merge

--HG--
branch : coverity

CHANGES

@@ -1,3 +1,32 @@
+2015.67 - Wednesday 28 January 2015
+
+- Call fsync() after generating private keys to ensure they aren't lost if a
+  reboot occurs. Thanks to Peter Korsgaard
+
+- Disable non-delayed zlib compression by default on the server. Can be
+  enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+
+- Default client key path ~/.ssh/id_dropbear
+
+- Prefer stronger algorithms by default, from Fedor Brunner. 
+  AES256 over 3DES
+  Diffie-hellman group14 over group1
+
+- Add option to disable CBC ciphers.
+
+- Disable twofish in default options.h
+
+- Enable sha2 HMAC algorithms by default, the code was already required
+  for ECC key exchange. sha1 is the first preference still for performance. 
+
+- Fix installing dropbear.8 in a separate build directory, from Like Ma
+
+- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+
+- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+
+- Minor bug fixes, a few issues found by Coverity scan
+
 2014.66 - Thursday 23 October 2014
 
 - Use the same keepalive handling behaviour as OpenSSH. This will work better 

configure.ac

@@ -660,6 +660,7 @@ fi
 AC_EXEEXT
 
 # XXX there must be a nicer way to do this
+if test $BUNDLED_LIBTOM = 1 ; then
 AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
 AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
 AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
@@ -710,8 +711,10 @@ AS_MKDIR_P(libtomcrypt/src/pk/katja)
 AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
 AS_MKDIR_P(libtomcrypt/src/pk/rsa)
 AS_MKDIR_P(libtomcrypt/src/prngs)
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
 AC_CONFIG_HEADER(config.h)
-AC_CONFIG_FILES(Makefile libtomcrypt/Makefile libtommath/Makefile)
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
 AC_OUTPUT
 
 AC_MSG_NOTICE()

dbclient.1

@@ -33,7 +33,7 @@ Identity file.
 Read the identity key from file
 .I idfile
 (multiple allowed). This file is created with dropbearkey(1) or converted
-from OpenSSH with dropbearconvert(1).
+from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
 .TP
 .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
 Local port forwarding.

dbutil.h

@@ -91,7 +91,7 @@ void m_close(int fd);
 void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
-#define m_free(X) free(X); (X) = NULL;
+#define m_free(X) do {free(X); (X) = NULL;} while (0); 
 void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
 void disallow_core();

dropbearconvert.1

@@ -39,9 +39,9 @@ or
 An existing Dropbear or OpenSSH private key file
 .TP
 .B output file
-The path to write the converted private key file
+The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default
 .SH EXAMPLE
- # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv
+ # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .SH SEE ALSO

dropbearkey.1

@@ -33,7 +33,7 @@ or
 .TP
 .B \-f \fIfile
 Write the secret key to the file
-.IR file .
+.IR file . For client authentication ~/.ssh/id_dropbear is loaded by default
 .TP
 .B \-s \fIbits
 Set the key size to

ecdsa.c

@@ -131,6 +131,7 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf) {
 
 	if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) {
 		ecc_free(new_key);
+		m_free(new_key);
 		return NULL;
 	}
 

keyimport.c

@@ -810,7 +810,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 	}
 	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
-	m_burn(key, sizeof(key));
+	m_burn(key, sizeof(*key));
 	m_free(key);
 	if (errmsg) {
 		fprintf(stderr, "Error: %s\n", errmsg);

svr-main.c

@@ -343,6 +343,7 @@ static void sigchld_handler(int UNUSED(unused)) {
 
 	sa_chld.sa_handler = sigchld_handler;
 	sa_chld.sa_flags = SA_NOCLDSTOP;
+	sigemptyset(&sa_chld.sa_mask);
 	if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) {
 		dropbear_exit("signal() error");
 	}