diff options
author | djm <djm> | 2013-01-09 05:12:19 +0000 |
---|---|---|
committer | djm <djm> | 2013-01-09 05:12:19 +0000 |
commit | 82b625412d061b22aa4673d67f1f38c0ee43dcf2 (patch) | |
tree | 1771fa41b772caf5a2f8a7be4f366a755cc4680b /monitor_wrap.c | |
parent | 66c05ae302f3b0d4ba1617f78cd9b824688941fc (diff) | |
download | openssh-82b625412d061b22aa4673d67f1f38c0ee43dcf2.tar.gz |
- markus@cvs.openbsd.org 2013/01/08 18:49:04
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
[myproposal.h packet.c ssh_config.5 sshd_config.5]
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
ok and feedback djm@
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index c22d0a2a..ea654a73 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.74 2012/10/01 13:59:51 naddy Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -491,25 +491,24 @@ mm_newkeys_from_blob(u_char *blob, int blen) enc->enabled = buffer_get_int(&b); enc->block_size = buffer_get_int(&b); enc->key = buffer_get_string(&b, &enc->key_len); - enc->iv = buffer_get_string(&b, &len); - if (len != enc->block_size) - fatal("%s: bad ivlen: expected %u != %u", __func__, - enc->block_size, len); + enc->iv = buffer_get_string(&b, &enc->iv_len); if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) fatal("%s: bad cipher name %s or pointer %p", __func__, enc->name, enc->cipher); /* Mac structure */ - mac->name = buffer_get_string(&b, NULL); - if (mac->name == NULL || mac_setup(mac, mac->name) == -1) - fatal("%s: can not setup mac %s", __func__, mac->name); - mac->enabled = buffer_get_int(&b); - mac->key = buffer_get_string(&b, &len); - if (len > mac->key_len) - fatal("%s: bad mac key length: %u > %d", __func__, len, - mac->key_len); - mac->key_len = len; + if (cipher_authlen(enc->cipher) == 0) { + mac->name = buffer_get_string(&b, NULL); + if (mac->name == NULL || mac_setup(mac, mac->name) == -1) + fatal("%s: can not setup mac %s", __func__, mac->name); + mac->enabled = buffer_get_int(&b); + mac->key = buffer_get_string(&b, &len); + if (len > mac->key_len) + fatal("%s: bad mac key length: %u > %d", __func__, len, + mac->key_len); + mac->key_len = len; + } /* Comp structure */ comp->type = buffer_get_int(&b); @@ -551,13 +550,15 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) buffer_put_int(&b, enc->enabled); buffer_put_int(&b, enc->block_size); buffer_put_string(&b, enc->key, enc->key_len); - packet_get_keyiv(mode, enc->iv, enc->block_size); - buffer_put_string(&b, enc->iv, enc->block_size); + packet_get_keyiv(mode, enc->iv, enc->iv_len); + buffer_put_string(&b, enc->iv, enc->iv_len); /* Mac structure */ - buffer_put_cstring(&b, mac->name); - buffer_put_int(&b, mac->enabled); - buffer_put_string(&b, mac->key, mac->key_len); + if (cipher_authlen(enc->cipher) == 0) { + buffer_put_cstring(&b, mac->name); + buffer_put_int(&b, mac->enabled); + buffer_put_string(&b, mac->key, mac->key_len); + } /* Comp structure */ buffer_put_int(&b, comp->type); |