From b717efb577621773a1c53952fb5fd8482e7b9c37 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 17 Nov 2008 14:04:14 +0000 Subject: [PATCH 1/4] Only use -lcrypt for Dropbear server binary --HG-- extra : convert_revision : 7d3d93a5f58d60933277ab6f2595d662e5fb1815 --- Makefile.in | 2 +- configure.in | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.in b/Makefile.in index 3e6c855..e1a64fd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -25,7 +25,7 @@ COMMONOBJS=dbutil.o buffer.o \ SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \ svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\ - svr-tcpfwd.o svr-authpam.o + svr-tcpfwd.o svr-authpam.o $(CRYPTLIB) CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \ cli-session.o cli-service.o cli-runopts.o cli-chansession.o \ diff --git a/configure.in b/configure.in index 52a75e0..c7149e8 100644 --- a/configure.in +++ b/configure.in @@ -82,7 +82,8 @@ AC_CHECK_DECL(__UCLIBC__, ],,,) # Checks for libraries. -AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") +AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt") +AC_SUBST(CRYPTLIB) # Check if zlib is needed AC_ARG_WITH(zlib, From 8158e952b9433c60f9a1699fa8090aab556b325b Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 18 Nov 2008 12:53:02 +0000 Subject: [PATCH 2/4] - Use the right variable notation --HG-- extra : convert_revision : 8d1eddd800cc6c405f2b3eaad148433c0d6bc0c8 --- Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in index e1a64fd..4c8441f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -25,7 +25,7 @@ COMMONOBJS=dbutil.o buffer.o \ SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \ svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\ - svr-tcpfwd.o svr-authpam.o $(CRYPTLIB) + svr-tcpfwd.o svr-authpam.o @CRYPTLIB@ CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \ cli-session.o cli-service.o cli-runopts.o cli-chansession.o \ From c04cc62ebf00f170f0713a4beb845a842b5f0bf1 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 18 Nov 2008 12:53:39 +0000 Subject: [PATCH 3/4] - Allow building with neither server nor client specified --HG-- extra : convert_revision : d9a8b717bf65021efa4c61c34faf24d050d95da4 --- sysoptions.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sysoptions.h b/sysoptions.h index c98e1ec..2de1184 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -202,5 +202,8 @@ #define IS_DROPBEAR_CLIENT 1 #else -#error You must compiled with either DROPBEAR_CLIENT or DROPBEAR_SERVER selected +/* Just building key utils? */ +#define IS_DROPBEAR_SERVER 0 +#define IS_DROPBEAR_CLIENT 0 + #endif From cca4e1a0809c2798f47115888d4f176bd6c13f29 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 25 Feb 2009 14:04:02 +0000 Subject: [PATCH 4/4] - Don't be dumb and encrypt/decrypt in a while() loop - why did I do this?? --HG-- extra : convert_revision : c8e1b84cfe874887ad7df0dd95a00de46dbc0136 --- packet.c | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/packet.c b/packet.c index 870d5d8..2c98a34 100644 --- a/packet.c +++ b/packet.c @@ -240,17 +240,16 @@ void decrypt_packet() { buf_setpos(ses.decryptreadbuf, blocksize); /* decrypt it */ - while (ses.readbuf->pos < ses.readbuf->len - macsize) { - if (ses.keys->recv_crypt_mode->decrypt( - buf_getptr(ses.readbuf, blocksize), - buf_getwriteptr(ses.decryptreadbuf, blocksize), - blocksize, - &ses.keys->recv_cipher_state) != CRYPT_OK) { - dropbear_exit("error decrypting"); - } - buf_incrpos(ses.readbuf, blocksize); - buf_incrwritepos(ses.decryptreadbuf, blocksize); + len = ses.readbuf->len - macsize - ses.readbuf->pos; + if (ses.keys->recv_crypt_mode->decrypt( + buf_getptr(ses.readbuf, len), + buf_getwriteptr(ses.decryptreadbuf, len), + len, + &ses.keys->recv_cipher_state) != CRYPT_OK) { + dropbear_exit("error decrypting"); } + buf_incrpos(ses.readbuf, len); + buf_incrwritepos(ses.decryptreadbuf, len); /* check the hmac */ buf_setpos(ses.readbuf, ses.readbuf->len - macsize); @@ -454,7 +453,7 @@ void encrypt_packet() { buffer * writebuf; /* the packet which will go on the wire */ buffer * clearwritebuf; /* unencrypted, possibly compressed */ unsigned char type; - unsigned int clear_len; + unsigned int len; type = ses.writepayload->data[0]; TRACE(("enter encrypt_packet()")) @@ -474,12 +473,12 @@ void encrypt_packet() { /* Encrypted packet len is payload+5, then worst case is if we are 3 away * from a blocksize multiple. In which case we need to pad to the * multiple, then add another blocksize (or MIN_PACKET_LEN) */ - clear_len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3; + len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3; #ifndef DISABLE_ZLIB - clear_len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/ + len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/ #endif - clearwritebuf = buf_new(clear_len); + clearwritebuf = buf_new(len); buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF); buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF); @@ -531,17 +530,16 @@ void encrypt_packet() { writebuf = buf_new(clearwritebuf->len + macsize); /* encrypt it */ - while (clearwritebuf->pos < clearwritebuf->len) { - if (ses.keys->trans_crypt_mode->encrypt( - buf_getptr(clearwritebuf, blocksize), - buf_getwriteptr(writebuf, blocksize), - blocksize, - &ses.keys->trans_cipher_state) != CRYPT_OK) { - dropbear_exit("error encrypting"); - } - buf_incrpos(clearwritebuf, blocksize); - buf_incrwritepos(writebuf, blocksize); + len = clearwritebuf->len; + if (ses.keys->trans_crypt_mode->encrypt( + buf_getptr(clearwritebuf, len), + buf_getwriteptr(writebuf, len), + len, + &ses.keys->trans_cipher_state) != CRYPT_OK) { + dropbear_exit("error encrypting"); } + buf_incrpos(clearwritebuf, len); + buf_incrwritepos(writebuf, len); /* now add a hmac and we're done */ writemac(writebuf, clearwritebuf);