mirror of
https://github.com/clearml/dropbear
synced 2025-04-06 21:54:24 +00:00
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
- Don't warn about blocking random device for prngd
This commit is contained in:
Matt Johnston
parent
8c8ecec3e9
commit
a65f84db38
14
common-kex.c
14
common-kex.c
@ -286,7 +286,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
|
||||
const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
|
||||
hash_state hs2;
|
||||
unsigned int offset;
|
||||
unsigned char tmpout[hash_desc->hashsize];
|
||||
unsigned char tmpout[MAX_HASH_SIZE];
|
||||
|
||||
memcpy(&hs2, hs, sizeof(hash_state));
|
||||
hash_desc->process(&hs2, &X, 1);
|
||||
@ -303,6 +303,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
|
||||
hash_desc->done(&hs2, tmpout);
|
||||
memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Generate the actual encryption/integrity keys, using the results of the
|
||||
@ -569,6 +570,7 @@ static void load_dh_p(mp_int * dh_p)
|
||||
* See the transport rfc 4253 section 8 for details */
|
||||
/* dh_pub and dh_priv MUST be already initialised */
|
||||
struct kex_dh_param *gen_kexdh_param() {
|
||||
struct kex_dh_param *param = NULL;
|
||||
|
||||
DEF_MP_INT(dh_p);
|
||||
DEF_MP_INT(dh_q);
|
||||
@ -576,7 +578,7 @@ struct kex_dh_param *gen_kexdh_param() {
|
||||
|
||||
TRACE(("enter gen_kexdh_vals"))
|
||||
|
||||
struct kex_dh_param *param = m_malloc(sizeof(*param));
|
||||
param = m_malloc(sizeof(*param));
|
||||
m_mp_init_multi(¶m->pub, ¶m->priv, &dh_g, &dh_p, &dh_q, NULL);
|
||||
|
||||
/* read the prime and generator*/
|
||||
@ -823,16 +825,16 @@ static void read_kex_algos() {
|
||||
int allgood = 1; /* we AND this with each goodguess and see if its still
|
||||
true after */
|
||||
|
||||
buf_incrpos(ses.payload, 16); /* start after the cookie */
|
||||
|
||||
memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
|
||||
|
||||
#ifdef USE_KEXGUESS2
|
||||
enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
|
||||
#else
|
||||
enum kexguess2_used kexguess2 = KEXGUESS2_NO;
|
||||
#endif
|
||||
|
||||
buf_incrpos(ses.payload, 16); /* start after the cookie */
|
||||
|
||||
memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
|
||||
|
||||
/* kex_algorithms */
|
||||
algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess);
|
||||
allgood &= goodguess;
|
||||
|
||||
24
ecc.c
24
ecc.c
@ -9,23 +9,26 @@
|
||||
/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
|
||||
#ifdef DROPBEAR_ECC_256
|
||||
struct dropbear_ecc_curve ecc_curve_nistp256 = {
|
||||
.ltc_size = 32,
|
||||
.hash_desc = &sha256_desc,
|
||||
.name = "nistp256"
|
||||
32, /* .ltc_size */
|
||||
NULL, /* .dp */
|
||||
&sha256_desc, /* .hash_desc */
|
||||
"nistp256" /* .name */
|
||||
};
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_384
|
||||
struct dropbear_ecc_curve ecc_curve_nistp384 = {
|
||||
.ltc_size = 48,
|
||||
.hash_desc = &sha384_desc,
|
||||
.name = "nistp384"
|
||||
48, /* .ltc_size */
|
||||
NULL, /* .dp */
|
||||
&sha384_desc, /* .hash_desc */
|
||||
"nistp384" /* .name */
|
||||
};
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_521
|
||||
struct dropbear_ecc_curve ecc_curve_nistp521 = {
|
||||
.ltc_size = 66,
|
||||
.hash_desc = &sha512_desc,
|
||||
.name = "nistp521"
|
||||
66, /* .ltc_size */
|
||||
NULL, /* .dp */
|
||||
&sha512_desc, /* .hash_desc */
|
||||
"nistp521" /* .name */
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -137,8 +140,9 @@ static int ecc_is_point(ecc_key *key)
|
||||
/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */
|
||||
void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) {
|
||||
unsigned long len = key->dp->size*2 + 1;
|
||||
int err;
|
||||
buf_putint(buf, len);
|
||||
int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
|
||||
err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
|
||||
if (err != CRYPT_OK) {
|
||||
dropbear_exit("ECC error");
|
||||
}
|
||||
|
||||
3
ecdsa.c
3
ecdsa.c
@ -36,6 +36,7 @@ enum signkey_type ecdsa_signkey_type(ecc_key * key) {
|
||||
|
||||
ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
|
||||
const ltc_ecc_set_type *dp = NULL; // curve domain parameters
|
||||
ecc_key *new_key = NULL;
|
||||
switch (bit_size) {
|
||||
#ifdef DROPBEAR_ECC_256
|
||||
case 256:
|
||||
@ -67,7 +68,7 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
|
||||
, bit_size);
|
||||
}
|
||||
|
||||
ecc_key *new_key = m_malloc(sizeof(*new_key));
|
||||
new_key = m_malloc(sizeof(*new_key));
|
||||
if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
|
||||
dropbear_exit("ECC error");
|
||||
}
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
#include "genrsa.h"
|
||||
#include "gendss.h"
|
||||
#include "signkey.h"
|
||||
#include "random.h"
|
||||
|
||||
#define RSA_DEFAULT_SIZE 2048
|
||||
#define DSS_DEFAULT_SIZE 1024
|
||||
|
||||
19
includes.h
19
includes.h
@ -134,15 +134,30 @@
|
||||
|
||||
|
||||
#include "compat.h"
|
||||
#include "fake-rfc2553.h"
|
||||
|
||||
#ifndef HAVE_UINT16_T
|
||||
#ifndef HAVE_U_INT8_T
|
||||
typedef unsigned char u_int8_t;
|
||||
#endif /* HAVE_U_INT8_T */
|
||||
#ifndef HAVE_UINT8_T
|
||||
typedef u_int8_t uint8_t;
|
||||
#endif /* HAVE_UINT8_T */
|
||||
|
||||
#ifndef HAVE_U_INT16_T
|
||||
typedef unsigned short u_int16_t;
|
||||
#endif /* HAVE_U_INT16_T */
|
||||
#ifndef HAVE_UINT16_T
|
||||
typedef u_int16_t uint16_t;
|
||||
#endif /* HAVE_UINT16_T */
|
||||
|
||||
#ifndef HAVE_U_INT32_T
|
||||
typedef unsigned int u_int32_t;
|
||||
#endif /* HAVE_U_INT32_T */
|
||||
#ifndef HAVE_UINT32_T
|
||||
typedef u_int32_t uint32_t;
|
||||
#endif /* HAVE_UINT32_T */
|
||||
|
||||
#include "fake-rfc2553.h"
|
||||
|
||||
#ifndef LOG_AUTHPRIV
|
||||
#define LOG_AUTHPRIV LOG_AUTH
|
||||
#endif
|
||||
|
||||
7
random.c
7
random.c
@ -79,12 +79,15 @@ process_file(hash_state *hs, const char *filename,
|
||||
{
|
||||
int readlen, wantread;
|
||||
unsigned char readbuf[4096];
|
||||
if (!already_blocked)
|
||||
if (!already_blocked && !prngd)
|
||||
{
|
||||
int res;
|
||||
struct timeval timeout = { .tv_sec = 2, .tv_usec = 0};
|
||||
struct timeval timeout;
|
||||
fd_set read_fds;
|
||||
|
||||
timeout.tv_sec = 2;
|
||||
timeout.tv_usec = 0;
|
||||
|
||||
FD_ZERO(&read_fds);
|
||||
FD_SET(readfd, &read_fds);
|
||||
res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
|
||||
|
||||
2
random.h
2
random.h
@ -25,7 +25,7 @@
|
||||
#ifndef _RANDOM_H_
|
||||
#define _RANDOM_H_
|
||||
|
||||
struct mp_int;
|
||||
#include "includes.h"
|
||||
|
||||
void seedrandom();
|
||||
void genrandom(unsigned char* buf, unsigned int len);
|
||||
|
||||
@ -511,12 +511,13 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
|
||||
unsigned int bloblen;
|
||||
unsigned char * type_name = NULL;
|
||||
unsigned int type_name_len = 0;
|
||||
enum signkey_type type;
|
||||
|
||||
TRACE(("enter buf_verify"))
|
||||
|
||||
bloblen = buf_getint(buf);
|
||||
type_name = buf_getstring(buf, &type_name_len);
|
||||
enum signkey_type type = signkey_type_from_name(type_name, type_name_len);
|
||||
type = signkey_type_from_name(type_name, type_name_len);
|
||||
m_free(type_name);
|
||||
|
||||
#ifdef DROPBEAR_DSS
|
||||
|
||||
@ -76,6 +76,7 @@
|
||||
|
||||
#define SHA1_HASH_SIZE 20
|
||||
#define MD5_HASH_SIZE 16
|
||||
#define MAX_HASH_SIZE 64 /* sha512 */
|
||||
|
||||
#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
|
||||
#define MAX_IV_LEN 20 /* must be same as max blocksize, */
|
||||
|
||||
2
tcpfwd.h
2
tcpfwd.h
@ -40,7 +40,7 @@ struct TCPListener {
|
||||
unsigned char *listenaddr;
|
||||
unsigned int listenport;
|
||||
/* The address that the remote host asked to listen on */
|
||||
unsigned char *request_listenaddr;;
|
||||
unsigned char *request_listenaddr;
|
||||
|
||||
const struct ChanType *chantype;
|
||||
enum {direct, forwarded} tcp_type;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user