dropbear: packet.c comparison

comparison packet.c @ 528:378a6389f88e

- Don't be dumb and encrypt/decrypt in a while() loop - why did I do this??

author	Matt Johnston <matt@ucc.asn.au>
date	Wed, 25 Feb 2009 14:04:02 +0000
parents	a3748e54273c
children	22a0d8355c2c

comparison

equal deleted inserted replaced

-:cc2dff9bd671
+:378a6389f88e
 	buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
 	buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
 	buf_setpos(ses.decryptreadbuf, blocksize);
 	/* decrypt it */
-	while (ses.readbuf->pos < ses.readbuf->len - macsize) {
+	len = ses.readbuf->len - macsize - ses.readbuf->pos;
-		if (ses.keys->recv_crypt_mode->decrypt(
+	if (ses.keys->recv_crypt_mode->decrypt(
-					buf_getptr(ses.readbuf, blocksize),
+				buf_getptr(ses.readbuf, len),
-					buf_getwriteptr(ses.decryptreadbuf, blocksize),
+				buf_getwriteptr(ses.decryptreadbuf, len),
-					blocksize,
+				len,
-					&ses.keys->recv_cipher_state) != CRYPT_OK) {
+				&ses.keys->recv_cipher_state) != CRYPT_OK) {
-			dropbear_exit("error decrypting");
+		dropbear_exit("error decrypting");
-		}
+	}
-		buf_incrpos(ses.readbuf, blocksize);
+	buf_incrpos(ses.readbuf, len);
-		buf_incrwritepos(ses.decryptreadbuf, blocksize);
+	buf_incrwritepos(ses.decryptreadbuf, len);
-	}
 	/* check the hmac */
 	buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
 	if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
 		dropbear_exit("Integrity error");
 	unsigned char padlen;
 	unsigned char blocksize, macsize;
 	buffer * writebuf; /* the packet which will go on the wire */
 	buffer * clearwritebuf; /* unencrypted, possibly compressed */
 	unsigned char type;
-	unsigned int clear_len;
+	unsigned int len;
 	type = ses.writepayload->data[0];
 	TRACE(("enter encrypt_packet()"))
 	TRACE(("encrypt_packet type is %d", type))
 	macsize = ses.keys->trans_algo_mac->hashsize;
 	/* Encrypted packet len is payload+5, then worst case is if we are 3 away
 	 * from a blocksize multiple. In which case we need to pad to the
 	 * multiple, then add another blocksize (or MIN_PACKET_LEN) */
-	clear_len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;
+	len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;
 #ifndef DISABLE_ZLIB
-	clear_len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/
+	len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/
 #endif
-	clearwritebuf = buf_new(clear_len);
+	clearwritebuf = buf_new(len);
 	buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
 	buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
 	buf_setpos(ses.writepayload, 0);
 	/* create a new writebuffer, this is freed when it has been put on the
 	 * wire by writepacket() */
 	writebuf = buf_new(clearwritebuf->len + macsize);
 	/* encrypt it */
-	while (clearwritebuf->pos < clearwritebuf->len) {
+	len = clearwritebuf->len;
-		if (ses.keys->trans_crypt_mode->encrypt(
+	if (ses.keys->trans_crypt_mode->encrypt(
-					buf_getptr(clearwritebuf, blocksize),
+				buf_getptr(clearwritebuf, len),
-					buf_getwriteptr(writebuf, blocksize),
+				buf_getwriteptr(writebuf, len),
-					blocksize,
+				len,
-					&ses.keys->trans_cipher_state) != CRYPT_OK) {
+				&ses.keys->trans_cipher_state) != CRYPT_OK) {
-			dropbear_exit("error encrypting");
+		dropbear_exit("error encrypting");
-		}
+	}
-		buf_incrpos(clearwritebuf, blocksize);
+	buf_incrpos(clearwritebuf, len);
-		buf_incrwritepos(writebuf, blocksize);
+	buf_incrwritepos(writebuf, len);
-	}
 	/* now add a hmac and we're done */
 	writemac(writebuf, clearwritebuf);
 	/* clearwritebuf is finished with */

Mercurial > dropbear

comparison packet.c @ 528:378a6389f88e