Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-5]: src/crypto/dist/ssh Pull up revision 1.2 (requested by tosh...



details:   https://anonhg.NetBSD.org/src/rev/d4c9136b6153
branches:  netbsd-1-5
changeset: 490523:d4c9136b6153
user:      jhawk <jhawk%NetBSD.org@localhost>
date:      Thu Jan 25 19:53:32 2001 +0000

description:
Pull up revision 1.2 (requested by toshii):
  Set TCP_NODELAY interactive IPv6 connections.

diffstat:

 crypto/dist/ssh/packet.c |  1319 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 1319 insertions(+), 0 deletions(-)

diffs (truncated from 1323 to 300 lines):

diff -r 3528da6839d6 -r d4c9136b6153 crypto/dist/ssh/packet.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/packet.c  Thu Jan 25 19:53:32 2001 +0000
@@ -0,0 +1,1319 @@
+/*     $NetBSD: packet.c,v 1.1.1.1.2.2 2001/01/25 19:53:32 jhawk Exp $ */
+
+/*
+ * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
+ * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
+ *                    All rights reserved
+ * This file contains code implementing the packet protocol and communication
+ * with the other side.  This same code is used both on client and server side.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ *
+ * SSH2 packet format added by Markus Friedl.
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* from OpenBSD: packet.c,v 1.35 2000/09/07 20:27:52 deraadt Exp */
+
+#include <sys/cdefs.h>
+#ifndef lint
+__RCSID("$NetBSD: packet.c,v 1.1.1.1.2.2 2001/01/25 19:53:32 jhawk Exp $");
+#endif
+
+#include "includes.h"
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "packet.h"
+#include "bufaux.h"
+#include "ssh.h"
+#include "crc32.h"
+#include "cipher.h"
+#include "getput.h"
+
+#include "compress.h"
+#include "deattack.h"
+#include "channels.h"
+
+#include "compat.h"
+#include "ssh2.h"
+
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include "buffer.h"
+#include "kex.h"
+#include "hmac.h"
+
+#ifdef PACKET_DEBUG
+#define DBG(x) x
+#else
+#define DBG(x)
+#endif
+
+/*
+ * This variable contains the file descriptors used for communicating with
+ * the other side.  connection_in is used for reading; connection_out for
+ * writing.  These can be the same descriptor, in which case it is assumed to
+ * be a socket.
+ */
+static int connection_in = -1;
+static int connection_out = -1;
+
+/*
+ * Cipher type.  This value is only used to determine whether to pad the
+ * packets with zeroes or random data.
+ */
+static int cipher_type = SSH_CIPHER_NONE;
+
+/* Protocol flags for the remote side. */
+static unsigned int remote_protocol_flags = 0;
+
+/* Encryption context for receiving data.  This is only used for decryption. */
+static CipherContext receive_context;
+
+/* Encryption context for sending data.  This is only used for encryption. */
+static CipherContext send_context;
+
+/* Buffer for raw input data from the socket. */
+static Buffer input;
+
+/* Buffer for raw output data going to the socket. */
+static Buffer output;
+
+/* Buffer for the partial outgoing packet being constructed. */
+static Buffer outgoing_packet;
+
+/* Buffer for the incoming packet currently being processed. */
+static Buffer incoming_packet;
+
+/* Scratch buffer for packet compression/decompression. */
+static Buffer compression_buffer;
+
+/* Flag indicating whether packet compression/decompression is enabled. */
+static int packet_compression = 0;
+
+/* default maximum packet size */
+int max_packet_size = 32768;
+
+/* Flag indicating whether this module has been initialized. */
+static int initialized = 0;
+
+/* Set to true if the connection is interactive. */
+static int interactive_mode = 0;
+
+/* True if SSH2 packet format is used */
+int use_ssh2_packet_format = 0;
+
+/* Session key information for Encryption and MAC */
+Kex    *kex = NULL;
+
+void
+packet_set_kex(Kex *k)
+{
+       if( k->mac[MODE_IN ].key == NULL ||
+           k->enc[MODE_IN ].key == NULL ||
+           k->enc[MODE_IN ].iv  == NULL ||
+           k->mac[MODE_OUT].key == NULL ||
+           k->enc[MODE_OUT].key == NULL ||
+           k->enc[MODE_OUT].iv  == NULL)
+               fatal("bad KEX");
+       kex = k;
+}
+static void
+clear_enc_keys(Enc *enc, int len)
+{
+       memset(enc->iv,  0, len);
+       memset(enc->key, 0, len);
+       xfree(enc->iv);
+       xfree(enc->key);
+       enc->iv = NULL;
+       enc->key = NULL;
+}
+void
+packet_set_ssh2_format(void)
+{
+       DBG(debug("use_ssh2_packet_format"));
+       use_ssh2_packet_format = 1;
+}
+
+/*
+ * Sets the descriptors used for communication.  Disables encryption until
+ * packet_set_encryption_key is called.
+ */
+void
+packet_set_connection(int fd_in, int fd_out)
+{
+       connection_in = fd_in;
+       connection_out = fd_out;
+       cipher_type = SSH_CIPHER_NONE;
+       cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);
+       cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);
+       if (!initialized) {
+               initialized = 1;
+               buffer_init(&input);
+               buffer_init(&output);
+               buffer_init(&outgoing_packet);
+               buffer_init(&incoming_packet);
+       }
+       /* Kludge: arrange the close function to be called from fatal(). */
+       fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
+}
+
+/* Returns 1 if remote host is connected via socket, 0 if not. */
+
+int
+packet_connection_is_on_socket()
+{
+       struct sockaddr_storage from, to;
+       socklen_t fromlen, tolen;
+
+       /* filedescriptors in and out are the same, so it's a socket */
+       if (connection_in == connection_out)
+               return 1;
+       fromlen = sizeof(from);
+       memset(&from, 0, sizeof(from));
+       if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
+               return 0;
+       tolen = sizeof(to);
+       memset(&to, 0, sizeof(to));
+       if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
+               return 0;
+       if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
+               return 0;
+       if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
+               return 0;
+       return 1;
+}
+
+/* returns 1 if connection is via ipv4 */
+
+int
+packet_connection_is_ipv4()
+{
+       struct sockaddr_storage to;
+       socklen_t tolen = sizeof(to);
+
+       memset(&to, 0, sizeof(to));
+       if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
+               return 0;
+       if (to.ss_family != AF_INET)
+               return 0;
+       return 1;
+}
+
+/* Sets the connection into non-blocking mode. */
+
+void
+packet_set_nonblocking()
+{
+       /* Set the socket into non-blocking mode. */
+       if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0)
+               error("fcntl O_NONBLOCK: %.100s", strerror(errno));
+
+       if (connection_out != connection_in) {
+               if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0)
+                       error("fcntl O_NONBLOCK: %.100s", strerror(errno));
+       }
+}
+
+/* Returns the socket used for reading. */
+
+int
+packet_get_connection_in()
+{
+       return connection_in;
+}
+
+/* Returns the descriptor used for writing. */
+
+int
+packet_get_connection_out()
+{
+       return connection_out;
+}
+
+/* Closes the connection and clears and frees internal data structures. */
+
+void
+packet_close()
+{
+       if (!initialized)
+               return;
+       initialized = 0;
+       if (connection_in == connection_out) {
+               shutdown(connection_out, SHUT_RDWR);
+               close(connection_out);
+       } else {
+               close(connection_in);
+               close(connection_out);
+       }
+       buffer_free(&input);
+       buffer_free(&output);
+       buffer_free(&outgoing_packet);
+       buffer_free(&incoming_packet);
+       if (packet_compression) {
+               buffer_free(&compression_buffer);
+               buffer_compress_uninit();
+       }
+}
+
+/* Sets remote side protocol flags. */
+
+void
+packet_set_protocol_flags(unsigned int protocol_flags)
+{
+       remote_protocol_flags = protocol_flags;
+       channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0);
+}
+
+/* Returns the remote protocol flags set earlier by the above function. */



Home | Main Index | Thread Index | Old Index