Commit 769b4cb0 authored by Niels Möller's avatar Niels Möller
Browse files

* src/transport.c (oop_write_ssh): Updated call to

transport_write_flush.
(transport_send_packet): Updated calls to transport_write_packet
and transport_write_flush.
(transport_send_kexinit): Updated to new make_kexinit interface.

* src/transport_write.c (make_ignore_packet): Deleted randomness
argument.
(transport_write_packet): Likewise.
(transport_write_flush): Likewise.

* src/transport_read.c (decode_packet): Use random_add, to mix the
received random padding into the pool.

* src/transport.h (class transport_context): Deleted randomness
attribute.

Rev: src/transport.c:1.12
Rev: src/transport.h:1.10
Rev: src/transport_read.c:1.8
Rev: src/transport_write.c:1.3
parent bc7b0d64
...@@ -553,7 +553,7 @@ oop_write_ssh(oop_source *source UNUSED, ...@@ -553,7 +553,7 @@ oop_write_ssh(oop_source *source UNUSED,
assert(event == OOP_WRITE); assert(event == OOP_WRITE);
assert(fd == connection->ssh_output); assert(fd == connection->ssh_output);
status = transport_write_flush(connection->writer, fd, connection->ctx->random); status = transport_write_flush(connection->writer, fd);
switch(status) switch(status)
{ {
default: default:
...@@ -647,10 +647,9 @@ transport_send_packet(struct transport_connection *connection, ...@@ -647,10 +647,9 @@ transport_send_packet(struct transport_connection *connection,
writer = connection->writer; writer = connection->writer;
if (packet) if (packet)
status = transport_write_packet(writer, connection->ssh_output, status = transport_write_packet(writer, connection->ssh_output,
flags, packet, connection->ctx->random); flags, packet);
else else
status = transport_write_flush(writer, connection->ssh_output, status = transport_write_flush(writer, connection->ssh_output);
connection->ctx->random);
switch (status) switch (status)
{ {
case TRANSPORT_WRITE_OVERFLOW: case TRANSPORT_WRITE_OVERFLOW:
...@@ -707,7 +706,7 @@ transport_send_kexinit(struct transport_connection *connection) ...@@ -707,7 +706,7 @@ transport_send_kexinit(struct transport_connection *connection)
/* This is a reexchange; no more data can be sent */ /* This is a reexchange; no more data can be sent */
connection->event_handler(connection, TRANSPORT_EVENT_STOP_APPLICATION); connection->event_handler(connection, TRANSPORT_EVENT_STOP_APPLICATION);
kex = MAKE_KEXINIT(connection->ctx->kexinit, connection->ctx->random); kex = connection->ctx->kexinit->make(connection->ctx->kexinit);
connection->kex.kexinit[is_server] = kex; connection->kex.kexinit[is_server] = kex;
assert(kex->first_kex_packet_follows == !!kex->first_kex_packet); assert(kex->first_kex_packet_follows == !!kex->first_kex_packet);
......
...@@ -151,7 +151,7 @@ make_transport_write_state(void); ...@@ -151,7 +151,7 @@ make_transport_write_state(void);
enum transport_write_status enum transport_write_status
transport_write_packet(struct transport_write_state *self, transport_write_packet(struct transport_write_state *self,
int fd, enum transport_write_flag flags, int fd, enum transport_write_flag flags,
struct lsh_string *packet, struct randomness *random); struct lsh_string *packet);
enum transport_write_status enum transport_write_status
transport_write_line(struct transport_write_state *self, transport_write_line(struct transport_write_state *self,
...@@ -168,7 +168,7 @@ transport_write_new_keys(struct transport_write_state *self, ...@@ -168,7 +168,7 @@ transport_write_new_keys(struct transport_write_state *self,
packet */ packet */
enum transport_write_status enum transport_write_status
transport_write_flush(struct transport_write_state *self, transport_write_flush(struct transport_write_state *self,
int fd, struct randomness *random); int fd);
/* Fixed state used by all connections. */ /* Fixed state used by all connections. */
/* GABA: /* GABA:
...@@ -176,7 +176,6 @@ transport_write_flush(struct transport_write_state *self, ...@@ -176,7 +176,6 @@ transport_write_flush(struct transport_write_state *self,
(name transport_context) (name transport_context)
(vars (vars
(is_server . int) (is_server . int)
(random object randomness)
(algorithms object alist) (algorithms object alist)
(kexinit object make_kexinit))) (kexinit object make_kexinit)))
*/ */
......
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include "compress.h" #include "compress.h"
#include "io.h" #include "io.h"
#include "lsh_string.h" #include "lsh_string.h"
#include "randomness.h"
#include "ssh.h" #include "ssh.h"
#include "werror.h" #include "werror.h"
#include "xalloc.h" #include "xalloc.h"
...@@ -192,7 +193,7 @@ decode_packet(struct transport_read_state *self, ...@@ -192,7 +193,7 @@ decode_packet(struct transport_read_state *self,
decrypt directly into the output buffer, avoiding an extra decrypt directly into the output buffer, avoiding an extra
copying at the end. copying at the end.
FIXME: But for simplixity, that's not yet implemented, we do FIXME: But for simplicity, that's not yet implemented, we do
everything in place and copy at the end. */ everything in place and copy at the end. */
if (self->crypto && crypt_left > 0) if (self->crypto && crypt_left > 0)
...@@ -221,6 +222,11 @@ decode_packet(struct transport_read_state *self, ...@@ -221,6 +222,11 @@ decode_packet(struct transport_read_state *self,
self->super.start += self->total_length; self->super.start += self->total_length;
self->super.length -= self->total_length; self->super.length -= self->total_length;
if (self->crypto)
random_add(RANDOM_SOURCE_REMOTE,
self->padding,
data + self->total_length - mac_size - self->padding);
/* Reset for next header */ /* Reset for next header */
self->total_length = 0; self->total_length = 0;
...@@ -233,7 +239,7 @@ decode_packet(struct transport_read_state *self, ...@@ -233,7 +239,7 @@ decode_packet(struct transport_read_state *self,
return SSH_READ_COMPLETE; return SSH_READ_COMPLETE;
} }
/* First reads the entire packet into the input_buffer, decrypting it /* First reads the entire packet into the input_buffer, decrypting it
in place. Next, reads the mac and verifies it. */ in place. Next, reads the mac and verifies it. */
enum ssh_read_status enum ssh_read_status
......
...@@ -181,20 +181,18 @@ write_flush(struct transport_write_state *self, int fd) ...@@ -181,20 +181,18 @@ write_flush(struct transport_write_state *self, int fd)
} }
static struct lsh_string * static struct lsh_string *
make_ignore_packet(struct transport_write_state *self, make_ignore_packet(struct transport_write_state *self, uint32_t length)
uint32_t length, struct randomness *random)
{ {
uint32_t pad_start; uint32_t pad_start;
struct lsh_string *packet; struct lsh_string *packet;
packet = ssh_format("%c%r", SSH_MSG_IGNORE, length, &pad_start); packet = ssh_format("%c%r", SSH_MSG_IGNORE, length, &pad_start);
lsh_string_write_random(packet, pad_start, random, length); lsh_string_write_random(packet, pad_start, length);
packet = encrypt_packet(packet, packet = encrypt_packet(packet,
self->deflate, self->deflate,
self->crypto, self->crypto,
self->mac, self->mac,
random,
self->seqno++); self->seqno++);
return packet; return packet;
...@@ -207,7 +205,7 @@ make_ignore_packet(struct transport_write_state *self, ...@@ -207,7 +205,7 @@ make_ignore_packet(struct transport_write_state *self,
enum transport_write_status enum transport_write_status
transport_write_packet(struct transport_write_state *self, transport_write_packet(struct transport_write_state *self,
int fd, enum transport_write_flag flags, int fd, enum transport_write_flag flags,
struct lsh_string *packet, struct randomness *random) struct lsh_string *packet)
{ {
uint32_t length; uint32_t length;
uint8_t msg; uint8_t msg;
...@@ -229,7 +227,6 @@ transport_write_packet(struct transport_write_state *self, ...@@ -229,7 +227,6 @@ transport_write_packet(struct transport_write_state *self,
self->deflate, self->deflate,
self->crypto, self->crypto,
self->mac, self->mac,
random,
self->seqno++); self->seqno++);
length = lsh_string_length(packet); length = lsh_string_length(packet);
...@@ -243,7 +240,7 @@ transport_write_packet(struct transport_write_state *self, ...@@ -243,7 +240,7 @@ transport_write_packet(struct transport_write_state *self,
if (status < 0) if (status < 0)
return status; return status;
packet = make_ignore_packet(self, TRANSPORT_PADDING_SIZE, random); packet = make_ignore_packet(self, TRANSPORT_PADDING_SIZE);
flags |= TRANSPORT_WRITE_FLAG_IGNORE; flags |= TRANSPORT_WRITE_FLAG_IGNORE;
} }
...@@ -266,8 +263,7 @@ transport_write_line(struct transport_write_state *self, ...@@ -266,8 +263,7 @@ transport_write_line(struct transport_write_state *self,
} }
enum transport_write_status enum transport_write_status
transport_write_flush(struct transport_write_state *self, transport_write_flush(struct transport_write_state *self, int fd)
int fd, struct randomness *random)
{ {
if (!self->ignore && self->crypto if (!self->ignore && self->crypto
&& self->super.length < self->threshold) && self->super.length < self->threshold)
...@@ -275,7 +271,7 @@ transport_write_flush(struct transport_write_state *self, ...@@ -275,7 +271,7 @@ transport_write_flush(struct transport_write_state *self,
enum transport_write_status status; enum transport_write_status status;
struct lsh_string *packet; struct lsh_string *packet;
packet = make_ignore_packet(self, TRANSPORT_PADDING_SIZE, random); packet = make_ignore_packet(self, TRANSPORT_PADDING_SIZE);
status = write_data(self, fd, TRANSPORT_WRITE_FLAG_IGNORE, STRING_LD(packet)); status = write_data(self, fd, TRANSPORT_WRITE_FLAG_IGNORE, STRING_LD(packet));
lsh_string_free(packet); lsh_string_free(packet);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment