mirror of
https://github.com/clearml/dropbear
synced 2025-03-09 13:30:45 +00:00
Pointer parameter could be declared as pointing to const
This commit is contained in:
Francois Perrad
parent
468656b4aa
commit
89e64c631e
@ -40,8 +40,8 @@
|
||||
/* client functions */
|
||||
void cli_load_agent_keys(m_list * ret_list);
|
||||
void agent_buf_sign(buffer *sigblob, sign_key *key,
|
||||
buffer *data_buf);
|
||||
void cli_setup_agent(struct Channel *channel);
|
||||
const buffer *data_buf);
|
||||
void cli_setup_agent(const struct Channel *channel);
|
||||
|
||||
#ifdef __hpux
|
||||
#define seteuid(a) setresuid(-1, (a), -1)
|
||||
@ -56,7 +56,7 @@ extern const struct ChanType cli_chan_agent;
|
||||
|
||||
int svr_agentreq(struct ChanSess * chansess);
|
||||
void svr_agentcleanup(struct ChanSess * chansess);
|
||||
void svr_agentset(struct ChanSess *chansess);
|
||||
void svr_agentset(const struct ChanSess *chansess);
|
||||
|
||||
#endif /* DROPBEAR_SVR_AGENTFWD */
|
||||
|
||||
|
||||
6
algo.h
6
algo.h
@ -112,8 +112,8 @@ struct dropbear_kex {
|
||||
const struct ltc_hash_descriptor *hash_desc;
|
||||
};
|
||||
|
||||
int have_algo(char* algo, size_t algolen, algo_type algos[]);
|
||||
void buf_put_algolist(buffer * buf, algo_type localalgos[]);
|
||||
int have_algo(const char* algo, size_t algolen, const algo_type algos[]);
|
||||
void buf_put_algolist(buffer * buf, const algo_type localalgos[]);
|
||||
|
||||
enum kexguess2_used {
|
||||
KEXGUESS2_LOOK,
|
||||
@ -131,7 +131,7 @@ algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
|
||||
#if DROPBEAR_USER_ALGO_LIST
|
||||
int check_user_algos(const char* user_algo_list, algo_type * algos,
|
||||
const char *algo_desc);
|
||||
char * algolist_string(algo_type algos[]);
|
||||
char * algolist_string(const algo_type algos[]);
|
||||
#endif
|
||||
|
||||
enum {
|
||||
|
||||
4
auth.h
4
auth.h
@ -36,7 +36,7 @@ void cli_authinitialise(void);
|
||||
void recv_msg_userauth_request(void);
|
||||
void send_msg_userauth_failure(int partial, int incrfail);
|
||||
void send_msg_userauth_success(void);
|
||||
void send_msg_userauth_banner(buffer *msg);
|
||||
void send_msg_userauth_banner(const buffer *msg);
|
||||
void svr_auth_password(void);
|
||||
void svr_auth_pubkey(void);
|
||||
void svr_auth_pam(void);
|
||||
@ -74,7 +74,7 @@ void cli_pubkeyfail(void);
|
||||
void cli_auth_password(void);
|
||||
int cli_auth_pubkey(void);
|
||||
void cli_auth_interactive(void);
|
||||
char* getpass_or_cancel(char* prompt);
|
||||
char* getpass_or_cancel(const char* prompt);
|
||||
void cli_auth_pubkey_cleanup(void);
|
||||
|
||||
|
||||
|
||||
8
buffer.c
8
buffer.c
@ -67,7 +67,7 @@ void buf_free(buffer* buf) {
|
||||
}
|
||||
|
||||
/* overwrite the contents of the buffer to clear it */
|
||||
void buf_burn(buffer* buf) {
|
||||
void buf_burn(const buffer* buf) {
|
||||
|
||||
m_burn(buf->data, buf->size);
|
||||
|
||||
@ -91,7 +91,7 @@ buffer* buf_resize(buffer *buf, unsigned int newsize) {
|
||||
|
||||
/* Create a copy of buf, allocating required memory etc. */
|
||||
/* The new buffer is sized the same as the length of the source buffer. */
|
||||
buffer* buf_newcopy(buffer* buf) {
|
||||
buffer* buf_newcopy(const buffer* buf) {
|
||||
|
||||
buffer* ret;
|
||||
|
||||
@ -184,7 +184,7 @@ void buf_putbyte(buffer* buf, unsigned char val) {
|
||||
|
||||
/* returns an in-place pointer to the buffer, checking that
|
||||
* the next len bytes from that position can be used */
|
||||
unsigned char* buf_getptr(buffer* buf, unsigned int len) {
|
||||
unsigned char* buf_getptr(const buffer* buf, unsigned int len) {
|
||||
|
||||
if (len > BUF_MAX_INCR || buf->pos + len > buf->len) {
|
||||
dropbear_exit("Bad buf_getptr");
|
||||
@ -194,7 +194,7 @@ unsigned char* buf_getptr(buffer* buf, unsigned int len) {
|
||||
|
||||
/* like buf_getptr, but checks against total size, not used length.
|
||||
* This allows writing past the used length, but not past the size */
|
||||
unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
|
||||
unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) {
|
||||
|
||||
if (len > BUF_MAX_INCR || buf->pos + len > buf->size) {
|
||||
dropbear_exit("Bad buf_getwriteptr");
|
||||
|
||||
8
buffer.h
8
buffer.h
@ -44,8 +44,8 @@ buffer * buf_new(unsigned int size);
|
||||
/* Possibly returns a new buffer*, like realloc() */
|
||||
buffer * buf_resize(buffer *buf, unsigned int newsize);
|
||||
void buf_free(buffer* buf);
|
||||
void buf_burn(buffer* buf);
|
||||
buffer* buf_newcopy(buffer* buf);
|
||||
void buf_burn(const buffer* buf);
|
||||
buffer* buf_newcopy(const buffer* buf);
|
||||
void buf_setlen(buffer* buf, unsigned int len);
|
||||
void buf_incrlen(buffer* buf, unsigned int incr);
|
||||
void buf_setpos(buffer* buf, unsigned int pos);
|
||||
@ -54,8 +54,8 @@ void buf_incrwritepos(buffer* buf, unsigned int incr);
|
||||
unsigned char buf_getbyte(buffer* buf);
|
||||
unsigned char buf_getbool(buffer* buf);
|
||||
void buf_putbyte(buffer* buf, unsigned char val);
|
||||
unsigned char* buf_getptr(buffer* buf, unsigned int len);
|
||||
unsigned char* buf_getwriteptr(buffer* buf, unsigned int len);
|
||||
unsigned char* buf_getptr(const buffer* buf, unsigned int len);
|
||||
unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len);
|
||||
char* buf_getstring(buffer* buf, unsigned int *retlen);
|
||||
buffer * buf_getstringbuf(buffer *buf);
|
||||
void buf_eatstring(buffer *buf);
|
||||
|
||||
@ -107,7 +107,7 @@ void channel_connect_done(int result, int sock, void* user_data, const char* err
|
||||
void chaninitialise(const struct ChanType *chantypes[]);
|
||||
void chancleanup(void);
|
||||
void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads);
|
||||
void channelio(fd_set *readfd, fd_set *writefd);
|
||||
void channelio(const fd_set *readfd, const fd_set *writefd);
|
||||
struct Channel* getchannel(void);
|
||||
/* Returns an arbitrary channel that is in a ready state - not
|
||||
being initialised and no EOF in either direction. NULL if none. */
|
||||
@ -115,8 +115,8 @@ struct Channel* get_any_ready_channel(void);
|
||||
|
||||
void recv_msg_channel_open(void);
|
||||
void recv_msg_channel_request(void);
|
||||
void send_msg_channel_failure(struct Channel *channel);
|
||||
void send_msg_channel_success(struct Channel *channel);
|
||||
void send_msg_channel_failure(const struct Channel *channel);
|
||||
void send_msg_channel_success(const struct Channel *channel);
|
||||
void recv_msg_channel_data(void);
|
||||
void recv_msg_channel_extended_data(void);
|
||||
void recv_msg_channel_window_adjust(void);
|
||||
@ -135,7 +135,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type);
|
||||
void recv_msg_channel_open_confirmation(void);
|
||||
void recv_msg_channel_open_failure(void);
|
||||
#endif
|
||||
void start_send_channel_request(struct Channel *channel, char *type);
|
||||
void start_send_channel_request(const struct Channel *channel, const char *type);
|
||||
|
||||
void send_msg_request_success(void);
|
||||
void send_msg_request_failure(void);
|
||||
|
||||
@ -56,19 +56,19 @@ void cbuf_free(circbuffer * cbuf) {
|
||||
m_free(cbuf);
|
||||
}
|
||||
|
||||
unsigned int cbuf_getused(circbuffer * cbuf) {
|
||||
unsigned int cbuf_getused(const circbuffer * cbuf) {
|
||||
|
||||
return cbuf->used;
|
||||
|
||||
}
|
||||
|
||||
unsigned int cbuf_getavail(circbuffer * cbuf) {
|
||||
unsigned int cbuf_getavail(const circbuffer * cbuf) {
|
||||
|
||||
return cbuf->size - cbuf->used;
|
||||
|
||||
}
|
||||
|
||||
unsigned int cbuf_writelen(circbuffer *cbuf) {
|
||||
unsigned int cbuf_writelen(const circbuffer *cbuf) {
|
||||
|
||||
dropbear_assert(cbuf->used <= cbuf->size);
|
||||
dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
|
||||
@ -86,7 +86,7 @@ unsigned int cbuf_writelen(circbuffer *cbuf) {
|
||||
return cbuf->size - cbuf->writepos;
|
||||
}
|
||||
|
||||
void cbuf_readptrs(circbuffer *cbuf,
|
||||
void cbuf_readptrs(const circbuffer *cbuf,
|
||||
unsigned char **p1, unsigned int *len1,
|
||||
unsigned char **p2, unsigned int *len2) {
|
||||
*p1 = &cbuf->data[cbuf->readpos];
|
||||
|
||||
@ -38,12 +38,12 @@ typedef struct circbuf circbuffer;
|
||||
circbuffer * cbuf_new(unsigned int size);
|
||||
void cbuf_free(circbuffer * cbuf);
|
||||
|
||||
unsigned int cbuf_getused(circbuffer * cbuf); /* how much data stored */
|
||||
unsigned int cbuf_getavail(circbuffer * cbuf); /* how much we can write */
|
||||
unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */
|
||||
unsigned int cbuf_getused(const circbuffer * cbuf); /* how much data stored */
|
||||
unsigned int cbuf_getavail(const circbuffer * cbuf); /* how much we can write */
|
||||
unsigned int cbuf_writelen(const circbuffer *cbuf); /* max linear write len */
|
||||
|
||||
/* returns pointers to the two portions of the circular buffer that can be read */
|
||||
void cbuf_readptrs(circbuffer *cbuf,
|
||||
void cbuf_readptrs(const circbuffer *cbuf,
|
||||
unsigned char **p1, unsigned int *len1,
|
||||
unsigned char **p2, unsigned int *len2);
|
||||
unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len);
|
||||
|
||||
@ -108,7 +108,7 @@ static int new_agent_chan(struct Channel * channel) {
|
||||
data Any data, depending on packet type. Encoding as in the ssh packet
|
||||
protocol.
|
||||
*/
|
||||
static buffer * agent_request(unsigned char type, buffer *data) {
|
||||
static buffer * agent_request(unsigned char type, const buffer *data) {
|
||||
|
||||
buffer * payload = NULL;
|
||||
buffer * inbuf = NULL;
|
||||
@ -230,7 +230,7 @@ out:
|
||||
}
|
||||
}
|
||||
|
||||
void cli_setup_agent(struct Channel *channel) {
|
||||
void cli_setup_agent(const struct Channel *channel) {
|
||||
if (!getenv("SSH_AUTH_SOCK")) {
|
||||
return;
|
||||
}
|
||||
@ -254,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
|
||||
}
|
||||
|
||||
void agent_buf_sign(buffer *sigblob, sign_key *key,
|
||||
buffer *data_buf) {
|
||||
const buffer *data_buf) {
|
||||
buffer *request_data = NULL;
|
||||
buffer *response = NULL;
|
||||
unsigned int siglen;
|
||||
|
||||
@ -331,7 +331,7 @@ int cli_auth_try() {
|
||||
#if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH
|
||||
/* A helper for getpass() that exits if the user cancels. The returned
|
||||
* password is statically allocated by getpass() */
|
||||
char* getpass_or_cancel(char* prompt)
|
||||
char* getpass_or_cancel(const char* prompt)
|
||||
{
|
||||
char* password = NULL;
|
||||
|
||||
|
||||
@ -121,7 +121,7 @@ void recv_msg_userauth_pk_ok() {
|
||||
}
|
||||
|
||||
void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
|
||||
buffer *data_buf) {
|
||||
const buffer *data_buf) {
|
||||
#if DROPBEAR_CLI_AGENTFWD
|
||||
if (key->source == SIGNKEY_SOURCE_AGENT) {
|
||||
/* Format the agent signature ourselves, as buf_put_sign would. */
|
||||
|
||||
@ -38,8 +38,8 @@
|
||||
static void cli_closechansess(struct Channel *channel);
|
||||
static int cli_initchansess(struct Channel *channel);
|
||||
static void cli_chansessreq(struct Channel *channel);
|
||||
static void send_chansess_pty_req(struct Channel *channel);
|
||||
static void send_chansess_shell_req(struct Channel *channel);
|
||||
static void send_chansess_pty_req(const struct Channel *channel);
|
||||
static void send_chansess_shell_req(const struct Channel *channel);
|
||||
static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len);
|
||||
static int cli_init_netcat(struct Channel *channel);
|
||||
|
||||
@ -270,7 +270,7 @@ void cli_chansess_winchange() {
|
||||
cli_ses.winchange = 0;
|
||||
}
|
||||
|
||||
static void send_chansess_pty_req(struct Channel *channel) {
|
||||
static void send_chansess_pty_req(const struct Channel *channel) {
|
||||
|
||||
char* term = NULL;
|
||||
|
||||
@ -303,7 +303,7 @@ static void send_chansess_pty_req(struct Channel *channel) {
|
||||
TRACE(("leave send_chansess_pty_req"))
|
||||
}
|
||||
|
||||
static void send_chansess_shell_req(struct Channel *channel) {
|
||||
static void send_chansess_shell_req(const struct Channel *channel) {
|
||||
|
||||
char* reqtype = NULL;
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
#include "ecc.h"
|
||||
|
||||
|
||||
static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
|
||||
static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen);
|
||||
#define MAX_KNOWNHOSTS_LINE 4500
|
||||
|
||||
void send_msg_kexdh_init() {
|
||||
@ -185,7 +185,7 @@ void recv_msg_kexdh_reply() {
|
||||
TRACE(("leave recv_msg_kexdh_init"))
|
||||
}
|
||||
|
||||
static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen,
|
||||
static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen,
|
||||
const char* algoname) {
|
||||
|
||||
char* fp = NULL;
|
||||
@ -282,7 +282,7 @@ out:
|
||||
return hostsfile;
|
||||
}
|
||||
|
||||
static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
|
||||
static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen) {
|
||||
|
||||
FILE *hostsfile = NULL;
|
||||
int readonly = 0;
|
||||
|
||||
@ -314,7 +314,7 @@ algo_type sshkex[] = {
|
||||
* against.
|
||||
* Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
|
||||
* otherwise */
|
||||
int have_algo(char* algo, size_t algolen, algo_type algos[]) {
|
||||
int have_algo(const char* algo, size_t algolen, const algo_type algos[]) {
|
||||
|
||||
int i;
|
||||
|
||||
@ -329,7 +329,7 @@ int have_algo(char* algo, size_t algolen, algo_type algos[]) {
|
||||
}
|
||||
|
||||
/* Output a comma separated list of algorithms to a buffer */
|
||||
void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
|
||||
void buf_put_algolist(buffer * buf, const algo_type localalgos[]) {
|
||||
|
||||
unsigned int i, len;
|
||||
unsigned int donefirst = 0;
|
||||
@ -501,7 +501,7 @@ get_algo_usable(algo_type algos[], const char * algo_name)
|
||||
#if DROPBEAR_USER_ALGO_LIST
|
||||
|
||||
char *
|
||||
algolist_string(algo_type algos[])
|
||||
algolist_string(const algo_type algos[])
|
||||
{
|
||||
char *ret_list;
|
||||
buffer *b = buf_new(200);
|
||||
|
||||
@ -38,18 +38,18 @@
|
||||
|
||||
static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
|
||||
const char *text, const char *lang);
|
||||
static void send_msg_channel_open_confirmation(struct Channel* channel,
|
||||
static void send_msg_channel_open_confirmation(const struct Channel* channel,
|
||||
unsigned int recvwindow,
|
||||
unsigned int recvmaxpacket);
|
||||
static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf,
|
||||
const unsigned char *moredata, unsigned int *morelen);
|
||||
static void send_msg_channel_window_adjust(struct Channel *channel,
|
||||
static void send_msg_channel_window_adjust(const struct Channel *channel,
|
||||
unsigned int incr);
|
||||
static void send_msg_channel_data(struct Channel *channel, int isextended);
|
||||
static void send_msg_channel_eof(struct Channel *channel);
|
||||
static void send_msg_channel_close(struct Channel *channel);
|
||||
static void remove_channel(struct Channel *channel);
|
||||
static unsigned int write_pending(struct Channel * channel);
|
||||
static unsigned int write_pending(const struct Channel * channel);
|
||||
static void check_close(struct Channel *channel);
|
||||
static void close_chan_fd(struct Channel *channel, int fd, int how);
|
||||
|
||||
@ -198,7 +198,7 @@ struct Channel* getchannel() {
|
||||
}
|
||||
|
||||
/* Iterate through the channels, performing IO if available */
|
||||
void channelio(fd_set *readfds, fd_set *writefds) {
|
||||
void channelio(const fd_set *readfds, const fd_set *writefds) {
|
||||
|
||||
/* Listeners such as TCP, X11, agent-auth */
|
||||
struct Channel *channel;
|
||||
@ -262,7 +262,7 @@ void channelio(fd_set *readfds, fd_set *writefds) {
|
||||
|
||||
/* Returns true if there is data remaining to be written to stdin or
|
||||
* stderr of a channel's endpoint. */
|
||||
static unsigned int write_pending(struct Channel * channel) {
|
||||
static unsigned int write_pending(const struct Channel * channel) {
|
||||
|
||||
if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
|
||||
return 1;
|
||||
@ -903,7 +903,7 @@ void recv_msg_channel_window_adjust() {
|
||||
|
||||
/* Increment the incoming data window for a channel, and let the remote
|
||||
* end know */
|
||||
static void send_msg_channel_window_adjust(struct Channel* channel,
|
||||
static void send_msg_channel_window_adjust(const struct Channel* channel,
|
||||
unsigned int incr) {
|
||||
|
||||
TRACE(("sending window adjust %d", incr))
|
||||
@ -1008,7 +1008,7 @@ cleanup:
|
||||
}
|
||||
|
||||
/* Send a failure message */
|
||||
void send_msg_channel_failure(struct Channel *channel) {
|
||||
void send_msg_channel_failure(const struct Channel *channel) {
|
||||
|
||||
TRACE(("enter send_msg_channel_failure"))
|
||||
CHECKCLEARTOWRITE();
|
||||
@ -1021,7 +1021,7 @@ void send_msg_channel_failure(struct Channel *channel) {
|
||||
}
|
||||
|
||||
/* Send a success message */
|
||||
void send_msg_channel_success(struct Channel *channel) {
|
||||
void send_msg_channel_success(const struct Channel *channel) {
|
||||
|
||||
TRACE(("enter send_msg_channel_success"))
|
||||
CHECKCLEARTOWRITE();
|
||||
@ -1053,7 +1053,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
|
||||
|
||||
/* Confirm a channel open, and let the remote end know what number we've
|
||||
* allocated and the receive parameters */
|
||||
static void send_msg_channel_open_confirmation(struct Channel* channel,
|
||||
static void send_msg_channel_open_confirmation(const struct Channel* channel,
|
||||
unsigned int recvwindow,
|
||||
unsigned int recvmaxpacket) {
|
||||
|
||||
@ -1239,8 +1239,8 @@ struct Channel* get_any_ready_channel() {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void start_send_channel_request(struct Channel *channel,
|
||||
char *type) {
|
||||
void start_send_channel_request(const struct Channel *channel,
|
||||
const char *type) {
|
||||
|
||||
CHECKCLEARTOWRITE();
|
||||
buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
|
||||
|
||||
@ -714,7 +714,7 @@ void free_kexcurve25519_param(struct kex_curve25519_param *param)
|
||||
m_free(param);
|
||||
}
|
||||
|
||||
void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them,
|
||||
void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them,
|
||||
sign_key *hostkey) {
|
||||
unsigned char out[CURVE25519_LEN];
|
||||
const unsigned char* Q_C = NULL;
|
||||
|
||||
@ -141,7 +141,7 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
void addrandom(unsigned char * buf, unsigned int len)
|
||||
void addrandom(const unsigned char * buf, unsigned int len)
|
||||
{
|
||||
hash_state hs;
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
|
||||
void seedrandom(void);
|
||||
void genrandom(unsigned char* buf, unsigned int len);
|
||||
void addrandom(unsigned char * buf, unsigned int len);
|
||||
void addrandom(const unsigned char * buf, unsigned int len);
|
||||
void gen_random_mpint(mp_int *max, mp_int *rand);
|
||||
|
||||
#endif /* DROPBEAR_RANDOM_H_ */
|
||||
|
||||
8
dss.c
8
dss.c
@ -127,7 +127,7 @@ void dss_key_free(dropbear_dss_key *key) {
|
||||
* mpint g
|
||||
* mpint y
|
||||
*/
|
||||
void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
|
||||
void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) {
|
||||
|
||||
dropbear_assert(key != NULL);
|
||||
buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
|
||||
@ -139,7 +139,7 @@ void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
|
||||
}
|
||||
|
||||
/* Same as buf_put_dss_pub_key, but with the private "x" key appended */
|
||||
void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
|
||||
void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key) {
|
||||
|
||||
dropbear_assert(key != NULL);
|
||||
buf_put_dss_pub_key(buf, key);
|
||||
@ -150,7 +150,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
|
||||
#if DROPBEAR_SIGNKEY_VERIFY
|
||||
/* Verify a DSS signature (in buf) made on data by the key given.
|
||||
* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
||||
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
|
||||
int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
|
||||
unsigned char msghash[SHA1_HASH_SIZE];
|
||||
hash_state hs;
|
||||
int ret = DROPBEAR_FAILURE;
|
||||
@ -255,7 +255,7 @@ out:
|
||||
|
||||
/* Sign the data presented with key, writing the signature contents
|
||||
* to the buffer */
|
||||
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
|
||||
void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
|
||||
unsigned char msghash[SHA1_HASH_SIZE];
|
||||
unsigned int writelen;
|
||||
unsigned int i;
|
||||
|
||||
8
dss.h
8
dss.h
@ -44,14 +44,14 @@ typedef struct {
|
||||
#define DSS_P_BITS 1024
|
||||
#define DSS_Q_BITS 160
|
||||
|
||||
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
|
||||
void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
|
||||
#if DROPBEAR_SIGNKEY_VERIFY
|
||||
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
|
||||
int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
|
||||
#endif
|
||||
int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
|
||||
int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
|
||||
void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key);
|
||||
void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key);
|
||||
void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key);
|
||||
void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key);
|
||||
void dss_key_free(dropbear_dss_key *key);
|
||||
|
||||
#endif /* DROPBEAR_DSS */
|
||||
|
||||
4
ecc.c
4
ecc.c
@ -82,7 +82,7 @@ ecc_key * new_ecc_key(void) {
|
||||
|
||||
/* Copied from libtomcrypt ecc_import.c (version there is static), modified
|
||||
for different mp_int pointer without LTC_SOURCE */
|
||||
static int ecc_is_point(ecc_key *key)
|
||||
static int ecc_is_point(const ecc_key *key)
|
||||
{
|
||||
mp_int *prime, *b, *t1, *t2;
|
||||
int err;
|
||||
@ -213,7 +213,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *c
|
||||
|
||||
/* a modified version of libtomcrypt's "ecc_shared_secret" to output
|
||||
a mp_int instead. */
|
||||
mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
|
||||
mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key)
|
||||
{
|
||||
ecc_point *result = NULL;
|
||||
mp_int *prime = NULL, *shared_secret = NULL;
|
||||
|
||||
2
ecc.h
2
ecc.h
@ -29,7 +29,7 @@ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
|
||||
ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
|
||||
int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
|
||||
|
||||
mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
|
||||
mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key);
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
6
ecdsa.c
6
ecdsa.c
@ -15,7 +15,7 @@ int signkey_is_ecdsa(enum signkey_type type)
|
||||
|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
|
||||
}
|
||||
|
||||
enum signkey_type ecdsa_signkey_type(ecc_key * key) {
|
||||
enum signkey_type ecdsa_signkey_type(const ecc_key * key) {
|
||||
#if DROPBEAR_ECC_256
|
||||
if (key->dp == ecc_curve_nistp256.dp) {
|
||||
return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
|
||||
@ -154,7 +154,7 @@ void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
|
||||
buf_putmpint(buf, key->k);
|
||||
}
|
||||
|
||||
void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) {
|
||||
void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) {
|
||||
/* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
|
||||
int err = DROPBEAR_FAILURE;
|
||||
struct dropbear_ecc_curve *curve = NULL;
|
||||
@ -272,7 +272,7 @@ out:
|
||||
}
|
||||
|
||||
|
||||
int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
|
||||
int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) {
|
||||
/* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
|
||||
int ret = DROPBEAR_FAILURE;
|
||||
hash_state hs;
|
||||
|
||||
6
ecdsa.h
6
ecdsa.h
@ -23,10 +23,10 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf);
|
||||
ecc_key *buf_get_ecdsa_priv_key(buffer *buf);
|
||||
void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key);
|
||||
void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key);
|
||||
enum signkey_type ecdsa_signkey_type(ecc_key * key);
|
||||
enum signkey_type ecdsa_signkey_type(const ecc_key * key);
|
||||
|
||||
void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf);
|
||||
int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf);
|
||||
void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf);
|
||||
int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf);
|
||||
/* Returns 1 on success */
|
||||
int signkey_is_ecdsa(enum signkey_type type);
|
||||
|
||||
|
||||
20
gendss.c
20
gendss.c
@ -37,11 +37,11 @@
|
||||
|
||||
#if DROPBEAR_DSS
|
||||
|
||||
static void getq(dropbear_dss_key *key);
|
||||
static void getp(dropbear_dss_key *key, unsigned int size);
|
||||
static void getg(dropbear_dss_key *key);
|
||||
static void getx(dropbear_dss_key *key);
|
||||
static void gety(dropbear_dss_key *key);
|
||||
static void getq(const dropbear_dss_key *key);
|
||||
static void getp(const dropbear_dss_key *key, unsigned int size);
|
||||
static void getg(const dropbear_dss_key *key);
|
||||
static void getx(const dropbear_dss_key *key);
|
||||
static void gety(const dropbear_dss_key *key);
|
||||
|
||||
dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
|
||||
|
||||
@ -65,7 +65,7 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
|
||||
|
||||
}
|
||||
|
||||
static void getq(dropbear_dss_key *key) {
|
||||
static void getq(const dropbear_dss_key *key) {
|
||||
|
||||
unsigned char buf[QSIZE];
|
||||
|
||||
@ -83,7 +83,7 @@ static void getq(dropbear_dss_key *key) {
|
||||
}
|
||||
}
|
||||
|
||||
static void getp(dropbear_dss_key *key, unsigned int size) {
|
||||
static void getp(const dropbear_dss_key *key, unsigned int size) {
|
||||
|
||||
DEF_MP_INT(tempX);
|
||||
DEF_MP_INT(tempC);
|
||||
@ -142,7 +142,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
|
||||
m_free(buf);
|
||||
}
|
||||
|
||||
static void getg(dropbear_dss_key * key) {
|
||||
static void getg(const dropbear_dss_key * key) {
|
||||
|
||||
DEF_MP_INT(div);
|
||||
DEF_MP_INT(h);
|
||||
@ -179,12 +179,12 @@ static void getg(dropbear_dss_key * key) {
|
||||
mp_clear_multi(&div, &h, &val, NULL);
|
||||
}
|
||||
|
||||
static void getx(dropbear_dss_key *key) {
|
||||
static void getx(const dropbear_dss_key *key) {
|
||||
|
||||
gen_random_mpint(key->q, key->x);
|
||||
}
|
||||
|
||||
static void gety(dropbear_dss_key *key) {
|
||||
static void gety(const dropbear_dss_key *key) {
|
||||
|
||||
if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
|
||||
fprintf(stderr, "DSS key generation failed\n");
|
||||
|
||||
2
kex.h
2
kex.h
@ -50,7 +50,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
|
||||
#if DROPBEAR_CURVE25519
|
||||
struct kex_curve25519_param *gen_kexcurve25519_param(void);
|
||||
void free_kexcurve25519_param(struct kex_curve25519_param *param);
|
||||
void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them,
|
||||
void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *pub_them,
|
||||
sign_key *hostkey);
|
||||
#endif
|
||||
|
||||
|
||||
14
keyimport.c
14
keyimport.c
@ -55,9 +55,9 @@ static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
|
||||
((unsigned long)(unsigned char)(cp)[3]))
|
||||
|
||||
static int openssh_encrypted(const char *filename);
|
||||
static sign_key *openssh_read(const char *filename, char *passphrase);
|
||||
static sign_key *openssh_read(const char *filename, const char *passphrase);
|
||||
static int openssh_write(const char *filename, sign_key *key,
|
||||
char *passphrase);
|
||||
const char *passphrase);
|
||||
|
||||
static int dropbear_write(const char*filename, sign_key * key);
|
||||
static sign_key *dropbear_read(const char* filename);
|
||||
@ -83,7 +83,7 @@ int import_encrypted(const char* filename, int filetype) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
sign_key *import_read(const char *filename, char *passphrase, int filetype) {
|
||||
sign_key *import_read(const char *filename, const char *passphrase, int filetype) {
|
||||
|
||||
if (filetype == KEYFILE_OPENSSH) {
|
||||
return openssh_read(filename, passphrase);
|
||||
@ -97,7 +97,7 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int import_write(const char *filename, sign_key *key, char *passphrase,
|
||||
int import_write(const char *filename, sign_key *key, const char *passphrase,
|
||||
int filetype) {
|
||||
|
||||
if (filetype == KEYFILE_OPENSSH) {
|
||||
@ -194,7 +194,7 @@ out:
|
||||
)
|
||||
|
||||
/* cpl has to be less than 100 */
|
||||
static void base64_encode_fp(FILE * fp, unsigned char *data,
|
||||
static void base64_encode_fp(FILE * fp, const unsigned char *data,
|
||||
int datalen, int cpl)
|
||||
{
|
||||
unsigned char out[100];
|
||||
@ -509,7 +509,7 @@ static int openssh_encrypted(const char *filename)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
|
||||
static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase))
|
||||
{
|
||||
struct openssh_key *key;
|
||||
unsigned char *p;
|
||||
@ -828,7 +828,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
|
||||
}
|
||||
|
||||
static int openssh_write(const char *filename, sign_key *key,
|
||||
char *passphrase)
|
||||
const char *passphrase)
|
||||
{
|
||||
buffer * keyblob = NULL;
|
||||
buffer * extrablob = NULL; /* used for calculated values to write */
|
||||
|
||||
@ -34,9 +34,9 @@ enum {
|
||||
KEYFILE_SSHCOM
|
||||
};
|
||||
|
||||
int import_write(const char *filename, sign_key *key, char *passphrase,
|
||||
int import_write(const char *filename, sign_key *key, const char *passphrase,
|
||||
int filetype);
|
||||
sign_key *import_read(const char *filename, char *passphrase, int filetype);
|
||||
sign_key *import_read(const char *filename, const char *passphrase, int filetype);
|
||||
int import_encrypted(const char* filename, int filetype);
|
||||
|
||||
#endif /* DROPBEAR_KEYIMPORT_H_ */
|
||||
|
||||
@ -53,7 +53,7 @@ void set_listener_fds(fd_set * readfds) {
|
||||
}
|
||||
|
||||
|
||||
void handle_listeners(fd_set * readfds) {
|
||||
void handle_listeners(const fd_set * readfds) {
|
||||
|
||||
unsigned int i, j;
|
||||
struct Listener *listener;
|
||||
@ -76,7 +76,7 @@ void handle_listeners(fd_set * readfds) {
|
||||
|
||||
/* acceptor(int fd, void* typedata) is a function to accept connections,
|
||||
* cleanup(void* typedata) happens when cleaning up */
|
||||
struct Listener* new_listener(int socks[], unsigned int nsocks,
|
||||
struct Listener* new_listener(const int socks[], unsigned int nsocks,
|
||||
int type, void* typedata,
|
||||
void (*acceptor)(struct Listener* listener, int sock),
|
||||
void (*cleanup)(struct Listener*)) {
|
||||
|
||||
@ -47,10 +47,10 @@ struct Listener {
|
||||
};
|
||||
|
||||
void listeners_initialise(void);
|
||||
void handle_listeners(fd_set * readfds);
|
||||
void handle_listeners(const fd_set * readfds);
|
||||
void set_listener_fds(fd_set * readfds);
|
||||
|
||||
struct Listener* new_listener(int socks[], unsigned int nsocks,
|
||||
struct Listener* new_listener(const int socks[], unsigned int nsocks,
|
||||
int type, void* typedata,
|
||||
void (*acceptor)(struct Listener* listener, int sock),
|
||||
void (*cleanup)(struct Listener*));
|
||||
|
||||
4
netio.c
4
netio.c
@ -197,7 +197,7 @@ void set_connect_fds(fd_set *writefd) {
|
||||
}
|
||||
}
|
||||
|
||||
void handle_connect_fds(fd_set *writefd) {
|
||||
void handle_connect_fds(const fd_set *writefd) {
|
||||
m_list_elem *iter;
|
||||
TRACE(("enter handle_connect_fds"))
|
||||
for (iter = ses.conn_pending.first; iter; iter = iter->next) {
|
||||
@ -240,7 +240,7 @@ void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue
|
||||
c->writequeue = writequeue;
|
||||
}
|
||||
|
||||
void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count) {
|
||||
void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count) {
|
||||
struct Link *l;
|
||||
unsigned int i;
|
||||
int len;
|
||||
|
||||
4
netio.h
4
netio.h
@ -34,7 +34,7 @@ struct dropbear_progress_connection * connect_remote (const char* remotehost, co
|
||||
/* Sets up for select() */
|
||||
void set_connect_fds(fd_set *writefd);
|
||||
/* Handles ready sockets after select() */
|
||||
void handle_connect_fds(fd_set *writefd);
|
||||
void handle_connect_fds(const fd_set *writefd);
|
||||
/* Cleanup */
|
||||
void remove_connect_pending(void);
|
||||
|
||||
@ -45,7 +45,7 @@ void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue
|
||||
|
||||
/* TODO: writev #ifdef guard */
|
||||
/* Fills out iov which contains iov_count slots, returning the number filled in iov_count */
|
||||
void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count);
|
||||
void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count);
|
||||
void packet_queue_consume(struct Queue *queue, ssize_t written);
|
||||
|
||||
#if DROPBEAR_SERVER_TCP_FAST_OPEN
|
||||
|
||||
4
packet.c
4
packet.c
@ -49,7 +49,7 @@ static int checkmac(void);
|
||||
#define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6)
|
||||
#define ZLIB_DECOMPRESS_INCR 1024
|
||||
#ifndef DISABLE_ZLIB
|
||||
static buffer* buf_decompress(buffer* buf, unsigned int len);
|
||||
static buffer* buf_decompress(const buffer* buf, unsigned int len);
|
||||
static void buf_compress(buffer * dest, buffer * src, unsigned int len);
|
||||
#endif
|
||||
|
||||
@ -367,7 +367,7 @@ static int checkmac() {
|
||||
|
||||
#ifndef DISABLE_ZLIB
|
||||
/* returns a pointer to a newly created buffer */
|
||||
static buffer* buf_decompress(buffer* buf, unsigned int len) {
|
||||
static buffer* buf_decompress(const buffer* buf, unsigned int len) {
|
||||
|
||||
int result;
|
||||
buffer * ret;
|
||||
|
||||
4
queue.c
4
queue.c
@ -33,7 +33,7 @@ void initqueue(struct Queue* queue) {
|
||||
queue->count = 0;
|
||||
}
|
||||
|
||||
int isempty(struct Queue* queue) {
|
||||
int isempty(const struct Queue* queue) {
|
||||
|
||||
return (queue->head == NULL);
|
||||
}
|
||||
@ -60,7 +60,7 @@ void* dequeue(struct Queue* queue) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
void *examine(struct Queue* queue) {
|
||||
void *examine(const struct Queue* queue) {
|
||||
|
||||
dropbear_assert(!isempty(queue));
|
||||
return queue->head->item;
|
||||
|
||||
4
queue.h
4
queue.h
@ -41,9 +41,9 @@ struct Queue {
|
||||
};
|
||||
|
||||
void initqueue(struct Queue* queue);
|
||||
int isempty(struct Queue* queue);
|
||||
int isempty(const struct Queue* queue);
|
||||
void* dequeue(struct Queue* queue);
|
||||
void *examine(struct Queue* queue);
|
||||
void *examine(const struct Queue* queue);
|
||||
void enqueue(struct Queue* queue, void* item);
|
||||
|
||||
#endif
|
||||
|
||||
16
rsa.c
16
rsa.c
@ -38,8 +38,8 @@
|
||||
|
||||
#if DROPBEAR_RSA
|
||||
|
||||
static void rsa_pad_em(dropbear_rsa_key * key,
|
||||
buffer *data_buf, mp_int * rsa_em);
|
||||
static void rsa_pad_em(const dropbear_rsa_key * key,
|
||||
const buffer *data_buf, mp_int * rsa_em);
|
||||
|
||||
/* Load a public rsa key from a buffer, initialising the values.
|
||||
* The key will have the same format as buf_put_rsa_key.
|
||||
@ -147,7 +147,7 @@ void rsa_key_free(dropbear_rsa_key *key) {
|
||||
* mp_int e
|
||||
* mp_int n
|
||||
*/
|
||||
void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
|
||||
void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) {
|
||||
|
||||
TRACE(("enter buf_put_rsa_pub_key"))
|
||||
dropbear_assert(key != NULL);
|
||||
@ -161,7 +161,7 @@ void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
|
||||
}
|
||||
|
||||
/* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
|
||||
void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
|
||||
void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key) {
|
||||
|
||||
TRACE(("enter buf_put_rsa_priv_key"))
|
||||
|
||||
@ -185,7 +185,7 @@ void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
|
||||
#if DROPBEAR_SIGNKEY_VERIFY
|
||||
/* Verify a signature in buf, made on data by the key given.
|
||||
* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
||||
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
|
||||
int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf) {
|
||||
unsigned int slen;
|
||||
DEF_MP_INT(rsa_s);
|
||||
DEF_MP_INT(rsa_mdash);
|
||||
@ -240,7 +240,7 @@ out:
|
||||
|
||||
/* Sign the data presented with key, writing the signature contents
|
||||
* to the buffer */
|
||||
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
|
||||
void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf) {
|
||||
unsigned int nsize, ssize;
|
||||
unsigned int i;
|
||||
DEF_MP_INT(rsa_s);
|
||||
@ -346,8 +346,8 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
|
||||
*
|
||||
* rsa_em must be a pointer to an initialised mp_int.
|
||||
*/
|
||||
static void rsa_pad_em(dropbear_rsa_key * key,
|
||||
buffer *data_buf, mp_int * rsa_em) {
|
||||
static void rsa_pad_em(const dropbear_rsa_key * key,
|
||||
const buffer *data_buf, mp_int * rsa_em) {
|
||||
|
||||
/* ASN1 designator (including the 0x00 preceding) */
|
||||
const unsigned char rsa_asn1_magic[] =
|
||||
|
||||
8
rsa.h
8
rsa.h
@ -43,14 +43,14 @@ typedef struct {
|
||||
|
||||
} dropbear_rsa_key;
|
||||
|
||||
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf);
|
||||
void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf);
|
||||
#if DROPBEAR_SIGNKEY_VERIFY
|
||||
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf);
|
||||
int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf);
|
||||
#endif
|
||||
int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
|
||||
int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
|
||||
void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
|
||||
void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
|
||||
void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key);
|
||||
void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key);
|
||||
void rsa_key_free(dropbear_rsa_key *key);
|
||||
|
||||
#endif /* DROPBEAR_RSA */
|
||||
|
||||
12
signkey.c
12
signkey.c
@ -400,7 +400,7 @@ static char hexdig(unsigned char x) {
|
||||
/* Since we're not sure if we'll have md5 or sha1, we present both.
|
||||
* MD5 is used in preference, but sha1 could still be useful */
|
||||
#if DROPBEAR_MD5_HMAC
|
||||
static char * sign_key_md5_fingerprint(unsigned char* keyblob,
|
||||
static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
|
||||
unsigned int keybloblen) {
|
||||
|
||||
char * ret;
|
||||
@ -435,7 +435,7 @@ static char * sign_key_md5_fingerprint(unsigned char* keyblob,
|
||||
}
|
||||
|
||||
#else /* use SHA1 rather than MD5 for fingerprint */
|
||||
static char * sign_key_sha1_fingerprint(unsigned char* keyblob,
|
||||
static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
|
||||
unsigned int keybloblen) {
|
||||
|
||||
char * ret;
|
||||
@ -472,7 +472,7 @@ static char * sign_key_sha1_fingerprint(unsigned char* keyblob,
|
||||
|
||||
/* This will return a freshly malloced string, containing a fingerprint
|
||||
* in either sha1 or md5 */
|
||||
char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
|
||||
char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
|
||||
|
||||
#if DROPBEAR_MD5_HMAC
|
||||
return sign_key_md5_fingerprint(keyblob, keybloblen);
|
||||
@ -482,7 +482,7 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
|
||||
}
|
||||
|
||||
void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type,
|
||||
buffer *data_buf) {
|
||||
const buffer *data_buf) {
|
||||
buffer *sigblob;
|
||||
sigblob = buf_new(MAX_PUBKEY_SIZE);
|
||||
|
||||
@ -517,7 +517,7 @@ void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type,
|
||||
* If FAILURE is returned, the position of
|
||||
* buf is undefined. If SUCCESS is returned, buf will be positioned after the
|
||||
* signature blob */
|
||||
int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
|
||||
int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf) {
|
||||
|
||||
char *type_name = NULL;
|
||||
unsigned int type_name_len = 0;
|
||||
@ -570,7 +570,7 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
|
||||
of the key if it is successfully decoded */
|
||||
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
|
||||
const unsigned char* algoname, unsigned int algolen,
|
||||
buffer * line, char ** fingerprint) {
|
||||
const buffer * line, char ** fingerprint) {
|
||||
|
||||
buffer * decodekey = NULL;
|
||||
int ret = DROPBEAR_FAILURE;
|
||||
|
||||
@ -90,14 +90,14 @@ int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type);
|
||||
void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type);
|
||||
void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type);
|
||||
void sign_key_free(sign_key *key);
|
||||
void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf);
|
||||
void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, const buffer *data_buf);
|
||||
#if DROPBEAR_SIGNKEY_VERIFY
|
||||
int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
|
||||
char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
|
||||
int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf);
|
||||
char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen);
|
||||
#endif
|
||||
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
|
||||
const unsigned char* algoname, unsigned int algolen,
|
||||
buffer * line, char ** fingerprint);
|
||||
const buffer * line, char ** fingerprint);
|
||||
|
||||
void** signkey_key_ptr(sign_key *key, enum signkey_type type);
|
||||
|
||||
|
||||
@ -118,7 +118,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) {
|
||||
|
||||
/* set up the environment variable pointing to the socket. This is called
|
||||
* just before command/shell execution, after dropping privileges */
|
||||
void svr_agentset(struct ChanSess * chansess) {
|
||||
void svr_agentset(const struct ChanSess * chansess) {
|
||||
|
||||
char *path = NULL;
|
||||
int len;
|
||||
|
||||
@ -81,7 +81,7 @@ static void authclear() {
|
||||
|
||||
/* Send a banner message if specified to the client. The client might
|
||||
* ignore this, but possibly serves as a legal "no trespassing" sign */
|
||||
void send_msg_userauth_banner(buffer *banner) {
|
||||
void send_msg_userauth_banner(const buffer *banner) {
|
||||
|
||||
TRACE(("enter send_msg_userauth_banner"))
|
||||
|
||||
|
||||
@ -70,11 +70,11 @@
|
||||
#define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
|
||||
#define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
|
||||
|
||||
static int checkpubkey(char* algo, unsigned int algolen,
|
||||
unsigned char* keyblob, unsigned int keybloblen);
|
||||
static int checkpubkey(const char* algo, unsigned int algolen,
|
||||
const unsigned char* keyblob, unsigned int keybloblen);
|
||||
static int checkpubkeyperms(void);
|
||||
static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
|
||||
unsigned char* keyblob, unsigned int keybloblen);
|
||||
static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen,
|
||||
const unsigned char* keyblob, unsigned int keybloblen);
|
||||
static int checkfileperm(char * filename);
|
||||
|
||||
/* process a pubkey auth request, sending success or failure message as
|
||||
@ -173,8 +173,8 @@ out:
|
||||
/* Reply that the key is valid for auth, this is sent when the user sends
|
||||
* a straight copy of their pubkey to test, to avoid having to perform
|
||||
* expensive signing operations with a worthless key */
|
||||
static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
|
||||
unsigned char* keyblob, unsigned int keybloblen) {
|
||||
static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen,
|
||||
const unsigned char* keyblob, unsigned int keybloblen) {
|
||||
|
||||
TRACE(("enter send_msg_userauth_pk_ok"))
|
||||
CHECKCLEARTOWRITE();
|
||||
@ -188,7 +188,7 @@ static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
|
||||
|
||||
}
|
||||
|
||||
static int checkpubkey_line(buffer* line, int line_num, char* filename,
|
||||
static int checkpubkey_line(buffer* line, int line_num, const char* filename,
|
||||
const char* algo, unsigned int algolen,
|
||||
const unsigned char* keyblob, unsigned int keybloblen) {
|
||||
buffer *options_buf = NULL;
|
||||
@ -292,8 +292,8 @@ out:
|
||||
/* Checks whether a specified publickey (and associated algorithm) is an
|
||||
* acceptable key for authentication */
|
||||
/* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */
|
||||
static int checkpubkey(char* algo, unsigned int algolen,
|
||||
unsigned char* keyblob, unsigned int keybloblen) {
|
||||
static int checkpubkey(const char* algo, unsigned int algolen,
|
||||
const unsigned char* keyblob, unsigned int keybloblen) {
|
||||
|
||||
FILE * authfile = NULL;
|
||||
char * filename = NULL;
|
||||
|
||||
@ -43,24 +43,24 @@
|
||||
static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
|
||||
int iscmd, int issubsys);
|
||||
static int sessionpty(struct ChanSess * chansess);
|
||||
static int sessionsignal(struct ChanSess *chansess);
|
||||
static int sessionsignal(const struct ChanSess *chansess);
|
||||
static int noptycommand(struct Channel *channel, struct ChanSess *chansess);
|
||||
static int ptycommand(struct Channel *channel, struct ChanSess *chansess);
|
||||
static int sessionwinchange(struct ChanSess *chansess);
|
||||
static int sessionwinchange(const struct ChanSess *chansess);
|
||||
static void execchild(void *user_data_chansess);
|
||||
static void addchildpid(struct ChanSess *chansess, pid_t pid);
|
||||
static void sesssigchild_handler(int val);
|
||||
static void closechansess(struct Channel *channel);
|
||||
static int newchansess(struct Channel *channel);
|
||||
static void chansessionrequest(struct Channel *channel);
|
||||
static int sesscheckclose(struct Channel *channel);
|
||||
static int sesscheckclose(const struct Channel *channel);
|
||||
|
||||
static void send_exitsignalstatus(struct Channel *channel);
|
||||
static void send_msg_chansess_exitstatus(struct Channel * channel,
|
||||
struct ChanSess * chansess);
|
||||
static void send_msg_chansess_exitsignal(struct Channel * channel,
|
||||
struct ChanSess * chansess);
|
||||
static void get_termmodes(struct ChanSess *chansess);
|
||||
static void send_exitsignalstatus(const struct Channel *channel);
|
||||
static void send_msg_chansess_exitstatus(const struct Channel * channel,
|
||||
const struct ChanSess * chansess);
|
||||
static void send_msg_chansess_exitsignal(const struct Channel * channel,
|
||||
const struct ChanSess * chansess);
|
||||
static void get_termmodes(const struct ChanSess *chansess);
|
||||
|
||||
const struct ChanType svrchansess = {
|
||||
0, /* sepfds */
|
||||
@ -74,7 +74,7 @@ const struct ChanType svrchansess = {
|
||||
/* required to clear environment */
|
||||
extern char** environ;
|
||||
|
||||
static int sesscheckclose(struct Channel *channel) {
|
||||
static int sesscheckclose(const struct Channel *channel) {
|
||||
struct ChanSess *chansess = (struct ChanSess*)channel->typedata;
|
||||
TRACE(("sesscheckclose, pid is %d", chansess->exit.exitpid))
|
||||
return chansess->exit.exitpid != -1;
|
||||
@ -159,7 +159,7 @@ static void sesssigchild_handler(int UNUSED(dummy)) {
|
||||
}
|
||||
|
||||
/* send the exit status or the signal causing termination for a session */
|
||||
static void send_exitsignalstatus(struct Channel *channel) {
|
||||
static void send_exitsignalstatus(const struct Channel *channel) {
|
||||
|
||||
struct ChanSess *chansess = (struct ChanSess*)channel->typedata;
|
||||
|
||||
@ -173,8 +173,8 @@ static void send_exitsignalstatus(struct Channel *channel) {
|
||||
}
|
||||
|
||||
/* send the exitstatus to the client */
|
||||
static void send_msg_chansess_exitstatus(struct Channel * channel,
|
||||
struct ChanSess * chansess) {
|
||||
static void send_msg_chansess_exitstatus(const struct Channel * channel,
|
||||
const struct ChanSess * chansess) {
|
||||
|
||||
dropbear_assert(chansess->exit.exitpid != -1);
|
||||
dropbear_assert(chansess->exit.exitsignal == -1);
|
||||
@ -192,8 +192,8 @@ static void send_msg_chansess_exitstatus(struct Channel * channel,
|
||||
}
|
||||
|
||||
/* send the signal causing the exit to the client */
|
||||
static void send_msg_chansess_exitsignal(struct Channel * channel,
|
||||
struct ChanSess * chansess) {
|
||||
static void send_msg_chansess_exitsignal(const struct Channel * channel,
|
||||
const struct ChanSess * chansess) {
|
||||
|
||||
int i;
|
||||
char* signame = NULL;
|
||||
@ -273,7 +273,7 @@ static int newchansess(struct Channel *channel) {
|
||||
}
|
||||
|
||||
static struct logininfo*
|
||||
chansess_login_alloc(struct ChanSess *chansess) {
|
||||
chansess_login_alloc(const struct ChanSess *chansess) {
|
||||
struct logininfo * li;
|
||||
li = login_alloc_entry(chansess->pid, ses.authstate.username,
|
||||
svr_ses.remotehost, chansess->tty);
|
||||
@ -403,7 +403,7 @@ out:
|
||||
|
||||
|
||||
/* Send a signal to a session's process as requested by the client*/
|
||||
static int sessionsignal(struct ChanSess *chansess) {
|
||||
static int sessionsignal(const struct ChanSess *chansess) {
|
||||
|
||||
int sig = 0;
|
||||
char* signame = NULL;
|
||||
@ -441,7 +441,7 @@ static int sessionsignal(struct ChanSess *chansess) {
|
||||
|
||||
/* Let the process know that the window size has changed, as notified from the
|
||||
* client. Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
||||
static int sessionwinchange(struct ChanSess *chansess) {
|
||||
static int sessionwinchange(const struct ChanSess *chansess) {
|
||||
|
||||
int termc, termr, termw, termh;
|
||||
|
||||
@ -460,7 +460,7 @@ static int sessionwinchange(struct ChanSess *chansess) {
|
||||
return DROPBEAR_SUCCESS;
|
||||
}
|
||||
|
||||
static void get_termmodes(struct ChanSess *chansess) {
|
||||
static void get_termmodes(const struct ChanSess *chansess) {
|
||||
|
||||
struct termios termio;
|
||||
unsigned char opcode;
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
|
||||
static void x11accept(struct Listener* listener, int sock);
|
||||
static int bindport(int fd);
|
||||
static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr);
|
||||
static int send_msg_channel_open_x11(int fd, const struct sockaddr_in* addr);
|
||||
|
||||
/* Check untrusted xauth strings for metacharacters */
|
||||
/* Returns DROPBEAR_SUCCESS/DROPBEAR_FAILURE */
|
||||
@ -154,7 +154,7 @@ static void x11accept(struct Listener* listener, int sock) {
|
||||
|
||||
/* This is called after switching to the user, and sets up the xauth
|
||||
* and environment variables. */
|
||||
void x11setauth(struct ChanSess *chansess) {
|
||||
void x11setauth(const struct ChanSess *chansess) {
|
||||
|
||||
char display[20]; /* space for "localhost:12345.123" */
|
||||
FILE * authprog = NULL;
|
||||
@ -220,7 +220,7 @@ static const struct ChanType chan_x11 = {
|
||||
};
|
||||
|
||||
|
||||
static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr) {
|
||||
static int send_msg_channel_open_x11(int fd, const struct sockaddr_in* addr) {
|
||||
|
||||
char* ipstring = NULL;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user