Various cleanups and fixes for warnings

--HG-- branch : ecc
2025-04-04 13:01:04 +00:00 · 2013-11-12 23:02:32 +08:00 · 2013-11-12 23:02:32 +08:00 · e60a84d0ed
commit e60a84d0ed
parent f025277147
14 changed files with 34 additions and 36 deletions
--- a/algo.h
+++ b/algo.h
@ -56,7 +56,6 @@ extern algo_type ssh_nocompress[];
 extern const struct dropbear_cipher dropbear_nocipher;
 extern const struct dropbear_cipher_mode dropbear_mode_none;
 extern const struct dropbear_hash dropbear_nohash;
-extern const struct dropbear_kex kex_curve25519;

 struct dropbear_cipher {
 	const struct ltc_cipher_descriptor *cipherdesc;
--- a/bignum.c
+++ b/bignum.c
@ -78,8 +78,6 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
 /* hash the ssh representation of the mp_int mp */
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
 				hash_state *hs, mp_int *mp) {
-
-	int i;
 	buffer * buf;

 	buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, 
--- a/cli-runopts.c
+++ b/cli-runopts.c
@ -450,7 +450,7 @@ void cli_getopts(int argc, char ** argv) {
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 static void loadidentityfile(const char* filename) {
 	sign_key *key;
-	int keytype;
+	enum signkey_type keytype;

 	key = new_sign_key();
 	keytype = DROPBEAR_SIGNKEY_ANY;
--- a/common-algo.c
+++ b/common-algo.c
@ -231,6 +231,8 @@ algo_type sshhostkey[] = {
 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
 static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };

+/* These can't be const since dropbear_ecc_fill_dp() fills out
+ ecc_curve at runtime */
 #ifdef DROPBEAR_ECDH
 #ifdef DROPBEAR_ECC_256
 static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
@ -245,7 +247,7 @@ static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc

 #ifdef DROPBEAR_CURVE25519
 /* Referred to directly */
-const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
+static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
 #endif

 algo_type sshkex[] = {
--- a/common-kex.c
+++ b/common-kex.c
@ -577,7 +577,7 @@ struct kex_dh_param *gen_kexdh_param() {
 	TRACE(("enter gen_kexdh_vals"))

 	struct kex_dh_param *param = m_malloc(sizeof(*param));
-	m_mp_init_multi(&param->pub, &param->priv, NULL);
+	m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL);

 	/* read the prime and generator*/
 	load_dh_p(&dh_p);
@ -738,7 +738,7 @@ void free_kexcurve25519_param(struct kex_curve25519_param *param)

 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them,
 	sign_key *hostkey) {
-	unsigned char* out = m_malloc(CURVE25519_LEN);
+	unsigned char out[CURVE25519_LEN];
 	const unsigned char* Q_C = NULL;
 	const unsigned char* Q_S = NULL;

@ -748,10 +748,9 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	}

 	curve25519_donna(out, param->priv, buf_pub_them->data);
-	ses.dh_K = m_malloc(sizeof(*ses.dh_K));
-	m_mp_init(ses.dh_K);
+	m_mp_alloc_init_multi(&ses.dh_K, NULL);
 	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
-	m_free(out);
+	m_burn(out, sizeof(out));

 	/* Create the remainder of the hash buffer, to generate the exchange hash.
 	   See RFC5656 section 4 page 7 */
--- a/ecc.c
+++ b/ecc.c
@ -6,7 +6,7 @@

 #ifdef DROPBEAR_ECC

-// .dp members are filled out by dropbear_ecc_fill_dp() at startup
+/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
 #ifdef DROPBEAR_ECC_256
 struct dropbear_ecc_curve ecc_curve_nistp256 = {
 	.ltc_size = 32,
@ -44,7 +44,7 @@ struct dropbear_ecc_curve *dropbear_ecc_curves[] = {

 void dropbear_ecc_fill_dp() {
 	struct dropbear_ecc_curve **curve;
-	// libtomcrypt guarantees they're ordered by size
+	/* libtomcrypt guarantees they're ordered by size */
 	const ltc_ecc_set_type *dp = ltc_ecc_sets;
 	for (curve = dropbear_ecc_curves; *curve; curve++) {
 		for (;dp->size > 0; dp++) {
--- a/ecdsa.c
+++ b/ecdsa.c
@ -246,8 +246,8 @@ out:

 // returns values in s and r
 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
-static int buf_get_ecdsa_verify_params(buffer *buf, struct dropbear_ecc_curve *curve,
-	void *r, void* s) {
+static int buf_get_ecdsa_verify_params(buffer *buf,
+			void *r, void* s) {
 	int ret = DROPBEAR_FAILURE;
 	unsigned int sig_len;
 	unsigned int sig_pos;
@ -302,7 +302,7 @@ int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
 		dropbear_exit("ECC error");
 	}

-	if (buf_get_ecdsa_verify_params(buf, curve, r, s) != DROPBEAR_SUCCESS) {
+	if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) {
 		goto out;
 	}

--- a/ecdsa.h
+++ b/ecdsa.h
@ -7,6 +7,7 @@

 #ifdef DROPBEAR_ECDSA

+/* Prefer the larger size - it's fast anyway */
 #if defined(DROPBEAR_ECC_521)
 #define ECDSA_DEFAULT_SIZE 521
 #elif defined(DROPBEAR_ECC_384)
--- a/gensignkey.c
+++ b/gensignkey.c
@ -85,6 +85,8 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename)
 	/* now we can generate the key */
 	key = new_sign_key();

+	seedrandom();
+
 	switch(keytype) {
 #ifdef DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
@ -112,6 +114,8 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename)
 			dropbear_exit("Internal error");
 	}

+	seedrandom();
+
 	buf = buf_new(MAX_PRIVKEY_SIZE); 

 	buf_put_priv_key(buf, key, keytype);
--- a/signkey.c
+++ b/signkey.c
@ -39,8 +39,7 @@ static const char *signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
 #ifdef DROPBEAR_ECDSA
 	"ecdsa-sha2-nistp256",
 	"ecdsa-sha2-nistp384",
-	"ecdsa-sha2-nistp521",
-	"ecdsa" // for keygen
+	"ecdsa-sha2-nistp521"
 #endif // DROPBEAR_ECDSA
 };

--- a/svr-auth.c
+++ b/svr-auth.c
@ -231,7 +231,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {

 	char* listshell = NULL;
 	char* usershell = NULL;
-	int   uid;
+	uid_t uid;
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
 		return DROPBEAR_FAILURE;
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@ -89,7 +89,7 @@ void svr_auth_pubkey() {
 	buffer * signbuf = NULL;
 	sign_key * key = NULL;
 	char* fp = NULL;
-	int type = -1;
+	enum signkey_type type = -1;

 	TRACE(("enter pubkeyauth"))

--- a/svr-kex.c
+++ b/svr-kex.c
@ -64,18 +64,19 @@ void recv_msg_kexdh_init() {
 		case DROPBEAR_KEX_CURVE25519:
 #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
 			ecdh_qs = buf_getstringbuf(ses.payload);
-			if (ses.payload->pos != ses.payload->len) {
-				dropbear_exit("Bad kex value");
-			}
 #endif
 			break;
 	}
+	if (ses.payload->pos != ses.payload->len) {
+		dropbear_exit("Bad kex value");
+	}

 	send_msg_kexdh_reply(&dh_e, ecdh_qs);

 	mp_clear(&dh_e);
 	if (ecdh_qs) {
 		buf_free(ecdh_qs);
+		ecdh_qs = NULL;
 	}

 	send_msg_newkeys();
@ -132,8 +133,11 @@ static void svr_ensure_hostkey() {
 	}

 	if (link(fn_temp, fn) < 0) {
+		/* It's OK to get EEXIST - we probably just lost a race
+		with another connection to generate the key */
 		if (errno != EEXIST) {
-			dropbear_log(LOG_ERR, "Failed moving key file to %s", fn);
+			dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", fn,
+				strerror(errno));
 			/* XXX fallback to non-atomic copy for some filesystems? */
 			goto out;
 		}
@ -151,14 +155,6 @@ out:
 	{
 		dropbear_exit("Couldn't read or generate hostkey %s", fn);
 	}
-
-	// directory for keys.
-
-	// Create lockfile first, or wait if it exists. PID!
-	// Generate key
-	// write it, load to memory
-	// atomic rename, done.
-
 }
 #endif
 	
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -410,30 +410,30 @@ static void loadhostkey(const char *keyfile, int fatal_duplicate) {

 #ifdef DROPBEAR_RSA
 	if (type == DROPBEAR_SIGNKEY_RSA) {
-		loadhostkey_helper("RSA", &read_key->rsakey, &svr_opts.hostkey->rsakey, fatal_duplicate);
+		loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate);
 	}
 #endif

 #ifdef DROPBEAR_DSS
 	if (type == DROPBEAR_SIGNKEY_DSS) {
-		loadhostkey_helper("DSS", &read_key->dsskey, &svr_opts.hostkey->dsskey, fatal_duplicate);
+		loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate);
 	}
 #endif

 #ifdef DROPBEAR_ECDSA
 #ifdef DROPBEAR_ECC_256
 	if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
-		loadhostkey_helper("ECDSA256", &read_key->ecckey256, &svr_opts.hostkey->ecckey256, fatal_duplicate);
+		loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate);
 	}
 #endif
 #ifdef DROPBEAR_ECC_384
 	if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
-		loadhostkey_helper("ECDSA384", &read_key->ecckey384, &svr_opts.hostkey->ecckey384, fatal_duplicate);
+		loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate);
 	}
 #endif
 #ifdef DROPBEAR_ECC_521
 	if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
-		loadhostkey_helper("ECDSA521", &read_key->ecckey521, &svr_opts.hostkey->ecckey521, fatal_duplicate);
+		loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate);
 	}
 #endif
 #endif // DROPBEAR_ECDSA