~ubuntu-branches/ubuntu/utopic/dropbear/utopic-proposed

Viewing changes to packet.c

Committer: Bazaar Package Importer
Author(s): Gerrit Pape, Matt Johnston, Gerrit Pape
Date: 2008-11-19 20:58:59 UTC
mfrom: (1.4.2 upstream)
mto: This revision was merged to the branch mainline in revision 11.
Revision ID: james.westby@ubuntu.com-20081119205859-dmeze0y6b16ia93v

Tags: 0.52-1

http://bugs.debian.org/495823

http://bugs.debian.org/495825

http://bugs.debian.org/465903

[ Matt Johnston ]
* New upstream release.
  * dbclient.1: mention optional 'command' argument (closes: #495823).

[ Gerrit Pape ]
* debian/diff/0001-dbclient.1-dbclient-uses-compression-if...diff:
  new; dbclient.1: dbclient uses compression if compiled with zlib
  support (thx Luca Capello, closes: #495825).
* debian/initramfs/*: new; cryptroot remote unlocking on boot feature
  (thx debian@x.ray.net).
* debian/rules: install debian/initramfs/* (thx debian@x.ray.net).
* debian/control: Suggests: udev (for cryptroot support, thx
  debian@x.ray.net).
* debian/dropbear.postinst: conditionally run update-initramfs -u
  (for cryptroot support, thx debian@x.ray.net. closes: #465903).
* debian/diff/0002-dropbearkey.8-mention-y-option-add-example.diff:
  new; mention -y option, add example (thx debian@x.ray.net).

files added:
debian/diff

debian/diff/0001-dbclient.1-dbclient-uses-compression-if-compiled-wit.diff

debian/diff/0002-dropbearkey.8-mention-y-option-add-example.diff

debian/initramfs

debian/initramfs/bottom-dropbear

debian/initramfs/dropbear-conf

debian/initramfs/dropbear-hook

debian/initramfs/premount-devpts

debian/initramfs/premount-dropbear

svr-authpubkeyoptions.c

sysoptions.h

files modified:
CHANGES

LICENSE

Makefile.in

_MTN/inodeprints

_MTN/revision

algo.h

auth.h

chansession.h

cli-auth.c

cli-authinteract.c

cli-chansession.c

cli-main.c

cli-runopts.c

cli-session.c

cli-tcpfwd.c

common-algo.c

common-channel.c

common-kex.c

common-session.c

dbclient.1

dbutil.c

dbutil.h

debian/changelog

debian/control

debian/dropbear.postinst

debian/rules

debug.h

dropbear.8

dropbearkey.8

genrsa.c

kex.h

keyimport.c

libtomcrypt/src/headers/tomcrypt_custom.h

loginrec.c

options.h

packet.c

process-packet.c

runopts.h

scp.c

session.h

svr-agentfwd.c

svr-auth.c

svr-authpubkey.c

svr-chansession.c

svr-main.c

svr-runopts.c

svr-session.c

svr-tcpfwd.c

svr-x11fwd.c

tcpfwd.h

Show diffs side-by-side

added added

removed removed

packet.c

len = writebuf->len - writebuf->pos;

dropbear_assert(len > 0);

/* Try to write as much as possible */

written = write(ses.sock, buf_getptr(writebuf, len), len);

written = write(ses.sock_out, buf_getptr(writebuf, len), len);

if (written < 0) {

if (errno == EINTR) {

}

ses.last_trx_packet_time = time(NULL);

ses.last_packet_time = time(NULL);

if (written == 0) {

122

123

* mightn't be any available (EAGAIN) */

123

124

dropbear_assert(ses.readbuf != NULL);

124

125

maxlen = ses.readbuf->len - ses.readbuf->pos;

125

len = read(ses.sock, buf_getptr(ses.readbuf, maxlen), maxlen);

126

len = read(ses.sock_in, buf_getptr(ses.readbuf, maxlen), maxlen);

126

127

128

if (len == 0) {

128

129

ses.remoteclosed();

171

172

maxlen = blocksize - ses.readbuf->pos;

172

173

174

/* read the rest of the packet if possible */

174

len = read(ses.sock, buf_getwriteptr(ses.readbuf, maxlen),

175

len = read(ses.sock_in, buf_getwriteptr(ses.readbuf, maxlen),

175

176

maxlen);

176

177

if (len == 0) {

177

178

ses.remoteclosed();

194

195

/* now we have the first block, need to get packet length, so we decrypt

195

196

* the first block (only need first 4 bytes) */

196

197

buf_setpos(ses.readbuf, 0);

197

if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {

198

/* copy it */

199

memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize),

200

buf_getptr(ses.readbuf, blocksize),

201

blocksize);

202

} else {

203

/* decrypt it */

204

if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),

205

buf_getwriteptr(ses.decryptreadbuf,blocksize),

206

blocksize,

207

&ses.keys->recv_symmetric_struct) != CRYPT_OK) {

208

dropbear_exit("error decrypting");

209

}

198

if (ses.keys->recv_crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize),

199

buf_getwriteptr(ses.decryptreadbuf,blocksize),

200

blocksize,

201

&ses.keys->recv_cipher_state) != CRYPT_OK) {

202

dropbear_exit("error decrypting");

210

203

}

211

204

buf_setlen(ses.decryptreadbuf, blocksize);

212

205

len = buf_getint(ses.decryptreadbuf) + 4 + macsize;

246

239

buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);

247

240

buf_setpos(ses.decryptreadbuf, blocksize);

248

241

249

/* decrypt if encryption is set, memcpy otherwise */

250

if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {

251

/* copy it */

252

len = ses.readbuf->len - macsize - blocksize;

253

memcpy(buf_getwriteptr(ses.decryptreadbuf, len),

254

buf_getptr(ses.readbuf, len), len);

255

} else {

256

/* decrypt */

257

while (ses.readbuf->pos < ses.readbuf->len - macsize) {

258

if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),

259

buf_getwriteptr(ses.decryptreadbuf, blocksize),

260

blocksize,

261

&ses.keys->recv_symmetric_struct) != CRYPT_OK) {

262

dropbear_exit("error decrypting");

263

}

264

buf_incrpos(ses.readbuf, blocksize);

265

buf_incrwritepos(ses.decryptreadbuf, blocksize);

242

/* decrypt it */

243

while (ses.readbuf->pos < ses.readbuf->len - macsize) {

244

if (ses.keys->recv_crypt_mode->decrypt(

245

buf_getptr(ses.readbuf, blocksize),

246

buf_getwriteptr(ses.decryptreadbuf, blocksize),

247

blocksize,

248

&ses.keys->recv_cipher_state) != CRYPT_OK) {

249

dropbear_exit("error decrypting");

266

250

}

251

buf_incrpos(ses.readbuf, blocksize);

252

buf_incrwritepos(ses.decryptreadbuf, blocksize);

267

253

}

268

254

269

255

/* check the hmac */

290

276

buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF);

291

277

292

278

#ifndef DISABLE_ZLIB

293

if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {

279

if (is_compress_recv()) {

294

280

/* decompress */

295

281

ses.payload = buf_decompress(ses.decryptreadbuf, len);

296

297

282

} else

298

283

#endif

299

284

{

469

454

buffer * writebuf; /* the packet which will go on the wire */

470

455

buffer * clearwritebuf; /* unencrypted, possibly compressed */

471

456

unsigned char type;

457

unsigned int clear_len;

472

458

473

459

type = ses.writepayload->data[0];

474

460

TRACE(("enter encrypt_packet()"))

488

474

/* Encrypted packet len is payload+5, then worst case is if we are 3 away

489

475

* from a blocksize multiple. In which case we need to pad to the

490

476

* multiple, then add another blocksize (or MIN_PACKET_LEN) */

491

clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3

477

clear_len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;

478

492

479

#ifndef DISABLE_ZLIB

493

+ ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/

480

clear_len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/

494

481

#endif

495

);

482

clearwritebuf = buf_new(clear_len);

496

483

buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);

497

484

buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);

498

485

500

487

501

488

#ifndef DISABLE_ZLIB

502

489

/* compression */

503

if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {

490

if (is_compress_trans()) {

504

491

buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len);

505

492

} else

506

493

#endif

543

530

* wire by writepacket() */

544

531

writebuf = buf_new(clearwritebuf->len + macsize);

545

532

546

if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {

547

/* copy it */

548

memcpy(buf_getwriteptr(writebuf, clearwritebuf->len),

549

buf_getptr(clearwritebuf, clearwritebuf->len),

550

clearwritebuf->len);

551

buf_incrwritepos(writebuf, clearwritebuf->len);

552

} else {

553

/* encrypt it */

554

while (clearwritebuf->pos < clearwritebuf->len) {

555

if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),

556

buf_getwriteptr(writebuf, blocksize),

557

blocksize,

558

&ses.keys->trans_symmetric_struct) != CRYPT_OK) {

559

dropbear_exit("error encrypting");

560

}

561

buf_incrpos(clearwritebuf, blocksize);

562

buf_incrwritepos(writebuf, blocksize);

533

/* encrypt it */

534

while (clearwritebuf->pos < clearwritebuf->len) {

535

if (ses.keys->trans_crypt_mode->encrypt(

536

buf_getptr(clearwritebuf, blocksize),

537

buf_getwriteptr(writebuf, blocksize),

538

blocksize,

539

&ses.keys->trans_cipher_state) != CRYPT_OK) {

540

dropbear_exit("error encrypting");

563

541

}

542

buf_incrpos(clearwritebuf, blocksize);

543

buf_incrwritepos(writebuf, blocksize);

564

544

}

565

545

566

546

/* now add a hmac and we're done */

Older »