From: djm <djm@openbsd.org>
Date: Sun, 30 Apr 2017 23:23:54 +0000 (+0000)
Subject: remove SSHv1 support from packet and buffer APIs
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b2a4bdcc9489722ab31810b15144f0735b7d39b2;p=openbsd

remove SSHv1 support from packet and buffer APIs

ok markus@
---

diff --git a/usr.bin/ssh/bufbn.c b/usr.bin/ssh/bufbn.c
index 0a519ed2d7b..2f4f728eb0f 100644
--- a/usr.bin/ssh/bufbn.c
+++ b/usr.bin/ssh/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */
+/* $OpenBSD: bufbn.c,v 1.13 2017/04/30 23:23:54 djm Exp $ */
 
 /*
  * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
@@ -24,43 +24,6 @@
 #include "log.h"
 #include "ssherr.h"
 
-int
-buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
-{
-	int ret;
-
-	if ((ret = sshbuf_put_bignum1(buffer, value)) != 0) {
-		error("%s: %s", __func__, ssh_err(ret));
-		return -1;
-	}
-	return 0;
-}
-
-void
-buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
-{
-	if (buffer_put_bignum_ret(buffer, value) == -1)
-		fatal("%s: buffer error", __func__);
-}
-
-int
-buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
-{
-	int ret;
-
-	if ((ret = sshbuf_get_bignum1(buffer, value)) != 0) {
-		error("%s: %s", __func__, ssh_err(ret));
-		return -1;
-	}
-	return 0;
-}
-
-void
-buffer_get_bignum(Buffer *buffer, BIGNUM *value)
-{
-	if (buffer_get_bignum_ret(buffer, value) == -1)
-		fatal("%s: buffer error", __func__);
-}
 
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
diff --git a/usr.bin/ssh/buffer.h b/usr.bin/ssh/buffer.h
index 072e23e6a3d..875d8afc9f5 100644
--- a/usr.bin/ssh/buffer.h
+++ b/usr.bin/ssh/buffer.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */
+/* $OpenBSD: buffer.h,v 1.26 2017/04/30 23:23:54 djm Exp $ */
 
 /*
  * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
@@ -47,9 +47,7 @@ int	 buffer_get_ret(Buffer *, void *, u_int);
 int	 buffer_consume_ret(Buffer *, u_int);
 int	 buffer_consume_end_ret(Buffer *, u_int);
 
-void    buffer_put_bignum(Buffer *, const BIGNUM *);
 void    buffer_put_bignum2(Buffer *, const BIGNUM *);
-void	buffer_get_bignum(Buffer *, BIGNUM *);
 void	buffer_get_bignum2(Buffer *, BIGNUM *);
 void	buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int);
 
@@ -73,8 +71,6 @@ void	buffer_put_cstring(Buffer *, const char *);
 
 #define buffer_skip_string(b) (void)buffer_get_string_ptr(b, NULL);
 
-int	buffer_put_bignum_ret(Buffer *, const BIGNUM *);
-int	buffer_get_bignum_ret(Buffer *, BIGNUM *);
 int	buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
 int	buffer_get_bignum2_ret(Buffer *, BIGNUM *);
 int	buffer_get_short_ret(u_short *, Buffer *);
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 08ec93481ab..60bc507990f 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.249 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.250 2017/04/30 23:23:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1385,153 +1385,6 @@ ssh_packet_read_expect(struct ssh *ssh, u_int expected_type)
 	return 0;
 }
 
-/* Checks if a full packet is available in the data received so far via
- * packet_process_incoming.  If so, reads the packet; otherwise returns
- * SSH_MSG_NONE.  This does not wait for data from the connection.
- *
- * SSH_MSG_DISCONNECT is handled specially here.  Also,
- * SSH_MSG_IGNORE messages are skipped by this function and are never returned
- * to higher levels.
- */
-
-int
-ssh_packet_read_poll1(struct ssh *ssh, u_char *typep)
-{
-	struct session_state *state = ssh->state;
-	u_int len, padded_len;
-	const char *emsg;
-	const u_char *cp;
-	u_char *p;
-	u_int checksum, stored_checksum;
-	int r;
-
-	*typep = SSH_MSG_NONE;
-
-	/* Check if input size is less than minimum packet size. */
-	if (sshbuf_len(state->input) < 4 + 8)
-		return 0;
-	/* Get length of incoming packet. */
-	len = PEEK_U32(sshbuf_ptr(state->input));
-	if (len < 1 + 2 + 2 || len > 256 * 1024) {
-		if ((r = sshpkt_disconnect(ssh, "Bad packet length %u",
-		    len)) != 0)
-			return r;
-		return SSH_ERR_CONN_CORRUPT;
-	}
-	padded_len = (len + 8) & ~7;
-
-	/* Check if the packet has been entirely received. */
-	if (sshbuf_len(state->input) < 4 + padded_len)
-		return 0;
-
-	/* The entire packet is in buffer. */
-
-	/* Consume packet length. */
-	if ((r = sshbuf_consume(state->input, 4)) != 0)
-		goto out;
-
-	/*
-	 * Cryptographic attack detector for ssh
-	 * (C)1998 CORE-SDI, Buenos Aires Argentina
-	 * Ariel Futoransky(futo@core-sdi.com)
-	 */
-	if (!cipher_ctx_is_plaintext(state->receive_context)) {
-		emsg = NULL;
-		switch (detect_attack(&state->deattack,
-		    sshbuf_ptr(state->input), padded_len)) {
-		case DEATTACK_OK:
-			break;
-		case DEATTACK_DETECTED:
-			emsg = "crc32 compensation attack detected";
-			break;
-		case DEATTACK_DOS_DETECTED:
-			emsg = "deattack denial of service detected";
-			break;
-		default:
-			emsg = "deattack error";
-			break;
-		}
-		if (emsg != NULL) {
-			error("%s", emsg);
-			if ((r = sshpkt_disconnect(ssh, "%s", emsg)) != 0 ||
-			    (r = ssh_packet_write_wait(ssh)) != 0)
-					return r;
-			return SSH_ERR_CONN_CORRUPT;
-		}
-	}
-
-	/* Decrypt data to incoming_packet. */
-	sshbuf_reset(state->incoming_packet);
-	if ((r = sshbuf_reserve(state->incoming_packet, padded_len, &p)) != 0)
-		goto out;
-	if ((r = cipher_crypt(state->receive_context, 0, p,
-	    sshbuf_ptr(state->input), padded_len, 0, 0)) != 0)
-		goto out;
-
-	if ((r = sshbuf_consume(state->input, padded_len)) != 0)
-		goto out;
-
-#ifdef PACKET_DEBUG
-	fprintf(stderr, "read_poll plain: ");
-	sshbuf_dump(state->incoming_packet, stderr);
-#endif
-
-	/* Compute packet checksum. */
-	checksum = ssh_crc32(sshbuf_ptr(state->incoming_packet),
-	    sshbuf_len(state->incoming_packet) - 4);
-
-	/* Skip padding. */
-	if ((r = sshbuf_consume(state->incoming_packet, 8 - len % 8)) != 0)
-		goto out;
-
-	/* Test check bytes. */
-	if (len != sshbuf_len(state->incoming_packet)) {
-		error("%s: len %d != sshbuf_len %zd", __func__,
-		    len, sshbuf_len(state->incoming_packet));
-		if ((r = sshpkt_disconnect(ssh, "invalid packet length")) != 0 ||
-		    (r = ssh_packet_write_wait(ssh)) != 0)
-			return r;
-		return SSH_ERR_CONN_CORRUPT;
-	}
-
-	cp = sshbuf_ptr(state->incoming_packet) + len - 4;
-	stored_checksum = PEEK_U32(cp);
-	if (checksum != stored_checksum) {
-		error("Corrupted check bytes on input");
-		if ((r = sshpkt_disconnect(ssh, "connection corrupted")) != 0 ||
-		    (r = ssh_packet_write_wait(ssh)) != 0)
-			return r;
-		return SSH_ERR_CONN_CORRUPT;
-	}
-	if ((r = sshbuf_consume_end(state->incoming_packet, 4)) < 0)
-		goto out;
-
-	if (state->packet_compression) {
-		sshbuf_reset(state->compression_buffer);
-		if ((r = uncompress_buffer(ssh, state->incoming_packet,
-		    state->compression_buffer)) != 0)
-			goto out;
-		sshbuf_reset(state->incoming_packet);
-		if ((r = sshbuf_putb(state->incoming_packet,
-		    state->compression_buffer)) != 0)
-			goto out;
-	}
-	state->p_read.packets++;
-	state->p_read.bytes += padded_len + 4;
-	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
-		goto out;
-	if (*typep < SSH_MSG_MIN || *typep > SSH_MSG_MAX) {
-		error("Invalid ssh1 packet type: %d", *typep);
-		if ((r = sshpkt_disconnect(ssh, "invalid packet type")) != 0 ||
-		    (r = ssh_packet_write_wait(ssh)) != 0)
-			return r;
-		return SSH_ERR_PROTOCOL_ERROR;
-	}
-	r = 0;
- out:
-	return r;
-}
-
 static int
 ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h
index 5169246a3e5..d8695465e56 100644
--- a/usr.bin/ssh/packet.h
+++ b/usr.bin/ssh/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.77 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.78 2017/04/30 23:23:54 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -104,7 +104,6 @@ int	 ssh_packet_send2(struct ssh *);
 int      ssh_packet_read(struct ssh *);
 int	 ssh_packet_read_expect(struct ssh *, u_int type);
 int      ssh_packet_read_poll(struct ssh *);
-int ssh_packet_read_poll1(struct ssh *, u_char *);
 int ssh_packet_read_poll2(struct ssh *, u_char *, u_int32_t *seqnr_p);
 int	 ssh_packet_process_incoming(struct ssh *, const char *buf, u_int len);
 int      ssh_packet_read_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p);
@@ -167,7 +166,6 @@ int	sshpkt_put_string(struct ssh *ssh, const void *v, size_t len);
 int	sshpkt_put_cstring(struct ssh *ssh, const void *v);
 int	sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v);
 int	sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g);
-int	sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v);
 int	sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v);
 
 int	sshpkt_get(struct ssh *ssh, void *valp, size_t len);
@@ -178,7 +176,6 @@ int	sshpkt_get_string(struct ssh *ssh, u_char **valp, size_t *lenp);
 int	sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp);
 int	sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp);
 int	sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g);
-int	sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v);
 int	sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v);
 int	sshpkt_get_end(struct ssh *ssh);
 const u_char	*sshpkt_ptr(struct ssh *, size_t *lenp);