From 755a16fa864cacbbd9fbefc822011b6741351d8d Mon Sep 17 00:00:00 2001 From: des Date: Sat, 3 Sep 2005 06:59:33 +0000 Subject: Vendor import of OpenSSH 4.2p1. --- crypto/openssh/packet.c | 63 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 5 deletions(-) (limited to 'crypto/openssh/packet.c') diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 7c150fd..70e0110 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -116,6 +116,12 @@ static int initialized = 0; /* Set to true if the connection is interactive. */ static int interactive_mode = 0; +/* Set to true if we are the server side. */ +static int server_side = 0; + +/* Set to true if we are authenticated. */ +static int after_authentication = 0; + /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; static struct packet_state { @@ -624,7 +630,9 @@ set_newkeys(int mode) /* Deleting the keys does not gain extra security */ /* memset(enc->iv, 0, enc->block_size); memset(enc->key, 0, enc->key_len); */ - if (comp->type != 0 && comp->enabled == 0) { + if ((comp->type == COMP_ZLIB || + (comp->type == COMP_DELAYED && after_authentication)) && + comp->enabled == 0) { packet_init_compression(); if (mode == MODE_OUT) buffer_compress_init_send(6); @@ -645,6 +653,35 @@ set_newkeys(int mode) } /* + * Delayed compression for SSH2 is enabled after authentication: + * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, + * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. + */ +static void +packet_enable_delayed_compress(void) +{ + Comp *comp = NULL; + int mode; + + /* + * Remember that we are past the authentication step, so rekeying + * with COMP_DELAYED will turn on compression immediately. + */ + after_authentication = 1; + for (mode = 0; mode < MODE_MAX; mode++) { + comp = &newkeys[mode]->comp; + if (comp && !comp->enabled && comp->type == COMP_DELAYED) { + packet_init_compression(); + if (mode == MODE_OUT) + buffer_compress_init_send(6); + else + buffer_compress_init_recv(); + comp->enabled = 1; + } + } +} + +/* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ static void @@ -757,6 +794,8 @@ packet_send2_wrapped(void) if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_OUT); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) + packet_enable_delayed_compress(); } static void @@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p) static u_int packet_length = 0; u_int padlen, need; u_char *macbuf, *cp, type; - int maclen, block_size; + u_int maclen, block_size; Enc *enc = NULL; Mac *mac = NULL; Comp *comp = NULL; @@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p) packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) + packet_enable_delayed_compress(); #ifdef PACKET_DEBUG fprintf(stderr, "read/plain[%d]:\r\n", type); buffer_dump(&incoming_packet); @@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value) } void * -packet_get_raw(int *length_ptr) +packet_get_raw(u_int *length_ptr) { - int bytes = buffer_len(&incoming_packet); + u_int bytes = buffer_len(&incoming_packet); if (length_ptr != NULL) *length_ptr = bytes; @@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes) { rekey_limit = bytes; } + +void +packet_set_server(void) +{ + server_side = 1; +} + +void +packet_set_authenticated(void) +{ + after_authentication = 1; +} -- cgit v1.1