diff options
author | Jakub Jelen <jjelen@redhat.com> | 2020-04-28 13:09:11 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2020-05-05 14:23:06 +0200 |
commit | 4f976ce5c4a393d528d05a8ef2e270f9ac1d3b96 (patch) | |
tree | 06afe15bf415afeda397952820afbd989df22265 /src/packet_crypt.c | |
parent | 239eef6322d1bca0786a60f68dab3d9b402a41b7 (diff) | |
download | libssh-4f976ce5c4a393d528d05a8ef2e270f9ac1d3b96.tar.gz libssh-4f976ce5c4a393d528d05a8ef2e270f9ac1d3b96.tar.xz libssh-4f976ce5c4a393d528d05a8ef2e270f9ac1d3b96.zip |
packet: Skip HMAC handling if none is selected
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_crypt.c')
-rw-r--r-- | src/packet_crypt.c | 46 |
1 files changed, 25 insertions, 21 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c index b248ae85..c2f7ab02 100644 --- a/src/packet_crypt.c +++ b/src/packet_crypt.c @@ -177,34 +177,38 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len) crypto->hmacbuf, session->send_seq); memcpy(data, out, len); } else { - ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type); - if (ctx == NULL) { - SAFE_FREE(out); - return NULL; - } - - if (!etm) { - hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t)); - hmac_update(ctx, data, len); - hmac_final(ctx, crypto->hmacbuf, &finallen); + if (type != SSH_HMAC_NONE) { + ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type); + if (ctx == NULL) { + SAFE_FREE(out); + return NULL; + } + + if (!etm) { + hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t)); + hmac_update(ctx, data, len); + hmac_final(ctx, crypto->hmacbuf, &finallen); + } } cipher->encrypt(cipher, (uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset); memcpy((uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset); - if (etm) { - PUSH_BE_U32(data, 0, len - etm_packet_offset); - hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t)); - hmac_update(ctx, data, len); - hmac_final(ctx, crypto->hmacbuf, &finallen); - } + if (type != SSH_HMAC_NONE) { + if (etm) { + PUSH_BE_U32(data, 0, len - etm_packet_offset); + hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t)); + hmac_update(ctx, data, len); + hmac_final(ctx, crypto->hmacbuf, &finallen); + } #ifdef DEBUG_CRYPTO - ssh_log_hexdump("mac: ", data, len); - if (finallen != hmac_digest_len(type)) { - printf("Final len is %d\n", finallen); - } - ssh_log_hexdump("Packet hmac", crypto->hmacbuf, hmac_digest_len(type)); + ssh_log_hexdump("mac: ", data, len); + if (finallen != hmac_digest_len(type)) { + printf("Final len is %d\n", finallen); + } + ssh_log_hexdump("Packet hmac", crypto->hmacbuf, hmac_digest_len(type)); #endif + } } explicit_bzero(out, len); SAFE_FREE(out); |