# HG changeset patch # User Matt Johnston # Date 1235570642 0 # Node ID 378a6389f88ef7aa9b5de47a54244c0d7b82430c # Parent cc2dff9bd6715b54661221ed3726e66437fbd793 - Don't be dumb and encrypt/decrypt in a while() loop - why did I do this?? diff -r cc2dff9bd671 -r 378a6389f88e packet.c --- a/packet.c Tue Nov 18 12:53:39 2008 +0000 +++ b/packet.c Wed Feb 25 14:04:02 2009 +0000 @@ -240,17 +240,16 @@ buf_setpos(ses.decryptreadbuf, blocksize); /* decrypt it */ - while (ses.readbuf->pos < ses.readbuf->len - macsize) { - if (ses.keys->recv_crypt_mode->decrypt( - buf_getptr(ses.readbuf, blocksize), - buf_getwriteptr(ses.decryptreadbuf, blocksize), - blocksize, - &ses.keys->recv_cipher_state) != CRYPT_OK) { - dropbear_exit("error decrypting"); - } - buf_incrpos(ses.readbuf, blocksize); - buf_incrwritepos(ses.decryptreadbuf, blocksize); + len = ses.readbuf->len - macsize - ses.readbuf->pos; + if (ses.keys->recv_crypt_mode->decrypt( + buf_getptr(ses.readbuf, len), + buf_getwriteptr(ses.decryptreadbuf, len), + len, + &ses.keys->recv_cipher_state) != CRYPT_OK) { + dropbear_exit("error decrypting"); } + buf_incrpos(ses.readbuf, len); + buf_incrwritepos(ses.decryptreadbuf, len); /* check the hmac */ buf_setpos(ses.readbuf, ses.readbuf->len - macsize); @@ -454,7 +453,7 @@ buffer * writebuf; /* the packet which will go on the wire */ buffer * clearwritebuf; /* unencrypted, possibly compressed */ unsigned char type; - unsigned int clear_len; + unsigned int len; type = ses.writepayload->data[0]; TRACE(("enter encrypt_packet()")) @@ -474,12 +473,12 @@ /* Encrypted packet len is payload+5, then worst case is if we are 3 away * from a blocksize multiple. In which case we need to pad to the * multiple, then add another blocksize (or MIN_PACKET_LEN) */ - clear_len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3; + len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3; #ifndef DISABLE_ZLIB - clear_len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/ + len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/ #endif - clearwritebuf = buf_new(clear_len); + clearwritebuf = buf_new(len); buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF); buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF); @@ -531,17 +530,16 @@ writebuf = buf_new(clearwritebuf->len + macsize); /* encrypt it */ - while (clearwritebuf->pos < clearwritebuf->len) { - if (ses.keys->trans_crypt_mode->encrypt( - buf_getptr(clearwritebuf, blocksize), - buf_getwriteptr(writebuf, blocksize), - blocksize, - &ses.keys->trans_cipher_state) != CRYPT_OK) { - dropbear_exit("error encrypting"); - } - buf_incrpos(clearwritebuf, blocksize); - buf_incrwritepos(writebuf, blocksize); + len = clearwritebuf->len; + if (ses.keys->trans_crypt_mode->encrypt( + buf_getptr(clearwritebuf, len), + buf_getwriteptr(writebuf, len), + len, + &ses.keys->trans_cipher_state) != CRYPT_OK) { + dropbear_exit("error encrypting"); } + buf_incrpos(clearwritebuf, len); + buf_incrwritepos(writebuf, len); /* now add a hmac and we're done */ writemac(writebuf, clearwritebuf);