From 367fd0cb3555fbc2d8f1dd32da1831bbeb888a08 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 15 Apr 2009 08:04:33 +0000 Subject: Improve packet_encrypt(). git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@480 7dcaeef0-15fb-0310-b436-a5af3365683c --- libssh/crypt.c | 91 ++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 37 deletions(-) (limited to 'libssh/crypt.c') diff --git a/libssh/crypt.c b/libssh/crypt.c index b5c9109..39361c1 100644 --- a/libssh/crypt.c +++ b/libssh/crypt.c @@ -81,53 +81,70 @@ int packet_decrypt(SSH_SESSION *session, void *data,u32 len) { return 0; } -unsigned char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){ - struct crypto_struct *crypto; - HMACCTX ctx; - char *out; - unsigned int finallen; - u32 seq=ntohl(session->send_seq); - if(!session->current_crypto) - return NULL; /* nothing to do here */ - crypto= session->current_crypto->out_cipher; - ssh_log(session,SSH_LOG_PACKET,"encrypting packet with seq num: %d, len: %d",session->send_seq,len); +unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) { + struct crypto_struct *crypto = NULL; + HMACCTX ctx = NULL; + char *out = NULL; + unsigned int finallen; + u32 seq; + + if (!session->current_crypto) { + return NULL; /* nothing to do here */ + } + + out = malloc(len); + if (out == NULL) { + return NULL; + } + + seq = ntohl(session->send_seq); + crypto = session->current_crypto->out_cipher; + + ssh_log(session, SSH_LOG_PACKET, + "Encrypting packet with seq num: %d, len: %d", + session->send_seq,len); + #ifdef HAVE_LIBGCRYPT - crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey,session->current_crypto->encryptIV); + crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey, + session->current_crypto->encryptIV); #elif defined HAVE_LIBCRYPTO - crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey); + crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey); #endif - out = malloc(len); - if (out == NULL) { + + if (session->version == 2) { + ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); + if (ctx == NULL) { + SAFE_FREE(out); return NULL; } - if(session->version==2){ - ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); - if (ctx == NULL) { - SAFE_FREE(out); - return NULL; - } - hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); - hmac_update(ctx,data,len); - hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); + hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); + hmac_update(ctx,data,len); + hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); #ifdef DEBUG_CRYPTO - ssh_print_hexa("mac :",data,len); - if(finallen!=20) - printf("Final len is %d\n",finallen); - ssh_print_hexa("packet hmac",session->current_crypto->hmacbuf,20); -#endif + ssh_print_hexa("mac: ",data,len); + if (finallen != 20) { + printf("Final len is %d\n",finallen); } + ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20); +#endif + } + #ifdef HAVE_LIBGCRYPT - crypto->cbc_encrypt(crypto,data,out,len); + crypto->cbc_encrypt(crypto, data, out, len); #elif defined HAVE_LIBCRYPTO - crypto->cbc_encrypt(crypto,data,out,len,session->current_crypto->encryptIV); + crypto->cbc_encrypt(crypto, data, out, len, + session->current_crypto->encryptIV); #endif - memcpy(data,out,len); - memset(out,0,len); - free(out); - if(session->version==2) - return session->current_crypto->hmacbuf; - else - return NULL; + + memcpy(data, out, len); + memset(out, 0, len); + SAFE_FREE(out); + + if (session->version == 2) { + return session->current_crypto->hmacbuf; + } + + return NULL; } /* TODO FIXME think about the return value isn't 0 enough and -1 on error */ -- cgit v1.2.3