Work around the CPNI-957037 Plaintext Recovery Attack by always

reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
author: markus <markus@openbsd.org> 2009-01-26 09:58:15 +0000
committer: markus <markus@openbsd.org> 2009-01-26 09:58:15 +0000
commit: b27b5adb29224d951b88e3ae01d600b5660dcda4 (patch)
tree: 7c1edc0da7fb93700bb7c2e93f5309e93a269b71 /usr.bin/ssh/cipher.h
parent: memcpy needs a prototype which is in systm.h (diff)
download: wireguard-openbsd-b27b5adb29224d951b88e3ae01d600b5660dcda4.tar.xz
wireguard-openbsd-b27b5adb29224d951b88e3ae01d600b5660dcda4.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h
index 49bbc1682b9..3dd2270bbe9 100644
--- a/usr.bin/ssh/cipher.h
+++ b/usr.bin/ssh/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -81,6 +81,7 @@ void	 cipher_cleanup(CipherContext *);
 void	 cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
 u_int	 cipher_blocksize(const Cipher *);
 u_int	 cipher_keylen(const Cipher *);
+u_int	 cipher_is_cbc(const Cipher *);
 
 u_int	 cipher_get_number(const Cipher *);
 void	 cipher_get_keyiv(CipherContext *, u_char *, u_int);
author	markus <markus@openbsd.org>	2009-01-26 09:58:15 +0000
committer	markus <markus@openbsd.org>	2009-01-26 09:58:15 +0000
commit	b27b5adb29224d951b88e3ae01d600b5660dcda4 (patch)
tree	7c1edc0da7fb93700bb7c2e93f5309e93a269b71 /usr.bin/ssh/cipher.h
parent	memcpy needs a prototype which is in systm.h (diff)
download	wireguard-openbsd-b27b5adb29224d951b88e3ae01d600b5660dcda4.tar.xz wireguard-openbsd-b27b5adb29224d951b88e3ae01d600b5660dcda4.zip