ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-21 14:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Some fixes for old compilers like tru64 v4 from Daniel Richard G.

Browse Source 
- Don't warn about blocking random device for prngd
This commit is contained in:
Matt Johnston 2013-11-14 21:36:45 +08:00
parent 8c8ecec3e9
commit a65f84db38
10 changed files with 52 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common-kex.c
View File

@ -286,7 +286,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
hash_state hs2; hash_state hs2;
unsigned int offset; unsigned int offset;
unsigned char tmpout[hash_desc->hashsize]; unsigned char tmpout[MAX_HASH_SIZE];
memcpy(&hs2, hs, sizeof(hash_state)); memcpy(&hs2, hs, sizeof(hash_state));
hash_desc->process(&hs2, &X, 1); hash_desc->process(&hs2, &X, 1);
@ -303,6 +303,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
hash_desc->done(&hs2, tmpout); hash_desc->done(&hs2, tmpout);
memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
} }
} }
/* Generate the actual encryption/integrity keys, using the results of the /* Generate the actual encryption/integrity keys, using the results of the
@ -569,6 +570,7 @@ static void load_dh_p(mp_int * dh_p)
* See the transport rfc 4253 section 8 for details */ * See the transport rfc 4253 section 8 for details */
/* dh_pub and dh_priv MUST be already initialised */ /* dh_pub and dh_priv MUST be already initialised */
struct kex_dh_param *gen_kexdh_param() { struct kex_dh_param *gen_kexdh_param() {
struct kex_dh_param *param = NULL;
DEF_MP_INT(dh_p); DEF_MP_INT(dh_p);
DEF_MP_INT(dh_q); DEF_MP_INT(dh_q);
@ -576,7 +578,7 @@ struct kex_dh_param *gen_kexdh_param() {
TRACE(("enter gen_kexdh_vals")) TRACE(("enter gen_kexdh_vals"))
struct kex_dh_param *param = m_malloc(sizeof(*param)); param = m_malloc(sizeof(*param));
m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL); m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL);
/* read the prime and generator*/ /* read the prime and generator*/
@ -823,16 +825,16 @@ static void read_kex_algos() {
int allgood = 1; /* we AND this with each goodguess and see if its still int allgood = 1; /* we AND this with each goodguess and see if its still
true after */ true after */
buf_incrpos(ses.payload, 16); /* start after the cookie */
memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
#ifdef USE_KEXGUESS2 #ifdef USE_KEXGUESS2
enum kexguess2_used kexguess2 = KEXGUESS2_LOOK; enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
#else #else
enum kexguess2_used kexguess2 = KEXGUESS2_NO; enum kexguess2_used kexguess2 = KEXGUESS2_NO;
#endif #endif
buf_incrpos(ses.payload, 16); /* start after the cookie */
memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
/* kex_algorithms */ /* kex_algorithms */
algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess); algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess);
allgood &= goodguess; allgood &= goodguess;

24
ecc.c
View File

@ -9,23 +9,26 @@
/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */ /* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
#ifdef DROPBEAR_ECC_256 #ifdef DROPBEAR_ECC_256
struct dropbear_ecc_curve ecc_curve_nistp256 = { struct dropbear_ecc_curve ecc_curve_nistp256 = {
.ltc_size = 32, 32, /* .ltc_size */
.hash_desc = &sha256_desc, NULL, /* .dp */
.name = "nistp256" &sha256_desc, /* .hash_desc */
"nistp256" /* .name */
}; };
#endif #endif
#ifdef DROPBEAR_ECC_384 #ifdef DROPBEAR_ECC_384
struct dropbear_ecc_curve ecc_curve_nistp384 = { struct dropbear_ecc_curve ecc_curve_nistp384 = {
.ltc_size = 48, 48, /* .ltc_size */
.hash_desc = &sha384_desc, NULL, /* .dp */
.name = "nistp384" &sha384_desc, /* .hash_desc */
"nistp384" /* .name */
}; };
#endif #endif
#ifdef DROPBEAR_ECC_521 #ifdef DROPBEAR_ECC_521
struct dropbear_ecc_curve ecc_curve_nistp521 = { struct dropbear_ecc_curve ecc_curve_nistp521 = {
.ltc_size = 66, 66, /* .ltc_size */
.hash_desc = &sha512_desc, NULL, /* .dp */
.name = "nistp521" &sha512_desc, /* .hash_desc */
"nistp521" /* .name */
}; };
#endif #endif
@ -137,8 +140,9 @@ static int ecc_is_point(ecc_key *key)
/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */ /* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */
void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) { void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) {
unsigned long len = key->dp->size*2 + 1; unsigned long len = key->dp->size*2 + 1;
int err;
buf_putint(buf, len); buf_putint(buf, len);
int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
if (err != CRYPT_OK) { if (err != CRYPT_OK) {
dropbear_exit("ECC error"); dropbear_exit("ECC error");
} }

3
ecdsa.c
View File

@ -36,6 +36,7 @@ enum signkey_type ecdsa_signkey_type(ecc_key * key) {
ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) { ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
const ltc_ecc_set_type *dp = NULL; // curve domain parameters const ltc_ecc_set_type *dp = NULL; // curve domain parameters
ecc_key *new_key = NULL;
switch (bit_size) { switch (bit_size) {
#ifdef DROPBEAR_ECC_256 #ifdef DROPBEAR_ECC_256
case 256: case 256:
@ -67,7 +68,7 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
, bit_size); , bit_size);
} }
ecc_key *new_key = m_malloc(sizeof(*new_key)); new_key = m_malloc(sizeof(*new_key));
if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) { if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
dropbear_exit("ECC error"); dropbear_exit("ECC error");
} }

1
gensignkey.c
View File

@ -5,6 +5,7 @@
#include "genrsa.h" #include "genrsa.h"
#include "gendss.h" #include "gendss.h"
#include "signkey.h" #include "signkey.h"
#include "random.h"
#define RSA_DEFAULT_SIZE 2048 #define RSA_DEFAULT_SIZE 2048
#define DSS_DEFAULT_SIZE 1024 #define DSS_DEFAULT_SIZE 1024

19
includes.h
View File

@ -134,15 +134,30 @@
#include "compat.h" #include "compat.h"
#include "fake-rfc2553.h"
#ifndef HAVE_UINT16_T #ifndef HAVE_U_INT8_T
typedef unsigned char u_int8_t;
#endif /* HAVE_U_INT8_T */
#ifndef HAVE_UINT8_T
typedef u_int8_t uint8_t;
#endif /* HAVE_UINT8_T */
#ifndef HAVE_U_INT16_T #ifndef HAVE_U_INT16_T
typedef unsigned short u_int16_t; typedef unsigned short u_int16_t;
#endif /* HAVE_U_INT16_T */ #endif /* HAVE_U_INT16_T */
#ifndef HAVE_UINT16_T
typedef u_int16_t uint16_t; typedef u_int16_t uint16_t;
#endif /* HAVE_UINT16_T */ #endif /* HAVE_UINT16_T */
#ifndef HAVE_U_INT32_T
typedef unsigned int u_int32_t;
#endif /* HAVE_U_INT32_T */
#ifndef HAVE_UINT32_T
typedef u_int32_t uint32_t;
#endif /* HAVE_UINT32_T */
#include "fake-rfc2553.h"
#ifndef LOG_AUTHPRIV #ifndef LOG_AUTHPRIV
#define LOG_AUTHPRIV LOG_AUTH #define LOG_AUTHPRIV LOG_AUTH
#endif #endif

7
random.c
View File

@ -79,12 +79,15 @@ process_file(hash_state *hs, const char *filename,
{ {
int readlen, wantread; int readlen, wantread;
unsigned char readbuf[4096]; unsigned char readbuf[4096];
if (!already_blocked) if (!already_blocked && !prngd)
{ {
int res; int res;
struct timeval timeout = { .tv_sec = 2, .tv_usec = 0}; struct timeval timeout;
fd_set read_fds; fd_set read_fds;
timeout.tv_sec = 2;
timeout.tv_usec = 0;
FD_ZERO(&read_fds); FD_ZERO(&read_fds);
FD_SET(readfd, &read_fds); FD_SET(readfd, &read_fds);
res = select(readfd + 1, &read_fds, NULL, NULL, &timeout); res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);

2
random.h
View File

@ -25,7 +25,7 @@
#ifndef _RANDOM_H_ #ifndef _RANDOM_H_
#define _RANDOM_H_ #define _RANDOM_H_
struct mp_int; #include "includes.h"
void seedrandom(); void seedrandom();
void genrandom(unsigned char* buf, unsigned int len); void genrandom(unsigned char* buf, unsigned int len);

3
signkey.c
View File

@ -511,12 +511,13 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
unsigned int bloblen; unsigned int bloblen;
unsigned char * type_name = NULL; unsigned char * type_name = NULL;
unsigned int type_name_len = 0; unsigned int type_name_len = 0;
enum signkey_type type;
TRACE(("enter buf_verify")) TRACE(("enter buf_verify"))
bloblen = buf_getint(buf); bloblen = buf_getint(buf);
type_name = buf_getstring(buf, &type_name_len); type_name = buf_getstring(buf, &type_name_len);
enum signkey_type type = signkey_type_from_name(type_name, type_name_len); type = signkey_type_from_name(type_name, type_name_len);
m_free(type_name); m_free(type_name);
#ifdef DROPBEAR_DSS #ifdef DROPBEAR_DSS

1
sysoptions.h
View File

@ -76,6 +76,7 @@
#define SHA1_HASH_SIZE 20 #define SHA1_HASH_SIZE 20
#define MD5_HASH_SIZE 16 #define MD5_HASH_SIZE 16
#define MAX_HASH_SIZE 64 /* sha512 */
#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
#define MAX_IV_LEN 20 /* must be same as max blocksize, */ #define MAX_IV_LEN 20 /* must be same as max blocksize, */

2
tcpfwd.h
View File

@ -40,7 +40,7 @@ struct TCPListener {
unsigned char *listenaddr; unsigned char *listenaddr;
unsigned int listenport; unsigned int listenport;
/* The address that the remote host asked to listen on */ /* The address that the remote host asked to listen on */
unsigned char *request_listenaddr;; unsigned char *request_listenaddr;
const struct ChanType *chantype; const struct ChanType *chantype;
enum {direct, forwarded} tcp_type; enum {direct, forwarded} tcp_type;