/* Flag indicating whether packet compression/decompression is enabled. */
static int packet_compression = 0;
/* Flag indicating whether packet compression/decompression is enabled. */
static int packet_compression = 0;
-void
-clear_enc_keys(Enc *enc, int len)
-{
- memset(enc->iv, 0, len);
- memset(enc->key, 0, len);
- xfree(enc->iv);
- xfree(enc->key);
- enc->iv = NULL;
- enc->key = NULL;
-}
-/*** XXXXX todo: kex means re-init */
+void
+packet_init_compression()
+{
+ if (compression_buffer_ready == 1)
+ return;
+ compression_buffer_ready = 1;
+ buffer_init(&compression_buffer);
+}
+
- buffer_init(&compression_buffer);
- buffer_compress_init(level);
+ packet_init_compression();
+ buffer_compress_init_send(level);
+ buffer_compress_init_recv();
cc = (mode == MODE_OUT) ? &send_context : &receive_context;
if (newkeys[mode] != NULL) {
debug("newkeys: rekeying");
cc = (mode == MODE_OUT) ? &send_context : &receive_context;
if (newkeys[mode] != NULL) {
debug("newkeys: rekeying");
- // free old keys, reset compression cipher-contexts;
+ enc = &newkeys[mode]->enc;
+ mac = &newkeys[mode]->mac;
+ comp = &newkeys[mode]->comp;
+ memset(mac->key, 0, mac->key_len);
+ xfree(enc->name);
+ xfree(enc->iv);
+ xfree(enc->key);
+ xfree(mac->name);
+ xfree(mac->key);
+ xfree(comp->name);
+ xfree(newkeys[mode]);
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->cipher->key_len,
enc->iv, enc->cipher->block_size);
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->cipher->key_len,
enc->iv, enc->cipher->block_size);
- clear_enc_keys(enc, enc->cipher->key_len);
+ memset(enc->iv, 0, enc->cipher->block_size);
+ memset(enc->key, 0, enc->cipher->key_len);
* All implementations MUST understand (and ignore) this message at any
* time (after receiving the protocol version). No implementation is
* required to send them. This message can be used as an additional
* All implementations MUST understand (and ignore) this message at any
* time (after receiving the protocol version). No implementation is
* required to send them. This message can be used as an additional