version 1.253, 2017/05/03 21:08:09 |
version 1.254, 2017/05/07 23:12:57 |
|
|
} |
} |
/* |
/* |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
* blowfish, etc, so enforce a 1GB limit for small blocksizes. |
* so enforce a 1GB limit for small blocksizes. |
*/ |
*/ |
if (enc->block_size >= 16) |
if (enc->block_size >= 16) |
*max_blocks = (u_int64_t)1 << (enc->block_size*2); |
*max_blocks = (u_int64_t)1 << (enc->block_size*2); |
|
|
ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) |
ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) |
{ |
{ |
struct session_state *state = ssh->state; |
struct session_state *state = ssh->state; |
u_char *p; |
|
size_t slen, rlen; |
|
int r; |
int r; |
|
|
if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
|
|
(r = sshbuf_put_u64(m, state->p_read.bytes)) != 0) |
(r = sshbuf_put_u64(m, state->p_read.bytes)) != 0) |
return r; |
return r; |
|
|
slen = cipher_get_keycontext(state->send_context, NULL); |
|
rlen = cipher_get_keycontext(state->receive_context, NULL); |
|
if ((r = sshbuf_put_u32(m, slen)) != 0 || |
|
(r = sshbuf_reserve(m, slen, &p)) != 0) |
|
return r; |
|
if (cipher_get_keycontext(state->send_context, p) != (int)slen) |
|
return SSH_ERR_INTERNAL_ERROR; |
|
if ((r = sshbuf_put_u32(m, rlen)) != 0 || |
|
(r = sshbuf_reserve(m, rlen, &p)) != 0) |
|
return r; |
|
if (cipher_get_keycontext(state->receive_context, p) != (int)rlen) |
|
return SSH_ERR_INTERNAL_ERROR; |
|
if ((r = sshbuf_put_stringb(m, state->input)) != 0 || |
|
(r = sshbuf_put_stringb(m, state->output)) != 0) |
|
return r; |
|
|
|
return 0; |
return 0; |
} |
} |
|
|
|
|
ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) |
ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) |
{ |
{ |
struct session_state *state = ssh->state; |
struct session_state *state = ssh->state; |
const u_char *keyin, *keyout, *input, *output; |
const u_char *input, *output; |
size_t rlen, slen, ilen, olen; |
size_t ilen, olen; |
int r; |
int r; |
|
|
if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
|
|
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || |
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || |
(r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) |
(r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) |
return r; |
return r; |
|
|
if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 || |
|
(r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0) |
|
return r; |
|
if (cipher_get_keycontext(state->send_context, NULL) != (int)slen || |
|
cipher_get_keycontext(state->receive_context, NULL) != (int)rlen) |
|
return SSH_ERR_INVALID_FORMAT; |
|
cipher_set_keycontext(state->send_context, keyout); |
|
cipher_set_keycontext(state->receive_context, keyin); |
|
|
|
if ((r = ssh_packet_set_postauth(ssh)) != 0) |
if ((r = ssh_packet_set_postauth(ssh)) != 0) |
return r; |
return r; |