dropbear: packet.c comparison

comparison packet.c @ 546:568638be7203 agent-client

propagate from branch 'au.asn.ucc.matt.dropbear' (head 899a8851a5edf840b2f7925bcc26ffe99dcac54d) to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 6bbab8364de17bd9ecb1dee5ffb796e48c0380d2)

author	Matt Johnston <matt@ucc.asn.au>
date	Wed, 01 Jul 2009 04:16:32 +0000
parents	21490eea261d
children	ccdc4c6183c0

comparison

equal deleted inserted replaced

-:d588e3ea557a
+:568638be7203
 #include "random.h"
 #include "service.h"
 #include "auth.h"
 #include "channel.h"
-static void read_packet_init();
+static int read_packet_init();
-static void writemac(buffer * outputbuffer, buffer * clearwritebuf);
+static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
-static int checkmac(buffer* hashbuf, buffer* readbuf);
+		buffer * clear_buf, unsigned int clear_len,
+		unsigned char *output_mac);
+static int checkmac();
 #define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */
 #define ZLIB_DECOMPRESS_INCR 100
 #ifndef DISABLE_ZLIB
 static buffer* buf_decompress(buffer* buf, unsigned int len);
 		} else {
 			dropbear_exit("error writing");
 		}
 	}
+	ses.last_trx_packet_time = time(NULL);
 	ses.last_packet_time = time(NULL);
 	if (written == 0) {
 		ses.remoteclosed();
 	}
 	int len;
 	unsigned int maxlen;
 	unsigned char blocksize;
 	TRACE(("enter read_packet"))
-	blocksize = ses.keys->recv_algo_crypt->blocksize;
+	blocksize = ses.keys->recv.algo_crypt->blocksize;
 	if (ses.readbuf == NULL || ses.readbuf->len < blocksize) {
+		int ret;
 		/* In the first blocksize of a packet */
 		/* Read the first blocksize of the packet, so we can decrypt it and
 		 * find the length of the whole packet */
-		read_packet_init();
+		ret = read_packet_init();
-		/* If we don't have the length of decryptreadbuf, we didn't read
+		if (ret == DROPBEAR_FAILURE) {
-		 * a whole blocksize and should exit */
+			/* didn't read enough to determine the length */
-		if (ses.decryptreadbuf->len == 0) {
 			TRACE(("leave read_packet: packetinit done"))
 			return;
 		}
 	}
 	/* Attempt to read the remainder of the packet, note that there
 	 * mightn't be any available (EAGAIN) */
-	dropbear_assert(ses.readbuf != NULL);
 	maxlen = ses.readbuf->len - ses.readbuf->pos;
 	len = read(ses.sock_in, buf_getptr(ses.readbuf, maxlen), maxlen);
 	if (len == 0) {
 		ses.remoteclosed();
 	TRACE(("leave read_packet"))
 }
 /* Function used to read the initial portion of a packet, and determine the
 * length. Only called during the first BLOCKSIZE of a packet. */
-static void read_packet_init() {
+/* Returns DROPBEAR_SUCCESS if the length is determined,
+* DROPBEAR_FAILURE otherwise */
+static int read_packet_init() {
 	unsigned int maxlen;
 	int len;
 	unsigned char blocksize;
 	unsigned char macsize;
-	blocksize = ses.keys->recv_algo_crypt->blocksize;
+	blocksize = ses.keys->recv.algo_crypt->blocksize;
-	macsize = ses.keys->recv_algo_mac->hashsize;
+	macsize = ses.keys->recv.algo_mac->hashsize;
 	if (ses.readbuf == NULL) {
 		/* start of a new packet */
 		ses.readbuf = buf_new(INIT_READBUF);
-		dropbear_assert(ses.decryptreadbuf == NULL);
-		ses.decryptreadbuf = buf_new(blocksize);
 	}
 	maxlen = blocksize - ses.readbuf->pos;
 	/* read the rest of the packet if possible */
 		ses.remoteclosed();
 	}
 	if (len < 0) {
 		if (errno == EINTR) {
 			TRACE(("leave read_packet_init: EINTR"))
-			return;
+			return DROPBEAR_FAILURE;
 		}
 		dropbear_exit("error reading: %s", strerror(errno));
 	}
 	buf_incrwritepos(ses.readbuf, len);
 	if ((unsigned int)len != maxlen) {
 		/* don't have enough bytes to determine length, get next time */
-		return;
+		return DROPBEAR_FAILURE;
 	}
 	/* now we have the first block, need to get packet length, so we decrypt
 	 * the first block (only need first 4 bytes) */
 	buf_setpos(ses.readbuf, 0);
-	if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
+	if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize),
-		/* copy it */
+				buf_getwriteptr(ses.readbuf, blocksize),
-		memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize),
+				blocksize,
-				buf_getptr(ses.readbuf, blocksize),
+				&ses.keys->recv.cipher_state) != CRYPT_OK) {
-				blocksize);
+		dropbear_exit("error decrypting");
-	} else {
+	}
-		/* decrypt it */
+	len = buf_getint(ses.readbuf) + 4 + macsize;
-		if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
-					buf_getwriteptr(ses.decryptreadbuf,blocksize),
+	TRACE(("packet size is %d, block %d mac %d", len, blocksize, macsize))
-					blocksize,
-					&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
-			dropbear_exit("error decrypting");
-		}
-	}
-	buf_setlen(ses.decryptreadbuf, blocksize);
-	len = buf_getint(ses.decryptreadbuf) + 4 + macsize;
-	buf_setpos(ses.readbuf, blocksize);
 	/* check packet length */
 	if ((len > RECV_MAX_PACKET_LEN) ||
 		(len < MIN_PACKET_LEN + macsize) ||
 		((len - macsize) % blocksize != 0)) {
 		dropbear_exit("bad packet size %d", len);
 	}
-	buf_resize(ses.readbuf, len);
+	if (len > ses.readbuf->size) {
+		buf_resize(ses.readbuf, len);
+	}
 	buf_setlen(ses.readbuf, len);
+	buf_setpos(ses.readbuf, blocksize);
+	return DROPBEAR_SUCCESS;
 }
 /* handle the received packet */
 void decrypt_packet() {
 	unsigned char macsize;
 	unsigned int padlen;
 	unsigned int len;
 	TRACE(("enter decrypt_packet"))
-	blocksize = ses.keys->recv_algo_crypt->blocksize;
+	blocksize = ses.keys->recv.algo_crypt->blocksize;
-	macsize = ses.keys->recv_algo_mac->hashsize;
+	macsize = ses.keys->recv.algo_mac->hashsize;
 	ses.kexstate.datarecv += ses.readbuf->len;
 	/* we've already decrypted the first blocksize in read_packet_init */
 	buf_setpos(ses.readbuf, blocksize);
-	buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
+	/* decrypt it in-place */
-	buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
+	len = ses.readbuf->len - macsize - ses.readbuf->pos;
-	buf_setpos(ses.decryptreadbuf, blocksize);
+	if (ses.keys->recv.crypt_mode->decrypt(
+				buf_getptr(ses.readbuf, len),
-	/* decrypt if encryption is set, memcpy otherwise */
+				buf_getwriteptr(ses.readbuf, len),
-	if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
+				len,
-		/* copy it */
+				&ses.keys->recv.cipher_state) != CRYPT_OK) {
-		len = ses.readbuf->len - macsize - blocksize;
+		dropbear_exit("error decrypting");
-		memcpy(buf_getwriteptr(ses.decryptreadbuf, len),
+	}
-				buf_getptr(ses.readbuf, len), len);
+	buf_incrpos(ses.readbuf, len);
-	} else {
-		/* decrypt */
-		while (ses.readbuf->pos < ses.readbuf->len - macsize) {
-			if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
-						buf_getwriteptr(ses.decryptreadbuf, blocksize),
-						blocksize,
-						&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
-				dropbear_exit("error decrypting");
-			}
-			buf_incrpos(ses.readbuf, blocksize);
-			buf_incrwritepos(ses.decryptreadbuf, blocksize);
-		}
-	}
 	/* check the hmac */
-	buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
+	if (checkmac() != DROPBEAR_SUCCESS) {
-	if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
 		dropbear_exit("Integrity error");
 	}
-	/* readbuf no longer required */
-	buf_free(ses.readbuf);
-	ses.readbuf = NULL;
 	/* get padding length */
-	buf_setpos(ses.decryptreadbuf, PACKET_PADDING_OFF);
+	buf_setpos(ses.readbuf, PACKET_PADDING_OFF);
-	padlen = buf_getbyte(ses.decryptreadbuf);
+	padlen = buf_getbyte(ses.readbuf);
 	/* payload length */
 	/* - 4 - 1 is for LEN and PADLEN values */
-	len = ses.decryptreadbuf->len - padlen - 4 - 1;
+	len = ses.readbuf->len - padlen - 4 - 1;
 	if ((len > RECV_MAX_PAYLOAD_LEN) || (len < 1)) {
 		dropbear_exit("bad packet size");
 	}
-	buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF);
+	buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF);
 #ifndef DISABLE_ZLIB
-	if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {
+	if (is_compress_recv()) {
 		/* decompress */
-		ses.payload = buf_decompress(ses.decryptreadbuf, len);
+		ses.payload = buf_decompress(ses.readbuf, len);
 	} else
 #endif
 	{
 		/* copy payload */
 		ses.payload = buf_new(len);
-		memcpy(ses.payload->data, buf_getptr(ses.decryptreadbuf, len), len);
+		memcpy(ses.payload->data, buf_getptr(ses.readbuf, len), len);
 		buf_incrlen(ses.payload, len);
 	}
-	buf_free(ses.decryptreadbuf);
+	buf_free(ses.readbuf);
-	ses.decryptreadbuf = NULL;
+	ses.readbuf = NULL;
 	buf_setpos(ses.payload, 0);
 	ses.recvseq++;
 	TRACE(("leave decrypt_packet"))
 }
-/* Checks the mac in hashbuf, for the data in readbuf.
+/* Checks the mac at the end of a decrypted readbuf.
 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-static int checkmac(buffer* macbuf, buffer* sourcebuf) {
+static int checkmac() {
-	unsigned int macsize;
+	unsigned char mac_bytes[MAX_MAC_LEN];
-	hmac_state hmac;
+	unsigned int mac_size, contents_len;
-	unsigned char tempbuf[MAX_MAC_LEN];
-	unsigned long bufsize;
+	mac_size = ses.keys->trans.algo_mac->hashsize;
-	unsigned int len;
+	contents_len = ses.readbuf->len - mac_size;
-	macsize = ses.keys->recv_algo_mac->hashsize;
+	buf_setpos(ses.readbuf, 0);
-	if (macsize == 0) {
+	make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes);
-		return DROPBEAR_SUCCESS;
-	}
-	/* calculate the mac */
-	if (hmac_init(&hmac,
-				find_hash(ses.keys->recv_algo_mac->hashdesc->name),
-				ses.keys->recvmackey,
-				ses.keys->recv_algo_mac->keysize)
-				!= CRYPT_OK) {
-		dropbear_exit("HMAC error");
-	}
-	/* sequence number */
-	STORE32H(ses.recvseq, tempbuf);
-	if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) {
-		dropbear_exit("HMAC error");
-	}
-	buf_setpos(sourcebuf, 0);
-	len = sourcebuf->len;
-	if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) {
-		dropbear_exit("HMAC error");
-	}
-	bufsize = sizeof(tempbuf);
-	if (hmac_done(&hmac, tempbuf, &bufsize) != CRYPT_OK) {
-		dropbear_exit("HMAC error");
-	}
 	/* compare the hash */
-	if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) {
+	buf_setpos(ses.readbuf, contents_len);
+	if (memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
 		return DROPBEAR_FAILURE;
 	} else {
 		return DROPBEAR_SUCCESS;
 	}
 }
 	int result;
 	buffer * ret;
 	z_streamp zstream;
-	zstream = ses.keys->recv_zstream;
+	zstream = ses.keys->recv.zstream;
 	ret = buf_new(len);
 	zstream->avail_in = len;
 	zstream->next_in = buf_getptr(buf, len);
 /* encrypt the writepayload, putting into writebuf, ready for write_packet()
 * to put on the wire */
 void encrypt_packet() {
 	unsigned char padlen;
-	unsigned char blocksize, macsize;
+	unsigned char blocksize, mac_size;
-	buffer * writebuf; /* the packet which will go on the wire */
+	buffer * writebuf; /* the packet which will go on the wire. This is
-	buffer * clearwritebuf; /* unencrypted, possibly compressed */
+	                      encrypted in-place. */
 	unsigned char type;
+	unsigned int len, encrypt_buf_size;
+	unsigned char mac_bytes[MAX_MAC_LEN];
 	type = ses.writepayload->data[0];
 	TRACE(("enter encrypt_packet()"))
 	TRACE(("encrypt_packet type is %d", type))
 			after the KEX, see maybe_flush_reply_queue */
 		enqueue_reply_packet();
 		return;
 	}
-	blocksize = ses.keys->trans_algo_crypt->blocksize;
+	blocksize = ses.keys->trans.algo_crypt->blocksize;
-	macsize = ses.keys->trans_algo_mac->hashsize;
+	mac_size = ses.keys->trans.algo_mac->hashsize;
 	/* Encrypted packet len is payload+5, then worst case is if we are 3 away
 	 * from a blocksize multiple. In which case we need to pad to the
 	 * multiple, then add another blocksize (or MIN_PACKET_LEN) */
-	clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3
+	encrypt_buf_size = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;
+	/* add space for the MAC at the end */
+	encrypt_buf_size += mac_size;
 #ifndef DISABLE_ZLIB
-			+ ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/
+	encrypt_buf_size += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/
 #endif
-			);
+	writebuf = buf_new(encrypt_buf_size);
-	buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
+	buf_setlen(writebuf, PACKET_PAYLOAD_OFF);
-	buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
+	buf_setpos(writebuf, PACKET_PAYLOAD_OFF);
 	buf_setpos(ses.writepayload, 0);
 #ifndef DISABLE_ZLIB
 	/* compression */
-	if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {
+	if (is_compress_trans()) {
-		buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len);
+		buf_compress(writebuf, ses.writepayload, ses.writepayload->len);
 	} else
 #endif
 	{
-		memcpy(buf_getwriteptr(clearwritebuf, ses.writepayload->len),
+		memcpy(buf_getwriteptr(writebuf, ses.writepayload->len),
 				buf_getptr(ses.writepayload, ses.writepayload->len),
 				ses.writepayload->len);
-		buf_incrwritepos(clearwritebuf, ses.writepayload->len);
+		buf_incrwritepos(writebuf, ses.writepayload->len);
 	}
 	/* finished with payload */
 	buf_setpos(ses.writepayload, 0);
 	buf_setlen(ses.writepayload, 0);
 	/* length of padding - packet length must be a multiple of blocksize,
 	 * with a minimum of 4 bytes of padding */
-	padlen = blocksize - (clearwritebuf->len) % blocksize;
+	padlen = blocksize - (writebuf->len) % blocksize;
 	if (padlen < 4) {
 		padlen += blocksize;
 	}
 	/* check for min packet length */
-	if (clearwritebuf->len + padlen < MIN_PACKET_LEN) {
+	if (writebuf->len + padlen < MIN_PACKET_LEN) {
 		padlen += blocksize;
 	}
-	buf_setpos(clearwritebuf, 0);
+	buf_setpos(writebuf, 0);
 	/* packet length excluding the packetlength uint32 */
-	buf_putint(clearwritebuf, clearwritebuf->len + padlen - 4);
+	buf_putint(writebuf, writebuf->len + padlen - 4);
 	/* padding len */
-	buf_putbyte(clearwritebuf, padlen);
+	buf_putbyte(writebuf, padlen);
 	/* actual padding */
-	buf_setpos(clearwritebuf, clearwritebuf->len);
+	buf_setpos(writebuf, writebuf->len);
-	buf_incrlen(clearwritebuf, padlen);
+	buf_incrlen(writebuf, padlen);
-	genrandom(buf_getptr(clearwritebuf, padlen), padlen);
+	genrandom(buf_getptr(writebuf, padlen), padlen);
-	/* do the actual encryption */
+	make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes);
-	buf_setpos(clearwritebuf, 0);
-	/* create a new writebuffer, this is freed when it has been put on the
+	/* do the actual encryption, in-place */
-	 * wire by writepacket() */
+	buf_setpos(writebuf, 0);
-	writebuf = buf_new(clearwritebuf->len + macsize);
+	/* encrypt it in-place*/
+	len = writebuf->len;
-	if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
+	if (ses.keys->trans.crypt_mode->encrypt(
-		/* copy it */
+				buf_getptr(writebuf, len),
-		memcpy(buf_getwriteptr(writebuf, clearwritebuf->len),
+				buf_getwriteptr(writebuf, len),
-				buf_getptr(clearwritebuf, clearwritebuf->len),
+				len,
-				clearwritebuf->len);
+				&ses.keys->trans.cipher_state) != CRYPT_OK) {
-		buf_incrwritepos(writebuf, clearwritebuf->len);
+		dropbear_exit("error encrypting");
-	} else {
+	}
-		/* encrypt it */
+	buf_incrpos(writebuf, len);
-		while (clearwritebuf->pos < clearwritebuf->len) {
-			if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),
+/* stick the MAC on it */
-						buf_getwriteptr(writebuf, blocksize),
+buf_putbytes(writebuf, mac_bytes, mac_size);
-						blocksize,
-						&ses.keys->trans_symmetric_struct) != CRYPT_OK) {
+	/* enqueue the packet for sending. It will get freed after transmission. */
-				dropbear_exit("error encrypting");
-			}
-			buf_incrpos(clearwritebuf, blocksize);
-			buf_incrwritepos(writebuf, blocksize);
-		}
-	}
-	/* now add a hmac and we're done */
-	writemac(writebuf, clearwritebuf);
-	/* clearwritebuf is finished with */
-	buf_free(clearwritebuf);
-	clearwritebuf = NULL;
-	/* enqueue the packet for sending */
 	buf_setpos(writebuf, 0);
 	enqueue(&ses.writequeue, (void*)writebuf);
 	/* Update counts */
 	ses.kexstate.datatrans += writebuf->len;
 	TRACE(("leave encrypt_packet()"))
 }
 /* Create the packet mac, and append H(seqno|clearbuf) to the output */
-static void writemac(buffer * outputbuffer, buffer * clearwritebuf) {
+/* output_mac must have ses.keys->trans.algo_mac->hashsize bytes. */
+static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
-	unsigned int macsize;
+		buffer * clear_buf, unsigned int clear_len,
+		unsigned char *output_mac) {
 	unsigned char seqbuf[4];
-	unsigned char tempbuf[MAX_MAC_LEN];
 	unsigned long bufsize;
 	hmac_state hmac;
 	TRACE(("enter writemac"))
-	macsize = ses.keys->trans_algo_mac->hashsize;
+	if (key_state->algo_mac->hashsize > 0) {
-	if (macsize > 0) {
 		/* calculate the mac */
 		if (hmac_init(&hmac,
-					find_hash(ses.keys->trans_algo_mac->hashdesc->name),
+					key_state->hash_index,
-					ses.keys->transmackey,
+					key_state->mackey,
-					ses.keys->trans_algo_mac->keysize) != CRYPT_OK) {
+					key_state->algo_mac->keysize) != CRYPT_OK) {
 			dropbear_exit("HMAC error");
 		}
 		/* sequence number */
-		STORE32H(ses.transseq, seqbuf);
+		STORE32H(seqno, seqbuf);
 		if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) {
 			dropbear_exit("HMAC error");
 		}
 		/* the actual contents */
-		buf_setpos(clearwritebuf, 0);
+		buf_setpos(clear_buf, 0);
 		if (hmac_process(&hmac,
-					buf_getptr(clearwritebuf,
+					buf_getptr(clear_buf, clear_len),
-						clearwritebuf->len),
+					clear_len) != CRYPT_OK) {
-					clearwritebuf->len) != CRYPT_OK) {
 			dropbear_exit("HMAC error");
 		}
-		bufsize = sizeof(tempbuf);
+bufsize = MAX_MAC_LEN;
-		if (hmac_done(&hmac, tempbuf, &bufsize)
+		if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) {
-				!= CRYPT_OK) {
 			dropbear_exit("HMAC error");
 		}
-		buf_putbytes(outputbuffer, tempbuf, macsize);
 	}
 	TRACE(("leave writemac"))
 }
 #ifndef DISABLE_ZLIB
 	TRACE(("enter buf_compress"))
 	while (1) {
-		ses.keys->trans_zstream->avail_in = endpos - src->pos;
+		ses.keys->trans.zstream->avail_in = endpos - src->pos;
-		ses.keys->trans_zstream->next_in =
+		ses.keys->trans.zstream->next_in =
-			buf_getptr(src, ses.keys->trans_zstream->avail_in);
+			buf_getptr(src, ses.keys->trans.zstream->avail_in);
-		ses.keys->trans_zstream->avail_out = dest->size - dest->pos;
+		ses.keys->trans.zstream->avail_out = dest->size - dest->pos;
-		ses.keys->trans_zstream->next_out =
+		ses.keys->trans.zstream->next_out =
-			buf_getwriteptr(dest, ses.keys->trans_zstream->avail_out);
+			buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out);
-		result = deflate(ses.keys->trans_zstream, Z_SYNC_FLUSH);
+		result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH);
-		buf_setpos(src, endpos - ses.keys->trans_zstream->avail_in);
+		buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in);
-		buf_setlen(dest, dest->size - ses.keys->trans_zstream->avail_out);
+		buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out);
 		buf_setpos(dest, dest->len);
 		if (result != Z_OK) {
 			dropbear_exit("zlib error");
 		}
-		if (ses.keys->trans_zstream->avail_in == 0) {
+		if (ses.keys->trans.zstream->avail_in == 0) {
 			break;
 		}
-		dropbear_assert(ses.keys->trans_zstream->avail_out == 0);
+		dropbear_assert(ses.keys->trans.zstream->avail_out == 0);
 		/* the buffer has been filled, we must extend. This only happens in
 		 * unusual circumstances where the data grows in size after deflate(),
 		 * but it is possible */
 		buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR);

Mercurial > dropbear

comparison packet.c @ 546:568638be7203 agent-client