]> asedeno.scripts.mit.edu Git - PuTTY.git/commit
projects / PuTTY.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5eabee) | patch
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
authorBen Harris <bjh21@bjh21.me.uk>
Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)
committerBen Harris <bjh21@bjh21.me.uk>
Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)
commit86c183f8e884f32ae3b1a6091e9043acfd43df94
tree89e66486c3ed62120b7235adf3f8724bc58642f5tree | snapshot
parente5eabee3c0473a5c10367e1d91264a3db1b977e2commit | diff
Mitigation for VU#958563:  When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.

This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.

[originally from svn r8334]
ssh.c diff | blob | history
ssh.h diff | blob | history
sshmd5.c diff | blob | history
sshsha.c diff | blob | history
local copy of git://git.tartarus.org/simon/putty.git