- markus@cvs.openbsd.org 2009/01/26 09:58:15

[cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
author: Damien Miller <djm@mindrot.org> 2009-01-28 06:38:41 +0100
committer: Damien Miller <djm@mindrot.org> 2009-01-28 06:38:41 +0100
commit: 13ae44ce5865b720708aae9cb1d2e2f08a0d90cb (patch)
tree: b9acd30c2e1edfa1a4b7dcc26b8c11f8ea77b855 /cipher.h
parent: - naddy@cvs.openbsd.org 2009/01/24 17:10:22 (diff)
download: openssh-13ae44ce5865b720708aae9cb1d2e2f08a0d90cb.tar.xz
openssh-13ae44ce5865b720708aae9cb1d2e2f08a0d90cb.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/cipher.h b/cipher.h
index 49bbc1682..3dd2270bb 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -81,6 +81,7 @@ void	 cipher_cleanup(CipherContext *);
 void	 cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
 u_int	 cipher_blocksize(const Cipher *);
 u_int	 cipher_keylen(const Cipher *);
+u_int	 cipher_is_cbc(const Cipher *);
 
 u_int	 cipher_get_number(const Cipher *);
 void	 cipher_get_keyiv(CipherContext *, u_char *, u_int);
author	Damien Miller <djm@mindrot.org>	2009-01-28 06:38:41 +0100
committer	Damien Miller <djm@mindrot.org>	2009-01-28 06:38:41 +0100
commit	13ae44ce5865b720708aae9cb1d2e2f08a0d90cb (patch)
tree	b9acd30c2e1edfa1a4b7dcc26b8c11f8ea77b855 /cipher.h
parent	- naddy@cvs.openbsd.org 2009/01/24 17:10:22 (diff)
download	openssh-13ae44ce5865b720708aae9cb1d2e2f08a0d90cb.tar.xz openssh-13ae44ce5865b720708aae9cb1d2e2f08a0d90cb.zip