Mercurial > dropbear
comparison packet.c @ 389:5ff8218bcee9
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e)
to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 03:14:55 +0000 |
parents | c5d3ef11155f |
children | 695413c59b6a |
comparison
equal
deleted
inserted
replaced
388:fb54020f78e1 | 389:5ff8218bcee9 |
---|---|
1 /* | |
2 * Dropbear - a SSH2 server | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 #include "includes.h" | |
26 #include "packet.h" | |
27 #include "session.h" | |
28 #include "dbutil.h" | |
29 #include "ssh.h" | |
30 #include "algo.h" | |
31 #include "buffer.h" | |
32 #include "kex.h" | |
33 #include "random.h" | |
34 #include "service.h" | |
35 #include "auth.h" | |
36 #include "channel.h" | |
37 | |
38 static void read_packet_init(); | |
39 static void writemac(buffer * outputbuffer, buffer * clearwritebuf); | |
40 static int checkmac(buffer* hashbuf, buffer* readbuf); | |
41 | |
42 #define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */ | |
43 #define ZLIB_DECOMPRESS_INCR 100 | |
44 #ifndef DISABLE_ZLIB | |
45 static buffer* buf_decompress(buffer* buf, unsigned int len); | |
46 static void buf_compress(buffer * dest, buffer * src, unsigned int len); | |
47 #endif | |
48 | |
49 /* non-blocking function writing out a current encrypted packet */ | |
50 void write_packet() { | |
51 | |
52 int len, written; | |
53 buffer * writebuf = NULL; | |
54 | |
55 TRACE(("enter write_packet")) | |
56 dropbear_assert(!isempty(&ses.writequeue)); | |
57 | |
58 /* Get the next buffer in the queue of encrypted packets to write*/ | |
59 writebuf = (buffer*)examine(&ses.writequeue); | |
60 | |
61 len = writebuf->len - writebuf->pos; | |
62 dropbear_assert(len > 0); | |
63 /* Try to write as much as possible */ | |
64 written = write(ses.sock, buf_getptr(writebuf, len), len); | |
65 | |
66 if (written < 0) { | |
67 if (errno == EINTR) { | |
68 TRACE(("leave writepacket: EINTR")) | |
69 return; | |
70 } else { | |
71 dropbear_exit("error writing"); | |
72 } | |
73 } | |
74 | |
75 if (written == 0) { | |
76 ses.remoteclosed(); | |
77 } | |
78 | |
79 if (written == len) { | |
80 /* We've finished with the packet, free it */ | |
81 dequeue(&ses.writequeue); | |
82 buf_free(writebuf); | |
83 writebuf = NULL; | |
84 } else { | |
85 /* More packet left to write, leave it in the queue for later */ | |
86 buf_incrpos(writebuf, written); | |
87 } | |
88 | |
89 TRACE(("leave write_packet")) | |
90 } | |
91 | |
92 /* Non-blocking function reading available portion of a packet into the | |
93 * ses's buffer, decrypting the length if encrypted, decrypting the | |
94 * full portion if possible */ | |
95 void read_packet() { | |
96 | |
97 int len; | |
98 unsigned int maxlen; | |
99 unsigned char blocksize; | |
100 | |
101 TRACE(("enter read_packet")) | |
102 blocksize = ses.keys->recv_algo_crypt->blocksize; | |
103 | |
104 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) { | |
105 /* In the first blocksize of a packet */ | |
106 | |
107 /* Read the first blocksize of the packet, so we can decrypt it and | |
108 * find the length of the whole packet */ | |
109 read_packet_init(); | |
110 | |
111 /* If we don't have the length of decryptreadbuf, we didn't read | |
112 * a whole blocksize and should exit */ | |
113 if (ses.decryptreadbuf->len == 0) { | |
114 TRACE(("leave read_packet: packetinit done")) | |
115 return; | |
116 } | |
117 } | |
118 | |
119 /* Attempt to read the remainder of the packet, note that there | |
120 * mightn't be any available (EAGAIN) */ | |
121 dropbear_assert(ses.readbuf != NULL); | |
122 maxlen = ses.readbuf->len - ses.readbuf->pos; | |
123 len = read(ses.sock, buf_getptr(ses.readbuf, maxlen), maxlen); | |
124 | |
125 if (len == 0) { | |
126 ses.remoteclosed(); | |
127 } | |
128 | |
129 if (len < 0) { | |
130 if (errno == EINTR || errno == EAGAIN) { | |
131 TRACE(("leave read_packet: EINTR or EAGAIN")) | |
132 return; | |
133 } else { | |
134 dropbear_exit("error reading: %s", strerror(errno)); | |
135 } | |
136 } | |
137 | |
138 buf_incrpos(ses.readbuf, len); | |
139 | |
140 if ((unsigned int)len == maxlen) { | |
141 /* The whole packet has been read */ | |
142 decrypt_packet(); | |
143 /* The main select() loop process_packet() to | |
144 * handle the packet contents... */ | |
145 } | |
146 TRACE(("leave read_packet")) | |
147 } | |
148 | |
149 /* Function used to read the initial portion of a packet, and determine the | |
150 * length. Only called during the first BLOCKSIZE of a packet. */ | |
151 static void read_packet_init() { | |
152 | |
153 unsigned int maxlen; | |
154 int len; | |
155 unsigned char blocksize; | |
156 unsigned char macsize; | |
157 | |
158 | |
159 blocksize = ses.keys->recv_algo_crypt->blocksize; | |
160 macsize = ses.keys->recv_algo_mac->hashsize; | |
161 | |
162 if (ses.readbuf == NULL) { | |
163 /* start of a new packet */ | |
164 ses.readbuf = buf_new(INIT_READBUF); | |
165 dropbear_assert(ses.decryptreadbuf == NULL); | |
166 ses.decryptreadbuf = buf_new(blocksize); | |
167 } | |
168 | |
169 maxlen = blocksize - ses.readbuf->pos; | |
170 | |
171 /* read the rest of the packet if possible */ | |
172 len = read(ses.sock, buf_getwriteptr(ses.readbuf, maxlen), | |
173 maxlen); | |
174 if (len == 0) { | |
175 ses.remoteclosed(); | |
176 } | |
177 if (len < 0) { | |
178 if (errno == EINTR) { | |
179 TRACE(("leave read_packet_init: EINTR")) | |
180 return; | |
181 } | |
182 dropbear_exit("error reading: %s", strerror(errno)); | |
183 } | |
184 | |
185 buf_incrwritepos(ses.readbuf, len); | |
186 | |
187 if ((unsigned int)len != maxlen) { | |
188 /* don't have enough bytes to determine length, get next time */ | |
189 return; | |
190 } | |
191 | |
192 /* now we have the first block, need to get packet length, so we decrypt | |
193 * the first block (only need first 4 bytes) */ | |
194 buf_setpos(ses.readbuf, 0); | |
195 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) { | |
196 /* copy it */ | |
197 memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize), | |
198 buf_getptr(ses.readbuf, blocksize), | |
199 blocksize); | |
200 } else { | |
201 /* decrypt it */ | |
202 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), | |
203 buf_getwriteptr(ses.decryptreadbuf,blocksize), | |
204 blocksize, | |
205 &ses.keys->recv_symmetric_struct) != CRYPT_OK) { | |
206 dropbear_exit("error decrypting"); | |
207 } | |
208 } | |
209 buf_setlen(ses.decryptreadbuf, blocksize); | |
210 len = buf_getint(ses.decryptreadbuf) + 4 + macsize; | |
211 | |
212 buf_setpos(ses.readbuf, blocksize); | |
213 | |
214 /* check packet length */ | |
215 if ((len > MAX_PACKET_LEN) || | |
216 (len < MIN_PACKET_LEN + macsize) || | |
217 ((len - macsize) % blocksize != 0)) { | |
218 dropbear_exit("bad packet size %d", len); | |
219 } | |
220 | |
221 buf_resize(ses.readbuf, len); | |
222 buf_setlen(ses.readbuf, len); | |
223 | |
224 } | |
225 | |
226 /* handle the received packet */ | |
227 void decrypt_packet() { | |
228 | |
229 unsigned char blocksize; | |
230 unsigned char macsize; | |
231 unsigned int padlen; | |
232 unsigned int len; | |
233 | |
234 TRACE(("enter decrypt_packet")) | |
235 blocksize = ses.keys->recv_algo_crypt->blocksize; | |
236 macsize = ses.keys->recv_algo_mac->hashsize; | |
237 | |
238 ses.kexstate.datarecv += ses.readbuf->len; | |
239 | |
240 /* we've already decrypted the first blocksize in read_packet_init */ | |
241 buf_setpos(ses.readbuf, blocksize); | |
242 | |
243 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize); | |
244 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size); | |
245 buf_setpos(ses.decryptreadbuf, blocksize); | |
246 | |
247 /* decrypt if encryption is set, memcpy otherwise */ | |
248 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) { | |
249 /* copy it */ | |
250 len = ses.readbuf->len - macsize - blocksize; | |
251 memcpy(buf_getwriteptr(ses.decryptreadbuf, len), | |
252 buf_getptr(ses.readbuf, len), len); | |
253 } else { | |
254 /* decrypt */ | |
255 while (ses.readbuf->pos < ses.readbuf->len - macsize) { | |
256 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), | |
257 buf_getwriteptr(ses.decryptreadbuf, blocksize), | |
258 blocksize, | |
259 &ses.keys->recv_symmetric_struct) != CRYPT_OK) { | |
260 dropbear_exit("error decrypting"); | |
261 } | |
262 buf_incrpos(ses.readbuf, blocksize); | |
263 buf_incrwritepos(ses.decryptreadbuf, blocksize); | |
264 } | |
265 } | |
266 | |
267 /* check the hmac */ | |
268 buf_setpos(ses.readbuf, ses.readbuf->len - macsize); | |
269 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) { | |
270 dropbear_exit("Integrity error"); | |
271 } | |
272 | |
273 /* readbuf no longer required */ | |
274 buf_free(ses.readbuf); | |
275 ses.readbuf = NULL; | |
276 | |
277 /* get padding length */ | |
278 buf_setpos(ses.decryptreadbuf, PACKET_PADDING_OFF); | |
279 padlen = buf_getbyte(ses.decryptreadbuf); | |
280 | |
281 /* payload length */ | |
282 /* - 4 - 1 is for LEN and PADLEN values */ | |
283 len = ses.decryptreadbuf->len - padlen - 4 - 1; | |
284 if ((len > MAX_PAYLOAD_LEN) || (len < 1)) { | |
285 dropbear_exit("bad packet size"); | |
286 } | |
287 | |
288 buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF); | |
289 | |
290 #ifndef DISABLE_ZLIB | |
291 if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) { | |
292 /* decompress */ | |
293 ses.payload = buf_decompress(ses.decryptreadbuf, len); | |
294 | |
295 } else | |
296 #endif | |
297 { | |
298 /* copy payload */ | |
299 ses.payload = buf_new(len); | |
300 memcpy(ses.payload->data, buf_getptr(ses.decryptreadbuf, len), len); | |
301 buf_incrlen(ses.payload, len); | |
302 } | |
303 | |
304 buf_free(ses.decryptreadbuf); | |
305 ses.decryptreadbuf = NULL; | |
306 buf_setpos(ses.payload, 0); | |
307 | |
308 ses.recvseq++; | |
309 | |
310 TRACE(("leave decrypt_packet")) | |
311 } | |
312 | |
313 /* Checks the mac in hashbuf, for the data in readbuf. | |
314 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | |
315 static int checkmac(buffer* macbuf, buffer* sourcebuf) { | |
316 | |
317 unsigned int macsize; | |
318 hmac_state hmac; | |
319 unsigned char tempbuf[MAX_MAC_LEN]; | |
320 unsigned long bufsize; | |
321 unsigned int len; | |
322 | |
323 macsize = ses.keys->recv_algo_mac->hashsize; | |
324 if (macsize == 0) { | |
325 return DROPBEAR_SUCCESS; | |
326 } | |
327 | |
328 /* calculate the mac */ | |
329 if (hmac_init(&hmac, | |
330 find_hash(ses.keys->recv_algo_mac->hashdesc->name), | |
331 ses.keys->recvmackey, | |
332 ses.keys->recv_algo_mac->keysize) | |
333 != CRYPT_OK) { | |
334 dropbear_exit("HMAC error"); | |
335 } | |
336 | |
337 /* sequence number */ | |
338 STORE32H(ses.recvseq, tempbuf); | |
339 if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) { | |
340 dropbear_exit("HMAC error"); | |
341 } | |
342 | |
343 buf_setpos(sourcebuf, 0); | |
344 len = sourcebuf->len; | |
345 if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) { | |
346 dropbear_exit("HMAC error"); | |
347 } | |
348 | |
349 bufsize = sizeof(tempbuf); | |
350 if (hmac_done(&hmac, tempbuf, &bufsize) != CRYPT_OK) { | |
351 dropbear_exit("HMAC error"); | |
352 } | |
353 | |
354 /* compare the hash */ | |
355 if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) { | |
356 return DROPBEAR_FAILURE; | |
357 } else { | |
358 return DROPBEAR_SUCCESS; | |
359 } | |
360 } | |
361 | |
362 #ifndef DISABLE_ZLIB | |
363 /* returns a pointer to a newly created buffer */ | |
364 static buffer* buf_decompress(buffer* buf, unsigned int len) { | |
365 | |
366 int result; | |
367 buffer * ret; | |
368 z_streamp zstream; | |
369 | |
370 zstream = ses.keys->recv_zstream; | |
371 ret = buf_new(len); | |
372 | |
373 zstream->avail_in = len; | |
374 zstream->next_in = buf_getptr(buf, len); | |
375 | |
376 /* decompress the payload, incrementally resizing the output buffer */ | |
377 while (1) { | |
378 | |
379 zstream->avail_out = ret->size - ret->pos; | |
380 zstream->next_out = buf_getwriteptr(ret, zstream->avail_out); | |
381 | |
382 result = inflate(zstream, Z_SYNC_FLUSH); | |
383 | |
384 buf_setlen(ret, ret->size - zstream->avail_out); | |
385 buf_setpos(ret, ret->len); | |
386 | |
387 if (result != Z_BUF_ERROR && result != Z_OK) { | |
388 dropbear_exit("zlib error"); | |
389 } | |
390 | |
391 if (zstream->avail_in == 0 && | |
392 (zstream->avail_out != 0 || result == Z_BUF_ERROR)) { | |
393 /* we can only exit if avail_out hasn't all been used, | |
394 * and there's no remaining input */ | |
395 return ret; | |
396 } | |
397 | |
398 if (zstream->avail_out == 0) { | |
399 buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR); | |
400 } | |
401 } | |
402 } | |
403 #endif | |
404 | |
405 | |
406 | |
407 | |
408 /* encrypt the writepayload, putting into writebuf, ready for write_packet() | |
409 * to put on the wire */ | |
410 void encrypt_packet() { | |
411 | |
412 unsigned char padlen; | |
413 unsigned char blocksize, macsize; | |
414 buffer * writebuf; /* the packet which will go on the wire */ | |
415 buffer * clearwritebuf; /* unencrypted, possibly compressed */ | |
416 | |
417 TRACE(("enter encrypt_packet()")) | |
418 TRACE(("encrypt_packet type is %d", ses.writepayload->data[0])) | |
419 blocksize = ses.keys->trans_algo_crypt->blocksize; | |
420 macsize = ses.keys->trans_algo_mac->hashsize; | |
421 | |
422 /* Encrypted packet len is payload+5, then worst case is if we are 3 away | |
423 * from a blocksize multiple. In which case we need to pad to the | |
424 * multiple, then add another blocksize (or MIN_PACKET_LEN) */ | |
425 clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3 | |
426 #ifndef DISABLE_ZLIB | |
427 + ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/ | |
428 #endif | |
429 ); | |
430 buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF); | |
431 buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF); | |
432 | |
433 buf_setpos(ses.writepayload, 0); | |
434 | |
435 #ifndef DISABLE_ZLIB | |
436 /* compression */ | |
437 if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) { | |
438 buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len); | |
439 } else | |
440 #endif | |
441 { | |
442 memcpy(buf_getwriteptr(clearwritebuf, ses.writepayload->len), | |
443 buf_getptr(ses.writepayload, ses.writepayload->len), | |
444 ses.writepayload->len); | |
445 buf_incrwritepos(clearwritebuf, ses.writepayload->len); | |
446 } | |
447 | |
448 /* finished with payload */ | |
449 buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't | |
450 _that_ likely to hurt performance too badly. | |
451 Buffers can have cleartext passwords etc, or | |
452 other sensitive data */ | |
453 buf_setpos(ses.writepayload, 0); | |
454 buf_setlen(ses.writepayload, 0); | |
455 | |
456 /* length of padding - packet length must be a multiple of blocksize, | |
457 * with a minimum of 4 bytes of padding */ | |
458 padlen = blocksize - (clearwritebuf->len) % blocksize; | |
459 if (padlen < 4) { | |
460 padlen += blocksize; | |
461 } | |
462 /* check for min packet length */ | |
463 if (clearwritebuf->len + padlen < MIN_PACKET_LEN) { | |
464 padlen += blocksize; | |
465 } | |
466 | |
467 buf_setpos(clearwritebuf, 0); | |
468 /* packet length excluding the packetlength uint32 */ | |
469 buf_putint(clearwritebuf, clearwritebuf->len + padlen - 4); | |
470 | |
471 /* padding len */ | |
472 buf_putbyte(clearwritebuf, padlen); | |
473 /* actual padding */ | |
474 buf_setpos(clearwritebuf, clearwritebuf->len); | |
475 buf_incrlen(clearwritebuf, padlen); | |
476 genrandom(buf_getptr(clearwritebuf, padlen), padlen); | |
477 | |
478 /* do the actual encryption */ | |
479 buf_setpos(clearwritebuf, 0); | |
480 /* create a new writebuffer, this is freed when it has been put on the | |
481 * wire by writepacket() */ | |
482 writebuf = buf_new(clearwritebuf->len + macsize); | |
483 | |
484 if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { | |
485 /* copy it */ | |
486 memcpy(buf_getwriteptr(writebuf, clearwritebuf->len), | |
487 buf_getptr(clearwritebuf, clearwritebuf->len), | |
488 clearwritebuf->len); | |
489 buf_incrwritepos(writebuf, clearwritebuf->len); | |
490 } else { | |
491 /* encrypt it */ | |
492 while (clearwritebuf->pos < clearwritebuf->len) { | |
493 if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize), | |
494 buf_getwriteptr(writebuf, blocksize), | |
495 blocksize, | |
496 &ses.keys->trans_symmetric_struct) != CRYPT_OK) { | |
497 dropbear_exit("error encrypting"); | |
498 } | |
499 buf_incrpos(clearwritebuf, blocksize); | |
500 buf_incrwritepos(writebuf, blocksize); | |
501 } | |
502 } | |
503 | |
504 /* now add a hmac and we're done */ | |
505 writemac(writebuf, clearwritebuf); | |
506 | |
507 /* clearwritebuf is finished with */ | |
508 buf_free(clearwritebuf); | |
509 clearwritebuf = NULL; | |
510 | |
511 /* enqueue the packet for sending */ | |
512 buf_setpos(writebuf, 0); | |
513 enqueue(&ses.writequeue, (void*)writebuf); | |
514 | |
515 /* Update counts */ | |
516 ses.kexstate.datatrans += writebuf->len; | |
517 ses.transseq++; | |
518 | |
519 TRACE(("leave encrypt_packet()")) | |
520 } | |
521 | |
522 | |
523 /* Create the packet mac, and append H(seqno|clearbuf) to the output */ | |
524 static void writemac(buffer * outputbuffer, buffer * clearwritebuf) { | |
525 | |
526 unsigned int macsize; | |
527 unsigned char seqbuf[4]; | |
528 unsigned char tempbuf[MAX_MAC_LEN]; | |
529 unsigned long bufsize; | |
530 hmac_state hmac; | |
531 | |
532 TRACE(("enter writemac")) | |
533 | |
534 macsize = ses.keys->trans_algo_mac->hashsize; | |
535 if (macsize > 0) { | |
536 /* calculate the mac */ | |
537 if (hmac_init(&hmac, | |
538 find_hash(ses.keys->trans_algo_mac->hashdesc->name), | |
539 ses.keys->transmackey, | |
540 ses.keys->trans_algo_mac->keysize) != CRYPT_OK) { | |
541 dropbear_exit("HMAC error"); | |
542 } | |
543 | |
544 /* sequence number */ | |
545 STORE32H(ses.transseq, seqbuf); | |
546 if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) { | |
547 dropbear_exit("HMAC error"); | |
548 } | |
549 | |
550 /* the actual contents */ | |
551 buf_setpos(clearwritebuf, 0); | |
552 if (hmac_process(&hmac, | |
553 buf_getptr(clearwritebuf, | |
554 clearwritebuf->len), | |
555 clearwritebuf->len) != CRYPT_OK) { | |
556 dropbear_exit("HMAC error"); | |
557 } | |
558 | |
559 bufsize = sizeof(tempbuf); | |
560 if (hmac_done(&hmac, tempbuf, &bufsize) | |
561 != CRYPT_OK) { | |
562 dropbear_exit("HMAC error"); | |
563 } | |
564 buf_putbytes(outputbuffer, tempbuf, macsize); | |
565 } | |
566 TRACE(("leave writemac")) | |
567 } | |
568 | |
569 #ifndef DISABLE_ZLIB | |
570 /* compresses len bytes from src, outputting to dest (starting from the | |
571 * respective current positions. */ | |
572 static void buf_compress(buffer * dest, buffer * src, unsigned int len) { | |
573 | |
574 unsigned int endpos = src->pos + len; | |
575 int result; | |
576 | |
577 TRACE(("enter buf_compress")) | |
578 | |
579 while (1) { | |
580 | |
581 ses.keys->trans_zstream->avail_in = endpos - src->pos; | |
582 ses.keys->trans_zstream->next_in = | |
583 buf_getptr(src, ses.keys->trans_zstream->avail_in); | |
584 | |
585 ses.keys->trans_zstream->avail_out = dest->size - dest->pos; | |
586 ses.keys->trans_zstream->next_out = | |
587 buf_getwriteptr(dest, ses.keys->trans_zstream->avail_out); | |
588 | |
589 result = deflate(ses.keys->trans_zstream, Z_SYNC_FLUSH); | |
590 | |
591 buf_setpos(src, endpos - ses.keys->trans_zstream->avail_in); | |
592 buf_setlen(dest, dest->size - ses.keys->trans_zstream->avail_out); | |
593 buf_setpos(dest, dest->len); | |
594 | |
595 if (result != Z_OK) { | |
596 dropbear_exit("zlib error"); | |
597 } | |
598 | |
599 if (ses.keys->trans_zstream->avail_in == 0) { | |
600 break; | |
601 } | |
602 | |
603 dropbear_assert(ses.keys->trans_zstream->avail_out == 0); | |
604 | |
605 /* the buffer has been filled, we must extend. This only happens in | |
606 * unusual circumstances where the data grows in size after deflate(), | |
607 * but it is possible */ | |
608 buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR); | |
609 | |
610 } | |
611 TRACE(("leave buf_compress")) | |
612 } | |
613 #endif |