928
diff
changeset
|
123 dropbear_exit("Error writing: %s", strerror(errno)); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 if (written == 0) { |
33 | 128 ses.remoteclosed(); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
131 ses.writequeue_len -= written; |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
132 |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 if (written == len) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 /* We've finished with the packet, free it */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 dequeue(&ses.writequeue); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 buf_free(writebuf); |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
137 writebuf = NULL; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 } else { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 /* More packet left to write, leave it in the queue for later */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 buf_incrpos(writebuf, written); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 } |
934
68723d66dec6
Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX
Matt Johnston <matt@ucc.asn.au>
parents:
933
diff
changeset
|
142 #endif /* writev */ |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
144 TRACE2(("leave write_packet")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 /* Non-blocking function reading available portion of a packet into the |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 * ses's buffer, decrypting the length if encrypted, decrypting the |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 * full portion if possible */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 void read_packet() { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 int len; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 unsigned int maxlen; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 unsigned char blocksize; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
156 TRACE2(("enter read_packet")) |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
157 blocksize = ses.keys->recv.algo_crypt->blocksize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) { |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
160 int ret; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 /* In the first blocksize of a packet */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 /* Read the first blocksize of the packet, so we can decrypt it and |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 * find the length of the whole packet */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
165 ret = read_packet_init(); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
167 if (ret == DROPBEAR_FAILURE) { |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
168 /* didn't read enough to determine the length */ |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
169 TRACE2(("leave read_packet: packetinit done")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 return; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 /* Attempt to read the remainder of the packet, note that there |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 * mightn't be any available (EAGAIN) */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 maxlen = ses.readbuf->len - ses.readbuf->pos; |
711
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
177 if (maxlen == 0) { |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
178 /* Occurs when the packet is only a single block long and has all |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
179 * been read in read_packet_init(). Usually means that MAC is disabled |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
180 */ |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
181 len = 0; |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
182 } else { |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
183 len = read(ses.sock_in, buf_getptr(ses.readbuf, maxlen), maxlen); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 |
711
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
185 if (len == 0) { |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
186 ses.remoteclosed(); |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
187 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 |
711
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
189 if (len < 0) { |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
190 if (errno == EINTR || errno == EAGAIN) { |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
191 TRACE2(("leave read_packet: EINTR or EAGAIN")) |
711
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
192 return; |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
193 } else { |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
194 dropbear_exit("Error reading: %s", strerror(errno)); |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
195 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 } |
711
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
197 |
f4232b65b316
Fix "-m none" case where an entire packet fits in a block and can be
Matt Johnston <matt@ucc.asn.au>
parents:
623
diff
changeset
|
198 buf_incrpos(ses.readbuf, len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 if ((unsigned int)len == maxlen) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 /* The whole packet has been read */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 decrypt_packet(); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 /* The main select() loop process_packet() to |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 * handle the packet contents... */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 } |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
207 TRACE2(("leave read_packet")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 /* Function used to read the initial portion of a packet, and determine the |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 * length. Only called during the first BLOCKSIZE of a packet. */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
212 /* Returns DROPBEAR_SUCCESS if the length is determined, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
213 * DROPBEAR_FAILURE otherwise */ |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
214 static int read_packet_init() { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 unsigned int maxlen; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
217 int slen; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
218 unsigned int len; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
219 unsigned int blocksize; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
220 unsigned int macsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
223 blocksize = ses.keys->recv.algo_crypt->blocksize; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
224 macsize = ses.keys->recv.algo_mac->hashsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 if (ses.readbuf == NULL) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 /* start of a new packet */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 ses.readbuf = buf_new(INIT_READBUF); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 maxlen = blocksize - ses.readbuf->pos; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 /* read the rest of the packet if possible */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
234 slen = read(ses.sock_in, buf_getwriteptr(ses.readbuf, maxlen), |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 maxlen); |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
236 if (slen == 0) { |
33 | 237 ses.remoteclosed(); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
239 if (slen < 0) { |
957 | 240 if (errno == EINTR || errno == EAGAIN) { |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
241 TRACE2(("leave read_packet_init: EINTR")) |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
242 return DROPBEAR_FAILURE; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 } |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
592
diff
changeset
|
244 dropbear_exit("Error reading: %s", strerror(errno)); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
247 buf_incrwritepos(ses.readbuf, slen); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
556
diff
changeset
|
249 if ((unsigned int)slen != maxlen) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 /* don't have enough bytes to determine length, get next time */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
251 return DROPBEAR_FAILURE; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 /* now we have the first block, need to get packet length, so we decrypt |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 * the first block (only need first 4 bytes) */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 buf_setpos(ses.readbuf, 0); |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
257 if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize), |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
258 buf_getwriteptr(ses.readbuf, blocksize), |
502 | 259 blocksize, |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
260 &ses.keys->recv.cipher_state) != CRYPT_OK) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
592
diff
changeset
|
261 dropbear_exit("Error decrypting"); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 } |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
263 len = buf_getint(ses.readbuf) + 4 + macsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 |
990
e3614649b1f5
Integrity error (bad packet size %u) negative length
Fedor Brunner <fedor.brunner@azet.sk>
parents:
957
diff
changeset
|
265 TRACE2(("packet size is %u, block %u mac %u", len, blocksize, macsize)) |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
266 |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 /* check packet length */ |
448
9c61e7af0156
Rearrange the channel buffer sizes into three neat use-editable values in
Matt Johnston <matt@ucc.asn.au>
parents:
426
diff
changeset
|
269 if ((len > RECV_MAX_PACKET_LEN) || |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 (len < MIN_PACKET_LEN + macsize) || |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
271 ((len - macsize) % blocksize != 0)) { |
990
e3614649b1f5
Integrity error (bad packet size %u) negative length
Fedor Brunner <fedor.brunner@azet.sk>
parents:
957
diff
changeset
|
272 dropbear_exit("Integrity error (bad packet size %u)", len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
275 if (len > ses.readbuf->size) { |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
276 ses.readbuf = buf_resize(ses.readbuf, len); |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
277 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
278 buf_setlen(ses.readbuf, len); |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
279 buf_setpos(ses.readbuf, blocksize); |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
280 return DROPBEAR_SUCCESS; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
282 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 /* handle the received packet */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 void decrypt_packet() { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 unsigned char blocksize; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
287 unsigned char macsize; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
288 unsigned int padlen; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 unsigned int len; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
291 TRACE2(("enter decrypt_packet")) |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
292 blocksize = ses.keys->recv.algo_crypt->blocksize; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
293 macsize = ses.keys->recv.algo_mac->hashsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
294 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
295 ses.kexstate.datarecv += ses.readbuf->len; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
296 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
297 /* we've already decrypted the first blocksize in read_packet_init */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
298 buf_setpos(ses.readbuf, blocksize); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
300 /* decrypt it in-place */ |
528
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
301 len = ses.readbuf->len - macsize - ses.readbuf->pos; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
302 if (ses.keys->recv.crypt_mode->decrypt( |
528
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
303 buf_getptr(ses.readbuf, len), |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
304 buf_getwriteptr(ses.readbuf, len), |
528
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
305 len, |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
306 &ses.keys->recv.cipher_state) != CRYPT_OK) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
592
diff
changeset
|
307 dropbear_exit("Error decrypting"); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 } |
528
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
309 buf_incrpos(ses.readbuf, len); |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
310 |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 /* check the hmac */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
312 if (checkmac() != DROPBEAR_SUCCESS) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
313 dropbear_exit("Integrity error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
314 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
315 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
316 /* get padding length */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
317 buf_setpos(ses.readbuf, PACKET_PADDING_OFF); |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
318 padlen = buf_getbyte(ses.readbuf); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 /* payload length */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 /* - 4 - 1 is for LEN and PADLEN values */ |
556
ccdc4c6183c0
- Payload length doesn't include macsize.
Matt Johnston <matt@ucc.asn.au>
parents:
535
diff
changeset
|
322 len = ses.readbuf->len - padlen - 4 - 1 - macsize; |
906
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
323 if ((len > RECV_MAX_PAYLOAD_LEN+ZLIB_COMPRESS_EXPANSION) || (len < 1)) { |
990
e3614649b1f5
Integrity error (bad packet size %u) negative length
Fedor Brunner <fedor.brunner@azet.sk>
parents:
957
diff
changeset
|
324 dropbear_exit("Bad packet size %u", len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
325 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
327 buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 #ifndef DISABLE_ZLIB |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
330 if (is_compress_recv()) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
331 /* decompress */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
332 ses.payload = buf_decompress(ses.readbuf, len); |
1055
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
333 buf_setpos(ses.payload, 0); |
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
334 ses.payload_beginning = 0; |
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
335 buf_free(ses.readbuf); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 } else |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 #endif |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 { |
1055
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
339 ses.payload = ses.readbuf; |
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
340 ses.payload_beginning = ses.payload->pos; |
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
341 buf_setlen(ses.payload, ses.payload->pos + len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 } |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
343 ses.readbuf = NULL; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 ses.recvseq++; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
346 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
347 TRACE2(("leave decrypt_packet")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
349 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
350 /* Checks the mac at the end of a decrypted readbuf. |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
351 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
352 static int checkmac() { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
353 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
354 unsigned char mac_bytes[MAX_MAC_LEN]; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
355 unsigned int mac_size, contents_len; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
356 |
752
24172f555f9c
Fix MAC bug which would prevent asymmetric hashes
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
357 mac_size = ses.keys->recv.algo_mac->hashsize; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
358 contents_len = ses.readbuf->len - mac_size; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
359 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
360 buf_setpos(ses.readbuf, 0); |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
361 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 |
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
363 #if DROPBEAR_FUZZ |
1357 | 364 if (fuzz.fuzzing) { |
1597
8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
Matt Johnston <matt@ucc.asn.au>
parents:
1577
diff
changeset
|
365 /* fail 1 in 2000 times to test error path. */ |
8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
Matt Johnston <matt@ucc.asn.au>
parents:
1577
diff
changeset
|
366 unsigned int value = 0; |
8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
Matt Johnston <matt@ucc.asn.au>
parents:
1577
diff
changeset
|
367 if (mac_size > sizeof(value)) { |
8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
Matt Johnston <matt@ucc.asn.au>
parents:
1577
diff
changeset
|
368 memcpy(&value, mac_bytes, sizeof(value)); |
8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
Matt Johnston <matt@ucc.asn.au>
parents:
1577
diff
changeset
|
369 } |
1408
27e65d3aed5f
fix checkmac always failing pre-kex
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
370 if (value % 2000 == 99) { |
1357 | 371 return DROPBEAR_FAILURE; |
372 } | |
373 return DROPBEAR_SUCCESS; | |
374 } | |
375 #endif | |
376 | |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
377 /* compare the hash */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
378 buf_setpos(ses.readbuf, contents_len); |
817
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
791
diff
changeset
|
379 if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
380 return DROPBEAR_FAILURE; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
381 } else { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 return DROPBEAR_SUCCESS; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
384 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
386 #ifndef DISABLE_ZLIB |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 /* returns a pointer to a newly created buffer */ |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1276
diff
changeset
|
388 static buffer* buf_decompress(const buffer* buf, unsigned int len) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
389 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
390 int result; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 buffer * ret; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 z_streamp zstream; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
393 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
394 zstream = ses.keys->recv.zstream; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 ret = buf_new(len); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 zstream->avail_in = len; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 zstream->next_in = buf_getptr(buf, len); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
400 /* decompress the payload, incrementally resizing the output buffer */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
401 while (1) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 zstream->avail_out = ret->size - ret->pos; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
404 zstream->next_out = buf_getwriteptr(ret, zstream->avail_out); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
405 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
406 result = inflate(zstream, Z_SYNC_FLUSH); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
407 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
408 buf_setlen(ret, ret->size - zstream->avail_out); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
409 buf_setpos(ret, ret->len); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
410 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
411 if (result != Z_BUF_ERROR && result != Z_OK) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
412 dropbear_exit("zlib error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
413 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
415 if (zstream->avail_in == 0 && |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 (zstream->avail_out != 0 || result == Z_BUF_ERROR)) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
417 /* we can only exit if avail_out hasn't all been used, |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
418 * and there's no remaining input */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
419 return ret; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
420 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
421 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
422 if (zstream->avail_out == 0) { |
791 | 423 int new_size = 0; |
424 if (ret->size >= RECV_MAX_PAYLOAD_LEN) { | |
906
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
425 /* Already been increased as large as it can go, |
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
426 * yet didn't finish up the decompression */ |
791 | 427 dropbear_exit("bad packet, oversized decompressed"); |
428 } | |
429 new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR); | |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
430 ret = buf_resize(ret, new_size); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
432 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
433 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
434 #endif |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
435 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
436 |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
437 /* returns 1 if the packet is a valid type during kex (see 7.1 of rfc4253) */ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
438 static int packet_is_okay_kex(unsigned char type) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
439 if (type >= SSH_MSG_USERAUTH_REQUEST) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
440 return 0; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
441 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
442 if (type == SSH_MSG_SERVICE_REQUEST || type == SSH_MSG_SERVICE_ACCEPT) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
443 return 0; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
444 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
445 if (type == SSH_MSG_KEXINIT) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
446 /* XXX should this die horribly if !dataallowed ?? */ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
447 return 0; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
448 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
449 return 1; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
450 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
451 |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
452 static void enqueue_reply_packet() { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
453 struct packetlist * new_item = NULL; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
454 new_item = m_malloc(sizeof(struct packetlist)); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
455 new_item->next = NULL; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
456 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
457 new_item->payload = buf_newcopy(ses.writepayload); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
458 buf_setpos(ses.writepayload, 0); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
459 buf_setlen(ses.writepayload, 0); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
460 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
461 if (ses.reply_queue_tail) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
462 ses.reply_queue_tail->next = new_item; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
463 } else { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
464 ses.reply_queue_head = new_item; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
465 } |
456
f6c999ba31da
Fix delayed packet queue handling
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
466 ses.reply_queue_tail = new_item; |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
467 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
468 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
469 void maybe_flush_reply_queue() { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
470 struct packetlist *tmp_item = NULL, *curr_item = NULL; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
471 if (!ses.dataallowed) |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
472 { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
473 TRACE(("maybe_empty_reply_queue - no data allowed")) |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
474 return; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
475 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
476 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
477 for (curr_item = ses.reply_queue_head; curr_item; ) { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
478 CHECKCLEARTOWRITE(); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
479 buf_putbytes(ses.writepayload, |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
480 curr_item->payload->data, curr_item->payload->len); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
481 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
482 buf_free(curr_item->payload); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
483 tmp_item = curr_item; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
484 curr_item = curr_item->next; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
485 m_free(tmp_item); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
486 encrypt_packet(); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
487 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
488 ses.reply_queue_head = ses.reply_queue_tail = NULL; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
489 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
490 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
491 /* encrypt the writepayload, putting into writebuf, ready for write_packet() |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
492 * to put on the wire */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
493 void encrypt_packet() { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
494 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
495 unsigned char padlen; |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
496 unsigned char blocksize, mac_size; |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
497 buffer * writebuf; /* the packet which will go on the wire. This is |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
498 encrypted in-place. */ |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
499 unsigned char packet_type; |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
500 unsigned int len, encrypt_buf_size; |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
501 unsigned char mac_bytes[MAX_MAC_LEN]; |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
502 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
503 time_t now; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
504 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
505 TRACE2(("enter encrypt_packet()")) |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
506 |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
507 buf_setpos(ses.writepayload, 0); |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
508 packet_type = buf_getbyte(ses.writepayload); |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
509 buf_setpos(ses.writepayload, 0); |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
510 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
511 TRACE2(("encrypt_packet type is %d", packet_type)) |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
512 |
752
24172f555f9c
Fix MAC bug which would prevent asymmetric hashes
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
513 if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))) { |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
514 /* During key exchange only particular packets are allowed. |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
515 Since this packet_type isn't OK we just enqueue it to send |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
516 after the KEX, see maybe_flush_reply_queue */ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
517 enqueue_reply_packet(); |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
518 return; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
519 } |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
448
diff
changeset
|
520 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
521 blocksize = ses.keys->trans.algo_crypt->blocksize; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
522 mac_size = ses.keys->trans.algo_mac->hashsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
523 |
605
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
524 /* Encrypted packet len is payload+5. We need to then make sure |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
525 * there is enough space for padding or MIN_PACKET_LEN. |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
526 * Add extra 3 since we need at least 4 bytes of padding */ |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
527 encrypt_buf_size = (ses.writepayload->len+4+1) |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
528 + MAX(MIN_PACKET_LEN, blocksize) + 3 |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
529 /* add space for the MAC at the end */ |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
530 + mac_size |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
531 #ifndef DISABLE_ZLIB |
605
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
532 /* some extra in case 'compression' makes it larger */ |
906
4696755c4cac
A few fixes for cases where compression increases payload sizes, and
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
533 + ZLIB_COMPRESS_EXPANSION |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
534 #endif |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
535 /* and an extra cleartext (stripped before transmission) byte for the |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
536 * packet type */ |
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
537 + 1; |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
538 |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
539 writebuf = buf_new(encrypt_buf_size); |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
540 buf_setlen(writebuf, PACKET_PAYLOAD_OFF); |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
541 buf_setpos(writebuf, PACKET_PAYLOAD_OFF); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
542 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
543 #ifndef DISABLE_ZLIB |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
544 /* compression */ |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
545 if (is_compress_trans()) { |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
546 buf_compress(writebuf, ses.writepayload, ses.writepayload->len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
547 } else |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
548 #endif |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
549 { |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
550 memcpy(buf_getwriteptr(writebuf, ses.writepayload->len), |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
551 buf_getptr(ses.writepayload, ses.writepayload->len), |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
552 ses.writepayload->len); |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
553 buf_incrwritepos(writebuf, ses.writepayload->len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
554 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
555 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
556 /* finished with payload */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
557 buf_setpos(ses.writepayload, 0); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
558 buf_setlen(ses.writepayload, 0); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
559 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
560 /* length of padding - packet length must be a multiple of blocksize, |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
561 * with a minimum of 4 bytes of padding */ |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
562 padlen = blocksize - (writebuf->len) % blocksize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
563 if (padlen < 4) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
564 padlen += blocksize; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
565 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
566 /* check for min packet length */ |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
567 if (writebuf->len + padlen < MIN_PACKET_LEN) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
568 padlen += blocksize; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
569 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
570 |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
571 buf_setpos(writebuf, 0); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
572 /* packet length excluding the packetlength uint32 */ |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
573 buf_putint(writebuf, writebuf->len + padlen - 4); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
574 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
575 /* padding len */ |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
576 buf_putbyte(writebuf, padlen); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
577 /* actual padding */ |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
578 buf_setpos(writebuf, writebuf->len); |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
579 buf_incrlen(writebuf, padlen); |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
580 genrandom(buf_getptr(writebuf, padlen), padlen); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
581 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
582 make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
583 |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
584 /* do the actual encryption, in-place */ |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
585 buf_setpos(writebuf, 0); |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
586 /* encrypt it in-place*/ |
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
587 len = writebuf->len; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
588 if (ses.keys->trans.crypt_mode->encrypt( |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
589 buf_getptr(writebuf, len), |
528
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
590 buf_getwriteptr(writebuf, len), |
378a6389f88e
- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
591 len, |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
592 &ses.keys->trans.cipher_state) != CRYPT_OK) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
592
diff
changeset
|
593 dropbear_exit("Error encrypting"); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
594 } |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
595 buf_incrpos(writebuf, len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
596 |
1250 | 597 /* stick the MAC on it */ |
598 buf_putbytes(writebuf, mac_bytes, mac_size); | |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
599 |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
600 /* Update counts */ |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
601 ses.kexstate.datatrans += writebuf->len; |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
602 |
1577
399d8eb961b5
get rid of unused packet_type in encrypted write queue
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
603 writebuf_enqueue(writebuf); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
604 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
605 /* Update counts */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
606 ses.transseq++; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
607 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
608 now = monotonic_now(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
609 ses.last_packet_time_any_sent = now; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
610 /* idle timeout shouldn't be affected by responses to keepalives. |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
611 send_msg_keepalive() itself also does tricks with |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
612 ses.last_packet_idle_time - read that if modifying this code */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
613 if (packet_type != SSH_MSG_REQUEST_FAILURE |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
614 && packet_type != SSH_MSG_UNIMPLEMENTED |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
615 && packet_type != SSH_MSG_IGNORE) { |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
616 ses.last_packet_time_idle = now; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
617 |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
618 } |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
934
diff
changeset
|
619 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
620 TRACE2(("leave encrypt_packet()")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
621 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
622 |
1577
399d8eb961b5
get rid of unused packet_type in encrypted write queue
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
623 void writebuf_enqueue(buffer * writebuf) { |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
624 /* enqueue the packet for sending. It will get freed after transmission. */ |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
625 buf_setpos(writebuf, 0); |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
626 enqueue(&ses.writequeue, (void*)writebuf); |
1577
399d8eb961b5
get rid of unused packet_type in encrypted write queue
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
627 ses.writequeue_len += writebuf->len; |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
628 } |
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1072
diff
changeset
|
629 |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
630 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
631 /* Create the packet mac, and append H(seqno|clearbuf) to the output */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
632 /* output_mac must have ses.keys->trans.algo_mac->hashsize bytes. */ |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
633 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
634 buffer * clear_buf, unsigned int clear_len, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
635 unsigned char *output_mac) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
636 unsigned char seqbuf[4]; |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
194
diff
changeset
|
637 unsigned long bufsize; |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
638 hmac_state hmac; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
639 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
640 if (key_state->algo_mac->hashsize > 0) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
641 /* calculate the mac */ |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
642 if (hmac_init(&hmac, |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
643 key_state->hash_index, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
644 key_state->mackey, |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
645 key_state->algo_mac->keysize) != CRYPT_OK) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
646 dropbear_exit("HMAC error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
647 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
648 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
649 /* sequence number */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
650 STORE32H(seqno, seqbuf); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
651 if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
652 dropbear_exit("HMAC error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
653 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
654 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
655 /* the actual contents */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
656 buf_setpos(clear_buf, 0); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
657 if (hmac_process(&hmac, |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
658 buf_getptr(clear_buf, clear_len), |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
533
diff
changeset
|
659 clear_len) != CRYPT_OK) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
660 dropbear_exit("HMAC error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
661 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
662 |
1249
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1079
diff
changeset
|
663 bufsize = MAX_MAC_LEN; |
533
805ae74ec024
Encrypt in-place, avoid an extra malloc
Matt Johnston <matt@ucc.asn.au>
parents:
532
diff
changeset
|
664 if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) { |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
665 dropbear_exit("HMAC error"); |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
666 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
667 } |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
668 TRACE2(("leave writemac")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
669 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
670 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
671 #ifndef DISABLE_ZLIB |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
672 /* compresses len bytes from src, outputting to dest (starting from the |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
673 * respective current positions. dest must have sufficient space, |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
674 * len+ZLIB_COMPRESS_EXPANSION */ |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
675 static void buf_compress(buffer * dest, buffer * src, unsigned int len) { |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
676 |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
677 unsigned int endpos = src->pos + len; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
678 int result; |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
679 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
680 TRACE2(("enter buf_compress")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
681 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
682 dropbear_assert(dest->size - dest->pos >= len+ZLIB_COMPRESS_EXPANSION); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
683 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
684 ses.keys->trans.zstream->avail_in = endpos - src->pos; |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
685 ses.keys->trans.zstream->next_in = |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
686 buf_getptr(src, ses.keys->trans.zstream->avail_in); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
687 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
688 ses.keys->trans.zstream->avail_out = dest->size - dest->pos; |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
689 ses.keys->trans.zstream->next_out = |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
690 buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
691 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
692 result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
693 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
694 buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in); |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
695 buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out); |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
696 buf_setpos(dest, dest->len); |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
697 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
698 if (result != Z_OK) { |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
699 dropbear_exit("zlib error"); |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
700 } |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
701 |
1057
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
702 /* fails if destination buffer wasn't large enough */ |
16584026a1f0
allocate buffer and data in a single allocation
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
703 dropbear_assert(ses.keys->trans.zstream->avail_in == 0); |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
728
diff
changeset
|
704 TRACE2(("leave buf_compress")) |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
705 } |
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
706 #endif |