diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-11-07 16:03:18 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-11-07 16:03:18 +0000 |
| commit | b06e3b70d85e587ac39299487ff576a5f59bd64a (patch) | |
| tree | 0f6b815d9538f62f34a0a7b6f90e5ed599790beb /usr.bin | |
| parent | e4ded0b9249c7b51674ca06e2ee311efc1e8598a (diff) | |
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/packet.c | 60 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 6 |
3 files changed, 28 insertions, 42 deletions
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 5887d87fe1c..21938bc4145 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.70 2001/09/27 11:59:37 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.71 2001/11/07 16:03:17 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -115,6 +115,9 @@ static int interactive_mode = 0; /* Session key information for Encryption and MAC */ Newkeys *newkeys[MODE_MAX]; +/* roundup current message to extra_pad bytes */ +static u_char extra_pad = 0; + /* * Sets the descriptors used for communication. Disables encryption until * packet_set_encryption_key is called. @@ -485,9 +488,10 @@ packet_send2(void) { static u_int32_t seqnr = 0; u_char type, *ucp, *macbuf = NULL; + u_char padlen, pad; char *cp; u_int packet_length = 0; - u_int i, padlen, len; + u_int i, len; u_int32_t rand = 0; Enc *enc = NULL; Mac *mac = NULL; @@ -533,6 +537,15 @@ packet_send2(void) padlen = block_size - (len % block_size); if (padlen < 4) padlen += block_size; + if (extra_pad) { + /* will wrap if extra_pad+padlen > 255 */ + extra_pad = roundup(extra_pad, block_size); + pad = extra_pad - ((len + padlen) % extra_pad); + debug("packet_send2: adding %d (len %d padlen %d extra_pad %d)", + pad, len, padlen, extra_pad); + padlen += pad; + extra_pad = 0; + } buffer_append_space(&outgoing_packet, &cp, padlen); if (enc && enc->cipher->number != SSH_CIPHER_NONE) { /* random padding */ @@ -1109,6 +1122,7 @@ packet_write_poll() else fatal("Write failed: %.100s", strerror(errno)); } +debug("packet_write_poll: sent %d bytes", len); buffer_consume(&output, len); } } @@ -1232,6 +1246,13 @@ packet_set_maxsize(int s) return s; } +/* roundup current message to pad bytes */ +void +packet_add_padding(u_char pad) +{ + extra_pad = pad; +} + /* * 9.2. Ignored Data Message * @@ -1243,41 +1264,6 @@ packet_set_maxsize(int s) * required to send them. This message can be used as an additional * protection measure against advanced traffic analysis techniques. */ -/* size of current + ignore message should be n*sumlen bytes (w/o mac) */ -void -packet_inject_ignore(int sumlen) -{ - int blocksize, padlen, have, need, nb, mini, nbytes; - Enc *enc = NULL; - - if (compat20 == 0) - return; - - have = buffer_len(&outgoing_packet); - debug2("packet_inject_ignore: current %d", have); - if (newkeys[MODE_OUT] != NULL) - enc = &newkeys[MODE_OUT]->enc; - blocksize = enc ? enc->cipher->block_size : 8; - padlen = blocksize - (have % blocksize); - if (padlen < 4) - padlen += blocksize; - have += padlen; - have /= blocksize; /* # of blocks for current message */ - - nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */ - mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */ - need = nb - (have % nb); /* blocks for ignore */ - if (need <= mini) - need += nb; - nbytes = (need - mini) * blocksize; /* size of ignore payload */ - debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d", - blocksize, have, nb, mini, need); - - /* enqueue current message and append a ignore message */ - packet_send(); - packet_send_ignore(nbytes); -} - void packet_send_ignore(int nbytes) { diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h index ffae736d647..d5473001c50 100644 --- a/usr.bin/ssh/packet.h +++ b/usr.bin/ssh/packet.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.25 2001/06/26 17:27:24 markus Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.26 2001/11/07 16:03:17 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -63,7 +63,7 @@ int packet_connection_is_on_socket(void); int packet_connection_is_ipv4(void); int packet_remaining(void); void packet_send_ignore(int); -void packet_inject_ignore(int); +void packet_add_padding(u_char); void tty_make_modes(int, struct termios *); void tty_parse_modes(int, int *); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 66dccf600a7..310788538a2 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.85 2001/11/07 16:03:17 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -460,7 +460,7 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(password); memset(password, 0, strlen(password)); xfree(password); - packet_inject_ignore(64); + packet_add_padding(64); packet_send(); return 1; } @@ -817,7 +817,7 @@ input_userauth_info_req(int type, int plen, void *ctxt) } packet_done(); /* done with parsing incoming message. */ - packet_inject_ignore(64); + packet_add_padding(64); packet_send(); } |