projects / u / mdw / putty / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c677cad) | patch
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
authorben <ben@cda61777-01e9-0310-a592-d414129be87e>
Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)
committerben <ben@cda61777-01e9-0310-a592-d414129be87e>
Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)
commit9916cc1e8d26f1caef36fc1ee525819e6ca62f42
tree89e66486c3ed62120b7235adf3f8724bc58642f5tree | snapshot (tar.gz zip)
parentc677cad690637a1ceaf6e039dcdbd3a267ad3c86commit | diff
Mitigation for VU#958563:  When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.

This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.

git-svn-id: svn://svn.tartarus.org/sgt/putty@8334 cda61777-01e9-0310-a592-d414129be87e
ssh.c diff | blob | blame | history
ssh.h diff | blob | blame | history
sshmd5.c diff | blob | blame | history
sshsha.c diff | blob | blame | history
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator