Coverage Report

Created: 2024-06-18 06:24

/src/hpn-ssh/packet.c
Line
Count
Source (jump to first uncovered line)
1
/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */
2
/*
3
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5
 *                    All rights reserved
6
 * This file contains code implementing the packet protocol and communication
7
 * with the other side.  This same code is used both on client and server side.
8
 *
9
 * As far as I am concerned, the code I have written for this software
10
 * can be used freely for any purpose.  Any derived versions of this
11
 * software must be clearly marked as such, and if the derived work is
12
 * incompatible with the protocol description in the RFC file, it must be
13
 * called by a name other than "ssh" or "Secure Shell".
14
 *
15
 *
16
 * SSH2 packet format added by Markus Friedl.
17
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
18
 *
19
 * Redistribution and use in source and binary forms, with or without
20
 * modification, are permitted provided that the following conditions
21
 * are met:
22
 * 1. Redistributions of source code must retain the above copyright
23
 *    notice, this list of conditions and the following disclaimer.
24
 * 2. Redistributions in binary form must reproduce the above copyright
25
 *    notice, this list of conditions and the following disclaimer in the
26
 *    documentation and/or other materials provided with the distribution.
27
 *
28
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
29
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
30
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
31
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
32
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
33
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38
 */
39
40
#include "includes.h"
41
42
#include <sys/types.h>
43
#include "openbsd-compat/sys-queue.h"
44
#include <sys/socket.h>
45
#ifdef HAVE_SYS_TIME_H
46
# include <sys/time.h>
47
#endif
48
49
#include <netinet/in.h>
50
#include <netinet/ip.h>
51
#include <arpa/inet.h>
52
53
#include <errno.h>
54
#include <netdb.h>
55
#include <stdarg.h>
56
#include <stdio.h>
57
#include <stdlib.h>
58
#include <string.h>
59
#include <unistd.h>
60
#include <limits.h>
61
#ifdef HAVE_POLL_H
62
#include <poll.h>
63
#endif
64
#include <signal.h>
65
#include <time.h>
66
#ifdef HAVE_UTIL_H
67
# include <util.h>
68
#endif
69
70
/*
71
 * Explicitly include OpenSSL before zlib as some versions of OpenSSL have
72
 * "free_func" in their headers, which zlib typedefs.
73
 */
74
#ifdef WITH_OPENSSL
75
# include <openssl/bn.h>
76
# include <openssl/evp.h>
77
# ifdef OPENSSL_HAS_ECC
78
#  include <openssl/ec.h>
79
# endif
80
#endif
81
82
#ifdef WITH_ZLIB
83
#include <zlib.h>
84
#endif
85
86
#include "xmalloc.h"
87
#include "compat.h"
88
#include "ssh2.h"
89
#include "cipher.h"
90
#include "sshkey.h"
91
#include "kex.h"
92
#include "digest.h"
93
#include "mac.h"
94
#include "log.h"
95
#include "canohost.h"
96
#include "misc.h"
97
#include "channels.h"
98
#include "ssh.h"
99
#include "packet.h"
100
#include "ssherr.h"
101
#include "sshbuf.h"
102
103
#ifdef PACKET_DEBUG
104
#define DBG(x) x
105
#else
106
#define DBG(x)
107
#endif
108
109
/* OpenSSH usings 256KB packet size max but that consumes a
110
 * lot of memory with the buffers we are using. However, we need
111
 * a large packet size if the banner that's being sent is large.
112
 * So we need a 256KB packet pre authentication and a smaller one
113
 * in this case SSH_IOBUFSZ + 1KB, afterwards. So we change
114
 * PACKET_MAX_SIZE from a #define to a global. Then, in the function
115
 * ssh_packet_set_authentcated we reduce the size to something
116
 * more memory efficient. -cjr 04/07/23
117
 */
118
u_int packet_max_size = 256 * 1024;
119
120
/* global to support forced rekeying */
121
int rekey_requested = 0;
122
123
124
struct packet_state {
125
  u_int32_t seqnr;
126
  u_int32_t packets;
127
  u_int64_t blocks;
128
  u_int64_t bytes;
129
};
130
131
struct packet {
132
  TAILQ_ENTRY(packet) next;
133
  u_char type;
134
  struct sshbuf *payload;
135
};
136
137
struct session_state {
138
  /*
139
   * This variable contains the file descriptors used for
140
   * communicating with the other side.  connection_in is used for
141
   * reading; connection_out for writing.  These can be the same
142
   * descriptor, in which case it is assumed to be a socket.
143
   */
144
  int connection_in;
145
  int connection_out;
146
147
  /* Protocol flags for the remote side. */
148
  u_int remote_protocol_flags;
149
150
  /* Encryption context for receiving data.  Only used for decryption. */
151
  struct sshcipher_ctx *receive_context;
152
153
  /* Encryption context for sending data.  Only used for encryption. */
154
  struct sshcipher_ctx *send_context;
155
156
  /* Buffer for raw input data from the socket. */
157
  struct sshbuf *input;
158
159
  /* Buffer for raw output data going to the socket. */
160
  struct sshbuf *output;
161
162
  /* Buffer for the partial outgoing packet being constructed. */
163
  struct sshbuf *outgoing_packet;
164
165
  /* Buffer for the incoming packet currently being processed. */
166
  struct sshbuf *incoming_packet;
167
168
  /* Scratch buffer for packet compression/decompression. */
169
  struct sshbuf *compression_buffer;
170
171
#ifdef WITH_ZLIB
172
  /* Incoming/outgoing compression dictionaries */
173
  z_stream compression_in_stream;
174
  z_stream compression_out_stream;
175
#endif
176
  int compression_in_started;
177
  int compression_out_started;
178
  int compression_in_failures;
179
  int compression_out_failures;
180
181
  /* default maximum packet size */
182
  u_int max_packet_size;
183
184
  /* Flag indicating whether this module has been initialized. */
185
  int initialized;
186
187
  /* Set to true if the connection is interactive. */
188
  int interactive_mode;
189
190
  /* Set to true if we are the server side. */
191
  int server_side;
192
193
  /* Set to true if we are authenticated. */
194
  int after_authentication;
195
196
  int keep_alive_timeouts;
197
198
  /* The maximum time that we will wait to send or receive a packet */
199
  int packet_timeout_ms;
200
201
  /* Session key information for Encryption and MAC */
202
  struct newkeys *newkeys[MODE_MAX];
203
  struct packet_state p_read, p_send;
204
205
  /* Volume-based rekeying */
206
  u_int64_t max_blocks_in, max_blocks_out, rekey_limit;
207
208
  /* Time-based rekeying */
209
  u_int32_t rekey_interval; /* how often in seconds */
210
  time_t rekey_time;  /* time of last rekeying */
211
212
  /* roundup current message to extra_pad bytes */
213
  u_char extra_pad;
214
215
  /* XXX discard incoming data after MAC error */
216
  u_int packet_discard;
217
  size_t packet_discard_mac_already;
218
  struct sshmac *packet_discard_mac;
219
220
  /* Used in packet_read_poll2() */
221
  u_int packlen;
222
223
  /* Used in packet_send2 */
224
  int rekeying;
225
226
  /* Used in ssh_packet_send_mux() */
227
  int mux;
228
229
  /* Used in packet_set_interactive */
230
  int set_interactive_called;
231
232
  /* Used in packet_set_maxsize */
233
  int set_maxsize_called;
234
235
  /* One-off warning about weak ciphers */
236
  int cipher_warning_done;
237
238
  /* Hook for fuzzing inbound packets */
239
  ssh_packet_hook_fn *hook_in;
240
  void *hook_in_ctx;
241
242
  TAILQ_HEAD(, packet) outgoing;
243
};
244
245
struct ssh *
246
ssh_alloc_session_state(void)
247
70.0k
{
248
70.0k
  struct ssh *ssh = NULL;
249
70.0k
  struct session_state *state = NULL;
250
251
70.0k
  if ((ssh = calloc(1, sizeof(*ssh))) == NULL ||
252
70.0k
      (state = calloc(1, sizeof(*state))) == NULL ||
253
70.0k
      (ssh->kex = kex_new()) == NULL ||
254
70.0k
      (state->input = sshbuf_new()) == NULL ||
255
70.0k
      (state->output = sshbuf_new()) == NULL ||
256
70.0k
      (state->outgoing_packet = sshbuf_new()) == NULL ||
257
70.0k
      (state->incoming_packet = sshbuf_new()) == NULL)
258
0
    goto fail;
259
  /* these buffers are important in terms of tracking buffer usage
260
   * so we explicitly label and type them with descriptive names */
261
70.0k
  sshbuf_relabel(state->input, "input");
262
70.0k
  sshbuf_type(state->input, BUF_PACKET_INPUT);
263
70.0k
  sshbuf_relabel(state->incoming_packet, "inpacket");
264
70.0k
  sshbuf_type(state->incoming_packet, BUF_PACKET_INCOMING);
265
70.0k
  sshbuf_relabel(state->output, "output");
266
70.0k
  sshbuf_type(state->output, BUF_PACKET_OUTPUT);
267
70.0k
  sshbuf_relabel(state->outgoing_packet, "outpacket");
268
70.0k
  sshbuf_type(state->outgoing_packet, BUF_PACKET_OUTGOING);
269
270
70.0k
  TAILQ_INIT(&state->outgoing);
271
70.0k
  TAILQ_INIT(&ssh->private_keys);
272
70.0k
  TAILQ_INIT(&ssh->public_keys);
273
70.0k
  state->connection_in = -1;
274
70.0k
  state->connection_out = -1;
275
70.0k
  state->max_packet_size = CHAN_SES_PACKET_DEFAULT;
276
70.0k
  state->packet_timeout_ms = -1;
277
70.0k
  state->p_send.packets = state->p_read.packets = 0;
278
70.0k
  state->initialized = 1;
279
  /*
280
   * ssh_packet_send2() needs to queue packets until
281
   * we've done the initial key exchange.
282
   */
283
70.0k
  state->rekeying = 1;
284
70.0k
  ssh->state = state;
285
70.0k
  return ssh;
286
0
 fail:
287
0
  if (ssh) {
288
0
    kex_free(ssh->kex);
289
0
    free(ssh);
290
0
  }
291
0
  if (state) {
292
0
    sshbuf_free(state->input);
293
0
    sshbuf_free(state->output);
294
0
    sshbuf_free(state->incoming_packet);
295
0
    sshbuf_free(state->outgoing_packet);
296
0
    free(state);
297
0
  }
298
0
  return NULL;
299
70.0k
}
300
301
void
302
ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx)
303
0
{
304
0
  ssh->state->hook_in = hook;
305
0
  ssh->state->hook_in_ctx = ctx;
306
0
}
307
308
/* Returns nonzero if rekeying is in progress */
309
int
310
ssh_packet_is_rekeying(struct ssh *ssh)
311
0
{
312
0
  return ssh->state->rekeying ||
313
0
      (ssh->kex != NULL && ssh->kex->done == 0);
314
0
}
315
316
/*
317
 * Sets the descriptors used for communication.
318
 */
319
struct ssh *
320
ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
321
70.0k
{
322
70.0k
  struct session_state *state;
323
70.0k
  struct sshcipher *none = cipher_by_name("none");
324
70.0k
  int r;
325
326
70.0k
  if (none == NULL) {
327
0
    error_f("cannot load cipher 'none'");
328
0
    return NULL;
329
0
  }
330
70.0k
  if (ssh == NULL)
331
70.0k
    ssh = ssh_alloc_session_state();
332
70.0k
  if (ssh == NULL) {
333
0
    error_f("could not allocate state");
334
0
    return NULL;
335
0
  }
336
70.0k
  state = ssh->state;
337
70.0k
  state->connection_in = fd_in;
338
70.0k
  state->connection_out = fd_out;
339
70.0k
  if ((r = cipher_init(&state->send_context, none, (const u_char *)"", 0,
340
70.0k
      NULL, 0, 0, CIPHER_ENCRYPT, state->after_authentication)) != 0 ||
341
70.0k
      (r = cipher_init(&state->receive_context, none, (const u_char *)"",
342
70.0k
      0, NULL, 0, 0, CIPHER_DECRYPT, state->after_authentication)) != 0) {
343
0
    error_fr(r, "cipher_init failed");
344
0
    free(ssh); /* XXX need ssh_free_session_state? */
345
0
    return NULL;
346
0
  }
347
70.0k
  state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
348
  /*
349
   * Cache the IP address of the remote connection for use in error
350
   * messages that might be generated after the connection has closed.
351
   */
352
70.0k
  (void)ssh_remote_ipaddr(ssh);
353
70.0k
  return ssh;
354
70.0k
}
355
356
void
357
ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count)
358
0
{
359
0
  struct session_state *state = ssh->state;
360
361
0
  if (timeout <= 0 || count <= 0) {
362
0
    state->packet_timeout_ms = -1;
363
0
    return;
364
0
  }
365
0
  if ((INT_MAX / 1000) / count < timeout)
366
0
    state->packet_timeout_ms = INT_MAX;
367
0
  else
368
0
    state->packet_timeout_ms = timeout * count * 1000;
369
0
}
370
371
void
372
ssh_packet_set_mux(struct ssh *ssh)
373
0
{
374
0
  ssh->state->mux = 1;
375
0
  ssh->state->rekeying = 0;
376
0
  kex_free(ssh->kex);
377
0
  ssh->kex = NULL;
378
0
}
379
380
int
381
ssh_packet_get_mux(struct ssh *ssh)
382
0
{
383
0
  return ssh->state->mux;
384
0
}
385
386
int
387
ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)
388
0
{
389
0
  va_list args;
390
0
  int r;
391
392
0
  free(ssh->log_preamble);
393
0
  if (fmt == NULL)
394
0
    ssh->log_preamble = NULL;
395
0
  else {
396
0
    va_start(args, fmt);
397
0
    r = vasprintf(&ssh->log_preamble, fmt, args);
398
0
    va_end(args);
399
0
    if (r < 0 || ssh->log_preamble == NULL)
400
0
      return SSH_ERR_ALLOC_FAIL;
401
0
  }
402
0
  return 0;
403
0
}
404
405
int
406
ssh_packet_stop_discard(struct ssh *ssh)
407
0
{
408
0
  struct session_state *state = ssh->state;
409
0
  int r;
410
411
0
  if (state->packet_discard_mac) {
412
0
    char buf[1024];
413
0
    size_t dlen = packet_max_size;
414
415
0
    if (dlen > state->packet_discard_mac_already)
416
0
      dlen -= state->packet_discard_mac_already;
417
0
    memset(buf, 'a', sizeof(buf));
418
0
    while (sshbuf_len(state->incoming_packet) < dlen)
419
0
      if ((r = sshbuf_put(state->incoming_packet, buf,
420
0
          sizeof(buf))) != 0)
421
0
        return r;
422
0
    (void) mac_compute(state->packet_discard_mac,
423
0
        state->p_read.seqnr,
424
0
        sshbuf_ptr(state->incoming_packet), dlen,
425
0
        NULL, 0);
426
0
  }
427
0
  logit("Finished discarding for %.200s port %d",
428
0
      ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
429
0
  return SSH_ERR_MAC_INVALID;
430
0
}
431
432
static int
433
ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc,
434
    struct sshmac *mac, size_t mac_already, u_int discard)
435
9.26k
{
436
9.26k
  struct session_state *state = ssh->state;
437
9.26k
  int r;
438
439
9.26k
  if (enc == NULL || !cipher_is_cbc(enc->cipher) || (mac && mac->etm)) {
440
9.26k
    if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
441
0
      return r;
442
9.26k
    return SSH_ERR_MAC_INVALID;
443
9.26k
  }
444
  /*
445
   * Record number of bytes over which the mac has already
446
   * been computed in order to minimize timing attacks.
447
   */
448
0
  if (mac && mac->enabled) {
449
0
    state->packet_discard_mac = mac;
450
0
    state->packet_discard_mac_already = mac_already;
451
0
  }
452
0
  if (sshbuf_len(state->input) >= discard)
453
0
    return ssh_packet_stop_discard(ssh);
454
0
  state->packet_discard = discard - sshbuf_len(state->input);
455
0
  return 0;
456
0
}
457
458
/* Returns 1 if remote host is connected via socket, 0 if not. */
459
460
int
461
ssh_packet_connection_is_on_socket(struct ssh *ssh)
462
70.0k
{
463
70.0k
  struct session_state *state;
464
70.0k
  struct sockaddr_storage from, to;
465
70.0k
  socklen_t fromlen, tolen;
466
467
70.0k
  if (ssh == NULL || ssh->state == NULL)
468
0
    return 0;
469
470
70.0k
  state = ssh->state;
471
70.0k
  if (state->connection_in == -1 || state->connection_out == -1)
472
70.0k
    return 0;
473
  /* filedescriptors in and out are the same, so it's a socket */
474
0
  if (state->connection_in == state->connection_out)
475
0
    return 1;
476
0
  fromlen = sizeof(from);
477
0
  memset(&from, 0, sizeof(from));
478
0
  if (getpeername(state->connection_in, (struct sockaddr *)&from,
479
0
      &fromlen) == -1)
480
0
    return 0;
481
0
  tolen = sizeof(to);
482
0
  memset(&to, 0, sizeof(to));
483
0
  if (getpeername(state->connection_out, (struct sockaddr *)&to,
484
0
      &tolen) == -1)
485
0
    return 0;
486
0
  if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
487
0
    return 0;
488
0
  if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
489
0
    return 0;
490
0
  return 1;
491
0
}
492
493
void
494
ssh_packet_get_bytes(struct ssh *ssh, u_int64_t *ibytes, u_int64_t *obytes)
495
0
{
496
0
  if (ibytes)
497
0
    *ibytes = ssh->state->p_read.bytes;
498
0
  if (obytes)
499
0
    *obytes = ssh->state->p_send.bytes;
500
0
}
501
502
int
503
ssh_packet_connection_af(struct ssh *ssh)
504
0
{
505
0
  return get_sock_af(ssh->state->connection_out);
506
0
}
507
508
/* Sets the connection into non-blocking mode. */
509
510
void
511
ssh_packet_set_nonblocking(struct ssh *ssh)
512
0
{
513
  /* Set the socket into non-blocking mode. */
514
0
  set_nonblock(ssh->state->connection_in);
515
516
0
  if (ssh->state->connection_out != ssh->state->connection_in)
517
0
    set_nonblock(ssh->state->connection_out);
518
0
}
519
520
/* Returns the socket used for reading. */
521
522
int
523
ssh_packet_get_connection_in(struct ssh *ssh)
524
0
{
525
0
  return ssh->state->connection_in;
526
0
}
527
528
/* Returns the descriptor used for writing. */
529
530
int
531
ssh_packet_get_connection_out(struct ssh *ssh)
532
0
{
533
0
  return ssh->state->connection_out;
534
0
}
535
536
/*
537
 * Returns the IP-address of the remote host as a string.  The returned
538
 * string must not be freed.
539
 */
540
541
const char *
542
ssh_remote_ipaddr(struct ssh *ssh)
543
70.0k
{
544
70.0k
  int sock;
545
546
  /* Check whether we have cached the ipaddr. */
547
70.0k
  if (ssh->remote_ipaddr == NULL) {
548
70.0k
    if (ssh_packet_connection_is_on_socket(ssh)) {
549
0
      sock = ssh->state->connection_in;
550
0
      ssh->remote_ipaddr = get_peer_ipaddr(sock);
551
0
      ssh->remote_port = get_peer_port(sock);
552
0
      ssh->local_ipaddr = get_local_ipaddr(sock);
553
0
      ssh->local_port = get_local_port(sock);
554
70.0k
    } else {
555
70.0k
      ssh->remote_ipaddr = xstrdup("UNKNOWN");
556
70.0k
      ssh->remote_port = 65535;
557
70.0k
      ssh->local_ipaddr = xstrdup("UNKNOWN");
558
70.0k
      ssh->local_port = 65535;
559
70.0k
    }
560
70.0k
  }
561
70.0k
  return ssh->remote_ipaddr;
562
70.0k
}
563
564
/* Returns the port number of the remote host. */
565
566
int
567
ssh_remote_port(struct ssh *ssh)
568
0
{
569
0
  (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
570
0
  return ssh->remote_port;
571
0
}
572
573
/*
574
 * Returns the IP-address of the local host as a string.  The returned
575
 * string must not be freed.
576
 */
577
578
const char *
579
ssh_local_ipaddr(struct ssh *ssh)
580
0
{
581
0
  (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
582
0
  return ssh->local_ipaddr;
583
0
}
584
585
/* Returns the port number of the local host. */
586
587
int
588
ssh_local_port(struct ssh *ssh)
589
0
{
590
0
  (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
591
0
  return ssh->local_port;
592
0
}
593
594
/* Returns the routing domain of the input socket, or NULL if unavailable */
595
const char *
596
ssh_packet_rdomain_in(struct ssh *ssh)
597
0
{
598
0
  if (ssh->rdomain_in != NULL)
599
0
    return ssh->rdomain_in;
600
0
  if (!ssh_packet_connection_is_on_socket(ssh))
601
0
    return NULL;
602
0
  ssh->rdomain_in = get_rdomain(ssh->state->connection_in);
603
0
  return ssh->rdomain_in;
604
0
}
605
606
/* Closes the connection and clears and frees internal data structures. */
607
608
static void
609
ssh_packet_close_internal(struct ssh *ssh, int do_close)
610
70.0k
{
611
70.0k
  struct session_state *state = ssh->state;
612
70.0k
  u_int mode;
613
614
70.0k
  if (!state->initialized)
615
0
    return;
616
70.0k
  state->initialized = 0;
617
70.0k
  if (do_close) {
618
70.0k
    if (state->connection_in == state->connection_out) {
619
70.0k
      close(state->connection_out);
620
70.0k
    } else {
621
0
      close(state->connection_in);
622
0
      close(state->connection_out);
623
0
    }
624
70.0k
  }
625
70.0k
  sshbuf_free(state->input);
626
70.0k
  sshbuf_free(state->output);
627
70.0k
  sshbuf_free(state->outgoing_packet);
628
70.0k
  sshbuf_free(state->incoming_packet);
629
210k
  for (mode = 0; mode < MODE_MAX; mode++) {
630
140k
    kex_free_newkeys(state->newkeys[mode]); /* current keys */
631
140k
    state->newkeys[mode] = NULL;
632
140k
    ssh_clear_newkeys(ssh, mode);   /* next keys */
633
140k
  }
634
70.0k
#ifdef WITH_ZLIB
635
  /* compression state is in shared mem, so we can only release it once */
636
70.0k
  if (do_close && state->compression_buffer) {
637
0
    sshbuf_free(state->compression_buffer);
638
0
    if (state->compression_out_started) {
639
0
      z_streamp stream = &state->compression_out_stream;
640
0
      debug("compress outgoing: "
641
0
          "raw data %llu, compressed %llu, factor %.2f",
642
0
        (unsigned long long)stream->total_in,
643
0
        (unsigned long long)stream->total_out,
644
0
        stream->total_in == 0 ? 0.0 :
645
0
        (double) stream->total_out / stream->total_in);
646
0
      if (state->compression_out_failures == 0)
647
0
        deflateEnd(stream);
648
0
    }
649
0
    if (state->compression_in_started) {
650
0
      z_streamp stream = &state->compression_in_stream;
651
0
      debug("compress incoming: "
652
0
          "raw data %llu, compressed %llu, factor %.2f",
653
0
          (unsigned long long)stream->total_out,
654
0
          (unsigned long long)stream->total_in,
655
0
          stream->total_out == 0 ? 0.0 :
656
0
          (double) stream->total_in / stream->total_out);
657
0
      if (state->compression_in_failures == 0)
658
0
        inflateEnd(stream);
659
0
    }
660
0
  }
661
70.0k
#endif  /* WITH_ZLIB */
662
70.0k
  cipher_free(state->send_context);
663
70.0k
  cipher_free(state->receive_context);
664
70.0k
  state->send_context = state->receive_context = NULL;
665
70.0k
  if (do_close) {
666
70.0k
    free(ssh->local_ipaddr);
667
70.0k
    ssh->local_ipaddr = NULL;
668
70.0k
    free(ssh->remote_ipaddr);
669
70.0k
    ssh->remote_ipaddr = NULL;
670
70.0k
    free(ssh->state);
671
70.0k
    ssh->state = NULL;
672
70.0k
    kex_free(ssh->kex);
673
70.0k
    ssh->kex = NULL;
674
70.0k
  }
675
70.0k
}
676
677
void
678
ssh_packet_close(struct ssh *ssh)
679
70.0k
{
680
70.0k
  ssh_packet_close_internal(ssh, 1);
681
70.0k
}
682
683
void
684
ssh_packet_clear_keys(struct ssh *ssh)
685
0
{
686
0
  ssh_packet_close_internal(ssh, 0);
687
0
}
688
689
/* Sets remote side protocol flags. */
690
691
void
692
ssh_packet_set_protocol_flags(struct ssh *ssh, u_int protocol_flags)
693
0
{
694
0
  ssh->state->remote_protocol_flags = protocol_flags;
695
0
}
696
697
/* Returns the remote protocol flags set earlier by the above function. */
698
699
u_int
700
ssh_packet_get_protocol_flags(struct ssh *ssh)
701
0
{
702
0
  return ssh->state->remote_protocol_flags;
703
0
}
704
705
/*
706
 * Starts packet compression from the next packet on in both directions.
707
 * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
708
 */
709
710
static int
711
ssh_packet_init_compression(struct ssh *ssh)
712
0
{
713
0
  if (!ssh->state->compression_buffer &&
714
0
      ((ssh->state->compression_buffer = sshbuf_new()) == NULL))
715
0
    return SSH_ERR_ALLOC_FAIL;
716
0
  return 0;
717
0
}
718
719
#ifdef WITH_ZLIB
720
static int
721
start_compression_out(struct ssh *ssh, int level)
722
0
{
723
0
  if (level < 1 || level > 9)
724
0
    return SSH_ERR_INVALID_ARGUMENT;
725
0
  debug("Enabling compression at level %d.", level);
726
0
  if (ssh->state->compression_out_started == 1)
727
0
    deflateEnd(&ssh->state->compression_out_stream);
728
0
  switch (deflateInit(&ssh->state->compression_out_stream, level)) {
729
0
  case Z_OK:
730
0
    ssh->state->compression_out_started = 1;
731
0
    break;
732
0
  case Z_MEM_ERROR:
733
0
    return SSH_ERR_ALLOC_FAIL;
734
0
  default:
735
0
    return SSH_ERR_INTERNAL_ERROR;
736
0
  }
737
0
  return 0;
738
0
}
739
740
static int
741
start_compression_in(struct ssh *ssh)
742
0
{
743
0
  if (ssh->state->compression_in_started == 1)
744
0
    inflateEnd(&ssh->state->compression_in_stream);
745
0
  switch (inflateInit(&ssh->state->compression_in_stream)) {
746
0
  case Z_OK:
747
0
    ssh->state->compression_in_started = 1;
748
0
    break;
749
0
  case Z_MEM_ERROR:
750
0
    return SSH_ERR_ALLOC_FAIL;
751
0
  default:
752
0
    return SSH_ERR_INTERNAL_ERROR;
753
0
  }
754
0
  return 0;
755
0
}
756
757
/* XXX remove need for separate compression buffer */
758
static int
759
compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
760
0
{
761
0
  u_char buf[4096];
762
0
  int r, status;
763
764
0
  if (ssh->state->compression_out_started != 1)
765
0
    return SSH_ERR_INTERNAL_ERROR;
766
767
  /* This case is not handled below. */
768
0
  if (sshbuf_len(in) == 0)
769
0
    return 0;
770
771
  /* Input is the contents of the input buffer. */
772
0
  if ((ssh->state->compression_out_stream.next_in =
773
0
      sshbuf_mutable_ptr(in)) == NULL)
774
0
    return SSH_ERR_INTERNAL_ERROR;
775
0
  ssh->state->compression_out_stream.avail_in = sshbuf_len(in);
776
777
  /* Loop compressing until deflate() returns with avail_out != 0. */
778
0
  do {
779
    /* Set up fixed-size output buffer. */
780
0
    ssh->state->compression_out_stream.next_out = buf;
781
0
    ssh->state->compression_out_stream.avail_out = sizeof(buf);
782
783
    /* Compress as much data into the buffer as possible. */
784
0
    status = deflate(&ssh->state->compression_out_stream,
785
0
        Z_PARTIAL_FLUSH);
786
0
    switch (status) {
787
0
    case Z_MEM_ERROR:
788
0
      return SSH_ERR_ALLOC_FAIL;
789
0
    case Z_OK:
790
      /* Append compressed data to output_buffer. */
791
0
      if ((r = sshbuf_put(out, buf, sizeof(buf) -
792
0
          ssh->state->compression_out_stream.avail_out)) != 0)
793
0
        return r;
794
0
      break;
795
0
    case Z_STREAM_ERROR:
796
0
    default:
797
0
      ssh->state->compression_out_failures++;
798
0
      return SSH_ERR_INVALID_FORMAT;
799
0
    }
800
0
  } while (ssh->state->compression_out_stream.avail_out == 0);
801
0
  return 0;
802
0
}
803
804
static int
805
uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
806
0
{
807
0
  u_char buf[4096];
808
0
  int r, status;
809
810
0
  if (ssh->state->compression_in_started != 1)
811
0
    return SSH_ERR_INTERNAL_ERROR;
812
813
0
  if ((ssh->state->compression_in_stream.next_in =
814
0
      sshbuf_mutable_ptr(in)) == NULL)
815
0
    return SSH_ERR_INTERNAL_ERROR;
816
0
  ssh->state->compression_in_stream.avail_in = sshbuf_len(in);
817
818
0
  for (;;) {
819
    /* Set up fixed-size output buffer. */
820
0
    ssh->state->compression_in_stream.next_out = buf;
821
0
    ssh->state->compression_in_stream.avail_out = sizeof(buf);
822
823
0
    status = inflate(&ssh->state->compression_in_stream,
824
0
        Z_SYNC_FLUSH);
825
0
    switch (status) {
826
0
    case Z_OK:
827
0
      if ((r = sshbuf_put(out, buf, sizeof(buf) -
828
0
          ssh->state->compression_in_stream.avail_out)) != 0)
829
0
        return r;
830
0
      break;
831
0
    case Z_BUF_ERROR:
832
      /*
833
       * Comments in zlib.h say that we should keep calling
834
       * inflate() until we get an error.  This appears to
835
       * be the error that we get.
836
       */
837
0
      return 0;
838
0
    case Z_DATA_ERROR:
839
0
      return SSH_ERR_INVALID_FORMAT;
840
0
    case Z_MEM_ERROR:
841
0
      return SSH_ERR_ALLOC_FAIL;
842
0
    case Z_STREAM_ERROR:
843
0
    default:
844
0
      ssh->state->compression_in_failures++;
845
0
      return SSH_ERR_INTERNAL_ERROR;
846
0
    }
847
0
  }
848
  /* NOTREACHED */
849
0
}
850
851
#else /* WITH_ZLIB */
852
853
static int
854
start_compression_out(struct ssh *ssh, int level)
855
{
856
  return SSH_ERR_INTERNAL_ERROR;
857
}
858
859
static int
860
start_compression_in(struct ssh *ssh)
861
{
862
  return SSH_ERR_INTERNAL_ERROR;
863
}
864
865
static int
866
compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
867
{
868
  return SSH_ERR_INTERNAL_ERROR;
869
}
870
871
static int
872
uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)
873
{
874
  return SSH_ERR_INTERNAL_ERROR;
875
}
876
#endif  /* WITH_ZLIB */
877
878
void
879
ssh_clear_newkeys(struct ssh *ssh, int mode)
880
140k
{
881
140k
  if (ssh->kex && ssh->kex->newkeys[mode]) {
882
116
    kex_free_newkeys(ssh->kex->newkeys[mode]);
883
116
    ssh->kex->newkeys[mode] = NULL;
884
116
  }
885
140k
}
886
887
int
888
ssh_set_newkeys(struct ssh *ssh, int mode)
889
0
{
890
0
  struct session_state *state = ssh->state;
891
0
  struct sshenc *enc;
892
0
  struct sshmac *mac;
893
0
  struct sshcomp *comp;
894
0
  struct sshcipher_ctx **ccp;
895
0
  struct packet_state *ps;
896
0
  u_int64_t *max_blocks;
897
0
  const char *wmsg;
898
0
  int r, crypt_type;
899
0
  const char *dir = mode == MODE_OUT ? "out" : "in";
900
0
  char blocks_s[FMT_SCALED_STRSIZE], bytes_s[FMT_SCALED_STRSIZE];
901
902
0
  debug2_f("mode %d", mode);
903
904
0
  if (mode == MODE_OUT) {
905
0
    ccp = &state->send_context;
906
0
    crypt_type = CIPHER_ENCRYPT;
907
0
    ps = &state->p_send;
908
0
    max_blocks = &state->max_blocks_out;
909
0
  } else {
910
0
    ccp = &state->receive_context;
911
0
    crypt_type = CIPHER_DECRYPT;
912
0
    ps = &state->p_read;
913
0
    max_blocks = &state->max_blocks_in;
914
0
  }
915
0
  if (state->newkeys[mode] != NULL) {
916
0
    debug_f("rekeying %s, input %llu bytes %llu blocks, "
917
0
        "output %llu bytes %llu blocks", dir,
918
0
        (unsigned long long)state->p_read.bytes,
919
0
        (unsigned long long)state->p_read.blocks,
920
0
        (unsigned long long)state->p_send.bytes,
921
0
        (unsigned long long)state->p_send.blocks);
922
0
    kex_free_newkeys(state->newkeys[mode]);
923
0
    state->newkeys[mode] = NULL;
924
0
  }
925
  /* note that both bytes and the seqnr are not reset */
926
0
  ps->packets = ps->blocks = 0;
927
  /* move newkeys from kex to state */
928
0
  if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL)
929
0
    return SSH_ERR_INTERNAL_ERROR;
930
0
  ssh->kex->newkeys[mode] = NULL;
931
0
  enc  = &state->newkeys[mode]->enc;
932
0
  mac  = &state->newkeys[mode]->mac;
933
0
  comp = &state->newkeys[mode]->comp;
934
0
  if (cipher_authlen(enc->cipher) == 0) {
935
0
    if ((r = mac_init(mac)) != 0)
936
0
      return r;
937
0
  }
938
939
  /* if we are using NONE MAC then we don't need to enable the
940
   * mac routines. This disables them and we can claw back some cycles
941
   * from the CPU -cjr 3/21/2023 */
942
0
  if (ssh->none_mac != 1)
943
0
    mac->enabled = 1;
944
945
0
  DBG(debug_f("cipher_init: %s", dir));
946
0
  cipher_free(*ccp);
947
0
  *ccp = NULL;
948
0
#ifdef WITH_OPENSSL
949
0
  if (strcmp(enc->name, "chacha20-poly1305-mt@hpnssh.org") == 0) {
950
0
    if (state->after_authentication)
951
0
      enc->cipher = cipher_by_name(
952
0
          "chacha20-poly1305-mt@hpnssh.org");
953
0
    else
954
0
      enc->cipher = cipher_by_name(
955
0
          "chacha20-poly1305@openssh.com");
956
0
    if (enc->cipher == NULL)
957
0
      return r;
958
0
  }
959
0
#endif
960
0
  if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, enc->iv,
961
0
      enc->iv_len, crypt_type ? state->p_send.seqnr : state->p_read.seqnr,
962
0
      crypt_type, state->after_authentication)) != 0)
963
0
    return r;
964
0
  if (!state->cipher_warning_done &&
965
0
      (wmsg = cipher_warning_message(*ccp)) != NULL) {
966
0
    error("Warning: %s", wmsg);
967
0
    state->cipher_warning_done = 1;
968
0
  }
969
  /* Deleting the keys does not gain extra security */
970
  /* explicit_bzero(enc->iv,  enc->block_size);
971
     explicit_bzero(enc->key, enc->key_len);
972
     explicit_bzero(mac->key, mac->key_len); */
973
0
  if ((comp->type == COMP_ZLIB ||
974
0
      (comp->type == COMP_DELAYED &&
975
0
      state->after_authentication)) && comp->enabled == 0) {
976
0
    if ((r = ssh_packet_init_compression(ssh)) < 0)
977
0
      return r;
978
0
    if (mode == MODE_OUT) {
979
0
      if ((r = start_compression_out(ssh, 6)) != 0)
980
0
        return r;
981
0
    } else {
982
0
      if ((r = start_compression_in(ssh)) != 0)
983
0
        return r;
984
0
    }
985
0
    comp->enabled = 1;
986
0
  }
987
988
  /* get the maximum number of blocks the cipher can
989
   * handle safely */
990
0
  *max_blocks = cipher_rekey_blocks(enc->cipher);
991
992
  /* if we have a custom oRekeyLimit use that. */
993
0
        if (state->rekey_limit)
994
0
                *max_blocks = MINIMUM(*max_blocks,
995
0
                    state->rekey_limit / enc->block_size);
996
997
  /* these lines support the debug */
998
0
  strlcpy(blocks_s, "?", sizeof(blocks_s));
999
0
  strlcpy(bytes_s, "?", sizeof(bytes_s));
1000
0
  if (*max_blocks * enc->block_size < LLONG_MAX) {
1001
0
    fmt_scaled((long long)*max_blocks, blocks_s);
1002
0
    fmt_scaled((long long)*max_blocks * enc->block_size, bytes_s);
1003
0
  }
1004
0
  debug("rekey %s after %s blocks / %sB data", dir, blocks_s, bytes_s);
1005
1006
0
  return 0;
1007
0
}
1008
1009
/* this supports the forced rekeying required for the NONE cipher */
1010
void
1011
packet_request_rekeying(void)
1012
0
{
1013
0
  rekey_requested = 1;
1014
0
}
1015
1016
/* used to determine if pre or post auth when rekeying for aes-ctr
1017
 * and none cipher switch */
1018
int
1019
packet_authentication_state(const struct ssh *ssh)
1020
3.60k
{
1021
3.60k
  struct session_state *state = ssh->state;
1022
1023
3.60k
  return state->after_authentication;
1024
3.60k
}
1025
1026
0
#define MAX_PACKETS (1U<<31)
1027
static int
1028
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
1029
207k
{
1030
207k
  struct session_state *state = ssh->state;
1031
207k
  u_int32_t out_blocks;
1032
1033
  /* XXX client can't cope with rekeying pre-auth */
1034
207k
  if (!state->after_authentication)
1035
207k
    return 0;
1036
1037
  /* Haven't keyed yet or KEX in progress. */
1038
0
  if (ssh_packet_is_rekeying(ssh))
1039
0
    return 0;
1040
1041
  /* Peer can't rekey */
1042
0
  if (ssh->compat & SSH_BUG_NOREKEY)
1043
0
    return 0;
1044
1045
  /*
1046
   * Permit one packet in or out per rekey - this allows us to
1047
   * make progress when rekey limits are very small.
1048
   */
1049
0
  if (state->p_send.packets == 0 && state->p_read.packets == 0)
1050
0
    return 0;
1051
1052
        /* used to force rekeying when called for by the none
1053
         * cipher switch and aes-mt-ctr methods -cjr */
1054
0
        if (rekey_requested == 1) {
1055
0
    debug_f("Got the rekey request");
1056
0
    rekey_requested = 0;
1057
0
                return 1;
1058
0
        }
1059
1060
  /* Time-based rekeying */
1061
0
  if (state->rekey_interval != 0 &&
1062
0
      (int64_t)state->rekey_time + state->rekey_interval <= monotime())
1063
0
    return 1;
1064
1065
  /*
1066
   * Always rekey when MAX_PACKETS sent in either direction
1067
   * As per RFC4344 section 3.1 we do this after 2^31 packets.
1068
   */
1069
0
  if (state->p_send.packets > MAX_PACKETS ||
1070
0
      state->p_read.packets > MAX_PACKETS)
1071
0
    return 1;
1072
1073
  /* Rekey after (cipher-specific) maximum blocks */
1074
0
  out_blocks = ROUNDUP(outbound_packet_len,
1075
0
      state->newkeys[MODE_OUT]->enc.block_size);
1076
0
  return (state->max_blocks_out &&
1077
0
      (state->p_send.blocks + out_blocks > state->max_blocks_out)) ||
1078
0
      (state->max_blocks_in &&
1079
0
      (state->p_read.blocks > state->max_blocks_in));
1080
0
}
1081
1082
int
1083
ssh_packet_check_rekey(struct ssh *ssh)
1084
207k
{
1085
207k
  if (!ssh_packet_need_rekeying(ssh, 0))
1086
207k
    return 0;
1087
0
  debug3_f("rekex triggered");
1088
0
  return kex_start_rekex(ssh);
1089
207k
}
1090
1091
/*
1092
 * Delayed compression for SSH2 is enabled after authentication:
1093
 * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
1094
 * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
1095
 */
1096
static int
1097
ssh_packet_enable_delayed_compress(struct ssh *ssh)
1098
0
{
1099
0
  struct session_state *state = ssh->state;
1100
0
  struct sshcomp *comp = NULL;
1101
0
  int r, mode;
1102
1103
  /*
1104
   * Remember that we are past the authentication step, so rekeying
1105
   * with COMP_DELAYED will turn on compression immediately.
1106
   */
1107
0
  state->after_authentication = 1;
1108
0
  for (mode = 0; mode < MODE_MAX; mode++) {
1109
    /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
1110
0
    if (state->newkeys[mode] == NULL)
1111
0
      continue;
1112
0
    comp = &state->newkeys[mode]->comp;
1113
0
    if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
1114
0
      if ((r = ssh_packet_init_compression(ssh)) != 0)
1115
0
        return r;
1116
0
      if (mode == MODE_OUT) {
1117
0
        if ((r = start_compression_out(ssh, 6)) != 0)
1118
0
          return r;
1119
0
      } else {
1120
0
        if ((r = start_compression_in(ssh)) != 0)
1121
0
          return r;
1122
0
      }
1123
0
      comp->enabled = 1;
1124
0
    }
1125
0
  }
1126
0
  return 0;
1127
0
}
1128
1129
/* Used to mute debug logging for noisy packet types */
1130
int
1131
ssh_packet_log_type(u_char type)
1132
436k
{
1133
436k
  switch (type) {
1134
0
  case SSH2_MSG_PING:
1135
0
  case SSH2_MSG_PONG:
1136
0
  case SSH2_MSG_CHANNEL_DATA:
1137
0
  case SSH2_MSG_CHANNEL_EXTENDED_DATA:
1138
0
  case SSH2_MSG_CHANNEL_WINDOW_ADJUST:
1139
0
    return 0;
1140
436k
  default:
1141
436k
    return 1;
1142
436k
  }
1143
436k
}
1144
1145
/*
1146
 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
1147
 */
1148
int
1149
ssh_packet_send2_wrapped(struct ssh *ssh)
1150
228k
{
1151
228k
  struct session_state *state = ssh->state;
1152
228k
  u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH];
1153
228k
  u_char tmp, padlen, pad = 0;
1154
228k
  u_int authlen = 0, aadlen = 0;
1155
228k
  u_int len;
1156
228k
  struct sshenc *enc   = NULL;
1157
228k
  struct sshmac *mac   = NULL;
1158
228k
  struct sshcomp *comp = NULL;
1159
228k
  int r, block_size;
1160
1161
228k
  if (state->newkeys[MODE_OUT] != NULL) {
1162
0
    enc  = &state->newkeys[MODE_OUT]->enc;
1163
0
    mac  = &state->newkeys[MODE_OUT]->mac;
1164
0
    comp = &state->newkeys[MODE_OUT]->comp;
1165
    /* disable mac for authenticated encryption */
1166
0
    if ((authlen = cipher_authlen(enc->cipher)) != 0)
1167
0
      mac = NULL;
1168
0
  }
1169
228k
  block_size = enc ? enc->block_size : 8;
1170
228k
  aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
1171
1172
228k
  type = (sshbuf_ptr(state->outgoing_packet))[5];
1173
228k
  if (ssh_packet_log_type(type))
1174
228k
    debug3("send packet: type %u", type);
1175
#ifdef PACKET_DEBUG
1176
  fprintf(stderr, "plain:     ");
1177
  sshbuf_dump(state->outgoing_packet, stderr);
1178
#endif
1179
1180
228k
  if (comp && comp->enabled) {
1181
0
    len = sshbuf_len(state->outgoing_packet);
1182
    /* skip header, compress only payload */
1183
0
    if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0)
1184
0
      goto out;
1185
0
    sshbuf_reset(state->compression_buffer);
1186
0
    if ((r = compress_buffer(ssh, state->outgoing_packet,
1187
0
        state->compression_buffer)) != 0)
1188
0
      goto out;
1189
0
    sshbuf_reset(state->outgoing_packet);
1190
0
    if ((r = sshbuf_put(state->outgoing_packet,
1191
0
        "\0\0\0\0\0", 5)) != 0 ||
1192
0
        (r = sshbuf_putb(state->outgoing_packet,
1193
0
        state->compression_buffer)) != 0)
1194
0
      goto out;
1195
0
    DBG(debug("compression: raw %d compressed %zd", len,
1196
0
        sshbuf_len(state->outgoing_packet)));
1197
0
  }
1198
1199
  /* sizeof (packet_len + pad_len + payload) */
1200
228k
  len = sshbuf_len(state->outgoing_packet);
1201
1202
  /*
1203
   * calc size of padding, alloc space, get random data,
1204
   * minimum padding is 4 bytes
1205
   */
1206
228k
  len -= aadlen; /* packet length is not encrypted for EtM modes */
1207
228k
  padlen = block_size - (len % block_size);
1208
228k
  if (padlen < 4)
1209
3.14k
    padlen += block_size;
1210
228k
  if (state->extra_pad) {
1211
0
    tmp = state->extra_pad;
1212
0
    state->extra_pad =
1213
0
        ROUNDUP(state->extra_pad, block_size);
1214
    /* check if roundup overflowed */
1215
0
    if (state->extra_pad < tmp)
1216
0
      return SSH_ERR_INVALID_ARGUMENT;
1217
0
    tmp = (len + padlen) % state->extra_pad;
1218
    /* Check whether pad calculation below will underflow */
1219
0
    if (tmp > state->extra_pad)
1220
0
      return SSH_ERR_INVALID_ARGUMENT;
1221
0
    pad = state->extra_pad - tmp;
1222
0
    DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)",
1223
0
        pad, len, padlen, state->extra_pad));
1224
0
    tmp = padlen;
1225
0
    padlen += pad;
1226
    /* Check whether padlen calculation overflowed */
1227
0
    if (padlen < tmp)
1228
0
      return SSH_ERR_INVALID_ARGUMENT; /* overflow */
1229
0
    state->extra_pad = 0;
1230
0
  }
1231
228k
  if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0)
1232
0
    goto out;
1233
228k
  if (enc && !cipher_ctx_is_plaintext(state->send_context)) {
1234
    /* random padding */
1235
0
    arc4random_buf(cp, padlen);
1236
228k
  } else {
1237
    /* clear padding */
1238
228k
    explicit_bzero(cp, padlen);
1239
228k
  }
1240
  /* sizeof (packet_len + pad_len + payload + padding) */
1241
228k
  len = sshbuf_len(state->outgoing_packet);
1242
228k
  cp = sshbuf_mutable_ptr(state->outgoing_packet);
1243
228k
  if (cp == NULL) {
1244
0
    r = SSH_ERR_INTERNAL_ERROR;
1245
0
    goto out;
1246
0
  }
1247
  /* packet_length includes payload, padding and padding length field */
1248
228k
  POKE_U32(cp, len - 4);
1249
228k
  cp[4] = padlen;
1250
228k
  DBG(debug("send: len %d (includes padlen %d, aadlen %d)",
1251
228k
      len, padlen, aadlen));
1252
1253
  /* compute MAC over seqnr and packet(length fields, payload, padding) */
1254
228k
  if (mac && mac->enabled && !mac->etm) {
1255
0
    if ((r = mac_compute(mac, state->p_send.seqnr,
1256
0
        sshbuf_ptr(state->outgoing_packet), len,
1257
0
        macbuf, sizeof(macbuf))) != 0)
1258
0
      goto out;
1259
0
    DBG(debug("done calc MAC out #%d", state->p_send.seqnr));
1260
0
  }
1261
  /* encrypt packet and append to output buffer. */
1262
228k
  if ((r = sshbuf_reserve(state->output,
1263
228k
      sshbuf_len(state->outgoing_packet) + authlen, &cp)) != 0)
1264
0
    goto out;
1265
228k
  if ((r = cipher_crypt(state->send_context, state->p_send.seqnr, cp,
1266
228k
      sshbuf_ptr(state->outgoing_packet), len - aadlen, aadlen, authlen))
1267
228k
      != 0)
1268
0
    goto out;
1269
  /* append unencrypted MAC */
1270
228k
  if (mac && mac->enabled) {
1271
0
    if (mac->etm) {
1272
      /* EtM: compute mac over aadlen + cipher text */
1273
0
      if ((r = mac_compute(mac, state->p_send.seqnr,
1274
0
          cp, len, macbuf, sizeof(macbuf))) != 0)
1275
0
        goto out;
1276
0
      DBG(debug("done calc MAC(EtM) out #%d",
1277
0
          state->p_send.seqnr));
1278
0
    }
1279
0
    if ((r = sshbuf_put(state->output, macbuf, mac->mac_len)) != 0)
1280
0
      goto out;
1281
0
  }
1282
#ifdef PACKET_DEBUG
1283
  fprintf(stderr, "encrypted: ");
1284
  sshbuf_dump(state->output, stderr);
1285
#endif
1286
  /* increment sequence number for outgoing packets */
1287
228k
  if (++state->p_send.seqnr == 0) {
1288
0
    if ((ssh->kex->flags & KEX_INITIAL) != 0) {
1289
0
      ssh_packet_disconnect(ssh, "outgoing sequence number "
1290
0
          "wrapped during initial key exchange");
1291
0
    }
1292
0
    logit("outgoing seqnr wraps around");
1293
0
  }
1294
228k
  if (++state->p_send.packets == 0)
1295
0
    if (!(ssh->compat & SSH_BUG_NOREKEY))
1296
0
      return SSH_ERR_NEED_REKEY;
1297
228k
  state->p_send.blocks += len / block_size;
1298
228k
  state->p_send.bytes += len;
1299
228k
  sshbuf_reset(state->outgoing_packet);
1300
1301
228k
  if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
1302
0
    debug_f("resetting send seqnr %u", state->p_send.seqnr);
1303
0
    state->p_send.seqnr = 0;
1304
0
  }
1305
1306
228k
  if (type == SSH2_MSG_NEWKEYS)
1307
0
    r = ssh_set_newkeys(ssh, MODE_OUT);
1308
228k
  else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
1309
0
    r = ssh_packet_enable_delayed_compress(ssh);
1310
228k
  else
1311
228k
    r = 0;
1312
228k
 out:
1313
228k
  return r;
1314
228k
}
1315
1316
/* returns non-zero if the specified packet type is usec by KEX */
1317
static int
1318
ssh_packet_type_is_kex(u_char type)
1319
457k
{
1320
457k
  return
1321
457k
      type >= SSH2_MSG_TRANSPORT_MIN &&
1322
457k
      type <= SSH2_MSG_TRANSPORT_MAX &&
1323
457k
      type != SSH2_MSG_SERVICE_REQUEST &&
1324
457k
      type != SSH2_MSG_SERVICE_ACCEPT &&
1325
457k
      type != SSH2_MSG_EXT_INFO;
1326
457k
}
1327
1328
int
1329
ssh_packet_send2(struct ssh *ssh)
1330
228k
{
1331
228k
  struct session_state *state = ssh->state;
1332
228k
  struct packet *p;
1333
228k
  u_char type;
1334
228k
  int r, need_rekey;
1335
1336
228k
  if (sshbuf_len(state->outgoing_packet) < 6)
1337
0
    return SSH_ERR_INTERNAL_ERROR;
1338
228k
  type = sshbuf_ptr(state->outgoing_packet)[5];
1339
228k
  need_rekey = !ssh_packet_type_is_kex(type) &&
1340
228k
      ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet));
1341
1342
  /*
1343
   * During rekeying we can only send key exchange messages.
1344
   * Queue everything else.
1345
   */
1346
228k
  if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) {
1347
0
    if (need_rekey)
1348
0
      debug3_f("rekex triggered");
1349
0
    debug_f("enqueue packet: %u", type);
1350
0
    p = calloc(1, sizeof(*p));
1351
0
    if (p == NULL)
1352
0
      return SSH_ERR_ALLOC_FAIL;
1353
0
    p->type = type;
1354
0
    p->payload = state->outgoing_packet;
1355
0
    TAILQ_INSERT_TAIL(&state->outgoing, p, next);
1356
0
    state->outgoing_packet = sshbuf_new();
1357
0
    if (state->outgoing_packet == NULL)
1358
0
      return SSH_ERR_ALLOC_FAIL;
1359
0
    if (need_rekey) {
1360
      /*
1361
       * This packet triggered a rekey, so send the
1362
       * KEXINIT now.
1363
       * NB. reenters this function via kex_start_rekex().
1364
       */
1365
0
      return kex_start_rekex(ssh);
1366
0
    }
1367
0
    return 0;
1368
0
  }
1369
1370
  /* rekeying starts with sending KEXINIT */
1371
228k
  if (type == SSH2_MSG_KEXINIT)
1372
20.0k
    state->rekeying = 1;
1373
1374
228k
  if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
1375
0
    return r;
1376
1377
  /* after a NEWKEYS message we can send the complete queue */
1378
228k
  if (type == SSH2_MSG_NEWKEYS) {
1379
0
    state->rekeying = 0;
1380
0
    state->rekey_time = monotime();
1381
0
    while ((p = TAILQ_FIRST(&state->outgoing))) {
1382
0
      type = p->type;
1383
      /*
1384
       * If this packet triggers a rekex, then skip the
1385
       * remaining packets in the queue for now.
1386
       * NB. re-enters this function via kex_start_rekex.
1387
       */
1388
0
      if (ssh_packet_need_rekeying(ssh,
1389
0
          sshbuf_len(p->payload))) {
1390
0
        debug3_f("queued packet triggered rekex");
1391
0
        return kex_start_rekex(ssh);
1392
0
      }
1393
0
      debug_f("dequeue packet: %u", type);
1394
0
      sshbuf_free(state->outgoing_packet);
1395
0
      state->outgoing_packet = p->payload;
1396
0
      TAILQ_REMOVE(&state->outgoing, p, next);
1397
0
      memset(p, 0, sizeof(*p));
1398
0
      free(p);
1399
0
      if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
1400
0
        return r;
1401
0
    }
1402
0
  }
1403
228k
  return 0;
1404
228k
}
1405
1406
/*
1407
 * Waits until a packet has been received, and returns its type.  Note that
1408
 * no other data is processed until this returns, so this function should not
1409
 * be used during the interactive session.
1410
 */
1411
1412
int
1413
ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1414
0
{
1415
0
  struct session_state *state = ssh->state;
1416
0
  int len, r, ms_remain = 0;
1417
0
  struct pollfd pfd;
1418
0
  char buf[SSH_IOBUFSZ];
1419
0
  struct timeval start;
1420
0
  struct timespec timespec, *timespecp = NULL;
1421
1422
0
  DBG(debug("packet_read()"));
1423
1424
  /*
1425
   * Since we are blocking, ensure that all written packets have
1426
   * been sent.
1427
   */
1428
0
  if ((r = ssh_packet_write_wait(ssh)) != 0)
1429
0
    goto out;
1430
1431
  /* Stay in the loop until we have received a complete packet. */
1432
0
  for (;;) {
1433
    /* Try to read a packet from the buffer. */
1434
0
    if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
1435
0
      break;
1436
    /* If we got a packet, return it. */
1437
0
    if (*typep != SSH_MSG_NONE)
1438
0
      break;
1439
    /*
1440
     * Otherwise, wait for some data to arrive, add it to the
1441
     * buffer, and try again.
1442
     */
1443
0
    pfd.fd = state->connection_in;
1444
0
    pfd.events = POLLIN;
1445
1446
0
    if (state->packet_timeout_ms > 0) {
1447
0
      ms_remain = state->packet_timeout_ms;
1448
0
      timespecp = &timespec;
1449
0
    }
1450
    /* Wait for some data to arrive. */
1451
0
    for (;;) {
1452
0
      if (state->packet_timeout_ms > 0) {
1453
0
        ms_to_timespec(&timespec, ms_remain);
1454
0
        monotime_tv(&start);
1455
0
      }
1456
0
      if ((r = ppoll(&pfd, 1, timespecp, NULL)) >= 0)
1457
0
        break;
1458
0
      if (errno != EAGAIN && errno != EINTR &&
1459
0
          errno != EWOULDBLOCK) {
1460
0
        r = SSH_ERR_SYSTEM_ERROR;
1461
0
        goto out;
1462
0
      }
1463
0
      if (state->packet_timeout_ms <= 0)
1464
0
        continue;
1465
0
      ms_subtract_diff(&start, &ms_remain);
1466
0
      if (ms_remain <= 0) {
1467
0
        r = 0;
1468
0
        break;
1469
0
      }
1470
0
    }
1471
0
    if (r == 0) {
1472
0
      r = SSH_ERR_CONN_TIMEOUT;
1473
0
      goto out;
1474
0
    }
1475
    /* Read data from the socket. */
1476
0
    len = read(state->connection_in, buf, sizeof(buf));
1477
0
    if (len == 0) {
1478
0
      r = SSH_ERR_CONN_CLOSED;
1479
0
      goto out;
1480
0
    }
1481
0
    if (len == -1) {
1482
0
      r = SSH_ERR_SYSTEM_ERROR;
1483
0
      goto out;
1484
0
    }
1485
1486
    /* Append it to the buffer. */
1487
0
    if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
1488
0
      goto out;
1489
0
  }
1490
0
 out:
1491
0
  return r;
1492
0
}
1493
1494
int
1495
ssh_packet_read(struct ssh *ssh)
1496
0
{
1497
0
  u_char type;
1498
0
  int r;
1499
1500
0
  if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
1501
0
    fatal_fr(r, "read");
1502
0
  return type;
1503
0
}
1504
1505
static int
1506
ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1507
0
{
1508
0
  struct session_state *state = ssh->state;
1509
0
  const u_char *cp;
1510
0
  size_t need;
1511
0
  int r;
1512
1513
0
  if (ssh->kex)
1514
0
    return SSH_ERR_INTERNAL_ERROR;
1515
0
  *typep = SSH_MSG_NONE;
1516
0
  cp = sshbuf_ptr(state->input);
1517
0
  if (state->packlen == 0) {
1518
0
    if (sshbuf_len(state->input) < 4 + 1)
1519
0
      return 0; /* packet is incomplete */
1520
0
    state->packlen = PEEK_U32(cp);
1521
0
    if (state->packlen < 4 + 1 ||
1522
0
        state->packlen > packet_max_size)
1523
0
      return SSH_ERR_MESSAGE_INCOMPLETE;
1524
0
  }
1525
0
  need = state->packlen + 4;
1526
0
  if (sshbuf_len(state->input) < need)
1527
0
    return 0; /* packet is incomplete */
1528
0
  sshbuf_reset(state->incoming_packet);
1529
0
  if ((r = sshbuf_put(state->incoming_packet, cp + 4,
1530
0
      state->packlen)) != 0 ||
1531
0
      (r = sshbuf_consume(state->input, need)) != 0 ||
1532
0
      (r = sshbuf_get_u8(state->incoming_packet, NULL)) != 0 ||
1533
0
      (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1534
0
    return r;
1535
0
  if (ssh_packet_log_type(*typep))
1536
0
    debug3_f("type %u", *typep);
1537
  /* sshbuf_dump(state->incoming_packet, stderr); */
1538
  /* reset for next packet */
1539
0
  state->packlen = 0;
1540
0
  return r;
1541
0
}
1542
1543
int
1544
ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1545
218k
{
1546
218k
  struct session_state *state = ssh->state;
1547
218k
  u_int padlen, need;
1548
218k
  u_char *cp;
1549
218k
  u_int maclen, aadlen = 0, authlen = 0, block_size;
1550
218k
  struct sshenc *enc   = NULL;
1551
218k
  struct sshmac *mac   = NULL;
1552
218k
  struct sshcomp *comp = NULL;
1553
218k
  int r;
1554
1555
218k
  if (state->mux)
1556
0
    return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p);
1557
1558
218k
  *typep = SSH_MSG_NONE;
1559
1560
218k
  if (state->packet_discard)
1561
0
    return 0;
1562
1563
218k
  if (state->newkeys[MODE_IN] != NULL) {
1564
0
    enc  = &state->newkeys[MODE_IN]->enc;
1565
0
    mac  = &state->newkeys[MODE_IN]->mac;
1566
0
    comp = &state->newkeys[MODE_IN]->comp;
1567
    /* disable mac for authenticated encryption */
1568
0
    if ((authlen = cipher_authlen(enc->cipher)) != 0)
1569
0
      mac = NULL;
1570
0
  }
1571
218k
  maclen = mac && mac->enabled ? mac->mac_len : 0;
1572
218k
  block_size = enc ? enc->block_size : 8;
1573
218k
  aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
1574
1575
218k
  if (aadlen && state->packlen == 0) {
1576
0
    if (cipher_get_length(state->receive_context, &state->packlen,
1577
0
        state->p_read.seqnr, sshbuf_ptr(state->input),
1578
0
        sshbuf_len(state->input)) != 0)
1579
0
      return 0;
1580
0
    if (state->packlen < 1 + 4 ||
1581
0
        state->packlen > packet_max_size) {
1582
#ifdef PACKET_DEBUG
1583
      sshbuf_dump(state->input, stderr);
1584
#endif
1585
0
      logit("Bad packet length %u.", state->packlen);
1586
0
      if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
1587
0
        return r;
1588
0
      return SSH_ERR_CONN_CORRUPT;
1589
0
    }
1590
0
    sshbuf_reset(state->incoming_packet);
1591
218k
  } else if (state->packlen == 0) {
1592
    /*
1593
     * check if input size is less than the cipher block size,
1594
     * decrypt first block and extract length of incoming packet
1595
     */
1596
218k
    if (sshbuf_len(state->input) < block_size)
1597
0
      return 0;
1598
218k
    sshbuf_reset(state->incoming_packet);
1599
218k
    if ((r = sshbuf_reserve(state->incoming_packet, block_size,
1600
218k
        &cp)) != 0)
1601
0
      goto out;
1602
218k
    if ((r = cipher_crypt(state->receive_context,
1603
218k
        state->p_send.seqnr, cp, sshbuf_ptr(state->input),
1604
218k
        block_size, 0, 0)) != 0)
1605
0
      goto out;
1606
218k
    state->packlen = PEEK_U32(sshbuf_ptr(state->incoming_packet));
1607
218k
    if (state->packlen < 1 + 4 ||
1608
218k
        state->packlen > packet_max_size) {
1609
#ifdef PACKET_DEBUG
1610
      fprintf(stderr, "input: \n");
1611
      sshbuf_dump(state->input, stderr);
1612
      fprintf(stderr, "incoming_packet: \n");
1613
      sshbuf_dump(state->incoming_packet, stderr);
1614
#endif
1615
8.76k
      logit("Bad packet length %u.", state->packlen);
1616
8.76k
      return ssh_packet_start_discard(ssh, enc, mac, 0,
1617
8.76k
          packet_max_size);
1618
8.76k
    }
1619
209k
    if ((r = sshbuf_consume(state->input, block_size)) != 0)
1620
0
      goto out;
1621
209k
  }
1622
209k
  DBG(debug("input: packet len %u", state->packlen+4));
1623
1624
209k
  if (aadlen) {
1625
    /* only the payload is encrypted */
1626
0
    need = state->packlen;
1627
209k
  } else {
1628
    /*
1629
     * the payload size and the payload are encrypted, but we
1630
     * have a partial packet of block_size bytes
1631
     */
1632
209k
    need = 4 + state->packlen - block_size;
1633
209k
  }
1634
209k
  DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d,"
1635
209k
      " aadlen %d", block_size, need, maclen, authlen, aadlen));
1636
209k
  if (need % block_size != 0) {
1637
500
    logit("padding error: need %d block %d mod %d",
1638
500
        need, block_size, need % block_size);
1639
500
    return ssh_packet_start_discard(ssh, enc, mac, 0,
1640
500
        packet_max_size - block_size);
1641
500
  }
1642
  /*
1643
   * check if the entire packet has been received and
1644
   * decrypt into incoming_packet:
1645
   * 'aadlen' bytes are unencrypted, but authenticated.
1646
   * 'need' bytes are encrypted, followed by either
1647
   * 'authlen' bytes of authentication tag or
1648
   * 'maclen' bytes of message authentication code.
1649
   */
1650
208k
  if (sshbuf_len(state->input) < aadlen + need + authlen + maclen)
1651
0
    return 0; /* packet is incomplete */
1652
#ifdef PACKET_DEBUG
1653
  fprintf(stderr, "read_poll enc/full: ");
1654
  sshbuf_dump(state->input, stderr);
1655
#endif
1656
  /* EtM: check mac over encrypted input */
1657
208k
  if (mac && mac->enabled && mac->etm) {
1658
0
    if ((r = mac_check(mac, state->p_read.seqnr,
1659
0
        sshbuf_ptr(state->input), aadlen + need,
1660
0
        sshbuf_ptr(state->input) + aadlen + need + authlen,
1661
0
        maclen)) != 0) {
1662
0
      if (r == SSH_ERR_MAC_INVALID)
1663
0
        logit("Corrupted MAC on input.");
1664
0
      goto out;
1665
0
    }
1666
0
  }
1667
208k
  if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need,
1668
208k
      &cp)) != 0)
1669
0
    goto out;
1670
208k
  if ((r = cipher_crypt(state->receive_context, state->p_read.seqnr, cp,
1671
208k
      sshbuf_ptr(state->input), need, aadlen, authlen)) != 0)
1672
0
    goto out;
1673
208k
  if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0)
1674
0
    goto out;
1675
208k
  if (mac && mac->enabled) {
1676
    /* Not EtM: check MAC over cleartext */
1677
0
    if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr,
1678
0
        sshbuf_ptr(state->incoming_packet),
1679
0
        sshbuf_len(state->incoming_packet),
1680
0
        sshbuf_ptr(state->input), maclen)) != 0) {
1681
0
      if (r != SSH_ERR_MAC_INVALID)
1682
0
        goto out;
1683
0
      logit("Corrupted MAC on input.");
1684
0
      if (need + block_size > packet_max_size)
1685
0
        return SSH_ERR_INTERNAL_ERROR;
1686
0
      return ssh_packet_start_discard(ssh, enc, mac,
1687
0
          sshbuf_len(state->incoming_packet),
1688
0
          packet_max_size - need - block_size);
1689
0
    }
1690
    /* Remove MAC from input buffer */
1691
0
    DBG(debug("MAC #%d ok", state->p_read.seqnr));
1692
0
    if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
1693
0
      goto out;
1694
0
  }
1695
1696
208k
  if (seqnr_p != NULL)
1697
208k
    *seqnr_p = state->p_read.seqnr;
1698
208k
  if (++state->p_read.seqnr == 0) {
1699
0
    if ((ssh->kex->flags & KEX_INITIAL) != 0) {
1700
0
      ssh_packet_disconnect(ssh, "incoming sequence number "
1701
0
          "wrapped during initial key exchange");
1702
0
    }
1703
0
    logit("incoming seqnr wraps around");
1704
0
  }
1705
208k
  if (++state->p_read.packets == 0)
1706
0
    if (!(ssh->compat & SSH_BUG_NOREKEY))
1707
0
      return SSH_ERR_NEED_REKEY;
1708
208k
  state->p_read.blocks += (state->packlen + 4) / block_size;
1709
208k
  state->p_read.bytes += state->packlen + 4;
1710
1711
  /* get padlen */
1712
208k
  padlen = sshbuf_ptr(state->incoming_packet)[4];
1713
208k
  DBG(debug("input: padlen %d", padlen));
1714
208k
  if (padlen < 4)  {
1715
220
    if ((r = sshpkt_disconnect(ssh,
1716
220
        "Corrupted padlen %d on input.", padlen)) != 0 ||
1717
220
        (r = ssh_packet_write_wait(ssh)) != 0)
1718
220
      return r;
1719
0
    return SSH_ERR_CONN_CORRUPT;
1720
220
  }
1721
1722
  /* skip packet size + padlen, discard padding */
1723
208k
  if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 ||
1724
208k
      ((r = sshbuf_consume_end(state->incoming_packet, padlen)) != 0))
1725
260
    goto out;
1726
1727
208k
  DBG(debug("input: len before de-compress %zd",
1728
208k
      sshbuf_len(state->incoming_packet)));
1729
208k
  if (comp && comp->enabled) {
1730
0
    sshbuf_reset(state->compression_buffer);
1731
0
    if ((r = uncompress_buffer(ssh, state->incoming_packet,
1732
0
        state->compression_buffer)) != 0)
1733
0
      goto out;
1734
0
    sshbuf_reset(state->incoming_packet);
1735
0
    if ((r = sshbuf_putb(state->incoming_packet,
1736
0
        state->compression_buffer)) != 0)
1737
0
      goto out;
1738
0
    DBG(debug("input: len after de-compress %zd",
1739
0
        sshbuf_len(state->incoming_packet)));
1740
0
  }
1741
  /*
1742
   * get packet type, implies consume.
1743
   * return length of payload (without type field)
1744
   */
1745
208k
  if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1746
60
    goto out;
1747
208k
  if (ssh_packet_log_type(*typep))
1748
208k
    debug3("receive packet: type %u", *typep);
1749
208k
  if (*typep < SSH2_MSG_MIN) {
1750
920
    if ((r = sshpkt_disconnect(ssh,
1751
920
        "Invalid ssh2 packet type: %d", *typep)) != 0 ||
1752
920
        (r = ssh_packet_write_wait(ssh)) != 0)
1753
920
      return r;
1754
0
    return SSH_ERR_PROTOCOL_ERROR;
1755
920
  }
1756
207k
  if (state->hook_in != NULL &&
1757
207k
      (r = state->hook_in(ssh, state->incoming_packet, typep,
1758
0
      state->hook_in_ctx)) != 0)
1759
0
    return r;
1760
207k
  if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
1761
0
    r = ssh_packet_enable_delayed_compress(ssh);
1762
207k
  else
1763
207k
    r = 0;
1764
#ifdef PACKET_DEBUG
1765
  fprintf(stderr, "read/plain[%d]:\r\n", *typep);
1766
  sshbuf_dump(state->incoming_packet, stderr);
1767
#endif
1768
  /* reset for next packet */
1769
207k
  state->packlen = 0;
1770
207k
  if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
1771
0
    debug_f("resetting read seqnr %u", state->p_read.seqnr);
1772
0
    state->p_read.seqnr = 0;
1773
0
  }
1774
1775
207k
  if ((r = ssh_packet_check_rekey(ssh)) != 0)
1776
0
    return r;
1777
207k
 out:
1778
207k
  return r;
1779
207k
}
1780
1781
int
1782
ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1783
0
{
1784
0
  struct session_state *state = ssh->state;
1785
0
  u_int reason, seqnr;
1786
0
  int r;
1787
0
  u_char *msg;
1788
0
  const u_char *d;
1789
0
  size_t len;
1790
1791
0
  for (;;) {
1792
0
    msg = NULL;
1793
0
    r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
1794
0
    if (r != 0)
1795
0
      return r;
1796
0
    if (*typep == 0) {
1797
      /* no message ready */
1798
0
      return 0;
1799
0
    }
1800
0
    state->keep_alive_timeouts = 0;
1801
0
    DBG(debug("received packet type %d", *typep));
1802
1803
    /* Always process disconnect messages */
1804
0
    if (*typep == SSH2_MSG_DISCONNECT) {
1805
0
      if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
1806
0
          (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
1807
0
        return r;
1808
      /* Ignore normal client exit notifications */
1809
0
      do_log2(ssh->state->server_side &&
1810
0
          reason == SSH2_DISCONNECT_BY_APPLICATION ?
1811
0
          SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
1812
0
          "Received disconnect from %s port %d:"
1813
0
          "%u: %.400s", ssh_remote_ipaddr(ssh),
1814
0
          ssh_remote_port(ssh), reason, msg);
1815
0
      free(msg);
1816
0
      return SSH_ERR_DISCONNECTED;
1817
0
    }
1818
1819
    /*
1820
     * Do not implicitly handle any messages here during initial
1821
     * KEX when in strict mode. They will be need to be allowed
1822
     * explicitly by the KEX dispatch table or they will generate
1823
     * protocol errors.
1824
     */
1825
0
    if (ssh->kex != NULL &&
1826
0
        (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
1827
0
      return 0;
1828
    /* Implicitly handle transport-level messages */
1829
0
    switch (*typep) {
1830
0
    case SSH2_MSG_IGNORE:
1831
0
      debug3("Received SSH2_MSG_IGNORE");
1832
0
      break;
1833
0
    case SSH2_MSG_DEBUG:
1834
0
      if ((r = sshpkt_get_u8(ssh, NULL)) != 0 ||
1835
0
          (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 ||
1836
0
          (r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
1837
0
        free(msg);
1838
0
        return r;
1839
0
      }
1840
0
      debug("Remote: %.900s", msg);
1841
0
      free(msg);
1842
0
      break;
1843
0
    case SSH2_MSG_UNIMPLEMENTED:
1844
0
      if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
1845
0
        return r;
1846
0
      debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
1847
0
          seqnr);
1848
0
      break;
1849
0
    case SSH2_MSG_PING:
1850
0
      if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0)
1851
0
        return r;
1852
0
      DBG(debug("Received SSH2_MSG_PING len %zu", len));
1853
0
      if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 ||
1854
0
          (r = sshpkt_put_string(ssh, d, len)) != 0 ||
1855
0
          (r = sshpkt_send(ssh)) != 0)
1856
0
        return r;
1857
0
      break;
1858
0
    case SSH2_MSG_PONG:
1859
0
      if ((r = sshpkt_get_string_direct(ssh,
1860
0
          NULL, &len)) != 0)
1861
0
        return r;
1862
0
      DBG(debug("Received SSH2_MSG_PONG len %zu", len));
1863
0
      break;
1864
0
    default:
1865
0
      return 0;
1866
0
    }
1867
0
  }
1868
0
}
1869
1870
/*
1871
 * Buffers the supplied input data. This is intended to be used together
1872
 * with packet_read_poll().
1873
 */
1874
int
1875
ssh_packet_process_incoming(struct ssh *ssh, const char *buf, u_int len)
1876
0
{
1877
0
  struct session_state *state = ssh->state;
1878
0
  int r;
1879
1880
0
  if (state->packet_discard) {
1881
0
    state->keep_alive_timeouts = 0; /* ?? */
1882
0
    if (len >= state->packet_discard) {
1883
0
      if ((r = ssh_packet_stop_discard(ssh)) != 0)
1884
0
        return r;
1885
0
    }
1886
0
    state->packet_discard -= len;
1887
0
    return 0;
1888
0
  }
1889
0
  if ((r = sshbuf_put(state->input, buf, len)) != 0)
1890
0
    return r;
1891
1892
0
  return 0;
1893
0
}
1894
1895
/* Reads and buffers data from the specified fd */
1896
int
1897
ssh_packet_process_read(struct ssh *ssh, int fd)
1898
0
{
1899
0
  struct session_state *state = ssh->state;
1900
0
  int r;
1901
0
  size_t rlen;
1902
1903
0
  if ((r = sshbuf_read(fd, state->input, packet_max_size, &rlen)) != 0)
1904
0
    return r;
1905
1906
0
  if (state->packet_discard) {
1907
0
    if ((r = sshbuf_consume_end(state->input, rlen)) != 0)
1908
0
      return r;
1909
0
    state->keep_alive_timeouts = 0; /* ?? */
1910
0
    if (rlen >= state->packet_discard) {
1911
0
      if ((r = ssh_packet_stop_discard(ssh)) != 0)
1912
0
        return r;
1913
0
    }
1914
0
    state->packet_discard -= rlen;
1915
0
    return 0;
1916
0
  }
1917
0
  return 0;
1918
0
}
1919
1920
int
1921
ssh_packet_remaining(struct ssh *ssh)
1922
0
{
1923
0
  return sshbuf_len(ssh->state->incoming_packet);
1924
0
}
1925
1926
/*
1927
 * Sends a diagnostic message from the server to the client.  This message
1928
 * can be sent at any time (but not while constructing another message). The
1929
 * message is printed immediately, but only if the client is being executed
1930
 * in verbose mode.  These messages are primarily intended to ease debugging
1931
 * authentication problems.   The length of the formatted message must not
1932
 * exceed 1024 bytes.  This will automatically call ssh_packet_write_wait.
1933
 */
1934
void
1935
ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
1936
0
{
1937
0
  char buf[1024];
1938
0
  va_list args;
1939
0
  int r;
1940
1941
0
  if ((ssh->compat & SSH_BUG_DEBUG))
1942
0
    return;
1943
1944
0
  va_start(args, fmt);
1945
0
  vsnprintf(buf, sizeof(buf), fmt, args);
1946
0
  va_end(args);
1947
1948
0
  debug3("sending debug message: %s", buf);
1949
1950
0
  if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG)) != 0 ||
1951
0
      (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */
1952
0
      (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
1953
0
      (r = sshpkt_put_cstring(ssh, "")) != 0 ||
1954
0
      (r = sshpkt_send(ssh)) != 0 ||
1955
0
      (r = ssh_packet_write_wait(ssh)) != 0)
1956
0
    fatal_fr(r, "send DEBUG");
1957
0
}
1958
1959
void
1960
sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l)
1961
0
{
1962
0
  snprintf(s, l, "%.200s%s%s port %d",
1963
0
      ssh->log_preamble ? ssh->log_preamble : "",
1964
0
      ssh->log_preamble ? " " : "",
1965
0
      ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
1966
0
}
1967
1968
/*
1969
 * Pretty-print connection-terminating errors and exit.
1970
 */
1971
static void
1972
sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
1973
0
{
1974
0
  char *tag = NULL, remote_id[512];
1975
0
  int oerrno = errno;
1976
1977
0
  sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
1978
1979
0
  switch (r) {
1980
0
  case SSH_ERR_CONN_CLOSED:
1981
0
    ssh_packet_clear_keys(ssh);
1982
0
    sshpkt_final_log_entry(ssh);
1983
0
    logdie("Connection closed by %s", remote_id);
1984
0
  case SSH_ERR_CONN_TIMEOUT:
1985
0
    ssh_packet_clear_keys(ssh);
1986
0
    sshpkt_final_log_entry(ssh);
1987
0
    logdie("Connection %s %s timed out",
1988
0
        ssh->state->server_side ? "from" : "to", remote_id);
1989
0
  case SSH_ERR_DISCONNECTED:
1990
0
    ssh_packet_clear_keys(ssh);
1991
0
    sshpkt_final_log_entry(ssh);
1992
0
    logdie("Disconnected from %s", remote_id);
1993
0
  case SSH_ERR_SYSTEM_ERROR:
1994
0
    if (errno == ECONNRESET) {
1995
0
      ssh_packet_clear_keys(ssh);
1996
0
      sshpkt_final_log_entry(ssh);
1997
0
      logdie("Connection reset by %s", remote_id);
1998
0
    }
1999
    /* FALLTHROUGH */
2000
0
  case SSH_ERR_NO_CIPHER_ALG_MATCH:
2001
0
  case SSH_ERR_NO_MAC_ALG_MATCH:
2002
0
  case SSH_ERR_NO_COMPRESS_ALG_MATCH:
2003
0
  case SSH_ERR_NO_KEX_ALG_MATCH:
2004
0
  case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
2005
0
    if (ssh->kex && ssh->kex->failed_choice) {
2006
0
      ssh_packet_clear_keys(ssh);
2007
0
      errno = oerrno;
2008
0
      logdie("Unable to negotiate with %s: %s. "
2009
0
          "Their offer: %s", remote_id, ssh_err(r),
2010
0
          ssh->kex->failed_choice);
2011
0
    }
2012
    /* FALLTHROUGH */
2013
0
  default:
2014
0
    if (vasprintf(&tag, fmt, ap) == -1) {
2015
0
      ssh_packet_clear_keys(ssh);
2016
0
      logdie_f("could not allocate failure message");
2017
0
    }
2018
0
    ssh_packet_clear_keys(ssh);
2019
0
    errno = oerrno;
2020
0
    logdie_r(r, "%s%sConnection %s %s",
2021
0
        tag != NULL ? tag : "", tag != NULL ? ": " : "",
2022
0
        ssh->state->server_side ? "from" : "to", remote_id);
2023
0
  }
2024
0
}
2025
2026
void
2027
sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
2028
0
{
2029
0
  va_list ap;
2030
2031
0
  va_start(ap, fmt);
2032
0
  sshpkt_vfatal(ssh, r, fmt, ap);
2033
  /* NOTREACHED */
2034
0
  va_end(ap);
2035
0
  logdie_f("should have exited");
2036
0
}
2037
2038
/* this prints out the final log entry */
2039
void
2040
0
sshpkt_final_log_entry (struct ssh *ssh) {
2041
0
  double total_time;
2042
2043
0
  if (ssh->start_time < 1)
2044
    /* this will produce a NaN in the output. -cjr */
2045
0
    total_time = 0;
2046
0
  else
2047
0
    total_time = monotime_double() - ssh->start_time;
2048
2049
0
  logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f",
2050
0
        ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
2051
0
        ssh->stdin_bytes, ssh->fdout_bytes, total_time,
2052
0
        ssh->stdin_bytes / total_time,
2053
0
        ssh->fdout_bytes / total_time);
2054
0
}
2055
2056
/*
2057
 * Logs the error plus constructs and sends a disconnect packet, closes the
2058
 * connection, and exits.  This function never returns. The error message
2059
 * should not contain a newline.  The length of the formatted message must
2060
 * not exceed 1024 bytes.
2061
 */
2062
void
2063
ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
2064
0
{
2065
0
  char buf[1024], remote_id[512];
2066
0
  va_list args;
2067
0
  static int disconnecting = 0;
2068
0
  int r;
2069
2070
0
  if (disconnecting) /* Guard against recursive invocations. */
2071
0
    fatal("packet_disconnect called recursively.");
2072
0
  disconnecting = 1;
2073
2074
  /*
2075
   * Format the message.  Note that the caller must make sure the
2076
   * message is of limited size.
2077
   */
2078
0
  sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
2079
0
  va_start(args, fmt);
2080
0
  vsnprintf(buf, sizeof(buf), fmt, args);
2081
0
  va_end(args);
2082
2083
  /* Display the error locally */
2084
0
  logit("Disconnecting %s: %.100s", remote_id, buf);
2085
2086
  /*
2087
   * Send the disconnect message to the other side, and wait
2088
   * for it to get sent.
2089
   */
2090
0
  if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0)
2091
0
    sshpkt_fatal(ssh, r, "%s", __func__);
2092
2093
0
  if ((r = ssh_packet_write_wait(ssh)) != 0)
2094
0
    sshpkt_fatal(ssh, r, "%s", __func__);
2095
2096
  /* Close the connection. */
2097
0
  ssh_packet_close(ssh);
2098
0
  cleanup_exit(255);
2099
0
}
2100
2101
/*
2102
 * Checks if there is any buffered output, and tries to write some of
2103
 * the output.
2104
 */
2105
int
2106
ssh_packet_write_poll(struct ssh *ssh)
2107
1.14k
{
2108
1.14k
  struct session_state *state = ssh->state;
2109
1.14k
  int len = sshbuf_len(state->output);
2110
1.14k
  int r;
2111
2112
1.14k
  if (len > 0) {
2113
1.14k
    len = write(state->connection_out,
2114
1.14k
        sshbuf_ptr(state->output), len);
2115
1.14k
    if (len == -1) {
2116
1.14k
      if (errno == EINTR || errno == EAGAIN ||
2117
1.14k
          errno == EWOULDBLOCK)
2118
0
        return 0;
2119
1.14k
      return SSH_ERR_SYSTEM_ERROR;
2120
1.14k
    }
2121
0
    if (len == 0)
2122
0
      return SSH_ERR_CONN_CLOSED;
2123
0
    if ((r = sshbuf_consume(state->output, len)) != 0)
2124
0
      return r;
2125
0
  }
2126
0
  return 0;
2127
1.14k
}
2128
2129
/*
2130
 * Calls packet_write_poll repeatedly until all pending output data has been
2131
 * written.
2132
 */
2133
int
2134
ssh_packet_write_wait(struct ssh *ssh)
2135
1.14k
{
2136
1.14k
  int ret, r, ms_remain = 0;
2137
1.14k
  struct timeval start;
2138
1.14k
  struct timespec timespec, *timespecp = NULL;
2139
1.14k
  struct session_state *state = ssh->state;
2140
1.14k
  struct pollfd pfd;
2141
2142
1.14k
  if ((r = ssh_packet_write_poll(ssh)) != 0)
2143
1.14k
    return r;
2144
0
  while (ssh_packet_have_data_to_write(ssh)) {
2145
0
    pfd.fd = state->connection_out;
2146
0
    pfd.events = POLLOUT;
2147
2148
0
    if (state->packet_timeout_ms > 0) {
2149
0
      ms_remain = state->packet_timeout_ms;
2150
0
      timespecp = &timespec;
2151
0
    }
2152
0
    for (;;) {
2153
0
      if (state->packet_timeout_ms > 0) {
2154
0
        ms_to_timespec(&timespec, ms_remain);
2155
0
        monotime_tv(&start);
2156
0
      }
2157
0
      if ((ret = ppoll(&pfd, 1, timespecp, NULL)) >= 0)
2158
0
        break;
2159
0
      if (errno != EAGAIN && errno != EINTR &&
2160
0
          errno != EWOULDBLOCK)
2161
0
        break;
2162
0
      if (state->packet_timeout_ms <= 0)
2163
0
        continue;
2164
0
      ms_subtract_diff(&start, &ms_remain);
2165
0
      if (ms_remain <= 0) {
2166
0
        ret = 0;
2167
0
        break;
2168
0
      }
2169
0
    }
2170
0
    if (ret == 0)
2171
0
      return SSH_ERR_CONN_TIMEOUT;
2172
0
    if ((r = ssh_packet_write_poll(ssh)) != 0)
2173
0
      return r;
2174
0
  }
2175
0
  return 0;
2176
0
}
2177
2178
/* Returns true if there is buffered data to write to the connection. */
2179
2180
int
2181
ssh_packet_have_data_to_write(struct ssh *ssh)
2182
0
{
2183
0
  return sshbuf_len(ssh->state->output) != 0;
2184
0
}
2185
2186
/* Returns true if there is not too much data to write to the connection. */
2187
2188
int
2189
ssh_packet_not_very_much_data_to_write(struct ssh *ssh)
2190
0
{
2191
0
  if (ssh->state->interactive_mode)
2192
0
    return sshbuf_len(ssh->state->output) < 16384;
2193
0
  else
2194
0
    return sshbuf_len(ssh->state->output) < 128 * 1024;
2195
0
}
2196
2197
/*
2198
 * returns true when there are at most a few keystrokes of data to write
2199
 * and the connection is in interactive mode.
2200
 */
2201
2202
int
2203
ssh_packet_interactive_data_to_write(struct ssh *ssh)
2204
0
{
2205
0
  return ssh->state->interactive_mode &&
2206
0
      sshbuf_len(ssh->state->output) < 256;
2207
0
}
2208
2209
void
2210
ssh_packet_set_tos(struct ssh *ssh, int tos)
2211
0
{
2212
0
  if (!ssh_packet_connection_is_on_socket(ssh) || tos == INT_MAX)
2213
0
    return;
2214
0
  set_sock_tos(ssh->state->connection_in, tos);
2215
0
}
2216
2217
/* Informs that the current session is interactive.  Sets IP flags for that. */
2218
2219
void
2220
ssh_packet_set_interactive(struct ssh *ssh, int interactive, int qos_interactive, int qos_bulk)
2221
0
{
2222
0
  struct session_state *state = ssh->state;
2223
2224
0
  if (state->set_interactive_called)
2225
0
    return;
2226
0
  state->set_interactive_called = 1;
2227
2228
  /* Record that we are in interactive mode. */
2229
0
  state->interactive_mode = interactive;
2230
2231
  /* Only set socket options if using a socket.  */
2232
0
  if (!ssh_packet_connection_is_on_socket(ssh))
2233
0
    return;
2234
0
  set_nodelay(state->connection_in);
2235
0
  ssh_packet_set_tos(ssh, interactive ? qos_interactive : qos_bulk);
2236
0
}
2237
2238
/* Returns true if the current connection is interactive. */
2239
2240
int
2241
ssh_packet_is_interactive(struct ssh *ssh)
2242
0
{
2243
0
  return ssh->state->interactive_mode;
2244
0
}
2245
2246
int
2247
ssh_packet_set_maxsize(struct ssh *ssh, u_int s)
2248
0
{
2249
0
  struct session_state *state = ssh->state;
2250
2251
0
  if (state->set_maxsize_called) {
2252
0
    logit_f("called twice: old %d new %d",
2253
0
        state->max_packet_size, s);
2254
0
    return -1;
2255
0
  }
2256
0
  if (s < 4 * 1024 || s > 1024 * 1024) {
2257
0
    logit_f("bad size %d", s);
2258
0
    return -1;
2259
0
  }
2260
0
  state->set_maxsize_called = 1;
2261
0
  debug_f("setting to %d", s);
2262
0
  state->max_packet_size = s;
2263
0
  return s;
2264
0
}
2265
2266
int
2267
ssh_packet_inc_alive_timeouts(struct ssh *ssh)
2268
0
{
2269
0
  return ++ssh->state->keep_alive_timeouts;
2270
0
}
2271
2272
void
2273
ssh_packet_set_alive_timeouts(struct ssh *ssh, int ka)
2274
0
{
2275
0
  ssh->state->keep_alive_timeouts = ka;
2276
0
}
2277
2278
u_int
2279
ssh_packet_get_maxsize(struct ssh *ssh)
2280
0
{
2281
0
  return ssh->state->max_packet_size;
2282
0
}
2283
2284
void
2285
ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
2286
0
{
2287
0
  debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
2288
0
      (unsigned int)seconds);
2289
0
  ssh->state->rekey_limit = bytes;
2290
0
  ssh->state->rekey_interval = seconds;
2291
0
}
2292
2293
time_t
2294
ssh_packet_get_rekey_timeout(struct ssh *ssh)
2295
0
{
2296
0
  time_t seconds;
2297
2298
0
  seconds = ssh->state->rekey_time + ssh->state->rekey_interval -
2299
0
      monotime();
2300
0
  return (seconds <= 0 ? 1 : seconds);
2301
0
}
2302
2303
void
2304
ssh_packet_set_server(struct ssh *ssh)
2305
35.0k
{
2306
35.0k
  ssh->state->server_side = 1;
2307
35.0k
  ssh->kex->server = 1; /* XXX unify? */
2308
35.0k
}
2309
2310
/* Set the state of the connection to post auth
2311
 * While we are here also decrease the size of
2312
 * packet_max_size to something more reasonable.
2313
 * In this case thats 33k. Which is the size of
2314
 * the largest packet we expect to see and some space
2315
 * for overhead. This reduces memory usage in high
2316
 * BDP environments without impacting performance
2317
 * -cjr 4/11/23 */
2318
void
2319
ssh_packet_set_authenticated(struct ssh *ssh)
2320
0
{
2321
0
  ssh->state->after_authentication = 1;
2322
0
  packet_max_size = SSH_IOBUFSZ + 1024;
2323
0
}
2324
2325
void *
2326
ssh_packet_get_input(struct ssh *ssh)
2327
125k
{
2328
125k
  return (void *)ssh->state->input;
2329
125k
}
2330
2331
void *
2332
ssh_packet_get_output(struct ssh *ssh)
2333
148k
{
2334
148k
  return (void *)ssh->state->output;
2335
148k
}
2336
2337
/* Reset after_authentication and reset compression in post-auth privsep */
2338
static int
2339
ssh_packet_set_postauth(struct ssh *ssh)
2340
0
{
2341
0
  int r;
2342
2343
0
  debug_f("called");
2344
  /* This was set in net child, but is not visible in user child */
2345
0
  ssh->state->after_authentication = 1;
2346
0
  ssh->state->rekeying = 0;
2347
0
  if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0)
2348
0
    return r;
2349
0
  return 0;
2350
0
}
2351
2352
/* Packet state (de-)serialization for privsep */
2353
2354
/* turn kex into a blob for packet state serialization */
2355
static int
2356
kex_to_blob(struct sshbuf *m, struct kex *kex)
2357
0
{
2358
0
  int r;
2359
2360
0
  if ((r = sshbuf_put_u32(m, kex->we_need)) != 0 ||
2361
0
      (r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 ||
2362
0
      (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
2363
0
      (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
2364
0
      (r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
2365
0
      (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 ||
2366
0
      (r = sshbuf_put_stringb(m, kex->my)) != 0 ||
2367
0
      (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
2368
0
      (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
2369
0
      (r = sshbuf_put_stringb(m, kex->server_version)) != 0 ||
2370
0
      (r = sshbuf_put_stringb(m, kex->session_id)) != 0 ||
2371
0
      (r = sshbuf_put_u32(m, kex->flags)) != 0)
2372
0
    return r;
2373
0
  return 0;
2374
0
}
2375
2376
/* turn key exchange results into a blob for packet state serialization */
2377
static int
2378
newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode)
2379
0
{
2380
0
  struct sshbuf *b;
2381
0
  struct sshcipher_ctx *cc;
2382
0
  struct sshcomp *comp;
2383
0
  struct sshenc *enc;
2384
0
  struct sshmac *mac;
2385
0
  struct newkeys *newkey;
2386
0
  int r;
2387
2388
0
  if ((newkey = ssh->state->newkeys[mode]) == NULL)
2389
0
    return SSH_ERR_INTERNAL_ERROR;
2390
0
  enc = &newkey->enc;
2391
0
  mac = &newkey->mac;
2392
0
  comp = &newkey->comp;
2393
0
  cc = (mode == MODE_OUT) ? ssh->state->send_context :
2394
0
      ssh->state->receive_context;
2395
0
  if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0)
2396
0
    return r;
2397
0
  if ((b = sshbuf_new()) == NULL)
2398
0
    return SSH_ERR_ALLOC_FAIL;
2399
0
  if ((r = sshbuf_put_cstring(b, enc->name)) != 0 ||
2400
0
      (r = sshbuf_put_u32(b, enc->enabled)) != 0 ||
2401
0
      (r = sshbuf_put_u32(b, enc->block_size)) != 0 ||
2402
0
      (r = sshbuf_put_string(b, enc->key, enc->key_len)) != 0 ||
2403
0
      (r = sshbuf_put_string(b, enc->iv, enc->iv_len)) != 0)
2404
0
    goto out;
2405
0
  if (cipher_authlen(enc->cipher) == 0) {
2406
0
    if ((r = sshbuf_put_cstring(b, mac->name)) != 0 ||
2407
0
        (r = sshbuf_put_u32(b, mac->enabled)) != 0 ||
2408
0
        (r = sshbuf_put_string(b, mac->key, mac->key_len)) != 0)
2409
0
      goto out;
2410
0
  }
2411
0
  if ((r = sshbuf_put_u32(b, comp->type)) != 0 ||
2412
0
      (r = sshbuf_put_cstring(b, comp->name)) != 0)
2413
0
    goto out;
2414
0
  r = sshbuf_put_stringb(m, b);
2415
0
 out:
2416
0
  sshbuf_free(b);
2417
0
  return r;
2418
0
}
2419
2420
/* serialize packet state into a blob */
2421
int
2422
ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
2423
0
{
2424
0
  struct session_state *state = ssh->state;
2425
0
  int r;
2426
2427
0
  if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
2428
0
      (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 ||
2429
0
      (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 ||
2430
0
      (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 ||
2431
0
      (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 ||
2432
0
      (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 ||
2433
0
      (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 ||
2434
0
      (r = sshbuf_put_u32(m, state->p_send.packets)) != 0 ||
2435
0
      (r = sshbuf_put_u64(m, state->p_send.bytes)) != 0 ||
2436
0
      (r = sshbuf_put_u32(m, state->p_read.seqnr)) != 0 ||
2437
0
      (r = sshbuf_put_u64(m, state->p_read.blocks)) != 0 ||
2438
0
      (r = sshbuf_put_u32(m, state->p_read.packets)) != 0 ||
2439
0
      (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0 ||
2440
0
      (r = sshbuf_put_stringb(m, state->input)) != 0 ||
2441
0
      (r = sshbuf_put_stringb(m, state->output)) != 0)
2442
0
    return r;
2443
2444
0
  return 0;
2445
0
}
2446
2447
/* restore key exchange results from blob for packet state de-serialization */
2448
static int
2449
newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode)
2450
0
{
2451
0
  struct sshbuf *b = NULL;
2452
0
  struct sshcomp *comp;
2453
0
  struct sshenc *enc;
2454
0
  struct sshmac *mac;
2455
0
  struct newkeys *newkey = NULL;
2456
0
  size_t keylen, ivlen, maclen;
2457
0
  int r;
2458
2459
0
  if ((newkey = calloc(1, sizeof(*newkey))) == NULL) {
2460
0
    r = SSH_ERR_ALLOC_FAIL;
2461
0
    goto out;
2462
0
  }
2463
0
  if ((r = sshbuf_froms(m, &b)) != 0)
2464
0
    goto out;
2465
#ifdef DEBUG_PK
2466
  sshbuf_dump(b, stderr);
2467
#endif
2468
0
  enc = &newkey->enc;
2469
0
  mac = &newkey->mac;
2470
0
  comp = &newkey->comp;
2471
2472
0
  if ((r = sshbuf_get_cstring(b, &enc->name, NULL)) != 0 ||
2473
0
      (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 ||
2474
0
      (r = sshbuf_get_u32(b, &enc->block_size)) != 0 ||
2475
0
      (r = sshbuf_get_string(b, &enc->key, &keylen)) != 0 ||
2476
0
      (r = sshbuf_get_string(b, &enc->iv, &ivlen)) != 0)
2477
0
    goto out;
2478
0
  if ((enc->cipher = cipher_by_name(enc->name)) == NULL) {
2479
0
    r = SSH_ERR_INVALID_FORMAT;
2480
0
    goto out;
2481
0
  }
2482
0
  if (cipher_authlen(enc->cipher) == 0) {
2483
0
    if ((r = sshbuf_get_cstring(b, &mac->name, NULL)) != 0)
2484
0
      goto out;
2485
0
    if ((r = mac_setup(mac, mac->name)) != 0)
2486
0
      goto out;
2487
0
    if ((r = sshbuf_get_u32(b, (u_int *)&mac->enabled)) != 0 ||
2488
0
        (r = sshbuf_get_string(b, &mac->key, &maclen)) != 0)
2489
0
      goto out;
2490
0
    if (maclen > mac->key_len) {
2491
0
      r = SSH_ERR_INVALID_FORMAT;
2492
0
      goto out;
2493
0
    }
2494
0
    mac->key_len = maclen;
2495
0
  }
2496
0
  if ((r = sshbuf_get_u32(b, &comp->type)) != 0 ||
2497
0
      (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0)
2498
0
    goto out;
2499
0
  if (sshbuf_len(b) != 0) {
2500
0
    r = SSH_ERR_INVALID_FORMAT;
2501
0
    goto out;
2502
0
  }
2503
0
  enc->key_len = keylen;
2504
0
  enc->iv_len = ivlen;
2505
0
  ssh->kex->newkeys[mode] = newkey;
2506
0
  newkey = NULL;
2507
0
  r = 0;
2508
0
 out:
2509
0
  free(newkey);
2510
0
  sshbuf_free(b);
2511
0
  return r;
2512
0
}
2513
2514
/* restore kex from blob for packet state de-serialization */
2515
static int
2516
kex_from_blob(struct sshbuf *m, struct kex **kexp)
2517
0
{
2518
0
  struct kex *kex;
2519
0
  int r;
2520
2521
0
  if ((kex = kex_new()) == NULL)
2522
0
    return SSH_ERR_ALLOC_FAIL;
2523
0
  if ((r = sshbuf_get_u32(m, &kex->we_need)) != 0 ||
2524
0
      (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 ||
2525
0
      (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
2526
0
      (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
2527
0
      (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
2528
0
      (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 ||
2529
0
      (r = sshbuf_get_stringb(m, kex->my)) != 0 ||
2530
0
      (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
2531
0
      (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
2532
0
      (r = sshbuf_get_stringb(m, kex->server_version)) != 0 ||
2533
0
      (r = sshbuf_get_stringb(m, kex->session_id)) != 0 ||
2534
0
      (r = sshbuf_get_u32(m, &kex->flags)) != 0)
2535
0
    goto out;
2536
0
  kex->server = 1;
2537
0
  kex->done = 1;
2538
0
  r = 0;
2539
0
 out:
2540
0
  if (r != 0 || kexp == NULL) {
2541
0
    kex_free(kex);
2542
0
    if (kexp != NULL)
2543
0
      *kexp = NULL;
2544
0
  } else {
2545
0
    kex_free(*kexp);
2546
0
    *kexp = kex;
2547
0
  }
2548
0
  return r;
2549
0
}
2550
2551
/*
2552
 * Restore packet state from content of blob 'm' (de-serialization).
2553
 * Note that 'm' will be partially consumed on parsing or any other errors.
2554
 */
2555
int
2556
ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2557
0
{
2558
0
  struct session_state *state = ssh->state;
2559
0
  const u_char *input, *output;
2560
0
  size_t ilen, olen;
2561
0
  int r;
2562
2563
0
  if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
2564
0
      (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 ||
2565
0
      (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 ||
2566
0
      (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 ||
2567
0
      (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 ||
2568
0
      (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 ||
2569
0
      (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 ||
2570
0
      (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 ||
2571
0
      (r = sshbuf_get_u64(m, &state->p_send.bytes)) != 0 ||
2572
0
      (r = sshbuf_get_u32(m, &state->p_read.seqnr)) != 0 ||
2573
0
      (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 ||
2574
0
      (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 ||
2575
0
      (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0)
2576
0
    return r;
2577
  /*
2578
   * We set the time here so that in post-auth privsep child we
2579
   * count from the completion of the authentication.
2580
   */
2581
0
  state->rekey_time = monotime();
2582
  /* XXX ssh_set_newkeys overrides p_read.packets? XXX */
2583
0
  if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 ||
2584
0
      (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
2585
0
    return r;
2586
2587
0
  if ((r = ssh_packet_set_postauth(ssh)) != 0)
2588
0
    return r;
2589
2590
0
  sshbuf_reset(state->input);
2591
0
  sshbuf_reset(state->output);
2592
0
  if ((r = sshbuf_get_string_direct(m, &input, &ilen)) != 0 ||
2593
0
      (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 ||
2594
0
      (r = sshbuf_put(state->input, input, ilen)) != 0 ||
2595
0
      (r = sshbuf_put(state->output, output, olen)) != 0)
2596
0
    return r;
2597
2598
0
  if (sshbuf_len(m))
2599
0
    return SSH_ERR_INVALID_FORMAT;
2600
0
  debug3_f("done");
2601
0
  return 0;
2602
0
}
2603
2604
/* NEW API */
2605
2606
/* put data to the outgoing packet */
2607
2608
int
2609
sshpkt_put(struct ssh *ssh, const void *v, size_t len)
2610
0
{
2611
0
  return sshbuf_put(ssh->state->outgoing_packet, v, len);
2612
0
}
2613
2614
int
2615
sshpkt_putb(struct ssh *ssh, const struct sshbuf *b)
2616
20.0k
{
2617
20.0k
  return sshbuf_putb(ssh->state->outgoing_packet, b);
2618
20.0k
}
2619
2620
int
2621
sshpkt_put_u8(struct ssh *ssh, u_char val)
2622
0
{
2623
0
  return sshbuf_put_u8(ssh->state->outgoing_packet, val);
2624
0
}
2625
2626
int
2627
sshpkt_put_u32(struct ssh *ssh, u_int32_t val)
2628
208k
{
2629
208k
  return sshbuf_put_u32(ssh->state->outgoing_packet, val);
2630
208k
}
2631
2632
int
2633
sshpkt_put_u64(struct ssh *ssh, u_int64_t val)
2634
0
{
2635
0
  return sshbuf_put_u64(ssh->state->outgoing_packet, val);
2636
0
}
2637
2638
int
2639
sshpkt_put_string(struct ssh *ssh, const void *v, size_t len)
2640
0
{
2641
0
  return sshbuf_put_string(ssh->state->outgoing_packet, v, len);
2642
0
}
2643
2644
int
2645
sshpkt_put_cstring(struct ssh *ssh, const void *v)
2646
20.8k
{
2647
20.8k
  return sshbuf_put_cstring(ssh->state->outgoing_packet, v);
2648
20.8k
}
2649
2650
int
2651
sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v)
2652
0
{
2653
0
  return sshbuf_put_stringb(ssh->state->outgoing_packet, v);
2654
0
}
2655
2656
int
2657
sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp)
2658
0
{
2659
0
  return sshbuf_froms(ssh->state->incoming_packet, valp);
2660
0
}
2661
2662
#ifdef WITH_OPENSSL
2663
#ifdef OPENSSL_HAS_ECC
2664
int
2665
sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g)
2666
0
{
2667
0
  return sshbuf_put_ec(ssh->state->outgoing_packet, v, g);
2668
0
}
2669
#endif /* OPENSSL_HAS_ECC */
2670
2671
2672
int
2673
sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v)
2674
0
{
2675
0
  return sshbuf_put_bignum2(ssh->state->outgoing_packet, v);
2676
0
}
2677
#endif /* WITH_OPENSSL */
2678
2679
/* fetch data from the incoming packet */
2680
2681
int
2682
sshpkt_get(struct ssh *ssh, void *valp, size_t len)
2683
0
{
2684
0
  return sshbuf_get(ssh->state->incoming_packet, valp, len);
2685
0
}
2686
2687
int
2688
sshpkt_get_u8(struct ssh *ssh, u_char *valp)
2689
145k
{
2690
145k
  return sshbuf_get_u8(ssh->state->incoming_packet, valp);
2691
145k
}
2692
2693
int
2694
sshpkt_get_u32(struct ssh *ssh, u_int32_t *valp)
2695
3.98k
{
2696
3.98k
  return sshbuf_get_u32(ssh->state->incoming_packet, valp);
2697
3.98k
}
2698
2699
int
2700
sshpkt_get_u64(struct ssh *ssh, u_int64_t *valp)
2701
0
{
2702
0
  return sshbuf_get_u64(ssh->state->incoming_packet, valp);
2703
0
}
2704
2705
int
2706
sshpkt_get_string(struct ssh *ssh, u_char **valp, size_t *lenp)
2707
51.1k
{
2708
51.1k
  return sshbuf_get_string(ssh->state->incoming_packet, valp, lenp);
2709
51.1k
}
2710
2711
int
2712
sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp)
2713
0
{
2714
0
  return sshbuf_get_string_direct(ssh->state->incoming_packet, valp, lenp);
2715
0
}
2716
2717
int
2718
sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp)
2719
0
{
2720
0
  return sshbuf_peek_string_direct(ssh->state->incoming_packet, valp, lenp);
2721
0
}
2722
2723
int
2724
sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp)
2725
0
{
2726
0
  return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp);
2727
0
}
2728
2729
#ifdef WITH_OPENSSL
2730
#ifdef OPENSSL_HAS_ECC
2731
int
2732
sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g)
2733
0
{
2734
0
  return sshbuf_get_ec(ssh->state->incoming_packet, v, g);
2735
0
}
2736
#endif /* OPENSSL_HAS_ECC */
2737
2738
int
2739
sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp)
2740
0
{
2741
0
  return sshbuf_get_bignum2(ssh->state->incoming_packet, valp);
2742
0
}
2743
#endif /* WITH_OPENSSL */
2744
2745
int
2746
sshpkt_get_end(struct ssh *ssh)
2747
3.92k
{
2748
3.92k
  if (sshbuf_len(ssh->state->incoming_packet) > 0)
2749
320
    return SSH_ERR_UNEXPECTED_TRAILING_DATA;
2750
3.60k
  return 0;
2751
3.92k
}
2752
2753
const u_char *
2754
sshpkt_ptr(struct ssh *ssh, size_t *lenp)
2755
9.34k
{
2756
9.34k
  if (lenp != NULL)
2757
9.34k
    *lenp = sshbuf_len(ssh->state->incoming_packet);
2758
9.34k
  return sshbuf_ptr(ssh->state->incoming_packet);
2759
9.34k
}
2760
2761
/* start a new packet */
2762
2763
int
2764
sshpkt_start(struct ssh *ssh, u_char type)
2765
228k
{
2766
228k
  u_char buf[6]; /* u32 packet length, u8 pad len, u8 type */
2767
2768
228k
  DBG(debug("packet_start[%d]", type));
2769
228k
  memset(buf, 0, sizeof(buf));
2770
228k
  buf[sizeof(buf) - 1] = type;
2771
228k
  sshbuf_reset(ssh->state->outgoing_packet);
2772
228k
  return sshbuf_put(ssh->state->outgoing_packet, buf, sizeof(buf));
2773
228k
}
2774
2775
static int
2776
ssh_packet_send_mux(struct ssh *ssh)
2777
0
{
2778
0
  struct session_state *state = ssh->state;
2779
0
  u_char type, *cp;
2780
0
  size_t len;
2781
0
  int r;
2782
2783
0
  if (ssh->kex)
2784
0
    return SSH_ERR_INTERNAL_ERROR;
2785
0
  len = sshbuf_len(state->outgoing_packet);
2786
0
  if (len < 6)
2787
0
    return SSH_ERR_INTERNAL_ERROR;
2788
0
  cp = sshbuf_mutable_ptr(state->outgoing_packet);
2789
0
  type = cp[5];
2790
0
  if (ssh_packet_log_type(type))
2791
0
    debug3_f("type %u", type);
2792
  /* drop everything, but the connection protocol */
2793
0
  if (type >= SSH2_MSG_CONNECTION_MIN &&
2794
0
      type <= SSH2_MSG_CONNECTION_MAX) {
2795
0
    POKE_U32(cp, len - 4);
2796
0
    if ((r = sshbuf_putb(state->output,
2797
0
        state->outgoing_packet)) != 0)
2798
0
      return r;
2799
    /* sshbuf_dump(state->output, stderr); */
2800
0
  }
2801
0
  sshbuf_reset(state->outgoing_packet);
2802
0
  return 0;
2803
0
}
2804
2805
/*
2806
 * 9.2.  Ignored Data Message
2807
 *
2808
 *   byte      SSH_MSG_IGNORE
2809
 *   string    data
2810
 *
2811
 * All implementations MUST understand (and ignore) this message at any
2812
 * time (after receiving the protocol version). No implementation is
2813
 * required to send them. This message can be used as an additional
2814
 * protection measure against advanced traffic analysis techniques.
2815
 */
2816
int
2817
sshpkt_msg_ignore(struct ssh *ssh, u_int nbytes)
2818
0
{
2819
0
  u_int32_t rnd = 0;
2820
0
  int r;
2821
0
  u_int i;
2822
2823
0
  if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||
2824
0
      (r = sshpkt_put_u32(ssh, nbytes)) != 0)
2825
0
    return r;
2826
0
  for (i = 0; i < nbytes; i++) {
2827
0
    if (i % 4 == 0)
2828
0
      rnd = arc4random();
2829
0
    if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0)
2830
0
      return r;
2831
0
    rnd >>= 8;
2832
0
  }
2833
0
  return 0;
2834
0
}
2835
2836
/* send it */
2837
2838
int
2839
sshpkt_send(struct ssh *ssh)
2840
228k
{
2841
228k
  if (ssh->state && ssh->state->mux)
2842
0
    return ssh_packet_send_mux(ssh);
2843
228k
  return ssh_packet_send2(ssh);
2844
228k
}
2845
2846
int
2847
sshpkt_disconnect(struct ssh *ssh, const char *fmt,...)
2848
10.4k
{
2849
10.4k
  char buf[1024];
2850
10.4k
  va_list args;
2851
10.4k
  int r;
2852
2853
10.4k
  va_start(args, fmt);
2854
10.4k
  vsnprintf(buf, sizeof(buf), fmt, args);
2855
10.4k
  va_end(args);
2856
2857
10.4k
  debug2_f("sending SSH2_MSG_DISCONNECT: %s", buf);
2858
10.4k
  if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
2859
10.4k
      (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 ||
2860
10.4k
      (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
2861
10.4k
      (r = sshpkt_put_cstring(ssh, "")) != 0 ||
2862
10.4k
      (r = sshpkt_send(ssh)) != 0)
2863
0
    return r;
2864
10.4k
  return 0;
2865
10.4k
}
2866
2867
/* roundup current message to pad bytes */
2868
int
2869
sshpkt_add_padding(struct ssh *ssh, u_char pad)
2870
0
{
2871
0
  ssh->state->extra_pad = pad;
2872
0
  return 0;
2873
0
}
2874
2875
/* used for cipher switching
2876
 * only called in cipher-swtich.c */
2877
void *
2878
ssh_packet_get_send_context(struct ssh *ssh)
2879
0
{
2880
0
        return ssh->state->send_context;
2881
0
}
2882
2883
void *
2884
ssh_packet_get_receive_context(struct ssh *ssh)
2885
0
{
2886
0
        return ssh->state->receive_context;
2887
0
}