aboutsummaryrefslogtreecommitdiff
path: root/libssh/crypt.c
diff options
context:
space:
mode:
authorAndreas Schneider <mail@cynapses.org>2009-04-15 08:04:33 +0000
committerAndreas Schneider <mail@cynapses.org>2009-04-15 08:04:33 +0000
commit367fd0cb3555fbc2d8f1dd32da1831bbeb888a08 (patch)
treee192d1dfe618c3d10474dcfe00a64ea01210e932 /libssh/crypt.c
parentc50da458d1b903966a87fada1d702f3927040c3e (diff)
downloadlibssh-367fd0cb3555fbc2d8f1dd32da1831bbeb888a08.tar.gz
libssh-367fd0cb3555fbc2d8f1dd32da1831bbeb888a08.tar.xz
libssh-367fd0cb3555fbc2d8f1dd32da1831bbeb888a08.zip
Improve packet_encrypt().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@480 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'libssh/crypt.c')
-rw-r--r--libssh/crypt.c91
1 files changed, 54 insertions, 37 deletions
diff --git a/libssh/crypt.c b/libssh/crypt.c
index b5c9109..39361c1 100644
--- a/libssh/crypt.c
+++ b/libssh/crypt.c
@@ -81,53 +81,70 @@ int packet_decrypt(SSH_SESSION *session, void *data,u32 len) {
return 0;
}
-unsigned char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){
- struct crypto_struct *crypto;
- HMACCTX ctx;
- char *out;
- unsigned int finallen;
- u32 seq=ntohl(session->send_seq);
- if(!session->current_crypto)
- return NULL; /* nothing to do here */
- crypto= session->current_crypto->out_cipher;
- ssh_log(session,SSH_LOG_PACKET,"encrypting packet with seq num: %d, len: %d",session->send_seq,len);
+unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) {
+ struct crypto_struct *crypto = NULL;
+ HMACCTX ctx = NULL;
+ char *out = NULL;
+ unsigned int finallen;
+ u32 seq;
+
+ if (!session->current_crypto) {
+ return NULL; /* nothing to do here */
+ }
+
+ out = malloc(len);
+ if (out == NULL) {
+ return NULL;
+ }
+
+ seq = ntohl(session->send_seq);
+ crypto = session->current_crypto->out_cipher;
+
+ ssh_log(session, SSH_LOG_PACKET,
+ "Encrypting packet with seq num: %d, len: %d",
+ session->send_seq,len);
+
#ifdef HAVE_LIBGCRYPT
- crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey,session->current_crypto->encryptIV);
+ crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey,
+ session->current_crypto->encryptIV);
#elif defined HAVE_LIBCRYPTO
- crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey);
+ crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey);
#endif
- out = malloc(len);
- if (out == NULL) {
+
+ if (session->version == 2) {
+ ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);
+ if (ctx == NULL) {
+ SAFE_FREE(out);
return NULL;
}
- if(session->version==2){
- ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);
- if (ctx == NULL) {
- SAFE_FREE(out);
- return NULL;
- }
- hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
- hmac_update(ctx,data,len);
- hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
+ hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
+ hmac_update(ctx,data,len);
+ hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
#ifdef DEBUG_CRYPTO
- ssh_print_hexa("mac :",data,len);
- if(finallen!=20)
- printf("Final len is %d\n",finallen);
- ssh_print_hexa("packet hmac",session->current_crypto->hmacbuf,20);
-#endif
+ ssh_print_hexa("mac: ",data,len);
+ if (finallen != 20) {
+ printf("Final len is %d\n",finallen);
}
+ ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20);
+#endif
+ }
+
#ifdef HAVE_LIBGCRYPT
- crypto->cbc_encrypt(crypto,data,out,len);
+ crypto->cbc_encrypt(crypto, data, out, len);
#elif defined HAVE_LIBCRYPTO
- crypto->cbc_encrypt(crypto,data,out,len,session->current_crypto->encryptIV);
+ crypto->cbc_encrypt(crypto, data, out, len,
+ session->current_crypto->encryptIV);
#endif
- memcpy(data,out,len);
- memset(out,0,len);
- free(out);
- if(session->version==2)
- return session->current_crypto->hmacbuf;
- else
- return NULL;
+
+ memcpy(data, out, len);
+ memset(out, 0, len);
+ SAFE_FREE(out);
+
+ if (session->version == 2) {
+ return session->current_crypto->hmacbuf;
+ }
+
+ return NULL;
}
/* TODO FIXME think about the return value isn't 0 enough and -1 on error */