packet: Skip HMAC handling if none is selected

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/packet.c

@@ -1213,7 +1213,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
                 if (crypto != NULL) {
                     mac = packet_second_block + packet_remaining;
 
-                    if (etm) {
+                    if (crypto->in_hmac != SSH_HMAC_NONE && etm) {
                         rc = ssh_packet_hmac_verify(session,
                                                     data,
                                                     processed,
@@ -1243,7 +1243,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
                         }
                     }
 
-                    if (!etm) {
+                    if (crypto->in_hmac != SSH_HMAC_NONE && !etm) {
                         rc = ssh_packet_hmac_verify(session,
                                                     ssh_buffer_get(session->in_buffer),
                                                     ssh_buffer_get_len(session->in_buffer),
@@ -1684,6 +1684,9 @@ static int packet_send2(ssh_session session)
     hmac = ssh_packet_encrypt(session,
                               ssh_buffer_get(session->out_buffer),
                               ssh_buffer_get_len(session->out_buffer));
+    /* XXX This returns null before switching on crypto, with none MAC
+     * and on various errors.
+     * We should distinguish between these cases to avoid hiding errors. */
     if (hmac != NULL) {
         rc = ssh_buffer_add_data(session->out_buffer,
                                  hmac,

src/packet_crypt.c

@@ -177,34 +177,38 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
             crypto->hmacbuf, session->send_seq);
       memcpy(data, out, len);
   } else {
-      ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type);
-      if (ctx == NULL) {
-        SAFE_FREE(out);
-        return NULL;
-      }
+      if (type != SSH_HMAC_NONE) {
+          ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type);
+          if (ctx == NULL) {
+              SAFE_FREE(out);
+              return NULL;
+          }
 
-      if (!etm) {
-          hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
-          hmac_update(ctx, data, len);
-          hmac_final(ctx, crypto->hmacbuf, &finallen);
+          if (!etm) {
+              hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
+              hmac_update(ctx, data, len);
+              hmac_final(ctx, crypto->hmacbuf, &finallen);
+          }
       }
 
       cipher->encrypt(cipher, (uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset);
       memcpy((uint8_t*)data + etm_packet_offset, out, len - etm_packet_offset);
 
-      if (etm) {
-          PUSH_BE_U32(data, 0, len - etm_packet_offset);
-          hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
-          hmac_update(ctx, data, len);
-          hmac_final(ctx, crypto->hmacbuf, &finallen);
-      }
+      if (type != SSH_HMAC_NONE) {
+          if (etm) {
+              PUSH_BE_U32(data, 0, len - etm_packet_offset);
+              hmac_update(ctx, (unsigned char *)&seq, sizeof(uint32_t));
+              hmac_update(ctx, data, len);
+              hmac_final(ctx, crypto->hmacbuf, &finallen);
+          }
 #ifdef DEBUG_CRYPTO
-      ssh_log_hexdump("mac: ", data, len);
-      if (finallen != hmac_digest_len(type)) {
-          printf("Final len is %d\n", finallen);
-      }
-      ssh_log_hexdump("Packet hmac", crypto->hmacbuf, hmac_digest_len(type));
+          ssh_log_hexdump("mac: ", data, len);
+          if (finallen != hmac_digest_len(type)) {
+              printf("Final len is %d\n", finallen);
+          }
+          ssh_log_hexdump("Packet hmac", crypto->hmacbuf, hmac_digest_len(type));
 #endif
+      }
   }
   explicit_bzero(out, len);
   SAFE_FREE(out);