improve build.sh

Regressed when -Wundef was added

Fixes #210

.github/multiwrapper

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# symlink this to dropbear/dbclient/dropbearkey next to dropbearmulti
+# good enough for testing purposes.
+
+DIR=$(dirname $0)
+PROG=$(basename $0)
+exec $DIR/dropbearmulti $PROG "$@"
+

.github/workflows/autoconf.yml

@@ -0,0 +1,25 @@
+# Checks that autoconf has been run if configure.ac was updated
+# Assumes that autoconf 2.71 was run, the same as ubuntu 22.04
+name: Autoconf Up To Date
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  autoconf:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - name: deps
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install autoconf
+
+      - uses: actions/checkout@v4
+
+      - name: run autoconf
+        run: autoconf && autoheader
+
+      - name: check no difference
+        run: git diff --exit-code

.github/workflows/build.yml

@@ -0,0 +1,290 @@
+# Can be used locally with https://github.com/nektos/act
+# Note the XXX line below.
+
+name: BuildTest
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
+    strategy:
+      matrix:
+        # XXX uncomment the line below to work with act, see https://github.com/nektos/act/issues/996
+        # name: []
+
+        # Rather than a boolean False we use eg
+        #   runcheck: 'no'
+        # Otherwise GH expressions will make a None var
+        # compare with False. We want an undefined default of True.
+
+        # MULTI and NOWRITEV are passed as integers to the build
+        include:
+          - name: plain linux
+
+          - name: multi binary
+            multi: 1
+            multilink: 1
+
+          - name: multi binary, dropbearmulti argv0
+            multi: 1
+            multiwrapper: 1
+
+          - name: client only
+            runcheck: 'no'
+            make_target: PROGRAMS=dbclient
+
+          - name: server only
+            runcheck: 'no'
+            make_target: PROGRAMS=dropbear
+
+          - name: bundled libtom, bionic , no writev()
+            # test can use an older distro with bundled libtommath
+            os: ubuntu-20.04
+            configure_flags: --enable-bundled-libtom --enable-werror
+            # NOWRITEV is unrelated, test here to save a job
+            nowritev: 1
+            # our tests expect >= python3.7
+            runcheck: 'no'
+
+          - name: linux clang
+            cc: clang
+
+          # Some platforms only have old compilers, we try to keep
+          # compatibilty. For some reason -std=c89 doesn't enforce
+          # early declarations so we specify it anyway.
+          - name: c89
+            extracflags: -std=c89 -Wdeclaration-after-statement
+            # enable all options
+            nondefault: 1
+            configure_flags: --enable-pam
+
+          - name: macos 14
+            os: macos-14
+            cc: clang
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
+            runcheck: 'no'
+            apt: 'no'
+            # fails with:
+            # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
+            ranlib: ranlib -no_warning_for_no_symbols
+
+          - name: macos 12
+            os: macos-12
+            cc: clang
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
+            runcheck: 'no'
+            apt: 'no'
+            # fails with:
+            # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
+            ranlib: ranlib -no_warning_for_no_symbols
+
+          # Check that debug code doesn't bitrot
+          - name: DEBUG_TRACE
+            nondefault: 1
+            configure_flags: --enable-pam
+            localoptions: |
+              #define DEBUG_TRACE 5
+
+          # Check off-by-default options don't bitrot
+          - name: nondefault options
+            nondefault: 1
+            configure_flags: --enable-pam
+
+          - name: most options disabled
+            configure_flags: --disable-harden --disable-zlib --disable-openpty --disable-lastlog
+            runcheck: 'no'
+            localoptions: |
+              #define DROPBEAR_RSA 0
+              #define INETD_MODE 0
+              #define DROPBEAR_REEXEC 0
+              #define DROPBEAR_SMALL_CODE 0
+              #define DROPBEAR_CLI_LOCALTCPFWD 0
+              #define DROPBEAR_CLI_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_LOCALTCPFWD 0
+              #define DROPBEAR_SVR_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_AGENTFWD 0
+              #define DROPBEAR_CLI_AGENTFWD 0
+              #define DROPBEAR_CLI_PROXYCMD 0
+              #define DROPBEAR_USER_ALGO_LIST 0
+              #define DROPBEAR_AES128 0
+              #define DROPBEAR_AES256 0
+              #define DROPBEAR_ENABLE_CTR_MODE 0
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_SHA2_256_HMAC 0
+              #define DROPBEAR_RSA 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_DELAY_HOSTKEY 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA256 0
+              #define DROPBEAR_ECDH 0
+              #define DROPBEAR_DH_GROUP1_CLIENTONLY 0
+              #define DO_MOTD 0
+              #define DROPBEAR_SVR_PUBKEY_AUTH 0
+              #define DROPBEAR_CLI_PASSWORD_AUTH 0
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+              #define DROPBEAR_USE_PASSWORD_ENV 0
+              #define DROPBEAR_SFTPSERVER 0
+
+          - name: other algo combos
+            runcheck: 'no'
+            # disables all sha1
+            localoptions: |
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_RSA_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_ED25519 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_ENABLE_GCM_MODE 1
+              #define DROPBEAR_3DES 1
+              #define DROPBEAR_DH_GROUP16 1
+              #define DROPBEAR_SHA2_512_HMAC 1
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+
+          # # Fuzzers run standalone. A bit superfluous with cifuzz, but
+          # # good to run the whole corpus to keep it working.
+          # - name: fuzzing with address sanitizer
+          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
+          #   ldflags: -fsanitize=address
+          #   extracflags: -fsanitize=address
+          #   # -fsanitize=address prevents aslr, don't test it
+          #   pytest_addopts: -k "not aslr"
+          #   fuzz: True
+          #   cc: clang
+
+          # # Undefined Behaviour sanitizer
+          # - name: fuzzing with undefined behaviour sanitizer
+          #   configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom --enable-werror
+          #   ldflags: -fsanitize=undefined
+          #   # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
+          #   extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
+          #   pytest_addopts: -k "not aslr"
+          #   fuzz: True
+          #   cc: clang
+
+    env:
+      MULTI: ${{ matrix.multi }}
+      CC: ${{ matrix.cc || 'gcc' }}
+      LDFLAGS: ${{ matrix.ldflags }}
+      EXTRACFLAGS: ${{ matrix.extracflags }}
+      CONFIGURE_FLAGS: ${{ matrix.configure_flags || '--enable-werror' }}
+      MAKE_TARGET: ${{ matrix.make_target }}
+      # for fuzzing
+      CXX: clang++
+      RANLIB: ${{ matrix.ranlib || 'ranlib' }}
+      # pytest in "make check" recognises this for extra arguments
+      PYTEST_ADDOPTS: ${{ matrix.pytest_addopts }}
+      # some pytests depend on special setup from this file. see authorized_keys below.
+      DBTEST_IN_ACTION: true
+      LOCALOPTIONS: ${{ matrix.localoptions }}
+
+    steps:
+      - name: deps
+        if: ${{ matrix.apt != 'no' }}
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv libpam0g-dev $CC
+
+      - uses: actions/checkout@v4
+
+      - name: configure
+        run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
+
+      - name: nowritev
+        if: ${{ matrix.nowritev }}
+        run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h
+
+      - name: localoptions
+        run: |
+          echo "$LOCALOPTIONS" | tee localoptions.h
+
+      - name: nondefault
+        if: ${{ matrix.nondefault }}
+        run: |
+          # Turn on anything that's off by default. Rough but seems sufficient
+          grep ' 0$' src/default_options.h | sed 's/0$/1/' > localoptions.h
+          # PAM clashes with password
+          echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h
+          # 1 second timeout is too short
+          sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
+
+      - name: make
+        run: |
+          cat localoptions.h
+          make -j3 $MAKE_TARGET
+
+      - name: multilink
+        if: ${{ matrix.multilink }}
+        run: make multilink
+
+      - name: multi wrapper script
+        if: ${{ matrix.multiwrapper }}
+        run: |
+          cp .github/multiwrapper dropbear
+          cp .github/multiwrapper dbclient
+          cp .github/multiwrapper dropbearkey
+          cp .github/multiwrapper dropbearconvert
+
+      - name: makefuzz
+        run: make fuzzstandalone
+        if: ${{ matrix.fuzz }}
+
+        # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+      - name: make install
+        run: make install
+
+      - name: keys
+        if: ${{ matrix.runcheck != 'no' }}
+        run: |
+          mkdir -p ~/.ssh
+          # remove old files so we can rerun in-place with "act -r" during test development
+          rm -vf ~/.ssh/id_dropbear*
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
+
+          # to test setting SSH_PUBKEYINFO, replace the trailing comment
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key2 | grep ^ecdsa | sed 's/[^ ]*$/key2 extra/' >> ~/.ssh/authorized_keys
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key3 | grep ^ecdsa | sed 's/[^ ]*$/key3%char/' >> ~/.ssh/authorized_keys
+          ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key4 | grep ^ecdsa | sed 's/[^ ]*$/key4,char/' >> ~/.ssh/authorized_keys
+          chmod 700 ~ ~/.ssh ~/.ssh/authorized_keys
+          ls -ld ~ ~/.ssh ~/.ssh/authorized_keys
+
+        # upload config.log if something has failed
+      - name: config.log
+        if: ${{ !env.ACT && (failure() || cancelled()) }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: config.log
+          path: config.log
+
+      - name: check
+        if: ${{ matrix.runcheck != 'no' }}
+        run: make check
+
+      # Sanity check that the binary runs
+      - name: genrsa
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t rsa -f testrsa
+      - name: genecdsa256
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
+      - name: genecdsa384
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
+      - name: genecdsa521
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
+      - name: gened25519
+        if: ${{ matrix.runcheck != 'no' }}
+        run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
+
+      - name: fuzz
+        if: ${{ matrix.fuzz }}
+        run: ./fuzzers_test.sh

.github/workflows/cifuzz.yml

@@ -0,0 +1,30 @@
+# Runs fuzzers for a little while on pull requests.
+# From https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+name: CIFuzz
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'dropbear'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'dropbear'
+        fuzz-seconds: 1200
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v4
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts

.github/workflows/outoftree.yml

@@ -0,0 +1,25 @@
+# Can be used locally with https://github.com/nektos/act
+
+name: Out of tree build
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+jobs:
+  outoftree:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: build
+        run: |
+          mkdir build
+          cd build
+          ../configure --enable-fuzz --enable-bundled-libtom --prefix=$PWD/inst
+          make -j3
+          make -j3 fuzzstandalone
+          make install
+          test -x inst/bin/dbclient
+          test -f inst/share/man/man8/dropbear.8

.github/workflows/tarball.yml

@@ -0,0 +1,36 @@
+name: tarball sha256sum
+on:
+  push:
+    branches:
+      - master
+jobs:
+  tarball:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: release.sh
+        run: ./release.sh --testrel | tee log1.txt
+
+      - name: extract output
+        run: |
+          grep ^SHA256 log1.txt | tee sha256sum.txt
+          sed 's/.*= *//' < sha256sum.txt > hash.txt
+          mv `tail -n1 log1.txt` rel.tar.bz2
+
+      - name: sha256sum
+        uses: actions/upload-artifact@v4
+        with:
+          name: sha256sum
+          path: |
+            sha256sum.txt
+            hash.txt
+
+      - name: tarball
+        uses: actions/upload-artifact@v4
+        with:
+          name: tarball
+          # only keep for debugging
+          retention-days: 3
+          path: rel.tar.bz2

.gitignore

@@ -0,0 +1,33 @@
+*~
+*.o
+*.a
+*.da
+*.bb
+*.bbg
+*.prof
+.*.swp
+/obj
+/autom4te.cache
+/config.log
+/config.status
+/dbclient
+/dropbear
+/dropbearconvert
+/dropbearkey
+/dropbearmulti
+/fuzzcorpus
+/fuzzer-*
+/fuzzer-*.options
+/scp
+/scp-progress
+config.h
+default_options_guard.h
+localoptions.h
+Makefile
+tags
+.pytest*
+*.pyc
+/test/venv/
+/test/init/
+/test/fakekey
+.vscode/

DEVELOPING.md

@@ -0,0 +1,88 @@
+## Developer Notes
+
+#### Building
+
+See [INSTALL.md](INSTALL.md) for build instructions.
+[SMALL.md](SMALL.md) has hints for building smaller binaries, also see comments in [default_options.h](./src/default_options.h).
+
+Debug symbols can be generated by adding `-g` to `CFLAGS` environment variable.
+```
+export CFLAGS="$CFLAGS -g"
+```
+
+#### File dependencies
+The GitHub [test build script](./.github/workflows/build.yml) requires the [default_options.h](./src/default_options.h) be at the top of the repository tree.
+The script uses the file to generate `localoptions.h` with various features enabled/disabled.
+
+Following are generated files in the format `<target>: <generator>(<source>)`
+```
+- configure: autoconf(configure.ac)
+- src/config.h.in: autoheader(configure.ac)
+- src/config.h: configure(src/config.h.in)
+- Makefile: configure(Makefile.in)
+- default_options_guard.h: make(default_options.h)
+```
+Although generated, the first two files are checked in as they change very infrequently.
+
+#### Debug printing
+
+Set `#define DEBUG_TRACE 1` in [localoptions.h](./localoptions.h) to enable a `-v` verbose option for dropbear and dbclient.
+Higher numbers can be used to allow increased debug levels, with `-v` argument repeated.
+
+For development running `dropbear -F -E` is useful to run in the foreground.
+You can set `#define DEBUG_NOFORK 1` to make dropbear a one-shot server, easy to run under a debugger.
+
+#### Random sources
+
+Most cryptography requires a good random entropy source, both to generate secret keys and in the course of a session.
+Dropbear uses the Linux kernel's `getrandom()` syscall to ensure that the system RNG has been initialised before using it.
+On some systems there is insufficient entropy gathered during early boot - generating hostkeys then will block for some amount of time.
+Dropbear has a `-R` option to generate hostkeys upon the first connection as required - that will allow the system more time to gather entropy.
+
+#### Algorithms
+
+Default algorithm lists are specified in [common-algo.c](./src/common-algo.c). They are in priority order, the client's first matching choice is used (see [rfc4253](https://www.rfc-editor.org/rfc/rfc4253.html)). Dropbear client has `-c` and `-m` arguments to choose which are enabled at runtime (doesn't work for server as of June 2020).
+
+Enabling/disabling algorithms is done in [localoptions.h](./localoptions.h), see [default_options.h](./src/default_options.h).
+
+#### Style
+
+In general please conform to the current style of the file you are editing.
+
+Source code is indented with tabs, width set to 4 (though width shouldn't matter much).
+Braces are on the same line as functions/loops/if - try to keep consistency with existing code.
+
+All `if` statements should have braces, no exceptions.
+
+Add a single space between flow control statements and their open parenthesis:
+```
+if (...
+for (...
+switch (...
+etc.
+```
+
+Use `snake_case` for variable and function names.
+
+Avoid using pointer arithmetic, instead the functions in [buffer.h](./src/buffer.h) should be used.
+
+Some Dropbear platforms have old compilers.
+Variable declarations must be at the top of a scope and comments must be `/* */` rather than `//`.
+
+Pointer variables should be initialised to NULL - it can reduce the severity of bugs.
+
+#### Third party code
+
+Libtomcrypt and libtommath are periodically synced from upstream, so avoid making changes to that code which will need to be maintained.
+Improvements can be sent upstream to the libtom project.
+
+#### Non-root user
+
+Dropbear server will run fine as a non-root user, allowing logins only for that user.
+Password authentication probably won't work (can't read shadow passwords). You will need to create hostkeys that are readable.
+
+#### Connection setup
+
+Dropbear implements `first_kex_packet_follows` to reduce handshake latency [RFC 4253 7.1](https://www.rfc-editor.org/rfc/rfc4253.html#section-7.1).
+Some less common implementations don't handle that - it can be a cause of problems connecting.
+Note also that Dropbear may send several ssh packets within a single TCP packet - it's just a stream.

Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine:3.17.1 AS builder
+
+RUN apk add --no-cache alpine-sdk
+RUN apk add --no-cache \
+    musl-dev \
+    zlib-dev \
+    tar \
+    bzip2 \
+    bash
+
+RUN mkdir -p /root/dropbear/
+WORKDIR /root/dropbear/
+
+ENTRYPOINT ["bash"]

FUZZER-NOTES.md

@@ -0,0 +1,55 @@
+## Fuzzing Dropbear
+
+Dropbear is process-per-session so it assumes calling `dropbear_exit()` is fine at any point to clean up.
+This makes fuzzing a bit trickier. A few pieces of wrapping infrastructure are used to work around this.
+
+The [libfuzzer](http://llvm.org/docs/LibFuzzer.html#fuzz-target) harness expects a long running process to continually run a test function with a string of crafted input.
+That process should not leak resources or exit.
+
+#### longjmp
+
+When dropbear runs in fuzz mode it sets up a [`setjmp()`](http://man7.org/linux/man-pages/man3/setjmp.3.html) target prior to launching the code to be fuzzed, and then [`dropbear_exit()`](./src/dbutil.c#L125) calls `longjmp()` back there.
+This avoids exiting though it doesn't free memory or other resources.
+
+#### malloc Wrapper
+
+Dropbear normally uses a [`m_malloc()`](./src/dbmalloc.c) function that is the same as `malloc()` but exits if allocation fails.
+In fuzzing mode this is replaced with a tracking allocator that stores all allocations in a linked list.
+After the `longjmp()` occurs the fuzzer target calls [`m_malloc_free_epoch(1, 1)`](./src/dbmalloc.c#L80) to clean up any unreleased memory.
+
+If the fuzz target runs to completion it calls `m_malloc_free_epoch(1, 0)` which will reset the tracked allocations but will not free memory.
+That allows libfuzzer's leak checking to detect leaks in normal operation.
+
+#### File Descriptor Input
+
+As a network process Dropbear reads and writes from a socket.
+The wrappers for `read()`/`write()`/`select()` in [fuzz-wrapfd.c](./fuzz/fuzz-wrapfd.c) will read from the fuzzer input that has been set up with `wrapfd_add()`. `write()` output is currently discarded.
+These also test error paths such as EINTR and short reads with certain probabilities.
+
+This allows running the entire dropbear server process with network input provided by the fuzzer, without many modifications to the main code.
+At the time of writing this only runs the pre-authentication stages, though post-authentication could be run similarly.
+
+#### Encryption and Randomness
+
+When running in fuzzing mode Dropbear uses a [fixed seed](./src/dbrandom.c#L185) every time so that failures can be reproduced.
+
+Since the fuzzer cannot generate valid encrypted input the packet decryption and message authentication calls are disabled, see [packet.c](./src/packet.c).
+MAC failures are set to occur with a low probability to test that error path.
+
+#### Fuzzers
+
+Current fuzzers are:
+
+* [fuzzer-preauth](./fuzz/fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input.
+  This will test key exchange, packet ordering, authentication attempts etc.
+* [fuzzer-preauth_nomaths](./fuzz/fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto routines replaced with dummies for faster runtime.
+  corpora are shared between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this will help fuzzer-preauth too.
+* [fuzzer-verify](./fuzz/fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature.
+  It would not be expected to pass, though some keys with bad parameters are able to validate with a trivial signature - extra checks are added for that.
+* [fuzzer-pubkey](./fuzz/fuzzer-pubkey.c) - test parsing of an `authorized_keys` line.
+* [fuzzer-kexdh](./fuzz/fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the ephemeral public key that would be received over the network.
+  This is testing `mp_expt_mod()` and and other libtommath routines.
+* [fuzzer-kexecdh](./fuzz/fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh.
+  This is testing libtommath ECC routines.
+* [fuzzer-kexcurve25519](./fuzz/fuzzer-kexcurve25519.c) - test Curve25519 Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexecdh.
+  This is testing `dropbear_curve25519_scalarmult()` and other libtommath routines.

INSTALL

@@ -1,74 +0,0 @@
-Basic Dropbear build instructions:
-
-- Edit options.h to set which features you want.
-- Edit debug.h if you want any debug options (not usually required).
-
-(If using a non-tarball copy, "autoconf; autoheader")
-
-./configure      (optionally with --disable-zlib or --disable-syslog,
-                  or --help for other options)
-
-Now compile:
-
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
-
-And install (/usr/local/bin is usual default):
-
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
-
-(you can leave items out of the PROGRAMS list to avoid compiling them. If you
-recompile after changing the PROGRAMS list, you *MUST* "make clean" before
-recompiling - bad things will happen otherwise)
-
-See MULTI for instructions on making all-in-one binaries.
-
-If you want to compile statically, add "STATIC=1" to the make command-line.
-
-Binaries can be strippd with "make strip"
-
-============================================================================
-
-Compiling with uClibc:
-
-Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
-versions is broken. Also note that you may get strange issues if your uClibc
-headers don't match the library you are running with, ie the headers might
-say that shadow password support exists, but the libraries don't have it.
-
-Compiling for uClibc should be the same as normal, just set CC to the magic
-uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
-You can use "make STATIC=1" to make statically linked binaries, and it is
-advisable to strip the binaries too. If you're looking to make a small binary,
-you should remove unneeded ciphers and MD5, by editing options.h
-
-It is possible to compile zlib in, by copying zlib.h and zconf.h into a
-subdirectory (ie zlibincludes), and 
-
-export CFLAGS="-Izlibincludes -I../zlibincludes"
-export LDFLAGS=/usr/lib/libz.a
-
-before ./configure and make.
-
-If you disable zlib, you must explicitly disable compression for the client -
-OpenSSH is possibly buggy in this regard, it seems you need to disable it
-globally in ~/.ssh/config, not just in the host entry in that file.
-
-You may want to manually disable lastlog recording when using uClibc, configure
-with --disable-lastlog.
-
-One common problem is pty allocation. There are a number of types of pty
-allocation which can be used -- if they work properly, the end result is the
-same for each type. Running configure should detect the best type to use
-automatically, however for some systems, this may be incorrect. Some
-things to note:
-
-    If your system expects /dev/pts to be mounted (this is a uClibc option),
-	make sure that it is.
-
-	Make sure that your libc headers match the library version you are using.
-
-	If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
-	you can try compiling with --disable-openpty. You will probably then need
-	to create all the /dev/pty?? and /dev/tty?? devices, which can be
-	problematic for devfs. In general, openpty() is the best way to allocate
-	PTYs, so it's best to try and get it working.

INSTALL.md

@@ -0,0 +1,97 @@
+## Basic Dropbear Build Instructions
+
+### Build Options
+
+Custom build options can be configured in `localoptions.h` in the build directory. This is a local file, not checked in to git.
+
+Available options are described in [`src/default_options.h`](src/default_options.h)
+Options include available cryptographic algorithms, SSH features, and file paths.
+
+In addition, a `src/distrooptions.h` file will be used if it exists, for distributions to set configuration options.
+
+### Configure for your system
+```
+./configure
+```
+Optionally with `--disable-zlib` or `--disable-syslog`.
+Or `--help` for other options.
+
+You'll need to first run `autoconf; autoheader` if you edit `configure.ac`.
+
+### Compile:
+
+```
+make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
+```
+
+Optionally install, or copy the binaries another way:
+
+```
+make install
+```
+`/usr/local/bin` is usual default.
+
+or
+
+```
+make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
+```
+
+To test the installation targeting a temporary forder set `DESTDIR`:
+```
+make install DESTDIR=/same/temp/location
+```
+
+You can leave items out of the `PROGRAMS` list to avoid compiling them.
+If you recompile after changing the `PROGRAMS` list, you **MUST** `make clean` before recompiling - bad things will happen otherwise.
+
+[DEVELOPING.md](DEVELOPING.md) has some notes on other developer topics, including debugging.
+
+See [MULTI.md](MULTI.md) for instructions on making all-in-one binaries.
+
+If you want to compile statically use
+```
+./configure --enable-static
+```
+
+By default Dropbear adds various build flags that improve robustness against programming bugs (good for security).
+If these cause problems they can be disabled with `./configure --disable-harden`.
+
+Binaries can be stripped with `make strip`.
+
+> **Note**
+> If you're compiling for a 386-class CPU, you will probably need to add CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
+
+## Compiling with uClibc
+
+Firstly, make sure you have at least uclibc 0.9.17, as `getusershell()` in prior versions is broken.
+Also note that you may get strange issues if your uClibc headers don't match the library you are running with.
+I.e. the headers might say that shadow password support exists, but the libraries don't have it.
+
+Compiling for uClibc should be the same as normal, just set CC to the magic uClibc toolchain compiler (ie `export CC=i386-uclibc-gcc` or whatever).
+You can use `make STATIC=1` to make statically linked binaries, and it is advisable to strip the binaries too.
+If you're looking to make a small binary, you should remove unneeded ciphers and algorithms, by editing [localoptions.h](./localoptions.h).
+
+It is possible to compile zlib in, by copying zlib.h and zconf.h into a subdirectory (ie zlibincludes), and
+
+```
+export CFLAGS="-Izlibincludes -I../zlibincludes"
+export LDFLAGS=/usr/lib/libz.a
+```
+before `./configure` and `make`.
+
+If you disable zlib, you must explicitly disable compression for the client.
+OpenSSH is possibly buggy in this regard, it seems you need to disable it globally in `~/.ssh/config`, not just in the host entry in that file.
+
+You may want to manually disable lastlog recording when using uClibc, configure with `--disable-lastlog`.
+
+One common problem is pty allocation.
+There are a number of types of pty allocation which can be used -- if they work properly, the end result is the same for each type.
+Running configure should detect the best type to use automatically, however for some systems, this may be incorrect.
+Some things to note:
+
+* If your system expects `/dev/pts` to be mounted (this is a uClibc option), make sure that it is.
+* Make sure that your libc headers match the library version you are using.
+* If `openpty()` is being used (`HAVE_OPENPTY` defined in `config.h`) and it fails, you can try compiling with `--disable-openpty`. 
+  You will probably then need to create all the `/dev/pty??` and `/dev/tty??` devices, which can be problematic for `devfs`.
+  In general, `openpty()` is the best way to allocate PTYs, so it's best to try and get it working.

LICENSE

@@ -8,7 +8,7 @@ The majority of code is written by Matt Johnston, under the license below.
 Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
 same license:
 
-Copyright (c) 2002-2004 Matt Johnston
+Copyright (c) 2002-2020 Matt Johnston
 Portions copyright (c) 2004 Mihnea Stoenescu
 All rights reserved.
 
@@ -32,7 +32,8 @@ SOFTWARE.
 
 =====
 
-LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+LibTomCrypt and LibTomMath are written by Tom St Denis and others, see
+libtomcrypt/LICENSE and libtommath/LICENSE.
 
 =====
 
@@ -87,3 +88,27 @@ NONINFRINGEMENT.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
 FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
 CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=====
+
+curve25519.c:
+
+Modified TweetNaCl version 20140427, a self-contained public-domain C library.
+https://tweetnacl.cr.yp.to/
+
+Contributors (alphabetical order)
+Daniel J. Bernstein, University of Illinois at Chicago and Technische
+Universiteit Eindhoven
+Bernard van Gastel, Radboud Universiteit Nijmegen
+Wesley Janssen, Radboud Universiteit Nijmegen
+Tanja Lange, Technische Universiteit Eindhoven
+Peter Schwabe, Radboud Universiteit Nijmegen
+Sjaak Smetsers, Radboud Universiteit Nijmegen
+
+Acknowledgments
+This work was supported by the U.S. National Science Foundation under grant
+1018836. "Any opinions, findings, and conclusions or recommendations expressed
+in this material are those of the author(s) and do not necessarily reflect the
+views of the National Science Foundation."
+This work was supported by the Netherlands Organisation for Scientific
+Research (NWO) under grant 639.073.005 and Veni 2013 project 13114.

MULTI

@@ -1,26 +0,0 @@
-Multi-binary compilation
-========================
-
-To compile for systems without much space (floppy distributions etc), you
-can create a single binary. This will save disk space by avoiding repeated
-code between the various parts.
-If you are familiar with "busybox", it's the same principle.
-
-To compile the multi-binary, first "make clean" (if you've compiled
-previously), then
-
-make PROGRAMS="programs you want here" MULTI=1
-
-To use the binary, symlink it from the desired executable:
-
-ln -s dropbearmulti dropbear
-ln -s dropbearmulti dbclient
-etc
-
-then execute as normal:
-
-./dropbear <options here>
-
-"make install" doesn't currently work for multi-binary configuration, though
-in most situations where it is being used, the target and build systems will
-differ.

MULTI.md

@@ -0,0 +1,25 @@
+## Multi-Binary Compilation
+
+To compile for systems without much space (floppy distributions etc), you can create a single binary.
+This will save disk space by avoiding repeated code between the various parts.
+If you are familiar with BusyBox, it's the same principle.
+
+To compile the multi-binary, first `make clean` (if you've compiled previously), then
+
+```sh
+make PROGRAMS="programs you want here" MULTI=1
+```
+
+To use the binary, symlink it from the desired executable:
+
+```sh
+ln -s dropbearmulti dropbear
+ln -s dropbearmulti dbclient
+```
+etc.
+
+Then execute as normal:
+
+```
+./dropbear <options here>
+```

Makefile.in

@@ -1,150 +1,217 @@
 # This Makefile is for Dropbear SSH Server and Client
+# @configure_input@
 
 # invocation:
-# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
 #
-# to make a multiple-program statically linked binary "staticdropbearmulti".
+# to make a multiple-program binary "dropbearmulti".
 # This example will include dropbear, scp, dropbearkey, dropbearconvert, and
 # dbclient functionality, and includes the progress-bar functionality in scp.
-# Hopefully that seems intuitive.
 
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
 endif
 
-LTC=libtomcrypt/libtomcrypt.a
-LTM=libtommath/libtommath.a
+srcdir=@srcdir@/src
+VPATH=@srcdir@/src
 
-COMMONOBJS=dbutil.o buffer.o \
+STATIC_LTC=libtomcrypt/libtomcrypt.a
+STATIC_LTM=libtommath/libtommath.a
+
+LIBTOM_LIBS=@LIBTOM_LIBS@
+
+ifeq (@BUNDLED_LIBTOM@, 1)
+	LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM)
+	LIBTOM_CLEAN=ltc-clean ltm-clean
+	CPPFLAGS+=-I$(srcdir)/../libtomcrypt/src/headers/
+	LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
+endif
+
+ifneq ($(wildcard ./localoptions.h),)
+	CPPFLAGS+=-DLOCALOPTIONS_H_EXISTS
+endif
+ifneq ($(wildcard $(srcdir)/distrooptions.h),)
+	CPPFLAGS+=-DDISTROOPTIONS_H_EXISTS
+endif
+
+OBJ_DIR=./obj
+MAN_DIR=@srcdir@/manpages
+
+_COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
-		signkey.o rsa.o random.o \
+		signkey.o rsa.o dbrandom.o \
 		queue.o \
-		atomicio.o compat.o  fake-rfc2553.o
+		atomicio.o compat.o fake-rfc2553.o \
+		ltc_prng.o ecc.o ecdsa.o sk-ecdsa.o crypto_desc.o \
+		curve25519.o ed25519.o sk-ed25519.o \
+		dbmalloc.o \
+		gensignkey.o gendss.o genrsa.o gened25519.o
+COMMONOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_COMMONOBJS))
 
-SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
-		svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \
+_SVROBJS=svr-kex.o svr-auth.o sshpty.o \
+		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
-		svr-tcpfwd.o
+		svr-tcpfwd.o svr-authpam.o
+SVROBJS = $(patsubst %,$(OBJ_DIR)/%,$(_SVROBJS))
 
-CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
-		cli-session.o cli-service.o cli-runopts.o cli-chansession.o \
-		cli-authpubkey.o cli-tcpfwd.o cli-channel.o
+_CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
+		cli-session.o cli-runopts.o cli-chansession.o \
+		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
+		cli-agentfwd.o cli-readconf.o
+CLIOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CLIOBJS))
 
-CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
-			common-channel.o common-chansession.o termcodes.o loginrec.o \
-			tcp-accept.o listener.o process-packet.o \
-			common-runopts.o circbuffer.o
+_CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
+		common-channel.o common-chansession.o termcodes.o loginrec.o \
+		tcp-accept.o listener.o process-packet.o dh_groups.o \
+		common-runopts.o circbuffer.o list.o netio.o chachapoly.o gcm.o
+CLISVROBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CLISVROBJS))
 
-KEYOBJS=dropbearkey.o gendss.o genrsa.o
+_KEYOBJS=dropbearkey.o
+KEYOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_KEYOBJS))
 
-CONVERTOBJS=dropbearconvert.o keyimport.o
+_CONVERTOBJS=dropbearconvert.o keyimport.o signkey_ossh.o
+CONVERTOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_CONVERTOBJS))
 
-SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o
+_SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
+SCPOBJS = $(patsubst %,$(OBJ_DIR)/%,$(_SCPOBJS))
 
-HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
-		dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
-		debug.h channel.h chansession.h config.h queue.h sshpty.h \
-		termcodes.h gendss.h genrsa.h runopts.h includes.h \
-		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
-		listener.h fake-rfc2553.h
+ifeq (@DROPBEAR_FUZZ@, 1)
+	allobjs = $(COMMONOBJS) fuzz/fuzz-common.o  fuzz/fuzz-wrapfd.o $(CLISVROBJS) $(CLIOBJS) $(SVROBJS) @CRYPTLIB@
+	allobjs:=$(subst $(OBJ_DIR)/svr-main.o, ,$(allobjs))
+	allobjs:=$(subst $(OBJ_DIR)/cli-main.o, ,$(allobjs))
 
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) 
-dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
-dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
-dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
-scpobjs=$(SCPOBJS)
+	dropbearobjs=$(allobjs) $(OBJ_DIR)/svr-main.o
+	dbclientobjs=$(allobjs) $(OBJ_DIR)/cli-main.o
+	dropbearkeyobjs=$(allobjs) $(KEYOBJS)
+	dropbearconvertobjs=$(allobjs) $(CONVERTOBJS)
+	# CXX only set when fuzzing
+	CXX=@CXX@
+	FUZZ_CLEAN=fuzz-clean
+else
+	dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+	dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+	dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+	dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+	scpobjs=$(SCPOBJS)
+endif
+
+ifeq (@DROPBEAR_PLUGIN@, 1)
+	# rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries
+	# this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without
+	# the need to rewrite them.
+	PLUGIN_LIBS=-ldl -rdynamic
+else
+	PLUGIN_LIBS=
+endif
 
 prefix=@prefix@
-exec_prefix=${prefix}
-bindir=${exec_prefix}/bin
-sbindir=${exec_prefix}/sbin
+exec_prefix=@exec_prefix@
+datarootdir = @datarootdir@
+bindir=@bindir@
+sbindir=@sbindir@
+mandir=@mandir@
+
+.DELETE_ON_ERROR:
 
 CC=@CC@
-LD=@LD@
 AR=@AR@
 RANLIB=@RANLIB@
 STRIP=@STRIP@
 INSTALL=@INSTALL@
-CFLAGS=-Ilibtomcrypt @CFLAGS@
-LIBS=$(LTC) $(LTM) @LIBS@
+CPPFLAGS+=@CPPFLAGS@ -I. -I$(srcdir)
+CFLAGS+=@CFLAGS@
+LIBS+=@LIBS@
 LDFLAGS=@LDFLAGS@
 
 EXEEXT=@EXEEXT@
 
+STATIC=@STATIC@
+
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
-space:= $(empty) $(empty)
 ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z))))
-	CFLAGS+= -DDROPBEAR_SERVER
+	CPPFLAGS+= -DDROPBEAR_SERVER
 endif
 ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z))))
-	CFLAGS+= -DDROPBEAR_CLIENT
+	CPPFLAGS+= -DDROPBEAR_CLIENT
 endif
 
-
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
+export CPPFLAGS
 export RANLIB AR STRIP
 
 ifeq ($(STATIC), 1)
 	LDFLAGS+=-static
-	SPREFIX=static
-else
-	SPREFIX=
 endif
 
 ifeq ($(MULTI), 1)
-	TARGETS=dropbearmulti
+	TARGETS=dropbearmulti$(EXEEXT)
 else
 	TARGETS=$(PROGRAMS)
 endif
 
 # for the scp progress meter. The -D doesn't affect anything else.
 ifeq ($(SCPPROGRESS), 1)
-	CFLAGS+=-DPROGRESS_METER
+	CPPFLAGS+=-DPROGRESS_METER
 endif
 
-#%: $(HEADERS)
-#%: $(HEADERS) Makefile
-# TODO
-
 all: $(TARGETS)
 
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) default_options_guard.h
+
+$(OBJ_DIR):
+	mkdir -p $@
+
+$(OBJ_DIR)/%.o: $(srcdir)/%.c $(HEADERS) | $(OBJ_DIR)
+	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ -c
+
+fuzz/%.o: $(srcdir)/../fuzz/%.c $(HEADERS)
+	$(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ -c
+
+default_options_guard.h: $(srcdir)/default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	mv -v $@.tmp $@
+	pwd
+	ls -l $@
+
 strip: $(TARGETS)
-	$(STRIP) $(addsuffix $(EXEEXT), $(addprefix $(SPREFIX), $(TARGETS)))
+	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
 
-install: $(addprefix inst, $(TARGETS))
+install: $(addprefix inst_, $(TARGETS))
 
-installdropbearmulti: insdbmulti $(addprefix insmulti, $(PROGRAMS)) 
+insmultidropbear: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
+	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(MAN_DIR)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
 
-insdbmulti: dropbearmulti
-	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 $(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
+insmulti%: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT)
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $(MAN_DIR)/$*.1; then $(INSTALL) -m 644 $(MAN_DIR)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
-insmultidropbear: dropbearmulti
-	-rm -f $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
-	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT) 
+# dropbear should go in sbin, so it needs a separate rule
+inst_dropbear: dropbear
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
+	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(MAN_DIR)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
 
-insmulti%: dropbearmulti
-	-rm -f $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
-	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
-
-# dropbear should go in sbin, so it needs a seperate rule
-instdropbear: dropbear
-	$(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755 $(SPREFIX)dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
-	-chown root $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
-
-inst%: $*
-	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 $(SPREFIX)$*$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
+inst_%: %
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	$(INSTALL) $*$(EXEEXT) $(DESTDIR)$(bindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $(MAN_DIR)/$*.1; then $(INSTALL) -m 644 $(MAN_DIR)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
+inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS))
 
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
 dropbear: $(dropbearobjs)
@@ -152,59 +219,131 @@ dbclient: $(dbclientobjs)
 dropbearkey: $(dropbearkeyobjs)
 dropbearconvert: $(dropbearconvertobjs)
 
-dropbear dbclient dropbearkey dropbearconvert: $(HEADERS)  $(LTC) $(LTM) \
-													Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)$@$(EXEEXT) $($@objs) $(LIBS)
+dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)
+
+dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+
+dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
 
 # scp doesn't use the libs so is special.
 scp: $(SCPOBJS)  $(HEADERS) Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)$@$(EXEEXT) $(SCPOBJS)
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)
 
 
 # multi-binary compilation.
 MULTIOBJS=
 ifeq ($(MULTI),1)
-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
-	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+	MULTIOBJS=$(OBJ_DIR)/dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+	CPPFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
 endif
 
-dropbearmulti: multilink 
+dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
 
-multibinary: $(HEADERS) $(MULTIOBJS) $(LTC) $(LTM) Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS)
+multibinary: dropbearmulti$(EXEEXT)
 
 multilink: multibinary $(addprefix link, $(PROGRAMS))
 
 link%:
-	-rm -f $(SPREFIX)$*$(EXEEXT)
-	-ln -s $(SPREFIX)dropbearmulti$(EXEEXT) $(SPREFIX)$*$(EXEEXT)
+	-rm -f $*$(EXEEXT)
+	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
-$(LTC): options.h
-	cd libtomcrypt && $(MAKE) clean && $(MAKE)
+$(STATIC_LTC): $(HEADERS)
+	$(MAKE) -C libtomcrypt
 
-$(LTM): options.h
-	cd libtommath && $(MAKE)
+$(STATIC_LTM): $(HEADERS)
+	$(MAKE) -C libtommath
+
+.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean lint check
 
 ltc-clean:
-	cd libtomcrypt && $(MAKE) clean
+	$(MAKE) -C libtomcrypt clean
 
 ltm-clean:
-	cd libtommath && $(MAKE) clean
+	$(MAKE) -C libtommath clean
 
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
 
-clean: ltc-clean ltm-clean thisclean
+clean: $(LIBTOM_CLEAN) $(FUZZ_CLEAN) thisclean
 
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress
-	-rm -f staticdropbear staticdropbearkey staticdropbearconvert staticscp
-	-rm -f dropbearmulti staticdropbearmulti
-	-rm -f *.o *.da *.bb *.bbg *.prof 
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
+			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof \
+			$(OBJ_DIR)/*
 
 distclean: clean tidy
-	-rm -f config.h
-	-rm -f Makefile
+	-rm -f src/config.h config.status config.log
+	-rm -f Makefile test/Makefile
+	-rm -f default_options_guard.h
 
 tidy:
 	-rm -f *~ *.gcov */*~
+
+lint:
+	cd $(srcdir); ./dropbear_lint.sh
+
+check: lint
+	make -C test
+
+## Fuzzing targets
+
+# list of fuzz targets
+FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
+	fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths \
+	fuzzer-postauth_nomaths fuzzer-cliconf
+
+FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
+FUZZ_OBJS = $(addprefix fuzz/,$(addsuffix .o,$(FUZZ_TARGETS))) \
+	fuzz/fuzz-sshpacketmutator.o
+
+list-fuzz-targets:
+	@echo $(FUZZ_TARGETS)
+
+# fuzzers that don't use libfuzzer, just a standalone harness that feeds inputs
+fuzzstandalone: FUZZLIB=fuzz/fuzz-harness.o
+fuzzstandalone: fuzz/fuzz-harness.o fuzz-targets
+
+# Build all the fuzzers. Usually like
+#   make fuzz-targets FUZZLIB=-lFuzzer.a
+# the library provides main(). Otherwise
+#   make fuzzstandalone
+# provides a main in fuzz-harness.c
+fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)
+
+$(FUZZ_TARGETS): $(LIBTOM_DEPS) $(allobjs) $(FUZZ_OBJS)
+	$(CXX) $(CXXFLAGS) fuzz/$@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+# fuzzers that use the custom mutator - these expect a SSH network stream
+MUTATOR_FUZZERS=fuzzer-client fuzzer-client_nomaths \
+	fuzzer-preauth fuzzer-preauth_nomaths fuzzer-postauth_nomaths
+
+# Skip custom mutators for -fsanitize-memory since libfuzzer doesn't initialise memory
+# Pending fix for it https://github.com/google/oss-fuzz/issues/4605
+ifeq (,$(findstring fsanitize=memory, $(CFLAGS)))
+$(MUTATOR_FUZZERS): allobjs += fuzz/fuzz-sshpacketmutator.o
+endif
+
+fuzzer-%.options: Makefile
+	echo "[libfuzzer]"               > $@
+	echo "max_len = 50000"          >> $@
+
+# run this to update hardcoded hostkeys for for fuzzing.
+# hostkeys.c is checked in to hg.
+fuzz-hostkeys:
+	dropbearkey -t rsa -f keyr
+	dropbearkey -t dss -f keyd
+	dropbearkey -t ecdsa -size 256 -f keye
+	dropbearkey -t ed25519 -f keyed25519
+	echo > hostkeys.c
+	/usr/bin/xxd -i -a keyr >> hostkeys.c
+	/usr/bin/xxd -i -a keye >> hostkeys.c
+	/usr/bin/xxd -i -a keyd >> hostkeys.c
+	/usr/bin/xxd -i -a keyed25519 >> hostkeys.c
+
+fuzz-clean:
+	-rm -f fuzz/*.o $(FUZZ_TARGETS) $(FUZZER_OPTIONS)

README

@@ -1,74 +0,0 @@
-This is Dropbear, a smallish SSH 2 server and client.
-
-INSTALL has compilation instructions.
-
-MULTI has instructions on making a multi-purpose binary (ie a single binary
-which performs multiple tasks, to save disk space)
-
-SMALL has some tips on creating small binaries.
-
-See TODO for a few of the things I know need looking at, and please contact
-me if you have any questions/bugs found/features/ideas/comments etc :)
-
-Matt Johnston
-matt@ucc.asn.au
-
-
-In the absence of detailed documentation, some notes follow:
-============================================================================
-
-Server public key auth:
-
-You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
-the key entries in that file. They should be of the form:
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
-
-You must make sure that ~/.ssh, and the key file, are only writable by the
-user.
-
-NOTE: Dropbear ignores authorized_keys options such as those described in the
-OpenSSH sshd manpage, and will not allow a login for these keys. 
-
-============================================================================
-
-Client public key auth:
-
-Dropbear can do public key auth as a client, but you will have to convert
-OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
-
-If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:
-
-dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
-dbclient -i ~/.ssh/id_rsa.db <hostname>
-
-Currently encrypted keys aren't supported, neither is agent forwarding. At some
-stage both hopefully will be.
-
-============================================================================
-
-If you want to get the public-key portion of a Dropbear private key, look at
-dropbearkey's '-y' option.
-
-============================================================================
-
-To run the server, you need to generate server keys, this is one-off:
-./dropbearkey -t rsa -f dropbear_rsa_host_key
-./dropbearkey -t dss -f dropbear_dss_host_key
-
-or alternatively convert OpenSSH keys to Dropbear:
-./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
-
-============================================================================
-
-If the server is run as non-root, you most likely won't be able to allocate a
-pty, and you cannot login as any user other than that running the daemon
-(obviously). Shadow passwords will also be unusable as non-root.
-
-============================================================================
-
-The Dropbear distribution includes a standalone version of OpenSSH's scp
-program. You can compile it with "make scp", you may want to change the path
-of the ssh binary, specified near the top of the scp.c file. By default
-the progress meter isn't compiled in to save space, you can enable it by 
-adding 'SCPPROGRESS=1' to the make commandline.

README.md

@@ -0,0 +1,84 @@
+## Dropbear SSH
+A smallish SSH server and client
+https://matt.ucc.asn.au/dropbear/dropbear.html
+
+[INSTALL.md](INSTALL.md) has compilation instructions.
+
+[MULTI.md](MULTI.md) has instructions on making a multi-purpose binary (ie a single binary which performs multiple tasks, to save disk space).
+
+[SMALL.md](SMALL.md) has some tips on creating small binaries.
+
+A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/.
+
+Please contact me if you have any questions/bugs found/features/ideas/comments etc
+There is also a mailing list https://lists.ucc.asn.au/mailman/listinfo/dropbear
+
+Matt Johnston
+matt@ucc.asn.au
+
+
+### In the absence of detailed documentation, some notes follow
+
+----
+#### Server public key auth
+
+You can use `~/.ssh/authorized_keys` in the same way as with OpenSSH, just put the key entries in that file.
+They should be of the form:
+
+    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0NkyU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
+
+You must make sure that `~/.ssh`, and the key file, are only writable by the user.
+Beware of editors that split the key into multiple lines.
+
+Dropbear supports some options for authorized_keys entries, see the manpage.
+
+----
+#### Client public key auth
+
+Dropbear can do public key auth as a client.
+But you will have to convert OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
+
+If you have an OpenSSH-style private key `~/.ssh/id_rsa`, you need to do:
+
+```sh
+dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
+dbclient -i ~/.ssh/id_rsa.db <hostname>
+```
+
+Dropbear does not support encrypted hostkeys though can connect to ssh-agent.
+
+----
+If you want to get the public-key portion of a Dropbear private key, look at dropbearkey's `-y` option.
+It will print both public key and fingerprint. If you need the pub key only you can grep by a prefix `ssh-`: 
+```sh
+./dropbearkey -y -f ~/.ssh/id_ed25519 | grep "^ssh-" > ~/.ssh/id_ed25519.pub
+```
+
+----
+To run the server, you need to generate server keys, this is one-off:
+
+```sh
+./dropbearkey -t rsa -f dropbear_rsa_host_key
+./dropbearkey -t dss -f dropbear_dss_host_key
+./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
+./dropbearkey -t ed25519 -f dropbear_ed25519_host_key
+```
+
+Or alternatively convert OpenSSH keys to Dropbear:
+
+```sh
+./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
+```
+
+You can also get Dropbear to create keys when the first connection is made - this is preferable to generating keys when the system boots.
+Make sure `/etc/dropbear/` exists and then pass `-R` to the dropbear server.
+
+----
+If the server is run as non-root, you most likely won't be able to allocate a pty, and you cannot login as any user other than that running the daemon (obviously).
+Shadow passwords will also be unusable as non-root.
+
+----
+The Dropbear distribution includes a standalone version of OpenSSH's `scp` program.
+You can compile it with `make scp`.
+You may want to change the path of the ssh binary, specified by `_PATH_SSH_PROGRAM` in `options.h`.
+By default the progress meter isn't compiled in to save space, you can enable it by adding `SCPPROGRESS=1` to the `make` commandline.

SMALL

@@ -1,42 +0,0 @@
-Tips for a small system:
-
-The following are set in options.h
-
-- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
-  affecting interoperability
-
-- If you're compiling statically, you can turn off host lookups
-
-- You can disable either password or public-key authentication, though note
-  that the IETF draft states that pubkey authentication is required.
-
-- Similarly with DSS and RSA, you can disable one of these if you know that
-  all clients will be able to support a particular one. The IETF draft
-  states that DSS is required, however you may prefer to use RSA. 
-  DON'T disable either of these on systems where you aren't 100% sure about
-  who will be connecting and what clients they will be using.
-
-- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
-
-- You can disable x11, tcp and agent forwarding as desired. None of these are
-  essential, although agent-forwarding is often useful even on firewall boxes.
-
-If you are compiling statically, you may want to disable zlib, as it will use
-a few tens of kB of binary-size (./configure --disable-zlib).
-
-You can create a combined binary, see the file MULTI, which will put all
-the functions into one binary, avoiding repeated code.
-
-If you're compiling with gcc, you might want to look at gcc's options for
-stripping unused code. The relevant vars to set before configure are:
-
-LDFLAGS=-Wl,--gc-sections
-CFLAGS="-ffunction-sections -fdata-sections"
-
-You can also experiment with optimisation flags such as -Os, note that in some
-cases these flags actually seem to increase size, so experiment before
-deciding.
-
-Of course using small C libraries such as uClibc and dietlibc can also help.
-
-If you have any queries, mail me and I'll see if I can help.

SMALL.md

@@ -0,0 +1,59 @@
+## Tips for a small system
+
+If you only want server functionality, compile with
+
+```
+make PROGRAMS=dropbear
+```
+
+rather than just
+
+```
+make dropbear
+```
+
+so that client functionality in shared portions of Dropbear won't be included.
+The same applies for `PROGRAMS=dbclient`.
+
+---
+The following are set in `localoptions.h`. See `default_options.h` for possibilities.
+
+You can disable either password or public-key authentication.
+
+Various algorithms can be disabled if they are not required by any connecting SSH clients/servers. 
+Disabling many is fine for a local install, though
+builds for public consumption require more consideration.
+
+You can disable x11, tcp and agent forwarding as desired. None of these are essential (depending on use cases).
+
+---
+If you are compiling statically, you may want to disable zlib, as it will use a few tens of kB of binary size
+```
+./configure --disable-zlib
+```
+
+You can create a combined binary, see the file [MULTI.md](MULTI.md), which will put all the functions into one binary, avoiding repeated code.
+
+If you're compiling with gcc, you might want to look at gcc's options for stripping unused code.
+The relevant vars to set before configure are:
+
+```
+LDFLAGS=-Wl,--gc-sections
+CFLAGS="-ffunction-sections -fdata-sections"
+```
+
+You can also experiment with optimisation flags such as `-Os`. Note that in some cases these flags actually seem to increase size, so experiment before
+deciding.
+
+Of course using small C libraries such as musl can also help.
+
+---
+Libtommath has its own default `CFLAGS` to improve speed. You can use
+
+```
+./configure LTM_CFLAGS=-Os
+```
+
+to reduce size at the expense of speed.
+
+If you have any queries, mail me and I'll see if I can help.

TODO

@@ -1,29 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- Make options.h generated from configure perhaps?
-
-- Improved queueing of unauthed connections
-
-- fix agent fwd problems
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- possible RSA blinding? need to check whether this is vuln to timing attacks
-- check PRNG
-- CTR mode, SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- Use m_burn for clearing sensitive items in LTM/LTC
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-- Client agent forwarding

_internal_/Dockerfile.python.nonroot

@@ -0,0 +1,21 @@
+FROM nvidia/cuda:11.1.1-cudnn8-devel-ubuntu18.04
+# use an older system (18.04) to avoid opencv incompatibility (issue#3524)
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get install -y \
+	python3-opencv ca-certificates python3-dev git wget sudo ninja-build
+RUN ln -sv /usr/bin/python3 /usr/bin/python
+
+# create a non-root user
+ARG USER_ID=1000
+RUN useradd -m --no-log-init --system  --uid ${USER_ID} appuser -g sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+USER appuser
+WORKDIR /home/appuser
+
+
+ENV PATH="/home/appuser/.local/bin:${PATH}"
+RUN wget https://bootstrap.pypa.io/pip/3.6/get-pip.py && \
+	python3 get-pip.py --user && \
+	rm get-pip.py
+

algo.h

@@ -1,74 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _ALGO_H_
-
-#define _ALGO_H_
-
-#include "includes.h"
-#include "buffer.h"
-
-struct Algo_Type {
-
-	unsigned char *name; /* identifying name */
-	char val; /* a value for this cipher, or -1 for invalid */
-	void *data; /* algorithm specific data */
-	unsigned usable : 1; /* whether we can use this algorithm */
-
-};
-
-typedef struct Algo_Type algo_type;
-
-/* lists mapping ssh types of algorithms to internal values */
-extern algo_type sshkex[];
-extern algo_type sshhostkey[];
-extern algo_type sshciphers[];
-extern algo_type sshhashes[];
-extern algo_type sshcompress[];
-
-extern const struct dropbear_cipher dropbear_nocipher;
-extern const struct dropbear_hash dropbear_nohash;
-
-struct dropbear_cipher {
-	const struct _cipher_descriptor *cipherdesc;
-	unsigned long keysize;
-	unsigned char blocksize;
-};
-
-struct dropbear_hash {
-	const struct _hash_descriptor *hashdesc;
-	unsigned long keysize;
-	unsigned char hashsize;
-};
-
-void crypto_init();
-int have_algo(char* algo, size_t algolen, algo_type algos[]);
-void buf_put_algolist(buffer * buf, algo_type localalgos[]);
-
-algo_type * svr_buf_match_algo(buffer* buf, algo_type localalgos[],
-		int *goodguess);
-algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
-		int *goodguess);
-
-#endif /* _ALGO_H_ */

auth.h

@@ -1,98 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _AUTH_H_
-#define _AUTH_H_
-
-#include "includes.h"
-
-void svr_authinitialise();
-void cli_authinitialise();
-
-/* Server functions */
-void recv_msg_userauth_request();
-void send_msg_userauth_failure(int partial, int incrfail);
-void send_msg_userauth_success();
-void svr_auth_password();
-void svr_auth_pubkey();
-
-/* Client functions */
-void recv_msg_userauth_failure();
-void recv_msg_userauth_success();
-void recv_msg_userauth_pk_ok();
-void cli_get_user();
-void cli_auth_getmethods();
-void cli_auth_try();
-void recv_msg_userauth_banner();
-void cli_pubkeyfail();
-int cli_auth_password();
-int cli_auth_pubkey();
-
-
-#define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
-
-#define AUTH_TYPE_PUBKEY	1 << 0
-#define AUTH_TYPE_PASSWORD	1 << 1
-
-/* auth types, "none" means we should return list of acceptable types */
-#define AUTH_METHOD_NONE	"none"
-#define AUTH_METHOD_NONE_LEN 4
-#define AUTH_METHOD_PUBKEY "publickey"
-#define AUTH_METHOD_PUBKEY_LEN 9
-#define AUTH_METHOD_PASSWORD "password"
-#define AUTH_METHOD_PASSWORD_LEN 8
-
-/* This structure is shared between server and client - it contains
- * relatively little extraneous bits when used for the client rather than the
- * server */
-struct AuthState {
-
-	char *username; /* This is the username the client presents to check. It
-					   is updated each run through, used for auth checking */
-	unsigned char authtypes; /* Flags indicating which auth types are still 
-								valid */
-	unsigned int failcount; /* Number of (failed) authentication attempts.*/
-	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
-							  client and server (though has differing [obvious]
-							  meanings). */
-
-	/* These are only used for the server */
-	char *printableuser; /* stripped of control chars, used for logs etc */
-	struct passwd * pw;
-
-};
-
-struct PubkeyList;
-/* A singly linked list of pubkeys */
-struct PubkeyList {
-
-	sign_key *key;
-	int type; /* The type of key */
-	struct PubkeyList *next;
-	/* filename? or the buffer? for encrypted keys, so we can later get
-	 * the private key portion */
-
-};
-
-#endif /* _AUTH_H_ */

build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+docker build -t dropbearbuild -f Dockerfile .
+
+docker run --rm -t -v $(pwd):/root/dropbear dropbearbuild -c "./configure --disable-utmp --disable-wtmp --disable-lastlog --disable-zlib --disable-syslog --enable-static --disable-harden && make clean && make -j4 MULTI=1 PROGRAMS=\"dropbear dropbearconvert dropbearkey\" && mv dropbearmulti dropbearmulti_ && make clean && mv dropbearmulti_ dropbearmulti"
+
+docker image rm dropbearbuild
+
+mkdir build
+cp dropbearmulti ./build

channel.h

@@ -1,129 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _CHANNEL_H_
-#define _CHANNEL_H_
-
-#include "includes.h"
-#include "buffer.h"
-#include "circbuffer.h"
-
-/* channel->type values */
-#define CHANNEL_ID_NONE 0
-#define CHANNEL_ID_SESSION 1
-#define CHANNEL_ID_X11 2
-#define CHANNEL_ID_AGENT 3
-#define CHANNEL_ID_TCPDIRECT 4
-#define CHANNEL_ID_TCPFORWARDED 5
-
-#define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED    1
-#define SSH_OPEN_CONNECT_FAILED                 2
-#define SSH_OPEN_UNKNOWN_CHANNEL_TYPE           3
-#define SSH_OPEN_RESOURCE_SHORTAGE              4
-
-/* Not a real type */
-#define SSH_OPEN_IN_PROGRESS					99
-
-#define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
-							connection, so can't be _too_ small */
-
-#define CHAN_EXTEND_SIZE 3 /* how many extra slots to add when we need more */
-
-#define RECV_MAXWINDOW 4000 /* tweak */
-#define RECV_WINDOWEXTEND 500 /* We send a "window extend" every
-								RECV_WINDOWEXTEND bytes */
-#define RECV_MAXPACKET RECV_MAXWINDOW /* tweak */
-
-struct ChanType;
-
-struct Channel {
-
-	unsigned int index; /* the local channel index */
-	unsigned int remotechan;
-	unsigned int recvwindow, transwindow;
-	unsigned int recvdonelen;
-	unsigned int recvmaxpacket, transmaxpacket;
-	void* typedata; /* a pointer to type specific data */
-	int infd; /* data to send over the wire */
-	int outfd; /* data for consumption, what was in writebuf */
-	int errfd; /* used like infd or errfd, depending if it's client or server.
-				  Doesn't exactly belong here, but is cleaner here */
-	circbuffer *writebuf; /* data from the wire, for local consumption */
-	circbuffer *extrabuf; /* extended-data for the program - used like writebuf
-					     but for stderr */
-
-	int sentclosed, recvclosed;
-
-	/* this is set when we receive/send a channel eof packet */
-	int recveof, senteof;
-
-	int initconn; /* used for TCP forwarding, whether the channel has been
-					 fully initialised */
-
-	const struct ChanType* type;
-
-};
-
-struct ChanType {
-
-	int sepfds; /* Whether this channel has seperate pipes for in/out or not */
-	char *name;
-	int (*inithandler)(struct Channel*);
-	int (*checkclose)(struct Channel*);
-	void (*reqhandler)(struct Channel*);
-	void (*closehandler)(struct Channel*);
-
-};
-
-void chaninitialise();
-void chancleanup();
-void setchannelfds(fd_set *readfd, fd_set *writefd);
-void channelio(fd_set *readfd, fd_set *writefd);
-struct Channel* getchannel(unsigned int chan);
-struct Channel* newchannel(unsigned int remotechan, 
-		const struct ChanType *type, 
-		unsigned int transwindow, unsigned int transmaxpacket);
-
-void recv_msg_channel_open();
-void recv_msg_channel_request();
-void send_msg_channel_failure(struct Channel *channel);
-void send_msg_channel_success(struct Channel *channel);
-void recv_msg_channel_data();
-void recv_msg_channel_extended_data();
-void recv_msg_channel_window_adjust();
-void recv_msg_channel_close();
-void recv_msg_channel_eof();
-
-void common_recv_msg_channel_data(struct Channel *channel, int fd, 
-		circbuffer * buf);
-
-const struct ChanType clichansess;
-
-#ifdef USING_LISTENERS
-int send_msg_channel_open_init(int fd, const struct ChanType *type);
-void recv_msg_channel_open_confirmation();
-void recv_msg_channel_open_failure();
-#endif
-
-#endif /* _CHANNEL_H_ */

cli-algo.c

@@ -1,99 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * SSH client implementation
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "algo.h"
-#include "dbutil.h"
-
-
-/*
- * The chosen [encryption | MAC | compression] algorithm to each 
- * direction MUST be the first algorithm  on the client's list
- * that is also on the server's list.
- */
-algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
-		int *goodguess) {
-
-	unsigned char * algolist = NULL;
-	unsigned char * remotealgos[MAX_PROPOSED_ALGO];
-	unsigned int len;
-	unsigned int count, i, j;
-	algo_type * ret = NULL;
-
-	*goodguess = 0;
-
-	/* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */
-	algolist = buf_getstring(buf, &len);
-	TRACE(("cli_buf_match_algo: %s", algolist));
-	if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) {
-		goto out; /* just a sanity check, no other use */
-	}
-
-	/* remotealgos will contain a list of the strings parsed out */
-	/* We will have at least one string (even if it's just "") */
-	remotealgos[0] = algolist;
-	count = 1;
-	/* Iterate through, replacing ','s with NULs, to split it into
-	 * words. */
-	for (i = 0; i < len; i++) {
-		if (algolist[i] == '\0') {
-			/* someone is trying something strange */
-			goto out;
-		}
-		if (algolist[i] == ',') {
-			algolist[i] = '\0';
-			remotealgos[count] = &algolist[i+1];
-			count++;
-		}
-		if (count == MAX_PROPOSED_ALGO) {
-			break;
-		}
-	}
-
-	/* iterate and find the first match */
-
-	for (j = 0; localalgos[j].name != NULL; j++) {
-		if (localalgos[j].usable) {
-		len = strlen(localalgos[j].name);
-			for (i = 0; i < count; i++) {
-				if (len == strlen(remotealgos[i]) 
-						&& strncmp(localalgos[j].name, 
-							remotealgos[i], len) == 0) {
-					if (i == 0 && j == 0) {
-						/* was a good guess */
-						*goodguess = 1;
-					}
-					ret = &localalgos[j];
-					goto out;
-				}
-			}
-		}
-	}
-
-out:
-	m_free(algolist);
-	return ret;
-}
-

cli-auth.c

@@ -1,210 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "session.h"
-#include "auth.h"
-#include "dbutil.h"
-#include "buffer.h"
-#include "ssh.h"
-#include "packet.h"
-#include "runopts.h"
-
-
-void cli_authinitialise() {
-
-	memset(&ses.authstate, 0, sizeof(ses.authstate));
-}
-
-
-/* Send a "none" auth request to get available methods */
-void cli_auth_getmethods() {
-
-	TRACE(("enter cli_auth_getmethods"));
-
-	CHECKCLEARTOWRITE();
-
-	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
-	buf_putstring(ses.writepayload, cli_opts.username, 
-			strlen(cli_opts.username));
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
-			SSH_SERVICE_CONNECTION_LEN);
-	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
-
-	encrypt_packet();
-	TRACE(("leave cli_auth_getmethods"));
-
-}
-
-void recv_msg_userauth_banner() {
-
-	unsigned char* banner = NULL;
-	unsigned int bannerlen;
-	unsigned int i, linecount;
-
-	TRACE(("enter recv_msg_userauth_banner"));
-	if (ses.authstate.authdone) {
-		TRACE(("leave recv_msg_userauth_banner: banner after auth done"));
-		return;
-	}
-
-	banner = buf_getstring(ses.payload, &bannerlen);
-	buf_eatstring(ses.payload); /* The language string */
-
-	if (bannerlen > MAX_BANNER_SIZE) {
-		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen));
-		goto out;
-	}
-
-	cleantext(banner);
-
-	/* Limit to 25 lines */
-	linecount = 1;
-	for (i = 0; i < bannerlen; i++) {
-		if (banner[i] == '\n') {
-			if (linecount >= MAX_BANNER_LINES) {
-				banner[i] = '\0';
-				break;
-			}
-			linecount++;
-		}
-	}
-
-	printf("%s\n", banner);
-
-out:
-	m_free(banner);
-	TRACE(("leave recv_msg_userauth_banner"));
-}
-
-
-void recv_msg_userauth_failure() {
-
-	unsigned char * methods = NULL;
-	unsigned char * tok = NULL;
-	unsigned int methlen = 0;
-	unsigned int partial = 0;
-	unsigned int i = 0;
-
-	TRACE(("<- MSG_USERAUTH_FAILURE"));
-	TRACE(("enter recv_msg_userauth_failure"));
-
-	if (cli_ses.state != USERAUTH_REQ_SENT) {
-		/* Perhaps we should be more fatal? */
-		TRACE(("But we didn't send a userauth request!!!!!!"));
-		return;
-	}
-
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	/* If it was a pubkey auth request, we should cross that key 
-	 * off the list. */
-	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
-		cli_pubkeyfail();
-	}
-#endif
-
-	methods = buf_getstring(ses.payload, &methlen);
-
-	partial = buf_getbyte(ses.payload);
-
-	if (partial) {
-		dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
-	} else {
-		ses.authstate.failcount++;
-	}
-
-	TRACE(("Methods (len %d): '%s'", methlen, methods));
-
-	ses.authstate.authdone=0;
-	ses.authstate.authtypes=0;
-
-	/* Split with nulls rather than commas */
-	for (i = 0; i < methlen; i++) {
-		if (methods[i] == ',') {
-			methods[i] = '\0';
-		}
-	}
-
-	tok = methods; /* tok stores the next method we'll compare */
-	for (i = 0; i <= methlen; i++) {
-		if (methods[i] == '\0') {
-			TRACE(("auth method '%s'", tok));
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-			if (strncmp(AUTH_METHOD_PUBKEY, tok,
-				AUTH_METHOD_PUBKEY_LEN) == 0) {
-				ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
-			}
-#endif
-#ifdef ENABLE_CLI_PASSWORD_AUTH
-			if (strncmp(AUTH_METHOD_PASSWORD, tok,
-				AUTH_METHOD_PASSWORD_LEN) == 0) {
-				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
-			}
-#endif
-			tok = &methods[i+1]; /* Must make sure we don't use it after the
-									last loop, since it'll point to something
-									undefined */
-		}
-	}
-
-	cli_ses.state = USERAUTH_FAIL_RCVD;
-		
-	TRACE(("leave recv_msg_userauth_failure"));
-}
-
-void recv_msg_userauth_success() {
-	TRACE(("received msg_userauth_success"));
-	ses.authstate.authdone = 1;
-	cli_ses.state = USERAUTH_SUCCESS_RCVD;
-}
-
-void cli_auth_try() {
-
-	TRACE(("enter cli_auth_try"));
-	int finished = 0;
-
-	CHECKCLEARTOWRITE();
-	
-	/* XXX We hardcode that we try a pubkey first */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
-		finished = cli_auth_pubkey();
-		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
-	}
-#endif
-
-#ifdef ENABLE_CLI_PASSWORD_AUTH
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
-		finished = cli_auth_password();
-		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
-	}
-#endif
-
-	if (!finished) {
-		dropbear_exit("No auth methods could be used.");
-	}
-
-	TRACE(("leave cli_auth_try"));
-}

cli-authpasswd.c

@@ -1,63 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "buffer.h"
-#include "dbutil.h"
-#include "session.h"
-#include "ssh.h"
-#include "runopts.h"
-
-#ifdef ENABLE_CLI_PASSWORD_AUTH
-int cli_auth_password() {
-
-	char* password = NULL;
-	TRACE(("enter cli_auth_password"));
-
-	CHECKCLEARTOWRITE();
-	password = getpass("Password: ");
-
-	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
-
-	buf_putstring(ses.writepayload, cli_opts.username,
-			strlen(cli_opts.username));
-
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
-			SSH_SERVICE_CONNECTION_LEN);
-
-	buf_putstring(ses.writepayload, AUTH_METHOD_PASSWORD, 
-			AUTH_METHOD_PASSWORD_LEN);
-
-	buf_putbyte(ses.writepayload, 0); /* FALSE - so says the spec */
-
-	buf_putstring(ses.writepayload, password, strlen(password));
-
-	encrypt_packet();
-	m_burn(password, strlen(password));
-
-	TRACE(("leave cli_auth_password"));
-	return 1; /* Password auth can always be tried */
-
-}
-#endif

cli-authpubkey.c

@@ -1,187 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "buffer.h"
-#include "dbutil.h"
-#include "session.h"
-#include "ssh.h"
-#include "runopts.h"
-#include "auth.h"
-
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
-
-/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
- * We use it to remove the key we tried from the list */
-void cli_pubkeyfail() {
-
-	struct PubkeyList *keyitem;
-	struct PubkeyList **previtem;
-
-	TRACE(("enter cli_pubkeyfail"));
-	previtem = &cli_opts.pubkeys;
-
-	/* Find the key we failed with, and remove it */
-	for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) {
-		if (keyitem == cli_ses.lastpubkey) {
-			*previtem = keyitem->next;
-		}
-		previtem = &keyitem;
-	}
-
-	sign_key_free(cli_ses.lastpubkey->key); /* It won't be used again */
-	m_free(cli_ses.lastpubkey);
-
-	TRACE(("leave cli_pubkeyfail"));
-}
-
-void recv_msg_userauth_pk_ok() {
-
-	struct PubkeyList *keyitem;
-	buffer* keybuf;
-	char* algotype = NULL;
-	unsigned int algolen;
-	int keytype;
-	unsigned int remotelen;
-
-	TRACE(("enter recv_msg_userauth_pk_ok"));
-
-	algotype = buf_getstring(ses.payload, &algolen);
-	keytype = signkey_type_from_name(algotype, algolen);
-	TRACE(("recv_msg_userauth_pk_ok: type %d", keytype));
-	m_free(algotype);
-
-	keybuf = buf_new(MAX_PUBKEY_SIZE);
-
-	remotelen = buf_getint(ses.payload);
-
-	/* Iterate through our keys, find which one it was that matched, and
-	 * send a real request with that key */
-	for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) {
-
-		if (keyitem->type != keytype) {
-			/* Types differed */
-			TRACE(("types differed"));
-			continue;
-		}
-
-		/* Now we compare the contents of the key */
-		keybuf->pos = keybuf->len = 0;
-		buf_put_pub_key(keybuf, keyitem->key, keytype);
-		buf_setpos(keybuf, 0);
-		buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
-								   remotelen) which has already been taken from
-								   the remote buffer */
-
-
-		if (keybuf->len-4 != remotelen) {
-			TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen));
-			/* Lengths differed */
-			continue;
-		}
-		if (memcmp(buf_getptr(keybuf, remotelen),
-					buf_getptr(ses.payload, remotelen), remotelen) != 0) {
-			/* Data didn't match this key */
-			TRACE(("data differed"));
-			continue;
-		}
-
-		/* Success */
-		break;
-	}
-
-	if (keyitem != NULL) {
-		TRACE(("matching key"));
-		/* XXX TODO: if it's an encrypted key, here we ask for their
-		 * password */
-		send_msg_userauth_pubkey(keyitem->key, keytype, 1);
-	} else {
-		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"));
-	}
-
-	TRACE(("leave recv_msg_userauth_pk_ok"));
-}
-
-/* TODO: make it take an agent reference to use as well */
-static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
-
-	const char *algoname = NULL;
-	int algolen;
-	buffer* sigbuf = NULL;
-
-	TRACE(("enter send_msg_userauth_pubkey"));
-	CHECKCLEARTOWRITE();
-
-	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
-
-	buf_putstring(ses.writepayload, cli_opts.username,
-			strlen(cli_opts.username));
-
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
-			SSH_SERVICE_CONNECTION_LEN);
-
-	buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY, 
-			AUTH_METHOD_PUBKEY_LEN);
-
-	buf_putbyte(ses.writepayload, realsign);
-
-	algoname = signkey_name_from_type(type, &algolen);
-
-	buf_putstring(ses.writepayload, algoname, algolen);
-	buf_put_pub_key(ses.writepayload, key, type);
-
-	if (realsign) {
-		TRACE(("realsign"));
-		/* We put the signature as well - this contains string(session id), then
-		 * the contents of the write payload to this point */
-		sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
-		buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE);
-		buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
-		buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len);
-		buf_free(sigbuf); /* Nothing confidential in the buffer */
-	}
-
-	encrypt_packet();
-	TRACE(("leave send_msg_userauth_pubkey"));
-}
-
-int cli_auth_pubkey() {
-
-	TRACE(("enter cli_auth_pubkey"));
-
-	if (cli_opts.pubkeys != NULL) {
-		/* Send a trial request */
-		send_msg_userauth_pubkey(cli_opts.pubkeys->key,
-				cli_opts.pubkeys->type, 0);
-		cli_ses.lastpubkey = cli_opts.pubkeys;
-		TRACE(("leave cli_auth_pubkey-success"));
-		return 1;
-	} else {
-		TRACE(("leave cli_auth_pubkey-failure"));
-		return 0;
-	}
-}
-#endif /* Pubkey auth */

cli-kex.c

@@ -1,278 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002-2004 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "session.h"
-#include "dbutil.h"
-#include "algo.h"
-#include "buffer.h"
-#include "session.h"
-#include "kex.h"
-#include "ssh.h"
-#include "packet.h"
-#include "bignum.h"
-#include "random.h"
-#include "runopts.h"
-#include "signkey.h"
-
-
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
-#define MAX_KNOWNHOSTS_LINE 4500
-
-void send_msg_kexdh_init() {
-
-	cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
-	cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
-
-	gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
-	buf_putmpint(ses.writepayload, cli_ses.dh_e);
-	encrypt_packet();
-	ses.requirenext = SSH_MSG_KEXDH_REPLY;
-}
-
-/* Handle a diffie-hellman key exchange reply. */
-void recv_msg_kexdh_reply() {
-
-	DEF_MP_INT(dh_f);
-	sign_key *hostkey = NULL;
-	unsigned int type, keybloblen;
-	unsigned char* keyblob = NULL;
-
-
-	TRACE(("enter recv_msg_kexdh_reply"));
-
-	if (cli_ses.kex_state != KEXDH_INIT_SENT) {
-		dropbear_exit("Received out-of-order kexdhreply");
-	}
-	m_mp_init(&dh_f);
-	type = ses.newkeys->algo_hostkey;
-	TRACE(("type is %d", type));
-
-	hostkey = new_sign_key();
-	keybloblen = buf_getint(ses.payload);
-
-	keyblob = buf_getptr(ses.payload, keybloblen);
-	if (!ses.kexstate.donefirstkex) {
-		/* Only makes sense the first time */
-		checkhostkey(keyblob, keybloblen);
-	}
-
-	if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
-		TRACE(("failed getting pubkey"));
-		dropbear_exit("Bad KEX packet");
-	}
-
-	if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
-		TRACE(("failed getting mpint"));
-		dropbear_exit("Bad KEX packet");
-	}
-
-	kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey);
-	mp_clear(&dh_f);
-	mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
-	m_free(cli_ses.dh_e);
-	m_free(cli_ses.dh_x);
-
-	if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) 
-			!= DROPBEAR_SUCCESS) {
-		dropbear_exit("Bad hostkey signature");
-	}
-
-	sign_key_free(hostkey);
-	hostkey = NULL;
-
-	send_msg_newkeys();
-	ses.requirenext = SSH_MSG_NEWKEYS;
-	TRACE(("leave recv_msg_kexdh_init"));
-}
-
-static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) {
-
-	char* fp = NULL;
-
-	fp = sign_key_fingerprint(keyblob, keybloblen);
-	fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", 
-			cli_opts.remotehost, 
-			fp);
-
-	if (getc(stdin) == 'y') {
-		m_free(fp);
-		return;
-	}
-
-	dropbear_exit("Didn't validate host key");
-}
-
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
-
-	char * filename = NULL;
-	FILE *hostsfile = NULL;
-	int readonly = 0;
-	struct passwd *pw = NULL;
-	unsigned int hostlen, algolen;
-	unsigned long len;
-	const char *algoname = NULL;
-	buffer * line = NULL;
-	int ret;
-	
-	pw = getpwuid(getuid());
-
-	if (pw == NULL) {
-		dropbear_exit("Failed to get homedir");
-	}
-
-	len = strlen(pw->pw_dir);
-	filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/
-
-	snprintf(filename, len+18, "%s/.ssh", pw->pw_dir);
-	/* Check that ~/.ssh exists - easiest way is just to mkdir */
-	if (mkdir(filename, S_IRWXU) != 0) {
-		if (errno != EEXIST) {
-			dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s",
-					strerror(errno));
-			TRACE(("mkdir didn't work: %s", strerror(errno)));
-			ask_to_confirm(keyblob, keybloblen);
-			goto out; /* only get here on success */
-		}
-	}
-
-	snprintf(filename, len+18, "%s/.ssh/known_hosts", pw->pw_dir);
-	hostsfile = fopen(filename, "a+");
-	
-	if (hostsfile != NULL) {
-		fseek(hostsfile, 0, SEEK_SET);
-	} else {
-		/* We mightn't have been able to open it if it was read-only */
-		if (errno == EACCES || errno == EROFS) {
-				TRACE(("trying readonly: %s", strerror(errno)));
-				readonly = 1;
-				hostsfile = fopen(filename, "r");
-		}
-	}
-
-	if (hostsfile == NULL) {
-		TRACE(("hostsfile didn't open: %s", strerror(errno)));
-		ask_to_confirm(keyblob, keybloblen);
-		goto out; /* We only get here on success */
-	}
-
-	line = buf_new(MAX_KNOWNHOSTS_LINE);
-	hostlen = strlen(cli_opts.remotehost);
-	algoname = signkey_name_from_type(ses.newkeys->algo_hostkey, &algolen);
-
-	do {
-		if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) {
-			TRACE(("failed reading line: prob EOF"));
-			break;
-		}
-
-		/* The line is too short to be sensible */
-		/* "30" is 'enough to hold ssh-dss plus the spaces, ie so we don't
-		 * buf_getfoo() past the end and die horribly - the base64 parsing
-		 * code is what tiptoes up to the end nicely */
-		if (line->len < (hostlen+30) ) {
-			TRACE(("line is too short to be sensible"));
-			continue;
-		}
-
-		/* Compare hostnames */
-		if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen),
-					hostlen) != 0) {
-			TRACE(("hosts don't match"));
-			continue;
-		}
-
-		buf_incrpos(line, hostlen);
-		if (buf_getbyte(line) != ' ') {
-			/* there wasn't a space after the hostname, something dodgy */
-			TRACE(("missing space afte matching hostname"));
-			continue;
-		}
-
-		if ( strncmp(buf_getptr(line, algolen), algoname, algolen) != 0) {
-			TRACE(("algo doesn't match"));
-			continue;
-		}
-
-		buf_incrpos(line, algolen);
-		if (buf_getbyte(line) != ' ') {
-			TRACE(("missing space after algo"));
-			continue;
-		}
-
-		/* Now we're at the interesting hostkey */
-		ret = cmp_base64_key(keyblob, keybloblen, algoname, algolen, line);
-
-		if (ret == DROPBEAR_SUCCESS) {
-			/* Good matching key */
-			TRACE(("good matching key"));
-			goto out;
-		}
-
-		/* The keys didn't match. eep. */
-	} while (1); /* keep going 'til something happens */
-
-	/* Key doesn't exist yet */
-	ask_to_confirm(keyblob, keybloblen);
-
-	/* If we get here, they said yes */
-
-	if (readonly) {
-		TRACE(("readonly"));
-		goto out;
-	}
-
-	/* put the new entry in the file */
-	fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
-	buf_setpos(line, 0);
-	buf_setlen(line, 0);
-	buf_putbytes(line, ses.remotehost, hostlen);
-	buf_putbyte(line, ' ');
-	buf_putbytes(line, algoname, algolen);
-	buf_putbyte(line, ' ');
-	len = line->size - line->pos;
-	TRACE(("keybloblen %d, len %d", keybloblen, len));
-	/* The only failure with base64 is buffer_overflow, but buf_getwriteptr
-	 * will die horribly in the case anyway */
-	base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len);
-	buf_incrwritepos(line, len);
-	buf_putbyte(line, '\n');
-	buf_setpos(line, 0);
-	fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile);
-	/* We ignore errors, since there's not much we can do about them */
-
-out:
-	if (hostsfile != NULL) {
-		fclose(hostsfile);
-	}
-	m_free(filename);
-	if (line != NULL) {
-		buf_free(line);
-	}
-}

cli-main.c

@@ -1,112 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * SSH client implementation
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "dbutil.h"
-#include "runopts.h"
-#include "session.h"
-
-static void cli_dropbear_exit(int exitcode, const char* format, va_list param);
-static void cli_dropbear_log(int priority, const char* format, va_list param);
-
-#if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI)
-int cli_main(int argc, char ** argv) {
-#else
-int main(int argc, char ** argv) {
-#endif
-
-	int sock;
-	char* error = NULL;
-	char* hostandport;
-	int len;
-
-	_dropbear_exit = cli_dropbear_exit;
-	_dropbear_log = cli_dropbear_log;
-
-	cli_getopts(argc, argv);
-
-	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
-				cli_opts.remotehost, cli_opts.remoteport));
-
-	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
-		dropbear_exit("signal() error");
-	}
-
-	sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
-			0, &error);
-
-	if (sock < 0) {
-		dropbear_exit("%s", error);
-	}
-
-	/* Set up the host:port log */
-	len = strlen(cli_opts.remotehost);
-	len += 10; /* 16 bit port and leeway*/
-	hostandport = (char*)m_malloc(len);
-	snprintf(hostandport, len, "%s:%s", 
-			cli_opts.remotehost, cli_opts.remoteport);
-
-	cli_session(sock, hostandport);
-
-	/* not reached */
-	return -1;
-}
-#endif /* DBMULTI stuff */
-
-static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
-
-	char fmtbuf[300];
-
-	if (!sessinitdone) {
-		snprintf(fmtbuf, sizeof(fmtbuf), "exited: %s",
-				format);
-	} else {
-		snprintf(fmtbuf, sizeof(fmtbuf), 
-				"connection to %s@%s:%s exited: %s", 
-				cli_opts.username, cli_opts.remotehost, 
-				cli_opts.remoteport, format);
-	}
-
-	/* Do the cleanup first, since then the terminal will be reset */
-	cli_session_cleanup();
-	common_session_cleanup();
-
-	_dropbear_log(LOG_INFO, fmtbuf, param);
-
-	exit(exitcode);
-}
-
-static void cli_dropbear_log(int UNUSED(priority), 
-		const char* format, va_list param) {
-
-	char printbuf[1024];
-
-	vsnprintf(printbuf, sizeof(printbuf), format, param);
-
-	fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf);
-
-}

cli-runopts.c

@@ -1,406 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "runopts.h"
-#include "signkey.h"
-#include "buffer.h"
-#include "dbutil.h"
-#include "algo.h"
-#include "tcpfwd.h"
-
-cli_runopts cli_opts; /* GLOBAL */
-
-static void printhelp();
-static void parsehostname(char* userhostarg);
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename);
-#endif
-#ifdef ENABLE_CLI_ANYTCPFWD
-static void addforward(char* str, struct TCPFwdList** fwdlist);
-#endif
-
-static void printhelp() {
-
-	fprintf(stderr, "Dropbear client v%s\n"
-					"Usage: %s [options] [user@]host\n"
-					"Options are:\n"
-					"-p <remoteport>\n"
-					"-t    Allocate a pty\n"
-					"-T    Don't allocate a pty\n"
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-					"-i <identityfile>   (multiple allowed)\n"
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-					"-L <listenport:remotehsot:reportport> Local port forwarding\n"
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-					"-R <listenport:remotehost:remoteport> Remote port forwarding\n"
-#endif
-					"-l <username>\n"
-#ifdef DEBUG_TRACE
-					"-v    verbose\n"
-#endif
-					,DROPBEAR_VERSION, cli_opts.progname);
-}
-
-void cli_getopts(int argc, char ** argv) {
-
-	unsigned int i, j;
-	char ** next = 0;
-	unsigned int cmdlen;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	int nextiskey = 0; /* A flag if the next argument is a keyfile */
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-	int nextislocal = 0;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	int nextisremote = 0;
-#endif
-	char* dummy = NULL; /* Not used for anything real */
-
-	/* see printhelp() for options */
-	cli_opts.progname = argv[0];
-	cli_opts.remotehost = NULL;
-	cli_opts.remoteport = NULL;
-	cli_opts.username = NULL;
-	cli_opts.cmd = NULL;
-	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	cli_opts.pubkeys = NULL;
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-	cli_opts.localfwds = NULL;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	cli_opts.remotefwds = NULL;
-#endif
-	opts.nolocaltcp = 0;
-	opts.noremotetcp = 0;
-	/* not yet
-	opts.ipv4 = 1;
-	opts.ipv6 = 1;
-	*/
-
-	/* Iterate all the arguments */
-	for (i = 1; i < (unsigned int)argc; i++) {
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-		if (nextiskey) {
-			/* Load a hostkey since the previous argument was "-i" */
-			loadidentityfile(argv[i]);
-			nextiskey = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-		if (nextisremote) {
-			TRACE(("nextisremote true"));
-			addforward(argv[i], &cli_opts.remotefwds);
-			nextisremote = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-		if (nextislocal) {
-			TRACE(("nextislocal true"));
-			addforward(argv[i], &cli_opts.localfwds);
-			nextislocal = 0;
-			continue;
-		}
-#endif
-		if (next) {
-			/* The previous flag set a value to assign */
-			*next = argv[i];
-			if (*next == NULL) {
-				dropbear_exit("Invalid null argument");
-			}
-			next = NULL;
-			continue;
-		}
-
-		if (argv[i][0] == '-') {
-			/* A flag *waves* */
-
-			switch (argv[i][1]) {
-				case 'p': /* remoteport */
-					next = &cli_opts.remoteport;
-					break;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-				case 'i': /* an identityfile */
-					nextiskey = 1;
-					break;
-#endif
-				case 't': /* we want a pty */
-					cli_opts.wantpty = 1;
-					break;
-				case 'T': /* don't want a pty */
-					cli_opts.wantpty = 0;
-					break;
-#ifdef ENABLE_CLI_LOCALTCPFWD
-				case 'L':
-					nextislocal = 1;
-					break;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-				case 'R':
-					nextisremote = 1;
-					break;
-#endif
-				case 'l':
-					next = &cli_opts.username;
-					break;
-				case 'h':
-					printhelp();
-					exit(EXIT_SUCCESS);
-					break;
-#ifdef DEBUG_TRACE
-				case 'v':
-					debug_trace = 1;
-					break;
-#endif
-				case 'F':
-				case 'e':
-				case 'c':
-				case 'm':
-				case 'D':
-#ifndef ENABLE_CLI_REMOTETCPFWD
-				case 'R':
-#endif
-#ifndef ENABLE_CLI_LOCALTCPFWD
-				case 'L':
-#endif
-				case 'o':
-				case 'b':
-					next = &dummy;
-				default:
-					fprintf(stderr, 
-						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
-					break;
-			} /* Switch */
-			
-			/* Now we handle args where they might be "-luser" (no spaces)*/
-			if (next && strlen(argv[i]) > 2) {
-				*next = &argv[i][2];
-				next = NULL;
-			}
-
-			continue; /* next argument */
-
-		} else {
-			TRACE(("non-flag arg: '%s'", argv[i]));
-
-			/* Either the hostname or commands */
-
-			if (cli_opts.remotehost == NULL) {
-
-				parsehostname(argv[i]);
-
-			} else {
-
-				/* this is part of the commands to send - after this we
-				 * don't parse any more options, and flags are sent as the
-				 * command */
-				cmdlen = 0;
-				for (j = i; j < (unsigned int)argc; j++) {
-					cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */
-				}
-				/* Allocate the space */
-				cli_opts.cmd = (char*)m_malloc(cmdlen);
-				cli_opts.cmd[0] = '\0';
-
-				/* Append all the bits */
-				for (j = i; j < (unsigned int)argc; j++) {
-					strlcat(cli_opts.cmd, argv[j], cmdlen);
-					strlcat(cli_opts.cmd, " ", cmdlen);
-				}
-				/* It'll be null-terminated here */
-
-				/* We've eaten all the options and flags */
-				break;
-			}
-		}
-	}
-
-	if (cli_opts.remotehost == NULL) {
-		printhelp();
-		exit(EXIT_FAILURE);
-	}
-
-	if (cli_opts.remoteport == NULL) {
-		cli_opts.remoteport = "22";
-	}
-
-	/* If not explicitly specified with -t or -T, we don't want a pty if
-	 * there's a command, but we do otherwise */
-	if (cli_opts.wantpty == 9) {
-		if (cli_opts.cmd == NULL) {
-			cli_opts.wantpty = 1;
-		} else {
-			cli_opts.wantpty = 0;
-		}
-	}
-}
-
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename) {
-
-	struct PubkeyList * nextkey;
-	sign_key *key;
-	int keytype;
-
-	key = new_sign_key();
-	keytype = DROPBEAR_SIGNKEY_ANY;
-	if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
-
-		fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
-		sign_key_free(key);
-
-	} else {
-
-		nextkey = (struct PubkeyList*)m_malloc(sizeof(struct PubkeyList));
-		nextkey->key = key;
-		nextkey->next = cli_opts.pubkeys;
-		nextkey->type = keytype;
-		cli_opts.pubkeys = nextkey;
-	}
-}
-#endif
-
-
-/* Parses a [user@]hostname argument. userhostarg is the argv[i] corresponding
- * - note that it will be modified */
-static void parsehostname(char* orighostarg) {
-
-	uid_t uid;
-	struct passwd *pw = NULL; 
-	char *userhostarg = NULL;
-
-	/* We probably don't want to be editing argvs */
-	userhostarg = m_strdup(orighostarg);
-
-	cli_opts.remotehost = strchr(userhostarg, '@');
-	if (cli_opts.remotehost == NULL) {
-		/* no username portion, the cli-auth.c code can figure the
-		 * local user's name */
-		cli_opts.remotehost = userhostarg;
-	} else {
-		cli_opts.remotehost[0] = '\0'; /* Split the user/host */
-		cli_opts.remotehost++;
-		cli_opts.username = userhostarg;
-	}
-
-	if (cli_opts.username == NULL) {
-		uid = getuid();
-		
-		pw = getpwuid(uid);
-		if (pw == NULL || pw->pw_name == NULL) {
-			dropbear_exit("Unknown own user");
-		}
-
-		cli_opts.username = m_strdup(pw->pw_name);
-	}
-
-	if (cli_opts.remotehost[0] == '\0') {
-		dropbear_exit("Bad hostname");
-	}
-}
-
-#ifdef ENABLE_CLI_ANYTCPFWD
-/* Turn a "listenport:remoteaddr:remoteport" string into into a forwarding
- * set, and add it to the forwarding list */
-static void addforward(char* origstr, struct TCPFwdList** fwdlist) {
-
-	char * listenport = NULL;
-	char * connectport = NULL;
-	char * connectaddr = NULL;
-	struct TCPFwdList* newfwd = NULL;
-	char * str = NULL;
-
-	TRACE(("enter addforward"));
-
-	/* We probably don't want to be editing argvs */
-	str = m_strdup(origstr);
-
-	listenport = str;
-
-	connectaddr = strchr(str, ':');
-	if (connectaddr == NULL) {
-		TRACE(("connectaddr == NULL"));
-		goto fail;
-	}
-
-	connectaddr[0] = '\0';
-	connectaddr++;
-
-	connectport = strchr(connectaddr, ':');
-	if (connectport == NULL) {
-		TRACE(("connectport == NULL"));
-		goto fail;
-	}
-
-	connectport[0] = '\0';
-	connectport++;
-
-	newfwd = (struct TCPFwdList*)m_malloc(sizeof(struct TCPFwdList));
-
-	/* Now we check the ports - note that the port ints are unsigned,
-	 * the check later only checks for >= MAX_PORT */
-	newfwd->listenport = strtol(listenport, NULL, 10);
-	if (errno != 0) {
-		TRACE(("bad listenport strtol"));
-		goto fail;
-	}
-
-	newfwd->connectport = strtol(connectport, NULL, 10);
-	if (errno != 0) {
-		TRACE(("bad connectport strtol"));
-		goto fail;
-	}
-
-	newfwd->connectaddr = connectaddr;
-
-	if (newfwd->listenport > 65535) {
-		TRACE(("listenport > 65535"));
-		goto badport;
-	}
-		
-	if (newfwd->connectport > 65535) {
-		TRACE(("connectport > 65535"));
-		goto badport;
-	}
-
-	newfwd->next = *fwdlist;
-	*fwdlist = newfwd;
-
-	TRACE(("leave addforward: done"));
-	return;
-
-fail:
-	dropbear_exit("Bad TCP forward '%s'", origstr);
-
-badport:
-	dropbear_exit("Bad TCP port in '%s'", origstr);
-}
-#endif

cli-service.c

@@ -1,87 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "service.h"
-#include "dbutil.h"
-#include "packet.h"
-#include "buffer.h"
-#include "session.h"
-#include "ssh.h"
-
-void send_msg_service_request(char* servicename) {
-
-	TRACE(("enter send_msg_service_request: servicename='%s'", servicename));
-
-	CHECKCLEARTOWRITE();
-
-	buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST);
-	buf_putstring(ses.writepayload, servicename, strlen(servicename));
-
-	encrypt_packet();
-	TRACE(("leave send_msg_service_request"));
-}
-
-/* This just sets up the state variables right for the main client session loop
- * to deal with */
-void recv_msg_service_accept() {
-
-	unsigned char* servicename;
-	unsigned int len;
-
-	TRACE(("enter recv_msg_service_accept"));
-
-	servicename = buf_getstring(ses.payload, &len);
-
-	/* ssh-userauth */
-	if (cli_ses.state == SERVICE_AUTH_REQ_SENT
-			&& len == SSH_SERVICE_USERAUTH_LEN
-			&& strncmp(SSH_SERVICE_USERAUTH, servicename, len) == 0) {
-
-		cli_ses.state = SERVICE_AUTH_ACCEPT_RCVD;
-		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-userauth"));
-		return;
-	}
-
-	/* ssh-connection */
-	if (cli_ses.state == SERVICE_CONN_REQ_SENT
-			&& len == SSH_SERVICE_CONNECTION_LEN 
-			&& strncmp(SSH_SERVICE_CONNECTION, servicename, len) == 0) {
-
-		if (ses.authstate.authdone != 1) {
-			dropbear_exit("request for connection before auth");
-		}
-
-		cli_ses.state = SERVICE_CONN_ACCEPT_RCVD;
-		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-connection"));
-		return;
-	}
-
-	dropbear_exit("unrecognised service accept");
-	/* m_free(servicename); not reached */
-
-}

cli-session.c

@@ -1,300 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "session.h"
-#include "dbutil.h"
-#include "kex.h"
-#include "ssh.h"
-#include "packet.h"
-#include "tcpfwd.h"
-#include "channel.h"
-#include "random.h"
-#include "service.h"
-#include "runopts.h"
-#include "chansession.h"
-
-static void cli_remoteclosed();
-static void cli_sessionloop();
-static void cli_session_init();
-static void cli_finished();
-
-struct clientsession cli_ses; /* GLOBAL */
-
-/* Sorted in decreasing frequency will be more efficient - data and window
- * should be first */
-static const packettype cli_packettypes[] = {
-	/* TYPE, FUNCTION */
-	{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
-	{SSH_MSG_CHANNEL_EXTENDED_DATA, recv_msg_channel_extended_data},
-	{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
-	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, /* client */
-	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, /* client */
-	{SSH_MSG_KEXINIT, recv_msg_kexinit},
-	{SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, /* client */
-	{SSH_MSG_NEWKEYS, recv_msg_newkeys},
-	{SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, /* client */
-	{SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
-	{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
-	{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
-	{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
-	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
-	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
-	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
-#endif
-	{0, 0} /* End */
-};
-
-static const struct ChanType *cli_chantypes[] = {
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	&cli_chan_tcpremote,
-#endif
-	NULL /* Null termination */
-};
-
-void cli_session(int sock, char* remotehost) {
-
-	crypto_init();
-	common_session_init(sock, remotehost);
-
-	chaninitialise(cli_chantypes);
-
-
-	/* Set up cli_ses vars */
-	cli_session_init();
-
-	/* Ready to go */
-	sessinitdone = 1;
-
-	/* Exchange identification */
-	session_identification();
-
-	seedrandom();
-
-	send_msg_kexinit();
-
-	/* XXX here we do stuff differently */
-
-	session_loop(cli_sessionloop);
-
-	/* Not reached */
-
-}
-
-static void cli_session_init() {
-
-	cli_ses.state = STATE_NOTHING;
-	cli_ses.kex_state = KEX_NOTHING;
-
-	cli_ses.tty_raw_mode = 0;
-	cli_ses.winchange = 0;
-
-	/* We store stdin's flags, so we can set them back on exit (otherwise
-	 * busybox's ash isn't happy */
-	cli_ses.stdincopy = dup(STDIN_FILENO);
-	cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0);
-
-	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
-									  specific exit status */
-
-	/* Auth */
-	cli_ses.lastpubkey = NULL;
-	cli_ses.lastauthtype = NULL;
-
-	/* For printing "remote host closed" for the user */
-	ses.remoteclosed = cli_remoteclosed;
-	ses.buf_match_algo = cli_buf_match_algo;
-
-	/* packet handlers */
-	ses.packettypes = cli_packettypes;
-
-	ses.isserver = 0;
-}
-
-/* This function drives the progress of the session - it initiates KEX,
- * service, userauth and channel requests */
-static void cli_sessionloop() {
-
-	TRACE(("enter cli_sessionloop"));
-
-	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
-		cli_ses.kex_state = KEXINIT_RCVD;
-	}
-
-	if (cli_ses.kex_state == KEXINIT_RCVD) {
-
-		/* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT
-		 * negotiation would have failed. */
-		send_msg_kexdh_init();
-		cli_ses.kex_state = KEXDH_INIT_SENT;
-		TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD"));
-		return;
-	}
-
-	/* A KEX has finished, so we should go back to our KEX_NOTHING state */
-	if (cli_ses.kex_state != KEX_NOTHING && ses.kexstate.recvkexinit == 0
-			&& ses.kexstate.sentkexinit == 0) {
-		cli_ses.kex_state = KEX_NOTHING;
-	}
-
-	/* We shouldn't do anything else if a KEX is in progress */
-	if (cli_ses.kex_state != KEX_NOTHING) {
-		TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING"));
-		return;
-	}
-
-	/* We should exit if we haven't donefirstkex: we shouldn't reach here
-	 * in normal operation */
-	if (ses.kexstate.donefirstkex == 0) {
-		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"));
-		return;
-	}
-
-	switch (cli_ses.state) {
-
-		case STATE_NOTHING:
-			/* We've got the transport layer sorted, we now need to request
-			 * userauth */
-			send_msg_service_request(SSH_SERVICE_USERAUTH);
-			cli_ses.state = SERVICE_AUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent userauth service req"));
-			return;
-
-		/* userauth code */
-		case SERVICE_AUTH_ACCEPT_RCVD:
-			cli_auth_getmethods();
-			cli_ses.state = USERAUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent userauth methods req"));
-			return;
-			
-		case USERAUTH_FAIL_RCVD:
-			cli_auth_try();
-			cli_ses.state = USERAUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: cli_auth_try"));
-			return;
-
-			/*
-		case USERAUTH_SUCCESS_RCVD:
-			send_msg_service_request(SSH_SERVICE_CONNECTION);
-			cli_ses.state = SERVICE_CONN_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent ssh-connection service req"));
-			return;
-
-		case SERVICE_CONN_ACCEPT_RCVD:
-			cli_send_chansess_request();
-			TRACE(("leave cli_sessionloop: cli_send_chansess_request"));
-			cli_ses.state = SESSION_RUNNING;
-			return;
-			*/
-
-		case USERAUTH_SUCCESS_RCVD:
-#ifdef ENABLE_CLI_LOCALTCPFWD
-			setup_localtcp();
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-			setup_remotetcp();
-#endif
-			cli_send_chansess_request();
-			TRACE(("leave cli_sessionloop: cli_send_chansess_request"));
-			cli_ses.state = SESSION_RUNNING;
-			return;
-
-		case SESSION_RUNNING:
-			if (ses.chancount < 1) {
-				cli_finished();
-			}
-
-			if (cli_ses.winchange) {
-				cli_chansess_winchange();
-			}
-			return;
-
-		/* XXX more here needed */
-
-
-	default:
-		break;
-	}
-
-	TRACE(("leave cli_sessionloop: fell out"));
-
-}
-
-void cli_session_cleanup() {
-
-	if (!sessinitdone) {
-		return;
-	}
-
-	/* Set stdin back to non-blocking - busybox ash dies nastily
-	 * if we don't revert the flags */
-	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
-
-	cli_tty_cleanup();
-
-}
-
-static void cli_finished() {
-
-	cli_session_cleanup();
-	common_session_cleanup();
-	fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username,
-			cli_opts.remotehost, cli_opts.remoteport);
-	exit(cli_ses.retval);
-}
-
-
-/* called when the remote side closes the connection */
-static void cli_remoteclosed() {
-
-	/* XXX TODO perhaps print a friendlier message if we get this but have
-	 * already sent/received disconnect message(s) ??? */
-	close(ses.sock);
-	ses.sock = -1;
-	dropbear_exit("remote closed the connection");
-}
-
-/* Operates in-place turning dirty (untrusted potentially containing control
- * characters) text into clean text. */
-void cleantext(unsigned char* dirtytext) {
-
-	unsigned int i, j;
-	unsigned char c;
-
-	j = 0;
-	for (i = 0; dirtytext[i] != '\0'; i++) {
-
-		c = dirtytext[i];
-		/* We can ignore '\r's */
-		if ( (c >= ' ' && c <= '~') || c == '\n' || c == '\t') {
-			dirtytext[j] = c;
-			j++;
-		}
-	}
-	/* Null terminate */
-	dirtytext[j] = '\0';
-}

cli-tcpfwd.c

@@ -1,193 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "options.h"
-#include "dbutil.h"
-#include "tcpfwd.h"
-#include "channel.h"
-#include "runopts.h"
-#include "session.h"
-#include "ssh.h"
-
-static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
-		unsigned int remoteport);
-static int newtcpforwarded(struct Channel * channel);
-
-const struct ChanType cli_chan_tcpremote = {
-	1, /* sepfds */
-	"forwarded-tcpip",
-	newtcpforwarded,
-	NULL,
-	NULL,
-	NULL
-};
-static const struct ChanType cli_chan_tcplocal = {
-	1, /* sepfds */
-	"direct-tcpip",
-	NULL,
-	NULL,
-	NULL,
-	NULL
-};
-
-void setup_localtcp() {
-
-	int ret;
-
-	TRACE(("enter setup_localtcp"));
-
-	if (cli_opts.localfwds == NULL) {
-		TRACE(("cli_opts.localfwds == NULL"));
-	}
-
-	while (cli_opts.localfwds != NULL) {
-		ret = cli_localtcp(cli_opts.localfwds->listenport,
-				cli_opts.localfwds->connectaddr,
-				cli_opts.localfwds->connectport);
-		if (ret == DROPBEAR_FAILURE) {
-			dropbear_log(LOG_WARNING, "Failed local port forward %d:%s:%d",
-					cli_opts.localfwds->listenport,
-					cli_opts.localfwds->connectaddr,
-					cli_opts.localfwds->connectport);
-		}
-
-		cli_opts.localfwds = cli_opts.localfwds->next;
-	}
-	TRACE(("leave setup_localtcp"));
-
-}
-
-static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
-		unsigned int remoteport) {
-
-	struct TCPListener* tcpinfo = NULL;
-	int ret;
-
-	TRACE(("enter cli_localtcp: %d %s %d", listenport, remoteaddr,
-				remoteport));
-
-	tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener*));
-	tcpinfo->sendaddr = m_strdup(remoteaddr);
-	tcpinfo->sendport = remoteport;
-	tcpinfo->listenport = listenport;
-	tcpinfo->chantype = &cli_chan_tcplocal;
-
-	ret = listen_tcpfwd(tcpinfo);
-
-	if (ret == DROPBEAR_FAILURE) {
-		m_free(tcpinfo);
-	}
-	TRACE(("leave cli_localtcp: %d", ret));
-	return ret;
-}
-
-static void send_msg_global_request_remotetcp(int port) {
-
-	TRACE(("enter send_msg_global_request_remotetcp"));
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
-	buf_putstring(ses.writepayload, "tcpip-forward", 13);
-	buf_putbyte(ses.writepayload, 0);
-	buf_putstring(ses.writepayload, "0.0.0.0", 7); /* TODO: IPv6? */
-	buf_putint(ses.writepayload, port);
-
-	encrypt_packet();
-
-	TRACE(("leave send_msg_global_request_remotetcp"));
-}
-
-void setup_remotetcp() {
-
-	struct TCPFwdList * iter = NULL;
-
-	TRACE(("enter setup_remotetcp"));
-
-	if (cli_opts.remotefwds == NULL) {
-		TRACE(("cli_opts.remotefwds == NULL"));
-	}
-
-	iter = cli_opts.remotefwds;
-
-	while (iter != NULL) {
-		send_msg_global_request_remotetcp(iter->listenport);
-		iter = iter->next;
-	}
-	TRACE(("leave setup_remotetcp"));
-}
-
-static int newtcpforwarded(struct Channel * channel) {
-
-	unsigned int origport;
-	struct TCPFwdList * iter = NULL;
-	char portstring[NI_MAXSERV];
-	int sock;
-	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
-
-	/* We don't care what address they connected to */
-	buf_eatstring(ses.payload);
-
-	origport = buf_getint(ses.payload);
-
-	/* Find which port corresponds */
-	iter = cli_opts.remotefwds;
-
-	while (iter != NULL) {
-		if (origport == iter->listenport) {
-			break;
-		}
-		iter = iter->next;
-	}
-
-	if (iter == NULL) {
-		/* We didn't request forwarding on that port */
-		dropbear_log(LOG_INFO, "Server send unrequested port, from port %d", 
-										origport);
-		goto out;
-	}
-	
-	snprintf(portstring, sizeof(portstring), "%d", iter->connectport);
-	sock = connect_remote(iter->connectaddr, portstring, 1, NULL);
-	if (sock < 0) {
-		TRACE(("leave newtcpdirect: sock failed"));
-		err = SSH_OPEN_CONNECT_FAILED;
-		goto out;
-	}
-
-	ses.maxfd = MAX(ses.maxfd, sock);
-
-	/* Note that infd is actually the "outgoing" direction on the
-	 * tcp connection, vice versa for outfd.
-	 * We don't set outfd, that will get set after the connection's
-	 * progress succeeds */
-	channel->infd = sock;
-	channel->initconn = 1;
-	
-	err = SSH_OPEN_IN_PROGRESS;
-
-out:
-	TRACE(("leave newtcpdirect: err %d", err));
-	return err;
-}

common-algo.c

@@ -1,207 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "algo.h"
-#include "dbutil.h"
-
-/* This file (algo.c) organises the ciphers which can be used, and is used to
- * decide which ciphers/hashes/compression/signing to use during key exchange*/
-
-/* Mappings for ciphers, parameters are
-   {&cipher_desc, keysize, blocksize} */
-
-#ifdef DROPBEAR_AES128_CBC
-const struct dropbear_cipher dropbear_aes128 = 
-	{&rijndael_desc, 16, 16};
-#endif
-#ifdef DROPBEAR_BLOWFISH_CBC
-const struct dropbear_cipher dropbear_blowfish = 
-	{&blowfish_desc, 16, 8};
-#endif
-#ifdef DROPBEAR_TWOFISH128_CBC
-const struct dropbear_cipher dropbear_twofish128 = 
-	{&twofish_desc, 16, 16};
-#endif
-#ifdef DROPBEAR_3DES_CBC
-const struct dropbear_cipher dropbear_3des = 
-	{&des3_desc, 24, 8};
-#endif
-
-/* used to indicate no encryption, as defined in rfc2410 */
-const struct dropbear_cipher dropbear_nocipher =
-	{NULL, 16, 8}; 
-
-/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
-   {&hash_desc, keysize, hashsize} */
-
-#ifdef DROPBEAR_SHA1_HMAC
-const struct dropbear_hash dropbear_sha1 = 
-	{&sha1_desc, 20, 20};
-#endif
-#ifdef DROPBEAR_MD5_HMAC
-const struct dropbear_hash dropbear_md5 = 
-	{&md5_desc, 16, 16};
-#endif
-
-const struct dropbear_hash dropbear_nohash =
-	{NULL, 16, 0}; /* used initially */
-	
-
-/* The following map ssh names to internal values */
-
-algo_type sshciphers[] = {
-#ifdef DROPBEAR_AES128_CBC
-	{"aes128-cbc", 0, (void*)&dropbear_aes128, 1},
-#endif
-#ifdef DROPBEAR_BLOWFISH_CBC
-	{"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1},
-#endif
-#ifdef DROPBEAR_TWOFISH128_CBC
-	{"twofish-cbc", 0, (void*)&dropbear_twofish128, 1},
-#endif
-#ifdef DROPBEAR_3DES_CBC
-	{"3des-cbc", 0, (void*)&dropbear_3des, 1},
-#endif
-	{NULL, 0, NULL, 0}
-};
-
-algo_type sshhashes[] = {
-#ifdef DROPBEAR_SHA1_HMAC
-	{"hmac-sha1", 0, (void*)&dropbear_sha1, 1},
-#endif
-#ifdef DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, (void*)&dropbear_md5, 1},
-#endif
-	{NULL, 0, NULL, 0}
-};
-
-algo_type sshcompress[] = {
-	{"none", DROPBEAR_COMP_NONE, NULL, 1},
-#ifndef DISABLE_ZLIB
-	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1},
-#endif
-	{NULL, 0, NULL, 0}
-};
-
-algo_type sshhostkey[] = {
-#ifdef DROPBEAR_RSA
-	{"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1},
-#endif
-#ifdef DROPBEAR_DSS
-	{"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1},
-#endif
-	{NULL, 0, NULL, 0}
-};
-
-algo_type sshkex[] = {
-	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1},
-	{NULL, 0, NULL, 0}
-};
-
-
-/* Register the compiled in ciphers.
- * This should be run before using any of the ciphers/hashes */
-void crypto_init() {
-
-	const struct _cipher_descriptor *regciphers[] = {
-#ifdef DROPBEAR_AES128_CBC
-		&rijndael_desc,
-#endif
-#ifdef DROPBEAR_BLOWFISH_CBC
-		&blowfish_desc,
-#endif
-#ifdef DROPBEAR_TWOFISH128_CBC
-		&twofish_desc,
-#endif
-#ifdef DROPBEAR_3DES_CBC
-		&des3_desc,
-#endif
-		NULL
-	};
-
-	const struct _hash_descriptor *reghashes[] = {
-		/* we need sha1 for hostkey stuff regardless */
-		&sha1_desc,
-#ifdef DROPBEAR_MD5_HMAC
-		&md5_desc,
-#endif
-		NULL
-	};	
-	int i;
-	
-	for (i = 0; regciphers[i] != NULL; i++) {
-		if (register_cipher(regciphers[i]) == -1) {
-			dropbear_exit("error registering crypto");
-		}
-	}
-
-	for (i = 0; reghashes[i] != NULL; i++) {
-		if (register_hash(reghashes[i]) == -1) {
-			dropbear_exit("error registering crypto");
-		}
-	}
-}
-
-/* algolen specifies the length of algo, algos is our local list to match
- * against.
- * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
- * otherwise */
-int have_algo(char* algo, size_t algolen, algo_type algos[]) {
-
-	int i;
-
-	for (i = 0; algos[i].name != NULL; i++) {
-		if (strlen(algos[i].name) == algolen
-				&& (strncmp(algos[i].name, algo, algolen) == 0)) {
-			return DROPBEAR_SUCCESS;
-		}
-	}
-
-	return DROPBEAR_FAILURE;
-}
-
-
-
-/* Output a comma separated list of algorithms to a buffer */
-void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
-
-	unsigned int pos = 0, i, len;
-	char str[50]; /* enough for local algo storage */
-
-	for (i = 0; localalgos[i].name != NULL; i++) {
-		if (localalgos[i].usable) {
-			/* Avoid generating a trailing comma */
-			if (pos)
-			    str[pos++] = ',';
-			len = strlen(localalgos[i].name);
-			memcpy(&str[pos], localalgos[i].name, len);
-			pos += len;
-		}
-	}
-	str[pos]=0;
-	/* Debug this */
-	TRACE(("buf_put_algolist: %s", str));
-	buf_putstring(buf, str, pos);
-}

common-kex.c

@@ -1,731 +0,0 @@
-/*
- * Dropbear SSH
- * 
- * Copyright (c) 2002-2004 Matt Johnston
- * Portions Copyright (c) 2004 by Mihnea Stoenescu
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "dbutil.h"
-#include "algo.h"
-#include "buffer.h"
-#include "session.h"
-#include "kex.h"
-#include "ssh.h"
-#include "packet.h"
-#include "bignum.h"
-#include "random.h"
-
-/* diffie-hellman-group1-sha1 value for p */
-const unsigned char dh_p_val[] = {
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-
-const int DH_G_VAL = 2;
-
-static void kexinitialise();
-void gen_new_keys();
-#ifndef DISABLE_ZLIB
-static void gen_new_zstreams();
-#endif
-static void read_kex_algos();
-/* helper function for gen_new_keys */
-static void hashkeys(unsigned char *out, int outlen, 
-		const hash_state * hs, unsigned const char X);
-
-
-/* Send our list of algorithms we can use */
-void send_msg_kexinit() {
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT);
-
-	/* cookie */
-	genrandom(buf_getwriteptr(ses.writepayload, 16), 16);
-	buf_incrwritepos(ses.writepayload, 16);
-
-	/* kex algos */
-	buf_put_algolist(ses.writepayload, sshkex);
-
-	/* server_host_key_algorithms */
-	buf_put_algolist(ses.writepayload, sshhostkey);
-
-	/* encryption_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshciphers);
-
-	/* encryption_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshciphers);
-
-	/* mac_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshhashes);
-
-	/* mac_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshhashes);
-
-	/* compression_algorithms_client_to_server */
-	buf_put_algolist(ses.writepayload, sshcompress);
-
-	/* compression_algorithms_server_to_client */
-	buf_put_algolist(ses.writepayload, sshcompress);
-
-	/* languages_client_to_server */
-	buf_putstring(ses.writepayload, "", 0);
-
-	/* languages_server_to_client */
-	buf_putstring(ses.writepayload, "", 0);
-
-	/* first_kex_packet_follows - unimplemented for now */
-	buf_putbyte(ses.writepayload, 0x00);
-
-	/* reserved unit32 */
-	buf_putint(ses.writepayload, 0);
-
-	/* set up transmitted kex packet buffer for hashing. 
-	 * This is freed after the end of the kex */
-	ses.transkexinit = buf_newcopy(ses.writepayload);
-
-	encrypt_packet();
-	ses.dataallowed = 0; /* don't send other packets during kex */
-
-	TRACE(("DATAALLOWED=0"));
-	TRACE(("-> KEXINIT"));
-	ses.kexstate.sentkexinit = 1;
-}
-
-/* *** NOTE regarding (send|recv)_msg_newkeys *** 
- * Changed by mihnea from the original kex.c to set dataallowed after a 
- * completed key exchange, no matter the order in which it was performed.
- * This enables client mode without affecting server functionality.
- */
-
-/* Bring new keys into use after a key exchange, and let the client know*/
-void send_msg_newkeys() {
-
-	TRACE(("enter send_msg_newkeys"));
-
-	/* generate the kexinit request */
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS);
-	encrypt_packet();
-	
-
-	/* set up our state */
-	if (ses.kexstate.recvnewkeys) {
-		TRACE(("while RECVNEWKEYS=1"));
-		gen_new_keys();
-		kexinitialise(); /* we've finished with this kex */
-		TRACE((" -> DATAALLOWED=1"));
-		ses.dataallowed = 1; /* we can send other packets again now */
-		ses.kexstate.donefirstkex = 1;
-	} else {
-		ses.kexstate.sentnewkeys = 1;
-		TRACE(("SENTNEWKEYS=1"));
-	}
-
-	TRACE(("-> MSG_NEWKEYS"));
-	TRACE(("leave send_msg_newkeys"));
-}
-
-/* Bring the new keys into use after a key exchange */
-void recv_msg_newkeys() {
-
-	TRACE(("<- MSG_NEWKEYS"));
-	TRACE(("enter recv_msg_newkeys"));
-
-	/* simply check if we've sent SSH_MSG_NEWKEYS, and if so,
-	 * switch to the new keys */
-	if (ses.kexstate.sentnewkeys) {
-		TRACE(("while SENTNEWKEYS=1"));
-		gen_new_keys();
-		kexinitialise(); /* we've finished with this kex */
-	    TRACE((" -> DATAALLOWED=1"));
-	    ses.dataallowed = 1; /* we can send other packets again now */
-		ses.kexstate.donefirstkex = 1;
-	} else {
-		TRACE(("RECVNEWKEYS=1"));
-		ses.kexstate.recvnewkeys = 1;
-	}
-	
-	TRACE(("leave recv_msg_newkeys"));
-}
-
-
-/* Set up the kex for the first time */
-void kexfirstinitialise() {
-
-	ses.kexstate.donefirstkex = 0;
-	kexinitialise();
-}
-
-/* Reset the kex state, ready for a new negotiation */
-static void kexinitialise() {
-
-	struct timeval tv;
-
-	TRACE(("kexinitialise()"));
-
-	/* sent/recv'd MSG_KEXINIT */
-	ses.kexstate.sentkexinit = 0;
-	ses.kexstate.recvkexinit = 0;
-
-	/* sent/recv'd MSG_NEWKEYS */
-	ses.kexstate.recvnewkeys = 0;
-	ses.kexstate.sentnewkeys = 0;
-
-	/* first_packet_follows */
-	ses.kexstate.firstfollows = 0;
-
-	ses.kexstate.datatrans = 0;
-	ses.kexstate.datarecv = 0;
-
-	if (gettimeofday(&tv, 0) < 0) {
-		dropbear_exit("Error getting time");
-	}
-	ses.kexstate.lastkextime = tv.tv_sec;
-
-}
-
-/* Helper function for gen_new_keys, creates a hash. It makes a copy of the
- * already initialised hash_state hs, which should already have processed
- * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
- * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
- * The output will only be expanded once, since that is all that is required
- * (for 3DES and SHA, with 24 and 20 bytes respectively). 
- *
- * See Section 5.2 of the IETF secsh Transport Draft for details */
-
-/* Duplicated verbatim from kex.c --mihnea */
-static void hashkeys(unsigned char *out, int outlen, 
-		const hash_state * hs, const unsigned char X) {
-
-	hash_state hs2;
-	unsigned char k2[SHA1_HASH_SIZE]; /* used to extending */
-
-	memcpy(&hs2, hs, sizeof(hash_state));
-	sha1_process(&hs2, &X, 1);
-	sha1_process(&hs2, ses.session_id, SHA1_HASH_SIZE);
-	sha1_done(&hs2, out);
-	if (SHA1_HASH_SIZE < outlen) {
-		/* need to extend */
-		memcpy(&hs2, hs, sizeof(hash_state));
-		sha1_process(&hs2, out, SHA1_HASH_SIZE);
-		sha1_done(&hs2, k2);
-		memcpy(&out[SHA1_HASH_SIZE], k2, outlen - SHA1_HASH_SIZE);
-	}
-}
-
-/* Generate the actual encryption/integrity keys, using the results of the
- * key exchange, as specified in section 5.2 of the IETF secsh-transport
- * draft. This occurs after the DH key-exchange.
- *
- * ses.newkeys is the new set of keys which are generated, these are only
- * taken into use after both sides have sent a newkeys message */
-
-/* Originally from kex.c, generalized for cli/svr mode --mihnea */
-void gen_new_keys() {
-
-	unsigned char C2S_IV[MAX_IV_LEN];
-	unsigned char C2S_key[MAX_KEY_LEN];
-	unsigned char S2C_IV[MAX_IV_LEN];
-	unsigned char S2C_key[MAX_KEY_LEN];
-	/* unsigned char key[MAX_KEY_LEN]; */
-	unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key;
-
-	hash_state hs;
-	unsigned int C2S_keysize, S2C_keysize;
-	char mactransletter, macrecvletter; /* Client or server specific */
-
-	TRACE(("enter gen_new_keys"));
-	/* the dh_K and hash are the start of all hashes, we make use of that */
-
-	sha1_init(&hs);
-	sha1_process_mp(&hs, ses.dh_K);
-	mp_clear(ses.dh_K);
-	m_free(ses.dh_K);
-	sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
-	m_burn(ses.hash, SHA1_HASH_SIZE);
-
-	if (IS_DROPBEAR_CLIENT) {
-	    trans_IV	= C2S_IV;
-	    recv_IV		= S2C_IV;
-	    trans_key	= C2S_key;
-	    recv_key	= S2C_key;
-	    C2S_keysize = ses.newkeys->trans_algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->recv_algo_crypt->keysize;
-		mactransletter = 'E';
-		macrecvletter = 'F';
-	} else {
-	    trans_IV	= S2C_IV;
-	    recv_IV		= C2S_IV;
-	    trans_key	= S2C_key;
-	    recv_key	= C2S_key;
-	    C2S_keysize = ses.newkeys->recv_algo_crypt->keysize;
-	    S2C_keysize = ses.newkeys->trans_algo_crypt->keysize;
-		mactransletter = 'F';
-		macrecvletter = 'E';
-	}
-
-	hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
-	hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
-	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
-	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
-
-	if (cbc_start(
-		find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name),
-			recv_IV, recv_key, 
-			ses.newkeys->recv_algo_crypt->keysize, 0, 
-			&ses.newkeys->recv_symmetric_struct) != CRYPT_OK) {
-		dropbear_exit("crypto error");
-	}
-
-	if (cbc_start(
-		find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name),
-			trans_IV, trans_key, 
-			ses.newkeys->trans_algo_crypt->keysize, 0, 
-			&ses.newkeys->trans_symmetric_struct) != CRYPT_OK) {
-		dropbear_exit("crypto error");
-	}
-	
-	/* MAC keys */
-	hashkeys(ses.newkeys->transmackey, 
-			ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter);
-	hashkeys(ses.newkeys->recvmackey, 
-			ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter);
-
-#ifndef DISABLE_ZLIB
-	gen_new_zstreams();
-#endif
-	
-	/* Switch over to the new keys */
-	m_burn(ses.keys, sizeof(struct key_context));
-	m_free(ses.keys);
-	ses.keys = ses.newkeys;
-	ses.newkeys = NULL;
-
-	TRACE(("leave gen_new_keys"));
-}
-
-#ifndef DISABLE_ZLIB
-/* Set up new zlib compression streams, close the old ones. Only
- * called from gen_new_keys() */
-static void gen_new_zstreams() {
-
-	/* create new zstreams */
-	if (ses.newkeys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {
-		ses.newkeys->recv_zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->recv_zstream->zalloc = Z_NULL;
-		ses.newkeys->recv_zstream->zfree = Z_NULL;
-		
-		if (inflateInit(ses.newkeys->recv_zstream) != Z_OK) {
-			dropbear_exit("zlib error");
-		}
-	} else {
-		ses.newkeys->recv_zstream = NULL;
-	}
-
-	if (ses.newkeys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {
-		ses.newkeys->trans_zstream = (z_streamp)m_malloc(sizeof(z_stream));
-		ses.newkeys->trans_zstream->zalloc = Z_NULL;
-		ses.newkeys->trans_zstream->zfree = Z_NULL;
-	
-		if (deflateInit(ses.newkeys->trans_zstream, Z_DEFAULT_COMPRESSION) 
-				!= Z_OK) {
-			dropbear_exit("zlib error");
-		}
-	} else {
-		ses.newkeys->trans_zstream = NULL;
-	}
-	
-	/* clean up old keys */
-	if (ses.keys->recv_zstream != NULL) {
-		if (inflateEnd(ses.keys->recv_zstream) == Z_STREAM_ERROR) {
-			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("crypto error");
-		}
-		m_free(ses.keys->recv_zstream);
-	}
-	if (ses.keys->trans_zstream != NULL) {
-		if (deflateEnd(ses.keys->trans_zstream) == Z_STREAM_ERROR) {
-			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
-			dropbear_exit("crypto error");
-		}
-		m_free(ses.keys->trans_zstream);
-	}
-}
-#endif
-
-
-/* Executed upon receiving a kexinit message from the client to initiate
- * key exchange. If we haven't already done so, we send the list of our
- * preferred algorithms. The client's requested algorithms are processed,
- * and we calculate the first portion of the key-exchange-hash for used
- * later in the key exchange. No response is sent, as the client should
- * initiate the diffie-hellman key exchange */
-
-/* Originally from kex.c, generalized for cli/svr mode --mihnea  */
-/* Belongs in common_kex.c where it should be moved after review */
-void recv_msg_kexinit() {
-	
-	TRACE(("<- KEXINIT"));
-	TRACE(("enter recv_msg_kexinit"));
-	
-	/* start the kex hash */
-	ses.kexhashbuf = buf_new(MAX_KEXHASHBUF);
-
-	if (!ses.kexstate.sentkexinit) {
-		/* we need to send a kex packet */
-		send_msg_kexinit();
-		TRACE(("continue recv_msg_kexinit: sent kexinit"));
-	}
-
-
-	if (IS_DROPBEAR_CLIENT) {
-
-		/* read the peer's choice of algos */
-		read_kex_algos();
-
-		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
-		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
-
-		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
-		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
-
-	} else {
-		/* SERVER */
-
-		/* read the peer's choice of algos */
-		read_kex_algos();
-		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
-		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
-
-		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
-		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
-		ses.requirenext = SSH_MSG_KEXDH_INIT;
-	}
-
-	buf_free(ses.transkexinit);
-	ses.transkexinit = NULL;
-	/* the rest of ses.kexhashbuf will be done after DH exchange */
-
-	ses.kexstate.recvkexinit = 1;
-//	ses.expecting = 0; // client matt
-
-	TRACE(("leave recv_msg_kexinit"));
-}
-
-/* Initialises and generate one side of the diffie-hellman key exchange values.
- * See the ietf-secsh-transport draft, section 6, for details */
-/* dh_pub and dh_priv MUST be already initialised */
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
-
-	DEF_MP_INT(dh_p);
-	DEF_MP_INT(dh_q);
-	DEF_MP_INT(dh_g);
-	unsigned char randbuf[DH_P_LEN];
-	int dh_q_len;
-
-	TRACE(("enter send_msg_kexdh_reply"));
-	
-	m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
-
-	/* read the prime and generator*/
-	if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
-			!= MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	
-	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* calculate q = (p-1)/2 */
-	/* dh_priv is just a temp var here */
-	if (mp_sub_d(&dh_p, 1, dh_priv) != MP_OKAY) { 
-		dropbear_exit("Diffie-Hellman error");
-	}
-	if (mp_div_2(dh_priv, &dh_q) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	dh_q_len = mp_unsigned_bin_size(&dh_q);
-
-	/* calculate our random value dh_y */
-	do {
-		assert((unsigned int)dh_q_len <= sizeof(randbuf));
-		genrandom(randbuf, dh_q_len);
-		if (mp_read_unsigned_bin(dh_priv, randbuf, dh_q_len) != MP_OKAY) {
-			dropbear_exit("Diffie-Hellman error");
-		}
-	} while (mp_cmp(dh_priv, &dh_q) == MP_GT || mp_cmp_d(dh_priv, 0) != MP_GT);
-
-	/* f = g^y mod p */
-	if (mp_exptmod(&dh_g, dh_priv, &dh_p, dh_pub) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL);
-}
-
-/* This function is fairly common between client/server, with some substitution
- * of dh_e/dh_f etc. Hence these arguments:
- * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is 
- * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
-		sign_key *hostkey) {
-
-	mp_int dh_p;
-	mp_int *dh_e = NULL, *dh_f = NULL;
-	hash_state hs;
-
-	/* read the prime and generator*/
-	mp_init(&dh_p);
-	if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
-			!= MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
-	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
-			|| mp_cmp_d(dh_pub_them, 0) != MP_GT) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	
-	/* K = e^y mod p = f^x mod p */
-	ses.dh_K = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init(ses.dh_K);
-	if (mp_exptmod(dh_pub_them, dh_priv, &dh_p, ses.dh_K) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* clear no longer needed vars */
-	mp_clear_multi(&dh_p, NULL);
-
-	/* From here on, the code needs to work with the _same_ vars on each side,
-	 * not vice-versaing for client/server */
-	if (IS_DROPBEAR_CLIENT) {
-		dh_e = dh_pub_us;
-		dh_f = dh_pub_them;
-	} else {
-		dh_e = dh_pub_them;
-		dh_f = dh_pub_us;
-	} 
-
-	/* Create the remainder of the hash buffer, to generate the exchange hash */
-	/* K_S, the host key */
-	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
-	/* e, exchange value sent by the client */
-	buf_putmpint(ses.kexhashbuf, dh_e);
-	/* f, exchange value sent by the server */
-	buf_putmpint(ses.kexhashbuf, dh_f);
-	/* K, the shared secret */
-	buf_putmpint(ses.kexhashbuf, ses.dh_K);
-
-	/* calculate the hash H to sign */
-	sha1_init(&hs);
-	buf_setpos(ses.kexhashbuf, 0);
-	sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
-			ses.kexhashbuf->len);
-	sha1_done(&hs, ses.hash);
-
-	buf_burn(ses.kexhashbuf);
-	buf_free(ses.kexhashbuf);
-	ses.kexhashbuf = NULL;
-	
-	/* first time around, we set the session_id to H */
-	if (ses.session_id == NULL) {
-		/* create the session_id, this never needs freeing */
-		ses.session_id = (unsigned char*)m_malloc(SHA1_HASH_SIZE);
-		memcpy(ses.session_id, ses.hash, SHA1_HASH_SIZE);
-	}
-}
-
-/* read the other side's algo list. buf_match_algo is a callback to match
- * algos for the client or server. */
-static void read_kex_algos() {
-
-	/* for asymmetry */
-	algo_type * c2s_hash_algo = NULL;
-	algo_type * s2c_hash_algo = NULL;
-	algo_type * c2s_cipher_algo = NULL;
-	algo_type * s2c_cipher_algo = NULL;
-	algo_type * c2s_comp_algo = NULL;
-	algo_type * s2c_comp_algo = NULL;
-	/* the generic one */
-	algo_type * algo = NULL;
-
-	/* which algo couldn't match */
-	char * erralgo = NULL;
-
-	int goodguess = 0;
-	int allgood = 1; /* we AND this with each goodguess and see if its still
-						true after */
-
-	buf_incrpos(ses.payload, 16); /* start after the cookie */
-
-	ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
-
-	/* kex_algorithms */
-	algo = ses.buf_match_algo(ses.payload, sshkex, &goodguess);
-	allgood &= goodguess;
-	if (algo == NULL) {
-		erralgo = "kex";
-		goto error;
-	}
-	TRACE(("kex algo %s", algo->name));
-	ses.newkeys->algo_kex = algo->val;
-
-	/* server_host_key_algorithms */
-	algo = ses.buf_match_algo(ses.payload, sshhostkey, &goodguess);
-	allgood &= goodguess;
-	if (algo == NULL) {
-		erralgo = "hostkey";
-		goto error;
-	}
-	TRACE(("hostkey algo %s", algo->name));
-	ses.newkeys->algo_hostkey = algo->val;
-
-	/* encryption_algorithms_client_to_server */
-	c2s_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
-		erralgo = "enc c->s";
-		goto error;
-	}
-
-	/* encryption_algorithms_server_to_client */
-	s2c_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
-		erralgo = "enc s->c";
-		goto error;
-	}
-
-	/* mac_algorithms_client_to_server */
-	c2s_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
-		erralgo = "mac c->s";
-		goto error;
-	}
-
-	/* mac_algorithms_server_to_client */
-	s2c_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
-		erralgo = "mac s->c";
-		goto error;
-	}
-
-	/* compression_algorithms_client_to_server */
-	c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
-		erralgo = "comp c->s";
-		goto error;
-	}
-
-	/* compression_algorithms_server_to_client */
-	s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
-		erralgo = "comp s->c";
-		goto error;
-	}
-
-	/* languages_client_to_server */
-	buf_eatstring(ses.payload);
-
-	/* languages_server_to_client */
-	buf_eatstring(ses.payload);
-
-	/* first_kex_packet_follows */
-	if (buf_getbyte(ses.payload)) {
-		ses.kexstate.firstfollows = 1;
-		/* if the guess wasn't good, we ignore the packet sent */
-		if (!allgood) {
-			ses.ignorenext = 1;
-		}
-	}
-
-	/* Handle the asymmetry */
-	if (IS_DROPBEAR_CLIENT) {
-		ses.newkeys->recv_algo_crypt = 
-			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->trans_algo_crypt = 
-			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->recv_algo_mac = 
-			(struct dropbear_hash*)s2c_hash_algo->data;
-		ses.newkeys->trans_algo_mac = 
-			(struct dropbear_hash*)c2s_hash_algo->data;
-		ses.newkeys->recv_algo_comp = s2c_comp_algo->val;
-		ses.newkeys->trans_algo_comp = c2s_comp_algo->val;
-	} else {
-		/* SERVER */
-		ses.newkeys->recv_algo_crypt = 
-			(struct dropbear_cipher*)c2s_cipher_algo->data;
-		ses.newkeys->trans_algo_crypt = 
-			(struct dropbear_cipher*)s2c_cipher_algo->data;
-		ses.newkeys->recv_algo_mac = 
-			(struct dropbear_hash*)c2s_hash_algo->data;
-		ses.newkeys->trans_algo_mac = 
-			(struct dropbear_hash*)s2c_hash_algo->data;
-		ses.newkeys->recv_algo_comp = c2s_comp_algo->val;
-		ses.newkeys->trans_algo_comp = s2c_comp_algo->val;
-	}
-
-	TRACE(("enc algo recv %s", algo->name));
-	TRACE(("enc algo trans %s", algo->name));
-	TRACE(("mac algo recv %s", algo->name));
-	TRACE(("mac algo trans %s", algo->name));
-	TRACE(("comp algo recv %s", algo->name));
-	TRACE(("comp algo trans %s", algo->name));
-
-	/* reserved for future extensions */
-	buf_getint(ses.payload);
-	return;
-
-error:
-	dropbear_exit("no matching algo %s", erralgo);
-}

common-session.c

@@ -1,368 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "session.h"
-#include "dbutil.h"
-#include "packet.h"
-#include "algo.h"
-#include "buffer.h"
-#include "dss.h"
-#include "ssh.h"
-#include "random.h"
-#include "kex.h"
-#include "channel.h"
-#include "atomicio.h"
-
-static void checktimeouts();
-static int ident_readln(int fd, char* buf, int count);
-
-struct sshsession ses; /* GLOBAL */
-
-/* need to know if the session struct has been initialised, this way isn't the
- * cleanest, but works OK */
-int sessinitdone = 0; /* GLOBAL */
-
-/* this is set when we get SIGINT or SIGTERM, the handler is in main.c */
-int exitflag = 0; /* GLOBAL */
-
-
-
-/* called only at the start of a session, set up initial state */
-void common_session_init(int sock, char* remotehost) {
-
-	TRACE(("enter session_init"));
-
-	ses.remotehost = remotehost;
-
-	ses.sock = sock;
-	ses.maxfd = sock;
-
-	ses.connecttimeout = 0;
-	
-	kexfirstinitialise(); /* initialise the kex state */
-	chaninitialise(); /* initialise the channel state */
-
-	ses.writepayload = buf_new(MAX_TRANS_PAYLOAD_LEN);
-	ses.transseq = 0;
-
-	ses.readbuf = NULL;
-	ses.decryptreadbuf = NULL;
-	ses.payload = NULL;
-	ses.recvseq = 0;
-
-	ses.requirenext = SSH_MSG_KEXINIT;
-	ses.dataallowed = 0; /* don't send data yet, we'll wait until after kex */
-	ses.ignorenext = 0;
-	ses.lastpacket = 0;
-
-	/* set all the algos to none */
-	ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context));
-	ses.newkeys = NULL;
-	ses.keys->recv_algo_crypt = &dropbear_nocipher;
-	ses.keys->trans_algo_crypt = &dropbear_nocipher;
-	
-	ses.keys->recv_algo_mac = &dropbear_nohash;
-	ses.keys->trans_algo_mac = &dropbear_nohash;
-
-	ses.keys->algo_kex = -1;
-	ses.keys->algo_hostkey = -1;
-	ses.keys->recv_algo_comp = DROPBEAR_COMP_NONE;
-	ses.keys->trans_algo_comp = DROPBEAR_COMP_NONE;
-
-#ifndef DISABLE_ZLIB
-	ses.keys->recv_zstream = NULL;
-	ses.keys->trans_zstream = NULL;
-#endif
-
-	/* key exchange buffers */
-	ses.session_id = NULL;
-	ses.kexhashbuf = NULL;
-	ses.transkexinit = NULL;
-	ses.dh_K = NULL;
-	ses.remoteident = NULL;
-
-	ses.chantypes = NULL;
-
-	ses.allowprivport = 0;
-
-
-	TRACE(("leave session_init"));
-}
-
-void session_loop(void(*loophandler)()) {
-
-	fd_set readfd, writefd;
-	struct timeval timeout;
-	int val;
-
-	/* main loop, select()s for all sockets in use */
-	for(;;) {
-
-		timeout.tv_sec = SELECT_TIMEOUT;
-		timeout.tv_usec = 0;
-		FD_ZERO(&writefd);
-		FD_ZERO(&readfd);
-		assert(ses.payload == NULL);
-		if (ses.sock != -1) {
-			FD_SET(ses.sock, &readfd);
-			if (!isempty(&ses.writequeue)) {
-				FD_SET(ses.sock, &writefd);
-			}
-		}
-
-		/* set up for channels which require reading/writing */
-		if (ses.dataallowed) {
-			setchannelfds(&readfd, &writefd);
-		}
-		val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout);
-
-		if (exitflag) {
-			dropbear_exit("Terminated by signal");
-		}
-		
-		if (val < 0) {
-			if (errno == EINTR) {
-				/* This must happen even if we've been interrupted, so that
-				 * changed signal-handler vars can take effect etc */
-				if (loophandler) {
-					loophandler();
-				}
-				continue;
-			} else {
-				dropbear_exit("Error in select");
-			}
-		}
-
-		/* check for auth timeout, rekeying required etc */
-		checktimeouts();
-		
-		if (val == 0) {
-			/* timeout */
-			TRACE(("select timeout"));
-			continue;
-		}
-
-		/* process session socket's incoming/outgoing data */
-		if (ses.sock != -1) {
-			if (FD_ISSET(ses.sock, &writefd) && !isempty(&ses.writequeue)) {
-				write_packet();
-			}
-
-			if (FD_ISSET(ses.sock, &readfd)) {
-				read_packet();
-			}
-			
-			/* Process the decrypted packet. After this, the read buffer
-			 * will be ready for a new packet */
-			if (ses.payload != NULL) {
-				process_packet();
-			}
-		}
-
-		/* process pipes etc for the channels, ses.dataallowed == 0
-		 * during rekeying ) */
-		if (ses.dataallowed) {
-			channelio(&readfd, &writefd);
-		}
-
-		if (loophandler) {
-			loophandler();
-		}
-
-	} /* for(;;) */
-	
-	/* Not reached */
-}
-
-/* clean up a session on exit */
-void common_session_cleanup() {
-	
-	TRACE(("enter session_cleanup"));
-	
-	/* we can't cleanup if we don't know the session state */
-	if (!sessinitdone) {
-		TRACE(("leave session_cleanup: !sessinitdone"));
-		return;
-	}
-	
-	m_free(ses.session_id);
-	m_burn(ses.keys, sizeof(struct key_context));
-	m_free(ses.keys);
-
-	chancleanup();
-
-	TRACE(("leave session_cleanup"));
-}
-
-
-void session_identification() {
-
-	/* max length of 255 chars */
-	char linebuf[256];
-	int len = 0;
-	char done = 0;
-	int i;
-
-	/* write our version string, this blocks */
-	if (atomicio(write, ses.sock, LOCAL_IDENT "\r\n",
-				strlen(LOCAL_IDENT "\r\n")) == DROPBEAR_FAILURE) {
-		dropbear_exit("Error writing ident string");
-	}
-
-	/* We allow up to 9 lines before the actual version string, to
-	 * account for wrappers/cruft etc. According to the spec only the client
-	 * needs to handle this, but no harm in letting the server handle it too */
-	for (i = 0; i < 10; i++) {
-		len = ident_readln(ses.sock, linebuf, sizeof(linebuf));
-
-		if (len < 0 && errno != EINTR) {
-			/* It failed */
-			break;
-		}
-
-		if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) {
-			/* start of line matches */
-			done = 1;
-			break;
-		}
-	}
-
-	if (!done) {
-		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf));
-		dropbear_exit("Failed to get remote version");
-	} else {
-		/* linebuf is already null terminated */
-		ses.remoteident = m_malloc(len);
-		memcpy(ses.remoteident, linebuf, len);
-	}
-
-	TRACE(("remoteident: %s", ses.remoteident));
-
-}
-
-/* returns the length including null-terminating zero on success,
- * or -1 on failure */
-static int ident_readln(int fd, char* buf, int count) {
-	
-	char in;
-	int pos = 0;
-	int num = 0;
-	fd_set fds;
-	struct timeval timeout;
-
-	TRACE(("enter ident_readln"));
-
-	if (count < 1) {
-		return -1;
-	}
-
-	FD_ZERO(&fds);
-
-	/* select since it's a non-blocking fd */
-	
-	/* leave space to null-terminate */
-	while (pos < count-1) {
-
-		FD_SET(fd, &fds);
-
-		timeout.tv_sec = 1;
-		timeout.tv_usec = 0;
-		if (select(fd+1, &fds, NULL, NULL, &timeout) < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-			TRACE(("leave ident_readln: select error"));
-			return -1;
-		}
-
-		checktimeouts();
-		
-		/* Have to go one byte at a time, since we don't want to read past
-		 * the end, and have to somehow shove bytes back into the normal
-		 * packet reader */
-		if (FD_ISSET(fd, &fds)) {
-			num = read(fd, &in, 1);
-			/* a "\n" is a newline, "\r" we want to read in and keep going
-			 * so that it won't be read as part of the next line */
-			if (num < 0) {
-				/* error */
-				if (errno == EINTR) {
-					continue; /* not a real error */
-				}
-				TRACE(("leave ident_readln: read error"));
-				return -1;
-			}
-			if (num == 0) {
-				/* EOF */
-				TRACE(("leave ident_readln: EOF"));
-				return -1;
-			}
-			if (in == '\n') {
-				/* end of ident string */
-				break;
-			}
-			/* we don't want to include '\r's */
-			if (in != '\r') {
-				buf[pos] = in;
-				pos++;
-			}
-		}
-	}
-
-	buf[pos] = '\0';
-	TRACE(("leave ident_readln: return %d", pos+1));
-	return pos+1;
-}
-
-/* Check all timeouts which are required. Currently these are the time for
- * user authentication, and the automatic rekeying. */
-static void checktimeouts() {
-
-	struct timeval tv;
-	long secs;
-
-	if (gettimeofday(&tv, 0) < 0) {
-		dropbear_exit("Error getting time");
-	}
-
-	secs = tv.tv_sec;
-	
-	if (ses.connecttimeout != 0 && secs > ses.connecttimeout) {
-			dropbear_close("Timeout before auth");
-	}
-
-	/* we can't rekey if we haven't done remote ident exchange yet */
-	if (ses.remoteident == NULL) {
-		return;
-	}
-
-	if (!ses.kexstate.sentkexinit
-			&& (secs - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
-			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)){
-		TRACE(("rekeying after timeout or max data reached"));
-		send_msg_kexinit();
-	}
-}
-

configure.ac

@@ -0,0 +1,916 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf and autoheader to produce a configure script.
+
+# This Autoconf file was cobbled from various locations. In particular, a bunch
+# of the platform checks have been taken straight from OpenSSH's configure.ac
+# Huge thanks to them for dealing with the horrible platform-specifics :)
+
+AC_PREREQ([2.59])
+AC_INIT
+
+# Record which revision is being built
+if test -s "`which hg`" && test -d "$srcdir/.hg"; then
+	hgrev=`hg id -i -R "$srcdir"`
+	AC_MSG_NOTICE([Source directory Mercurial base revision $hgrev])
+fi
+
+ORIGCFLAGS="$CFLAGS"
+LATE_CFLAGS=""
+# Checks for programs.
+AC_PROG_CC
+
+if test -z "$LD" ; then
+	LD=$CC
+fi
+AC_SUBST(LD)
+
+AC_DEFUN(DB_TRYADDCFLAGS,
+[{
+		OLDFLAGS="$CFLAGS"
+		TESTFLAGS="$1"
+		CFLAGS="$TESTFLAGS $CFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
+			)
+}])
+
+# set compile flags prior to other tests
+if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
+	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
+	CFLAGS="-Os -W -Wall"
+fi
+
+# LTM_CFLAGS is given to ./configure by the user, 
+# DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in
+DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS"
+if test -z "$DROPBEAR_LTM_CFLAGS"; then
+	DROPBEAR_LTM_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer"
+fi
+AC_MSG_NOTICE(Setting LTM_CFLAGS to $DROPBEAR_LTM_CFLAGS)
+AC_ARG_VAR(LTM_CFLAGS, CFLAGS for bundled libtommath. Default -O3 -funroll-loops -fomit-frame-pointer)
+AC_SUBST(DROPBEAR_LTM_CFLAGS)
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
+DB_TRYADDCFLAGS([-Wno-pointer-sign])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
+DB_TRYADDCFLAGS([-fno-strict-overflow])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wundef])
+DB_TRYADDCFLAGS([-Wundef])
+
+# needed for various extensions. define early before autoconf tests
+AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions if glibc])
+
+STATIC=0
+AC_ARG_ENABLE(static,
+	[  --enable-static         Build static binaries],
+	[
+		if test "x$enableval" = "xyes"; then
+			STATIC=1
+			AC_MSG_NOTICE(Static Build)
+		fi
+	], [])
+AC_SUBST(STATIC)
+
+hardenbuild=1
+AC_ARG_ENABLE(harden,
+	[  --disable-harden        Don't set hardened build flags],
+	[
+		if test "x$enableval" = "xno"; then
+			hardenbuild=0
+			AC_MSG_NOTICE(Disabling hardened build flags)
+		fi
+	], [])
+
+if test "$hardenbuild" -eq 1; then
+	AC_MSG_NOTICE(Checking for available hardened build flags:)
+	# relocation flags don't make sense for static builds
+	if test "$STATIC" -ne 1; then
+		# pie
+		DB_TRYADDCFLAGS([-fPIE])
+
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-pie"
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[
+				LDFLAGS="$OLDLDFLAGS"
+				TESTFLAGS="-pie"
+				LDFLAGS="$TESTFLAGS $LDFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+					)
+			]
+			)
+		# readonly elf relocation sections (relro)
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+			)
+	fi # non-static
+	# stack protector. -strong is good but only in gcc 4.9 or later
+	OLDCFLAGS="$CFLAGS"
+	TESTFLAGS="-fstack-protector-strong"
+	CFLAGS="$TESTFLAGS $CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
+	    [
+			CFLAGS="$OLDCFLAGS"
+			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
+			CFLAGS="$TESTFLAGS $CFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
+			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+			    )
+	    ]
+	    )
+	# FORTIFY_SOURCE
+	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
+
+	# Spectre v2 mitigations
+	DB_TRYADDCFLAGS([-mfunction-return=thunk])
+	DB_TRYADDCFLAGS([-mindirect-branch=thunk])
+
+fi
+
+AC_ARG_ENABLE(werror,
+	[  --enable-werror         Set -Werror when building],
+	[
+		if test "x$enableval" = "xyes"; then
+			# -Werror shouldn't be set when configure runs tests.
+			# We add it to the Makefile's CFLAGS
+			LATE_CFLAGS+="$LATE_CFLAGS -Werror"
+			AC_MSG_NOTICE(Enabling -Werror)
+		fi
+	], [])
+
+# large file support is useful for scp
+AC_SYS_LARGEFILE
+
+# Host specific options
+# this isn't a definitive list of hosts, they are just added as required
+AC_CANONICAL_HOST
+
+case "$host" in
+
+*-*-linux*)
+	no_ptmx_check=1
+	;;
+
+*-*-solaris*)
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
+	conf_lastlog_location="/var/adm/lastlog"
+	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+	if test "$sol2ver" -ge 8; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(DISABLE_UTMP,1,Disable utmp)
+		AC_DEFINE(DISABLE_WTMP,1,Disable wtmp)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	AC_CHECK_LIB(socket, socket, LIBS="$LIBS -lsocket")
+	AC_CHECK_LIB(nsl, yp_match, LIBS="$LIBS -lnsl")
+	;;
+
+*-*-aix*)
+	AC_DEFINE(AIX,1,Using AIX)
+	# OpenSSH thinks it's broken. If it isn't, let me know.
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+
+*-*-hpux*)
+	LIBS="$LIBS -lsec"
+	# It's probably broken.
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+*-dec-osf*)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+esac
+
+AC_CHECK_TOOL(AR, ar, :)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+AC_PROG_INSTALL
+
+dnl Can't use login() or logout() with uclibc
+AC_CHECK_DECL(__UCLIBC__,
+	[
+	no_loginfunc_check=1
+	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
+	],,)
+
+dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
+dnl but we don't want link all binaries to -lcrypt, just dropbear server.
+dnl OS X doesn't need -lcrypt
+AC_CHECK_FUNC(crypt, found_crypt_func=here)
+AC_CHECK_LIB(crypt, crypt,
+	[
+	CRYPTLIB="-lcrypt"
+	found_crypt_func=here
+	])
+AC_SUBST(CRYPTLIB)
+if test "t$found_crypt_func" = there; then
+AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
+fi
+
+# Check if zlib is needed
+AC_ARG_WITH(zlib,
+	[  --with-zlib=PATH        Use zlib in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+AC_ARG_ENABLE(zlib,
+	[  --disable-zlib          Don't include zlib support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_ZLIB,1,Use zlib)
+			AC_MSG_NOTICE(Disabling zlib)
+		else
+			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+			AC_MSG_NOTICE(Enabling zlib)
+		fi
+	],
+	[
+		# if not disabled, check for zlib
+		AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+		AC_MSG_NOTICE(Enabling zlib)
+	]
+)
+
+# Check if pam is needed
+AC_ARG_WITH(pam,
+	[  --with-pam=PATH        Use pam in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+
+AC_ARG_ENABLE(pam,
+	[  --enable-pam            Try to include PAM support],
+	[
+		if test "x$enableval" = "xyes"; then
+			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
+			AC_MSG_NOTICE(Enabling PAM)
+			AC_CHECK_FUNCS(pam_fail_delay)
+		else
+			AC_DEFINE(DISABLE_PAM,1,Use PAM)
+			AC_MSG_NOTICE(Disabling PAM)
+		fi
+	],
+	[
+		# disable it by default
+		AC_DEFINE(DISABLE_PAM,1,Use PAM)
+		AC_MSG_NOTICE(Disabling PAM)
+	]
+)
+
+AC_ARG_ENABLE(openpty,
+	[  --disable-openpty       Don't use openpty, use alternative method],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using openpty)
+		else
+			AC_MSG_NOTICE(Using openpty if available)
+			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Using openpty if available)
+		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+	]
+)
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+	no_ptc_check=yes
+	no_ptmx_check=yes
+fi
+
+AC_ARG_ENABLE(syslog,
+	[  --disable-syslog        Don't include syslog support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_SYSLOG,1,Using syslog)
+			AC_MSG_NOTICE(Disabling syslog)
+		else
+			AC_MSG_NOTICE(Enabling syslog)
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Enabling syslog)
+	]
+)
+
+AC_ARG_ENABLE(shadow,
+	[  --disable-shadow        Don't use shadow passwords (if available)],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using shadow passwords)
+		else
+			AC_CHECK_HEADERS([shadow.h])
+			AC_MSG_NOTICE(Using shadow passwords if available)
+		fi
+	],
+	[
+		AC_CHECK_HEADERS([shadow.h])
+		AC_MSG_NOTICE(Using shadow passwords if available)
+	]
+)
+
+AC_ARG_ENABLE(plugin,
+	[  --enable-plugin         Enable support for External Public Key Authentication plug-in],
+	[
+		AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication)
+		AC_MSG_NOTICE(Enabling support for External Public Key Authentication)
+		DROPBEAR_PLUGIN=1
+	],
+	[
+		AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication)
+		DROPBEAR_PLUGIN=0
+	]
+
+)
+AC_SUBST(DROPBEAR_PLUGIN)
+
+AC_ARG_ENABLE(fuzz,
+	[  --enable-fuzz           Build fuzzing. Not recommended for deployment.],
+	[
+		if test "x$enableval" = "xyes"; then
+            AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing)
+            AC_MSG_NOTICE(Enabling fuzzing)
+            DROPBEAR_FUZZ=1
+            # libfuzzer needs linking with c++ libraries
+            AC_PROG_CXX
+			mkdir -pv fuzz
+        else
+            AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
+            AC_MSG_NOTICE(Disabling fuzzing)
+            DROPBEAR_FUZZ=0
+        fi
+	],
+	[
+		AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
+		AC_MSG_NOTICE(Disabling fuzzing)
+		DROPBEAR_FUZZ=0
+	]
+
+)
+AC_SUBST(DROPBEAR_FUZZ)
+AC_SUBST(CXX)
+
+# Checks for header files.
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \
+	crypt.h \
+	pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
+	utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
+	pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h \
+	sys/random.h sys/prctl.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_TYPE_UID_T
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+
+AC_CHECK_TYPES([uint8_t, u_int8_t, uint16_t, u_int16_t, uint32_t, u_int32_t])
+AC_CHECK_TYPES([struct sockaddr_storage])
+AC_CHECK_TYPE([socklen_t], ,[
+	AC_MSG_CHECKING([for socklen_t equivalent])
+	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+	[
+	# Systems have either "struct sockaddr *" or
+	# "void *" as the second argument to getpeername
+	curl_cv_socklen_t_equiv=
+	for arg2 in "struct sockaddr" void; do
+		for t in int size_t unsigned long "unsigned long"; do
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+
+			int getpeername (int, $arg2 *, $t *);
+		]],[[
+			$t len;
+			getpeername(0,0,&len);
+		]])],[
+			curl_cv_socklen_t_equiv="$t"
+			break
+		])
+		done
+	done
+
+	if test "x$curl_cv_socklen_t_equiv" = x; then
+		AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+	fi
+	])
+	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+			[type to use in place of socklen_t if not defined])],
+	[#include <sys/types.h>
+	#include <sys/socket.h>])
+
+# for the fake-rfc2553 stuff - straight from OpenSSH
+
+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+		]],
+		[[ if (sizeof(struct sockaddr_storage)) return 0 ]])],
+		[ ac_cv_have_struct_sockaddr_storage="yes" ],
+		[ ac_cv_have_struct_sockaddr_storage="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+fi
+
+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+		]],
+		[[ if (sizeof(struct sockaddr_in6)) return 0 ]])],
+		[ ac_cv_have_struct_sockaddr_in6="yes" ],
+		[ ac_cv_have_struct_sockaddr_in6="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6)
+fi
+
+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+		]],
+		[[ if (sizeof(struct in6_addr)) return 0 ]])],
+		[ ac_cv_have_struct_in6_addr="yes" ],
+		[ ac_cv_have_struct_in6_addr="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr)
+fi
+
+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+		]],
+		[[ if (sizeof(struct addrinfo)) return 0 ]])],
+		[ ac_cv_have_struct_addrinfo="yes" ],
+		[ ac_cv_have_struct_addrinfo="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo)
+fi
+
+
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+	AC_DEFINE(HAVE_GAI_STRERROR)
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);]],[[
+char *str;
+
+str = gai_strerror(0);]])],[
+		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+		[Define if gai_strerror() returns const char *])])])
+
+# for loginrec.c
+
+AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type, struct utmp.ut_tv, struct utmp.ut_id, struct utmp.ut_addr, struct utmp.ut_addr_v6, struct utmp.ut_exit, struct utmp.ut_time],,,[
+#include <sys/types.h>
+#if HAVE_UTMP_H
+#include <utmp.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#if HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct sockaddr_storage.ss_family],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
+AC_CHECK_FUNCS(utmpname)
+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
+AC_CHECK_FUNCS(setutxent utmpxname)
+AC_CHECK_FUNCS(logout updwtmp logwtmp)
+
+# POSIX monotonic time
+AC_CHECK_FUNCS(clock_gettime)
+
+# OS X monotonic time
+AC_CHECK_HEADERS([mach/mach_time.h])
+AC_CHECK_FUNCS(mach_absolute_time)
+
+AC_CHECK_FUNCS(explicit_bzero memset_s getrandom)
+
+AC_ARG_ENABLE(bundled-libtom,
+[  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
+  --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
+                                Default is to use system if available, otherwise bundled.
+                                Dropbear requires system libtommath >= 1.2.0 and libtomcrypt >= 1.18.0],
+	[
+		if test "x$enableval" = "xyes"; then
+			BUNDLED_LIBTOM=1
+			AC_MSG_NOTICE(Forcing bundled libtom*)
+		else
+			BUNDLED_LIBTOM=0
+			AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing/old system libtommath and --disable-bundled-libtom was specified])] )
+			AC_CHECK_LIB(tomcrypt, poly1305_init, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing/old system libtomcrypt and --disable-bundled-libtom was specified])] )
+		fi
+	],
+	[
+		BUNDLED_LIBTOM=0
+		AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tomcrypt, poly1305_init, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+	]
+)
+
+if test $BUNDLED_LIBTOM = 1 ; then
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom)
+fi
+
+AC_SUBST(LIBTOM_LIBS)
+AC_SUBST(BUNDLED_LIBTOM)
+
+dnl Added from OpenSSH 3.6.1p2's configure.ac
+
+dnl allow user to disable some login recording features
+AC_ARG_ENABLE(lastlog,
+	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog())
+		fi
+	]
+)
+AC_ARG_ENABLE(utmp,
+	[  --disable-utmp          Disable use of utmp even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp)
+		fi
+	]
+)
+AC_ARG_ENABLE(utmpx,
+	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx)
+		fi
+	]
+)
+AC_ARG_ENABLE(wtmp,
+	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp)
+		fi
+	]
+)
+AC_ARG_ENABLE(wtmpx,
+	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx)
+		fi
+	]
+)
+AC_ARG_ENABLE(loginfunc,
+	[  --disable-loginfunc     Disable use of login() etc. [no]],
+	[ no_loginfunc_check=1
+	AC_MSG_NOTICE([Not using login() etc]) ]
+)
+AC_ARG_ENABLE(pututline,
+	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline())
+		fi
+	]
+)
+AC_ARG_ENABLE(pututxline,
+	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline())
+		fi
+	]
+)
+AC_ARG_WITH(lastlog,
+  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+	[
+		if test "x$withval" = "xno" ; then
+			AC_DEFINE(DISABLE_LASTLOG)
+		else
+			conf_lastlog_location=$withval
+		fi
+	]
+)
+
+if test -z "$no_loginfunc_check"; then
+	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
+	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])])
+	AC_CHECK_FUNCS(logout updwtmp logwtmp)
+fi
+
+dnl lastlog, [uw]tmpx? detection
+dnl  NOTE: set the paths in the platform section to avoid the
+dnl   need for command-line parameters
+dnl lastlog and [uw]tmp are subject to a file search if all else fails
+
+dnl lastlog detection
+dnl  NOTE: the code itself will detect if lastlog is a directory
+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+	]],
+	[[ char *lastlog = LASTLOG_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[
+		AC_MSG_RESULT(no)
+		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+		]],
+		[[ char *lastlog = _PATH_LASTLOG; ]])],
+		[ AC_MSG_RESULT(yes) ],
+		[
+			AC_MSG_RESULT(no)
+			system_lastlog_path=no
+		])
+	]
+)
+
+if test -z "$conf_lastlog_location"; then
+	if test x"$system_lastlog_path" = x"no" ; then
+		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+				if (test -d "$f" || test -f "$f") ; then
+					conf_lastlog_location=$f
+				fi
+		done
+		if test -z "$conf_lastlog_location"; then
+			AC_MSG_WARN([** Cannot find lastlog **])
+			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
+		fi
+	fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
+fi
+
+dnl utmp detection
+AC_MSG_CHECKING([if your system defines UTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *utmp = UTMP_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmp_path=no ]
+)
+if test -z "$conf_utmp_location"; then
+	if test x"$system_utmp_path" = x"no" ; then
+		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+			if test -f $f ; then
+				conf_utmp_location=$f
+			fi
+		done
+		if test -z "$conf_utmp_location"; then
+			AC_DEFINE(DISABLE_UTMP)
+		fi
+	fi
+fi
+if test -n "$conf_utmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
+fi
+
+dnl wtmp detection
+AC_MSG_CHECKING([if your system defines WTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *wtmp = WTMP_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmp_path=no ]
+)
+if test -z "$conf_wtmp_location"; then
+	if test x"$system_wtmp_path" = x"no" ; then
+		for f in /usr/adm/wtmp /var/log/wtmp; do
+			if test -f $f ; then
+				conf_wtmp_location=$f
+			fi
+		done
+		if test -z "$conf_wtmp_location"; then
+			AC_DEFINE(DISABLE_WTMP)
+		fi
+	fi
+fi
+if test -n "$conf_wtmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
+fi
+
+
+dnl utmpx detection - I don't know any system so perverse as to require
+dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
+dnl  there, though.
+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *utmpx = UTMPX_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmpx_path=no ]
+)
+if test -z "$conf_utmpx_location"; then
+	if test x"$system_utmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_UTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
+fi
+
+dnl wtmpx detection
+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#  include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *wtmpx = WTMPX_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmpx_path=no ]
+)
+if test -z "$conf_wtmpx_location"; then
+	if test x"$system_wtmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_WTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
+fi
+
+# Checks for library functions.
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_MEMCMP
+AC_FUNC_SELECT_ARGTYPES
+AC_CHECK_FUNCS([getpass getspnam getusershell putenv])
+AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ])
+AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist fexecve])
+
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
+
+# Solaris needs ptmx
+if test -z "$no_ptmx_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		if test -e /dev/ptmx ; then
+			AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx)
+		fi
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
+	fi
+fi
+
+if test -z "$no_ptc_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		if test -e /dev/ptc ; then
+			AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts)
+		fi
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
+	fi
+fi
+
+AC_EXEEXT
+
+if test $BUNDLED_LIBTOM = 1 ; then
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
+
+# flags that should be set in Makefile but not for configure tests
+CFLAGS="$CFLAGS $LATE_CFLAGS"
+
+AC_CONFIG_AUX_DIR([src])
+
+AC_CONFIG_HEADERS([config.h:src/config.h.in])
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES test/Makefile)
+AC_OUTPUT
+
+AC_MSG_NOTICE()
+if test $BUNDLED_LIBTOM = 1 ; then
+AC_MSG_NOTICE([Using bundled libtomcrypt and libtommath])
+else
+AC_MSG_NOTICE([Using system libtomcrypt and libtommath])
+fi
+
+
+if test "x$ac_cv_func_getpass" != xyes; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([getpass() not available, dbclient will only have public-key authentication])
+fi
+
+if test "t$found_crypt_func" != there; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([crypt() not available, dropbear server will not have password authentication])
+fi
+
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([Now edit localoptions.h to choose features.])

configure.in

@@ -1,577 +0,0 @@
-#                                               -*- Autoconf -*-
-# Process this file with autoconf and autoheader to produce a configure script.
-
-# This Autoconf file was cobbled from various locations. In particular, a bunch
-# of the platform checks have been taken straight from OpenSSH's configure.ac
-# Huge thanks to them for dealing with the horrible platform-specifics :)
-
-AC_PREREQ(2.50)
-AC_INIT(buffer.c)
-
-OLDCFLAGS=$CFLAGS
-# Checks for programs.
-AC_PROG_CC
-AC_PROG_MAKE_SET
-
-if test -z "$LD" ; then
-	LD=$CC
-fi
-AC_SUBST(LD)	
-
-if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
-	AC_MSG_RESULT(No \$CFLAGS set... using "-Os -W -Wall for GCC")
-	CFLAGS="-Os -W -Wall"
-fi
-
-# Host specific options
-# this isn't a definitive list of hosts, they are just added as required
-AC_CANONICAL_HOST
-
-case "$host" in
-
-*-*-linux*)
-	no_ptmx_check=1
-	;;
-
-*-*-solaris*)
-	CFLAGS="$CFLAGS -I/usr/local/include"
-	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
-	conf_lastlog_location="/var/adm/lastlog"
-	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
-	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
-	if test "$sol2ver" -ge 8; then
-		AC_MSG_RESULT(yes)
-		AC_DEFINE(DISABLE_UTMP,,Disable utmp)
-		AC_DEFINE(DISABLE_WTMP,,Disable wtmp)
-	else
-		AC_MSG_RESULT(no)
-	fi
-	AC_CHECK_LIB(socket, socket, LIBS="$LIBS -lsocket")
-	AC_CHECK_LIB(nsl, yp_match, LIBS="$LIBS -lnsl")
-	;;
-
-*-*-aix*)
-	AC_DEFINE(AIX,,Using AIX)
-	# OpenSSH thinks it's broken. If it isn't, let me know.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-	
-*-*-hpux*)
-	LIBS="$LIBS -lsec"
-	# It's probably broken.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-*-dec-osf*)
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-esac
-
-AC_CHECK_TOOL(AR, ar, :)
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-AC_CHECK_TOOL(STRIP, strip, :)
-AC_CHECK_TOOL(INSTALL, install, :)
-
-dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
-	[
-	no_loginfunc_check=1
-	AC_MSG_RESULT(Using uClibc - login() and logout() probably don't work, so we won't use them.)
-	],,,)
-
-# Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
-
-# Check if zlib is needed
-AC_ARG_WITH(zlib,
-	[  --with-zlib=PATH        Use zlib in PATH],
-	[
-		# option is given
-		if test -d "$withval/lib"; then
-			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-		else
-			LDFLAGS="-L${withval} ${LDFLAGS}"
-		fi
-		if test -d "$withval/include"; then
-			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-		else
-			CPPFLAGS="-I${withval} ${CPPFLAGS}"
-		fi
-	]
-)
-
-AC_ARG_ENABLE(zlib,
-	[  --disable-zlib          Don't include zlib support],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_ZLIB,, Use zlib)
-			AC_MSG_RESULT(Disabling zlib)
-		else
-			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
-			AC_MSG_RESULT(Enabling zlib)
-		fi
-	],
-	[
-		# if not disabled, check for zlib
-		AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
-		AC_MSG_RESULT(Enabling zlib)
-	]
-)
-
-AC_ARG_ENABLE(openpty,
-	[  --disable-openpty       Don't use openpty, use alternative method],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_MSG_RESULT(Not using openpty)
-		else
-			AC_MSG_RESULT(Using openpty if available)
-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
-		fi
-	],
-	[
-		AC_MSG_RESULT(Using openpty if available)
-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
-	]
-)
-		
-
-AC_ARG_ENABLE(syslog,
-	[  --disable-syslog        Don't include syslog support],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_SYSLOG,, Using syslog)
-			AC_MSG_RESULT(Disabling syslog)
-		else
-			AC_MSG_RESULT(Enabling syslog)
-		fi
-	],
-	[
-		AC_MSG_RESULT(Enabling syslog)
-	]
-)
-
-AC_ARG_ENABLE(shadow,
-	[  --disable-shadow        Don't use shadow passwords (if available)],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_MSG_RESULT(Not using shadow passwords)
-		else
-			AC_CHECK_HEADERS([shadow.h])
-			AC_MSG_RESULT(Using shadow passwords if available)
-		fi
-	],
-	[
-		AC_CHECK_HEADERS([shadow.h])
-		AC_MSG_RESULT(Using shadow passwords if available)
-	]
-)
-			
-
-# Checks for header files.
-AC_HEADER_STDC
-AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h])
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_TYPE_UID_T
-AC_TYPE_MODE_T
-AC_TYPE_PID_T
-AC_TYPE_SIZE_T
-AC_HEADER_TIME
-
-AC_CHECK_TYPES([uint16_t, u_int16_t, struct sockaddr_storage])
-AC_CHECK_TYPE([socklen_t], ,[
-	AC_MSG_CHECKING([for socklen_t equivalent])
-	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
-	[
-	# Systems have either "struct sockaddr *" or
-	# "void *" as the second argument to getpeername
-	curl_cv_socklen_t_equiv=
-	for arg2 in "struct sockaddr" void; do
-		for t in int size_t unsigned long "unsigned long"; do
-		AC_TRY_COMPILE([
-			#include <sys/types.h>
-			#include <sys/socket.h>
-
-			int getpeername (int, $arg2 *, $t *);
-		],[
-			$t len;
-			getpeername(0,0,&len);
-		],[
-			curl_cv_socklen_t_equiv="$t"
-			break
-		])
-		done
-	done
-
-	if test "x$curl_cv_socklen_t_equiv" = x; then
-		AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
-	fi
-	])
-	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
-	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
-			[type to use in place of socklen_t if not defined])],
-	[#include <sys/types.h>
-	#include <sys/socket.h>])
-
-# for the fake-rfc2553 stuff - straight from OpenSSH
-
-AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <sys/socket.h>
-		],
-		[ struct sockaddr_storage s; ],
-		[ ac_cv_have_struct_sockaddr_storage="yes" ],
-		[ ac_cv_have_struct_sockaddr_storage="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
-fi
-
-AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <netinet/in.h>
-		],
-		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
-		[ ac_cv_have_struct_sockaddr_in6="yes" ],
-		[ ac_cv_have_struct_sockaddr_in6="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6)
-fi
-
-AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <netinet/in.h>
-		],
-		[ struct in6_addr s; s.s6_addr[0] = 0; ],
-		[ ac_cv_have_struct_in6_addr="yes" ],
-		[ ac_cv_have_struct_in6_addr="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr)
-fi
-
-AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-		],
-		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
-		[ ac_cv_have_struct_addrinfo="yes" ],
-		[ ac_cv_have_struct_addrinfo="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo)
-fi
-
-
-# IRIX has a const char return value for gai_strerror()
-AC_CHECK_FUNCS(gai_strerror,[
-	AC_DEFINE(HAVE_GAI_STRERROR)
-	AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-const char *gai_strerror(int);],[
-char *str;
-
-str = gai_strerror(0);],[
-		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
-		[Define if gai_strerror() returns const char *])])])
-
-# for loginrec.c
-
-AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type, struct utmp.ut_tv, struct utmp.ut_id, struct utmp.ut_addr, struct utmp.ut_addr_v6, struct utmp.ut_exit, struct utmp.ut_time],,,[
-#include <sys/types.h>
-#if HAVE_UTMP_H
-#include <utmp.h>
-#endif
-])
-
-AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
-#include <sys/types.h>
-#if HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-])
-
-AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
-AC_CHECK_FUNCS(utmpname)
-AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
-AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
-
-dnl Added from OpenSSH 3.6.1p2's configure.ac
-
-dnl allow user to disable some login recording features
-AC_ARG_ENABLE(lastlog,
-	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
-	[ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ]
-)
-AC_ARG_ENABLE(utmp,
-	[  --disable-utmp          Disable use of utmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ]
-)
-AC_ARG_ENABLE(utmpx,
-	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ]
-)
-AC_ARG_ENABLE(wtmp,
-	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ]
-)
-AC_ARG_ENABLE(wtmpx,
-	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ]
-)
-AC_ARG_ENABLE(loginfunc,
-	[  --disable-loginfunc     Disable use of login() etc. [no]],
-	[ no_loginfunc_check=1
-	AC_MSG_RESULT(Not using login() etc) ]
-)
-AC_ARG_ENABLE(pututline,
-	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ]
-)
-AC_ARG_ENABLE(pututxline,
-	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ]
-)
-AC_ARG_WITH(lastlog,
-  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
-	[
-		if test "x$withval" = "xno" ; then	
-			AC_DEFINE(DISABLE_LASTLOG)
-		else
-			conf_lastlog_location=$withval
-		fi
-	]
-)
-
-if test -z "$no_loginfunc_check"; then
-	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
-	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)])
-	AC_CHECK_FUNCS(logout updwtmp logwtmp)
-fi
-
-dnl lastlog, [uw]tmpx? detection
-dnl  NOTE: set the paths in the platform section to avoid the
-dnl   need for command-line parameters
-dnl lastlog and [uw]tmp are subject to a file search if all else fails
-
-dnl lastlog detection
-dnl  NOTE: the code itself will detect if lastlog is a directory
-AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-#  include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-#ifdef HAVE_LOGIN_H
-# include <login.h>
-#endif
-	],
-	[ char *lastlog = LASTLOG_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[
-		AC_MSG_RESULT(no)
-		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
-		AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-#  include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-		],
-		[ char *lastlog = _PATH_LASTLOG; ],
-		[ AC_MSG_RESULT(yes) ],
-		[
-			AC_MSG_RESULT(no)
-			system_lastlog_path=no
-		])
-	]
-)
-
-if test -z "$conf_lastlog_location"; then
-	if test x"$system_lastlog_path" = x"no" ; then
-		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
-				if (test -d "$f" || test -f "$f") ; then
-					conf_lastlog_location=$f
-				fi
-		done
-		if test -z "$conf_lastlog_location"; then
-			AC_MSG_WARN([** Cannot find lastlog **])
-			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
-		fi
-	fi
-fi
-
-if test -n "$conf_lastlog_location"; then
-	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
-
-dnl utmp detection
-AC_MSG_CHECKING([if your system defines UTMP_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *utmp = UTMP_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_utmp_path=no ]
-)
-if test -z "$conf_utmp_location"; then
-	if test x"$system_utmp_path" = x"no" ; then
-		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
-			if test -f $f ; then
-				conf_utmp_location=$f
-			fi
-		done
-		if test -z "$conf_utmp_location"; then
-			AC_DEFINE(DISABLE_UTMP)
-		fi
-	fi
-fi
-if test -n "$conf_utmp_location"; then
-	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
-
-dnl wtmp detection
-AC_MSG_CHECKING([if your system defines WTMP_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *wtmp = WTMP_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_wtmp_path=no ]
-)
-if test -z "$conf_wtmp_location"; then
-	if test x"$system_wtmp_path" = x"no" ; then
-		for f in /usr/adm/wtmp /var/log/wtmp; do
-			if test -f $f ; then
-				conf_wtmp_location=$f
-			fi
-		done
-		if test -z "$conf_wtmp_location"; then
-			AC_DEFINE(DISABLE_WTMP)
-		fi
-	fi
-fi
-if test -n "$conf_wtmp_location"; then
-	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
-
-
-dnl utmpx detection - I don't know any system so perverse as to require
-dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
-dnl  there, though.
-AC_MSG_CHECKING([if your system defines UTMPX_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *utmpx = UTMPX_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_utmpx_path=no ]
-)
-if test -z "$conf_utmpx_location"; then
-	if test x"$system_utmpx_path" = x"no" ; then
-		AC_DEFINE(DISABLE_UTMPX)
-	fi
-else
-	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
-
-dnl wtmpx detection
-AC_MSG_CHECKING([if your system defines WTMPX_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *wtmpx = WTMPX_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_wtmpx_path=no ]
-)
-if test -z "$conf_wtmpx_location"; then
-	if test x"$system_wtmpx_path" = x"no" ; then
-		AC_DEFINE(DISABLE_WTMPX)
-	fi
-else
-	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
-
-# Checks for library functions.
-AC_PROG_GCC_TRADITIONAL
-AC_FUNC_MEMCMP
-AC_FUNC_SELECT_ARGTYPES
-AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([dup2 getspnam getusershell memset putenv select socket strdup clearenv strlcpy strlcat daemon basename _getpty getaddrinfo freeaddrinfo getnameinfo])
-
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
-
-# Solaris needs ptmx
-if test -z "$no_ptmx_check" ; then
-	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx))
-	else
-		AC_MSG_RESULT(Not checking for /dev/ptmx, we're cross-compiling)
-	fi
-fi
-
-if test -z "$no_ptc_check" ; then
-	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts))
-	else
-		AC_MSG_RESULT(Not checking for /dev/ptc & /dev/pts\, we're cross-compiling)
-	fi
-fi
-
-AC_EXEEXT
-AC_CONFIG_HEADER(config.h)
-AC_OUTPUT(Makefile)
-AC_MSG_RESULT()
-AC_MSG_RESULT(Now edit options.h to choose features.)

dbutil.c

@@ -1,607 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- *
- * strlcat() is copyright as follows:
- * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "includes.h"
-#include "dbutil.h"
-#include "buffer.h"
-#include "session.h"
-#include "atomicio.h"
-
-#define MAX_FMT 100
-
-static void generic_dropbear_exit(int exitcode, const char* format, 
-		va_list param);
-static void generic_dropbear_log(int priority, const char* format, 
-		va_list param);
-
-void (*_dropbear_exit)(int exitcode, const char* format, va_list param) 
-						= generic_dropbear_exit;
-void (*_dropbear_log)(int priority, const char* format, va_list param)
-						= generic_dropbear_log;
-
-#ifdef DEBUG_TRACE
-int debug_trace = 0;
-#endif
-
-int usingsyslog = 0; /* set by runopts, but required externally to sessions */
-#ifndef DISABLE_SYSLOG
-void startsyslog() {
-
-	openlog(PROGNAME, LOG_PID, LOG_AUTHPRIV);
-
-}
-#endif /* DISABLE_SYSLOG */
-
-/* the "format" string must be <= 100 characters */
-void dropbear_close(const char* format, ...) {
-
-	va_list param;
-
-	va_start(param, format);
-	_dropbear_exit(EXIT_SUCCESS, format, param);
-	va_end(param);
-
-}
-
-void dropbear_exit(const char* format, ...) {
-
-	va_list param;
-
-	va_start(param, format);
-	_dropbear_exit(EXIT_FAILURE, format, param);
-	va_end(param);
-}
-
-static void generic_dropbear_exit(int exitcode, const char* format, 
-		va_list param) {
-
-	char fmtbuf[300];
-
-	snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", format);
-
-	_dropbear_log(LOG_INFO, fmtbuf, param);
-
-	exit(exitcode);
-}
-
-static void generic_dropbear_log(int UNUSED(priority), const char* format, 
-		va_list param) {
-
-	char printbuf[1024];
-
-	vsnprintf(printbuf, sizeof(printbuf), format, param);
-
-	fprintf(stderr, "%s\n", printbuf);
-
-}
-
-/* this is what can be called to write arbitrary log messages */
-void dropbear_log(int priority, const char* format, ...) {
-
-	va_list param;
-
-	va_start(param, format);
-	_dropbear_log(priority, format, param);
-	va_end(param);
-}
-
-
-#ifdef DEBUG_TRACE
-void dropbear_trace(const char* format, ...) {
-
-	va_list param;
-
-	if (!debug_trace) {
-		return;
-	}
-
-	va_start(param, format);
-	fprintf(stderr, "TRACE: ");
-	vfprintf(stderr, format, param);
-	fprintf(stderr, "\n");
-	va_end(param);
-}
-#endif /* DEBUG_TRACE */
-
-/* Listen on address:port. Unless address is NULL, in which case listen on
- * everything. If called with address == "", we'll listen on localhost/loopback.
- * Returns the number of sockets bound on success, or -1 on failure. On
- * failure, if errstring wasn't NULL, it'll be a newly malloced error
- * string.*/
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
-
-	struct addrinfo hints, *res = NULL, *res0 = NULL;
-	int err;
-	unsigned int nsock;
-	struct linger linger;
-	int val;
-	int sock;
-
-	TRACE(("enter dropbear_listen"));
-	
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
-	hints.ai_socktype = SOCK_STREAM;
-
-	if (address && address[0] == '\0') {
-		TRACE(("dropbear_listen: local loopback"));
-		address = NULL;
-	} else {
-		TRACE(("dropbear_listen: not local loopback"));
-		hints.ai_flags = AI_PASSIVE;
-	}
-	err = getaddrinfo(address, port, &hints, &res0);
-
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
-		}
-		TRACE(("leave dropbear_listen: failed resolving"));
-		return -1;
-	}
-
-
-	nsock = 0;
-	for (res = res0; res != NULL && nsock < sockcount;
-			res = res->ai_next) {
-
-		/* Get a socket */
-		socks[nsock] = socket(res->ai_family, res->ai_socktype,
-				res->ai_protocol);
-
-		sock = socks[nsock]; /* For clarity */
-
-		if (sock < 0) {
-			err = errno;
-			TRACE(("socket() failed"));
-			continue;
-		}
-
-		/* Various useful socket options */
-		val = 1;
-		/* set to reuse, quick timeout */
-		setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
-		linger.l_onoff = 1;
-		linger.l_linger = 5;
-		setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
-
-		/* disable nagle */
-		setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
-
-		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("bind(%s) failed", port));
-			continue;
-		}
-
-		if (listen(sock, 20) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("listen() failed"));
-			continue;
-		}
-
-		*maxfd = MAX(*maxfd, sock);
-
-		nsock++;
-	}
-
-	if (nsock == 0) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error listening: %s", strerror(err));
-			TRACE(("leave dropbear_listen: failure, %s", strerror(err)));
-			return -1;
-		}
-	}
-
-	TRACE(("leave dropbear_listen: success, %d socks bound", nsock));
-	return nsock;
-}
-
-/* Connect via TCP to a host. Connection will try ipv4 or ipv6, will
- * return immediately if nonblocking is set. On failure, if errstring
- * wasn't null, it will be a newly malloced error message */
-
-/* TODO: maxfd */
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring) {
-
-	struct addrinfo *res0 = NULL, *res = NULL, hints;
-	int sock;
-	int err;
-
-	TRACE(("enter connect_remote"));
-
-	if (errstring != NULL) {
-		*errstring = NULL;
-	}
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-
-	err = getaddrinfo(remotehost, remoteport, &hints, &res0);
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
-		}
-		TRACE(("Error resolving: %s", gai_strerror(err)));
-		return -1;
-	}
-
-	sock = -1;
-	err = EADDRNOTAVAIL;
-	for (res = res0; res; res = res->ai_next) {
-
-		sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-		if (sock < 0) {
-			err = errno;
-			continue;
-		}
-
-		if (nonblocking) {
-			if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0) {
-				close(sock);
-				sock = -1;
-				if (errstring != NULL && *errstring == NULL) {
-					*errstring = m_strdup("Failed non-blocking");
-				}
-				TRACE(("Failed non-blocking: %s", strerror(errno)));
-				continue;
-			}
-		}
-
-		if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			if (errno == EINPROGRESS && nonblocking) {
-				TRACE(("Connect in progress"));
-				break;
-			} else {
-				err = errno;
-				close(sock);
-				sock = -1;
-				continue;
-			}
-		}
-
-		break; /* Success */
-	}
-
-	if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) {
-		/* Failed */
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error connecting: %s", strerror(err));
-		}
-		TRACE(("Error connecting: %s", strerror(err)));
-	} else {
-		/* Success */
-		/* (err is used as a dummy var here) */
-		setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&err, sizeof(err));
-	}
-
-	freeaddrinfo(res0);
-	if (sock > 0 && errstring != NULL && *errstring != NULL) {
-		m_free(*errstring);
-	}
-
-	TRACE(("leave connect_remote: sock %d\n", sock));
-	return sock;
-}
-
-/* Return a string representation of the socket address passed. The return
- * value is allocated with malloc() */
-unsigned char * getaddrstring(struct sockaddr_storage* addr, int withport) {
-
-	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
-	char *retstring = NULL;
-	int ret;
-	unsigned int len;
-
-	len = sizeof(struct sockaddr_storage);
-
-	ret = getnameinfo((struct sockaddr*)addr, len, hbuf, sizeof(hbuf), 
-			sbuf, sizeof(sbuf), NI_NUMERICSERV | NI_NUMERICHOST);
-
-	if (ret != 0) {
-		/* This is a fairly bad failure - it'll fallback to IP if it
-		 * just can't resolve */
-		dropbear_exit("failed lookup (%d, %d)", ret, errno);
-	}
-
-	if (withport) {
-		len = strlen(hbuf) + 2 + strlen(sbuf);
-		retstring = (char*)m_malloc(len);
-		snprintf(retstring, len, "%s:%s", hbuf, sbuf);
-	} else {
-		retstring = m_strdup(hbuf);
-	}
-
-	return retstring;
-
-}
-
-/* Get the hostname corresponding to the address addr. On failure, the IP
- * address is returned. The return value is allocated with strdup() */
-char* getaddrhostname(struct sockaddr_storage * addr) {
-
-	char hbuf[NI_MAXHOST];
-	char sbuf[NI_MAXSERV];
-	int ret;
-	unsigned int len;
-
-	len = sizeof(struct sockaddr_storage);
-
-	ret = getnameinfo((struct sockaddr*)addr, len, hbuf, sizeof(hbuf),
-			sbuf, sizeof(sbuf), NI_NUMERICSERV);
-
-	if (ret != 0) {
-		/* On some systems (Darwin does it) we get EINTR from getnameinfo
-		 * somehow. Eew. So we'll just return the IP, since that doesn't seem
-		 * to exhibit that behaviour. */
-		return getaddrstring(addr, 0);
-	}
-
-	return m_strdup(hbuf);
-}
-
-#ifdef DEBUG_TRACE
-void printhex(unsigned char* buf, int len) {
-
-	int i;
-
-	for (i = 0; i < len; i++) {
-		fprintf(stderr, "%02x", buf[i]);
-		if (i % 16 == 15) {
-			fprintf(stderr, "\n");
-		}
-		else if (i % 2 == 1) {
-			fprintf(stderr, " ");
-		}
-	}
-	fprintf(stderr, "\n");
-}
-#endif
-
-/* Strip all control characters from text (a null-terminated string), except
- * for '\n', '\r' and '\t'.
- * The result returned is a newly allocated string, this must be free()d after
- * use */
-char * stripcontrol(const char * text) {
-
-	char * ret;
-	int len, pos;
-	int i;
-	
-	len = strlen(text);
-	ret = m_malloc(len+1);
-
-	pos = 0;
-	for (i = 0; i < len; i++) {
-		if ((text[i] <= '~' && text[i] >= ' ') /* normal printable range */
-				|| text[i] == '\n' || text[i] == '\r' || text[i] == '\t') {
-			ret[pos] = text[i];
-			pos++;
-		}
-	}
-	ret[pos] = 0x0;
-	return ret;
-}
-			
-
-/* reads the contents of filename into the buffer buf, from the current
- * position, either to the end of the file, or the buffer being full.
- * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_readfile(buffer* buf, const char* filename) {
-
-	int fd;
-	int len;
-	int maxlen;
-
-	fd = open(filename, O_RDONLY);
-
-	if (fd < 0) {
-		close(fd);
-		return DROPBEAR_FAILURE;
-	}
-	
-	do {
-		maxlen = buf->size - buf->pos;
-		len = read(fd, buf_getwriteptr(buf, maxlen),
-				maxlen);
-		buf_incrwritepos(buf, len);
-	} while (len < maxlen && len > 0);
-
-	close(fd);
-	return DROPBEAR_SUCCESS;
-}
-
-/* get a line from the file into buffer in the style expected for an
- * authkeys file.
- * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
-/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
-#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
-int buf_getline(buffer * line, FILE * authfile) {
-
-	int c = EOF;
-
-	TRACE(("enter buf_getline"));
-
-	buf_setpos(line, 0);
-	buf_setlen(line, 0);
-
-	while (line->pos < line->size) {
-
-		c = fgetc(authfile); /*getc() is weird with some uClibc systems*/
-		if (c == EOF || c == '\n' || c == '\r') {
-			goto out;
-		}
-
-		buf_putbyte(line, (unsigned char)c);
-	}
-
-	TRACE(("leave getauthline: line too long"));
-	/* We return success, but the line length will be zeroed - ie we just
-	 * ignore that line */
-	buf_setlen(line, 0);
-
-out:
-
-	buf_setpos(line, 0);
-
-	/* if we didn't read anything before EOF or error, exit */
-	if (c == EOF && line->pos == 0) {
-		TRACE(("leave getauthline: failure"));
-		return DROPBEAR_FAILURE;
-	} else {
-		TRACE(("leave getauthline: success"));
-		return DROPBEAR_SUCCESS;
-	}
-
-	TRACE(("leave buf_getline"));
-}	
-#endif
-
-/* loop until the socket is closed (in case of EINTR) or
- * we get and error.
- * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int m_close(int fd) {
-
-	int val;
-	do {
-		val = close(fd);
-	} while (val < 0 && errno == EINTR);
-
-	if (val == 0 || errno == EBADF) {
-		return DROPBEAR_SUCCESS;
-	} else {
-		return DROPBEAR_FAILURE;
-	}
-}
-	
-void * m_malloc(size_t size) {
-
-	void* ret;
-
-	if (size == 0) {
-		dropbear_exit("m_malloc failed");
-	}
-	ret = malloc(size);
-	if (ret == NULL) {
-		dropbear_exit("m_malloc failed");
-	}
-	return ret;
-
-}
-
-void * m_strdup(const char * str) {
-	char* ret;
-
-	ret = strdup(str);
-	if (ret == NULL) {
-		dropbear_exit("m_strdup failed");
-	}
-	return ret;
-}
-
-void __m_free(void* ptr) {
-	if (ptr != NULL) {
-		free(ptr);
-	}
-}
-
-void * m_realloc(void* ptr, size_t size) {
-
-	void *ret;
-
-	if (size == 0) {
-		dropbear_exit("m_realloc failed");
-	}
-	ret = realloc(ptr, size);
-	if (ret == NULL) {
-		dropbear_exit("m_realloc failed");
-	}
-	return ret;
-}
-
-/* Clear the data, based on the method in David Wheeler's
- * "Secure Programming for Linux and Unix HOWTO" */
-void m_burn(void *data, unsigned int len) {
-	volatile char *p = data;
-
-	if (data == NULL)
-		return;
-	while (len--) {
-		*p++ = 0x66;
-	}
-}
-
-
-void setnonblocking(int fd) {
-
-	TRACE(("setnonblocking: %d", fd));
-
-	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
-		dropbear_exit("Couldn't set nonblocking");
-	}
-	TRACE(("leave setnonblocking"));
-}

dbutil.h

@@ -1,69 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _DBUTIL_H_
-
-#define _DBUTIL_H_
-
-#include "includes.h"
-#include "buffer.h"
-
-#ifndef DISABLE_SYSLOG
-void startsyslog();
-#endif
-
-extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param);
-extern void (*_dropbear_log)(int priority, const char* format, va_list param);
-
-void dropbear_exit(const char* format, ...);
-void dropbear_close(const char* format, ...);
-void dropbear_log(int priority, const char* format, ...);
-#ifdef DEBUG_TRACE
-void dropbear_trace(const char* format, ...);
-void printhex(unsigned char* buf, int len);
-extern int debug_trace;
-#endif
-char * stripcontrol(const char * text);
-unsigned char * getaddrstring(struct sockaddr_storage* addr, int withport);
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd);
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring);
-char* getaddrhostname(struct sockaddr_storage * addr);
-int buf_readfile(buffer* buf, const char* filename);
-int buf_getline(buffer * line, FILE * authfile);
-
-int m_close(int fd);
-void * m_malloc(size_t size);
-void * m_strdup(const char * str);
-void * m_realloc(void* ptr, size_t size);
-#define m_free(X) __m_free(X); (X) = NULL;
-void __m_free(void* ptr);
-void m_burn(void* data, unsigned int len);
-void setnonblocking(int fd);
-
-/* Used to force mp_ints to be initialised */
-#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
-
-#endif /* _DBUTIL_H_ */

debian/README.Debian.diet

@@ -0,0 +1,15 @@
+Building with the diet libc
+---------------------------
+
+This package optionally can be built with the diet libc instead of the
+glibc to provide small statically linked programs.  The resulting package
+has no dependency on any other package.
+
+To use the diet libc, make sure the latest versions of the dietlibc-dev
+package is installed, and set DEB_BUILD_OPTIONS=diet in the environment
+when building the package, e.g.:
+
+ # apt-get install dietlibc-dev
+ $ DEB_BUILD_OPTIONS=diet fakeroot apt-get source -b dropbear
+
+ -- Gerrit Pape <pape@smarden.org>, Sat, 17 Jul 2004 19:09:34 +0000

debian/README.runit

@@ -31,16 +31,16 @@ run script
 
  # vi /etc/dropbear/run
 
-Finally enable the service by linking dropbear's service directory to
-/var/service/.  The service will be started within five seconds, and
-automatically at boot time.  The sysv init script is disabled; see the
-runsvctrl(8) program for information on how to control services handled by
-runit.  See the svlogd(8) program on how to configure the log service.
+Finally enable the service through runit's update-service(8) program, the
+service will be started within five seconds, and automatically at boot
+time, and the sysv init script will automatically be disabled; see the
+sv(8) program for information on how to control services handled by runit.
+See the svlogd(8) program on how to configure the log service.
 
- # ln -s /etc/dropbear /var/service/
+ # update-service --add /etc/dropbear
 
 Optionally check the status of the service a few seconds later
 
- # runsvstat -l /var/service/dropbear
+ # sv status dropbear
 
- -- Gerrit Pape <pape@smarden.org>, Sun, 16 May 2004 15:52:34 +0000
+ -- Gerrit Pape <pape@smarden.org>, Fri, 02 Mar 2007 20:41:08 +0000

debian/changelog

@@ -1,35 +1,376 @@
-dropbear (0.44test3-1) unstable; urgency=medium
+dropbear (2024.85-0.1) unstable; urgency=low
 
-  * New upstream beta, various useful fixes.
+  * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Fri, 27 August 2004 22:20:00 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 25 Apr 2024 22:51:57 +0800
 
-dropbear (0.44test2-1) unstable; urgency=low
+dropbear (2024.84-0.1) unstable; urgency=low
 
-  * New upstream beta, various minor fixes.
+  * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Tues, 17 August 2004 19:00:00 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 4 Apr 2024 22:51:57 +0800
 
-dropbear (0.44test1-1) unstable; urgency=low
+dropbear (2022.83-0.1) unstable; urgency=low
 
-  * Upstream beta 0.44test1
-  * Huge changes to allow client functionality
+  * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Sat, 14 August 2004 23:00:00 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 14 Nov 2022 22:51:57 +0800
 
-dropbear (0.43-1) unstable; urgency=high
+dropbear (2022.82-0.1) unstable; urgency=low
 
-  * New upstream release 0.43
-  * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
-    code
-  * Handle portforwarding to servers which don't send any initial data
-    (Closes: #258426)
+  * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Fri, 16 July 2004 17:44:54 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 1 Apr 2022 22:51:57 +0800
+
+dropbear (2020.81-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 29 Oct 2020 22:51:57 +0800
+
+dropbear (2020.80-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 26 Jun 2020 22:51:57 +0800
+
+dropbear (2020.79-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 15 Jun 2020 22:51:57 +0800
+
+dropbear (2019.78-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 27 Mar 2019 22:51:57 +0800
+
+dropbear (2019.77-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 23 Mar 2019 22:51:57 +0800
+
+dropbear (2018.76-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 27 Feb 2018 22:51:57 +0800
+
+dropbear (2017.75-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 May 2017 22:51:57 +0800
+
+dropbear (2016.74-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Jul 2016 22:51:57 +0800
+
+dropbear (2016.73-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 18 Mar 2016 22:52:58 +0800
+
+dropbear (2016.72-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 10 Mar 2016 22:52:58 +0800
+
+dropbear (2015.70-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 26 Nov 2015 22:52:58 +0800
+
+dropbear (2015.69-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 25 Nov 2015 22:52:58 +0800
+
+dropbear (2015.68-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 8 Aug 2015 22:52:58 +0800
+
+dropbear (2015.67-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 28 Jan 2015 22:53:59 +0800
+
+dropbear (2014.66-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 23 Oct 2014 22:54:00 +0800
+
+dropbear (2014.65-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 Aug 2014 22:54:00 +0800
+
+dropbear (2014.64-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 27 Jul 2014 22:54:00 +0800
+
+dropbear (2014.63-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 19 Feb 2014 22:54:00 +0800
+
+dropbear (2013.62) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 7 Dec 2013 22:54:00 +0800
+
+dropbear (2013.60-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 Oct 2013 22:54:00 +0800
+
+dropbear (2013.59-0.1) unstable; urgency=low
+
+  * New upstream release.
+  * Build with DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 4 Oct 2013 22:54:00 +0800
+
+dropbear (2013.58-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 Apr 2013 22:54:00 +0800
+
+dropbear (2013.57-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 15 Apr 2013 22:54:00 +0800
+
+dropbear (2013.56-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Mar 2013 22:54:00 +0800
+
+dropbear (2012.55-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 22 Feb 2012 22:54:00 +0800
+
+dropbear (2011.54-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tues, 8 Nov 2011 22:54:00 +0800
+
+dropbear (0.53.1-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 2 Mar 2011 22:54:00 +0900
+
+dropbear (0.53-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 24 Feb 2011 22:54:00 +0900
+
+dropbear (0.52-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 12 Nov 2008 22:54:00 +0900
+
+dropbear (0.51-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 27 Mar 2008 19:14:00 +0900
+
+dropbear (0.50-4) unstable; urgency=low
+
+  * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB
+    formatted dependency info in init.d script (closes: #466257).
+  * debian/rules: no longer include symlinks for ./supervise/ subdirectories.
+  * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed
+    by runit, remove service, and re-add using update-service(8).
+  * debian/control: Standards-Version: 3.7.3.0.
+  * debian/rules: target clean: don't ignore errors but check for readable
+    ./Makefile.
+
+ -- Gerrit Pape <pape@smarden.org>  Thu, 06 Mar 2008 19:06:58 +0000
+
+dropbear (0.50-3) unstable; urgency=low
+
+  * debian/dropbear.init: use the update-service(8) program from the runit
+    package instead of directly checking for the symlink in /var/service/.
+  * debian/README.runit: talk about update-service(8) instead of symlinks
+    in /var/service/.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri, 15 Feb 2008 00:32:37 +0000
+
+dropbear (0.50-2) unstable; urgency=low
+
+  * debian/dropbear.README.Debian: no longer talk about entropy from
+    /dev/random, /dev/urandom is now used by default (thx Joey Hess,
+    closes: #441515).
+
+ -- Gerrit Pape <pape@smarden.org>  Mon, 24 Sep 2007 16:49:17 +0000
+
+dropbear (0.50-1) unstable; urgency=low
+
+  * debian/README.runit: minor.
+  * new upstream version.
+  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+    remove; fixed upstream.
+
+ -- Gerrit Pape <pape@smarden.org>  Thu, 09 Aug 2007 23:01:01 +0000
+
+dropbear (0.49-2) unstable; urgency=low
+
+  * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of
+    -p0.
+  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+    new; options.h: use /dev/urandom instead of /dev/random as
+    DROPBEAR_RANDOM_DEV (closes: #386976).
+  * debian/rules: target clean: remove libtomcrypt/Makefile,
+    libtommath/Makefile.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 09 Jun 2007 08:59:59 +0000
+
+dropbear (0.49-1) unstable; urgency=high
+
+  * new upstream release, fixes
+    * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey
+      mismatch (closes: #412899).
+    * dbclient uses static "Password:" prompt instead of using the server's
+      prompt (closes: #394996).
+  * debian/control: Suggests: openssh-client, not ssh (closes: #405686);
+    Standards-Version: 3.7.2.2.
+  * debian/README.Debian: ssh -> openssh-server, openssh-client; remove
+    'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not
+    installing the openssh-server package.
+  * debian/README.runit: runsvstat -> sv status.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri,  2 Mar 2007 20:48:18 +0000
+
+dropbear (0.48.1-1) unstable; urgency=medium
+
+  * new upstream point release.
+    * Compile fix for scp
+  * debian/diff/dbclient.1.diff: new: document -R option to dbclient
+    accurately (thx Markus Schaber; closes: #351882).
+  * debian/dropbear.README.Debian: document a workaround for systems with
+    possibly blocking /dev/random device (closes: #355414)..
+
+ -- Gerrit Pape <pape@smarden.org>  Sun, 16 Apr 2006 16:16:40 +0000
+
+dropbear (0.48-1) unstable; urgency=medium
+
+  * New upstream release.
+  * SECURITY: Improve handling of denial of service attempts from a single
+    IP.
+
+  * debian/implicit: update to revision 1.11.
+  * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a
+    security issue where use of system() could cause users to execute
+    arbitrary code through malformed filenames; CVE-2006-0225 (see also
+    #349645); the scp binary is not provided by this package though.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri, 10 Mar 2006 22:00:32 +0000
+
+dropbear (0.47-1) unstable; urgency=high
+
+  * New upstream release.
+  * SECURITY: Fix incorrect buffer sizing; CVE-2005-4178.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 8 Dec 2005 19:20:21 +0800
+
+dropbear (0.46-2) unstable; urgency=low
+
+  * debian/control: Standards-Version: 3.6.2.1; update descriptions to
+    mention included server and client (thx Tino Keitel).
+  * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though
+    'NO_START is not set to zero.' (closes: #336723).
+
+ -- Gerrit Pape <pape@smarden.org>  Tue,  6 Dec 2005 13:30:49 +0000
+
+dropbear (0.46-1) unstable; urgency=medium
+
+  * New upstream release, various fixes.
+  * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove;
+    obsolete.
+  * debian/dbclient.1: move to ./dbclient.1.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 July 2005 21:32:55 +0800
+
+dropbear (0.45-3) unstable; urgency=low
+
+  * debian/dropbear.init: init script prints human readable message in case
+    it's disabled (closes: #309099).
+  * debian/dropbear.postinst: configure: restart service through init script
+    instead of start.
+  * debian/dropbear.prerm: set -u -> set -e.
+
+ -- Gerrit Pape <pape@smarden.org>  Wed, 25 May 2005 22:38:17 +0000
+
+dropbear (0.45-2) unstable; urgency=low
+
+  * Matt Johnston:
+    * New upstream release, various fixes.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 12 Mar 2005 15:17:55 +0000
+
+dropbear (0.44-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/rules: install /usr/bin/dbclient; handle possible patches more
+    gracefully; install debian/dbclient.1 man page; enable target patch;
+    minor.
+  * debian/implicit: update to revision 1.10.
+  * debian/dbclient.1: new; man page.
+  * debian/diff/dbclient-usage-typo.diff: new; fix typo.
+  * debian/diff/manpages.diff: new; add references to dbclient man page.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat,  8 Jan 2005 22:50:43 +0000
+
+dropbear (0.43-2) unstable; urgency=high
+
+  * Matt Johnston:
+    * New upstream release 0.43
+    * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
+      code
+    * Handle portforwarding to servers which don't send any initial data
+      (Closes: #258426)
+  * debian/dropbear.postinst: remove code causing bothersome warning on
+    package install (closes: #256752).
+  * debian/README.Debian.diet: new; how to build with the diet libc.
+  * debian/dropbear.docs: add debian/README.Debian.diet.
+  * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 17 Jul 2004 19:31:19 +0000
 
 dropbear (0.42-1) unstable; urgency=low
 
-  * New upstream release 0.42
+  * New upstream release 0.42.
+  * debian/diff/cvs-20040520.diff: remove; obsolete.
+  * debian/rules: disable target patch.
 
  -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 June 2004 12:44:54 +0800
 

debian/control

@@ -3,16 +3,16 @@ Section: net
 Priority: optional
 Maintainer: Gerrit Pape <pape@smarden.org>
 Build-Depends: libz-dev
-Standards-Version: 3.6.1.0
+Standards-Version: 3.7.3.0
 
 Package: dropbear
 Architecture: any
 Depends: ${shlibs:Depends}
-Suggests: ssh, runit
-Description: lightweight SSH2 server
- dropbear is a SSH 2 server designed to be small enough to be used in small
- memory environments, while still being functional and secure enough for
- general use.
+Suggests: openssh-client, runit
+Description: lightweight SSH2 server and client
+ dropbear is a SSH 2 server and client designed to be small enough to
+ be used in small memory environments, while still being functional and
+ secure enough for general use.
  .
  It implements most required features of the SSH 2 protocol, and other
  features such as X11 and authentication agent forwarding.

debian/dropbear.README.Debian

@@ -1,41 +1,19 @@
 Dropbear for Debian
 -------------------
 
-This package will attempt to listen on port 22. If the OpenSSH 
-package ("ssh") is installed, the file /etc/default/dropbear 
-will be set up so that the server does not start by default.
+This package will attempt to setup the Dropbear ssh server to listen on
+port 22.  If the OpenSSH server package ("openssh-server") is installed,
+the file /etc/default/dropbear will be set up so that the server does not
+start by default.
 
-You can run Dropbear concurrently with OpenSSH 'sshd' by 
-modifying /etc/default/dropbear so that "NO_START" is set to 
-"0" and changing the port number that Dropbear runs on. Follow 
-the instructions in the file.
+You can run Dropbear concurrently with OpenSSH 'sshd' by modifying
+/etc/default/dropbear so that "NO_START" is set to "0", and changing the
+port number that Dropbear runs on.  Follow the instructions in the file.
 
-This package suggests you install the "ssh" package. This package 
-provides the "ssh" client program, as well as the "/usr/bin/scp" 
-binary you will need to be able to retrieve files from a server 
-running Dropbear via SCP.
-
-Replacing OpenSSH "sshd" with Dropbear
---------------------------------------
-
-You will still want to have the "ssh" package installed, as it 
-provides the "ssh" and "scp" binaries. When you install this 
-package, it checks for existing OpenSSH host keys and if found, 
-converts them to the Dropbear format.
-
-If this appears to have worked, you should be able to change over 
-by following these steps:
-
-1. Stop the OpenSSH server
-   % /etc/init.d/ssh stop
-2. Prevent the OpenSSH server from starting in the future
-   % touch /etc/ssh/sshd_not_to_be_run
-3. Modify the Dropbear defaults file, set NO_START to 0 and 
-   ensure DROPBEAR_PORT is set to 22.
-   % editor /etc/default/dropbear
-4. Restart the Dropbear server.
-   % /etc/init.d/dropbear restart
+This package suggests you install the "openssh-client" package, which
+provides the "ssh" client program, as well as the "/usr/bin/scp" binary
+you will need to be able to retrieve files via SCP from a server running
+Dropbear.
 
 See the Dropbear homepage for more information:
   http://matt.ucc.asn.au/dropbear/dropbear.html
-

debian/dropbear.docs

@@ -1,3 +1,3 @@
-README
-TODO
+README.md
 debian/README.runit
+debian/README.Debian.diet

debian/dropbear.init

@@ -1,4 +1,12 @@
 #!/bin/sh
+### BEGIN INIT INFO
+# Provides:          dropbear
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Dropbear SSH server
+### END INIT INFO
 #
 # Do not configure this file. Edit /etc/default/dropbear instead!
 #
@@ -14,10 +22,11 @@ NO_START=0
 
 set -e
 
+cancel() { echo "$1" >&2; exit 0; };
 test ! -r /etc/default/dropbear || . /etc/default/dropbear
-test "$NO_START" = "0" || exit 0
-test -x "$DAEMON" || exit 0
-test ! -h /var/service/dropbear || exit 0
+test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear || \
+  cancel 'The dropbear service is controlled through runit, use the sv(8) program'
 
 test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
@@ -25,13 +34,16 @@ test -n "$DROPBEAR_RSAKEY" || \
   DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
 test -n "$DROPBEAR_DSSKEY" || \
   DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
+test -n "$DROPBEAR_RECEIVE_WINDOW" || \
+  DROPBEAR_RECEIVE_WINDOW="65536"
 
 case "$1" in
   start)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Starting $DESC: "
 	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
 	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
-	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
 	echo "$NAME."
 	;;
   stop)
@@ -40,12 +52,13 @@ case "$1" in
 	echo "$NAME."
 	;;
   restart|force-reload)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Restarting $DESC: "
 	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
 	sleep 1
 	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
 	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
-	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
 	echo "$NAME."
 	;;
   *)

debian/dropbear.postinst

@@ -2,7 +2,6 @@
 set -e
 
 test "$1" = 'configure' || exit 0
-test -n "$2" || chown log /etc/dropbear/log/main || true
 
 if test ! -e /etc/dropbear/dropbear_rsa_host_key; then
   if test -f /etc/ssh/ssh_host_rsa_key; then
@@ -55,14 +54,26 @@ DROPBEAR_BANNER=""
 
 # DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
 #DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
+
+# Receive window size - this is a tradeoff between memory and
+# network performance
+DROPBEAR_RECEIVE_WINDOW=65536
 EOT
 fi
 
 if test -x /etc/init.d/dropbear; then
   update-rc.d dropbear defaults >/dev/null
   if test -x /usr/sbin/invoke-rc.d; then
-    invoke-rc.d dropbear start
+    invoke-rc.d dropbear restart
   else
-    /etc/init.d/dropbear start
+    /etc/init.d/dropbear restart
   fi
 fi
+
+if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' &&
+update-service --check dropbear 2>/dev/null; then
+  update-service --remove /etc/dropbear 2>/dev/null || :
+  sleep 6
+  rm -rf /var/run/dropbear /var/run/dropbear.log
+  update-service --add /etc/dropbear || :
+fi

debian/dropbear.prerm

@@ -1,5 +1,5 @@
 #!/bin/sh
-set -u
+set -e
 
 test "$1" = 'remove' || test "$1" = 'deconfigure' || exit 0
 if test -x /etc/init.d/dropbear; then

debian/implicit

@@ -1,4 +1,4 @@
-# $Id: implicit,v 1.1 2004/06/16 05:08:32 matt Exp $
+# $Id: implicit,v 1.11 2005/11/29 21:57:55 pape Exp $
 
 .PHONY: deb-checkdir deb-checkuid
 
@@ -12,6 +12,10 @@ deb-checkuid:
 	  $*.deb-docs-docs $*.deb-docs-examples $*.deb-DEBIAN \
 	  $*.deb-DEBIAN-dir $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
 
+%.udeb: %.deb-DEBIAN
+	@rm -f $*.deb $*.deb-checkdir $*.deb-DEBIAN $*.deb-DEBIAN-dir \
+	  $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
+
 %.deb-checkdir:
 	@test -d debian/$* || sh -cx '! : directory debian/$* missing'
 	@test "`id -u`" -eq 0 || sh -cx '! : need root privileges'
@@ -29,9 +33,19 @@ deb-checkuid:
 	@test -r debian/$*/usr/share/doc/$*/changelog || \
 	  sh -cx 'mv debian/$*/usr/share/doc/$*/changelog.Debian \
 	    debian/$*/usr/share/doc/$*/changelog'
+	@test -s debian/$*/usr/share/doc/$*/changelog || \
+	  sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog'
 	@gzip -9 debian/$*/usr/share/doc/$*/changelog*
 %.deb-docs-docs:
 	@for i in `cat debian/$*.docs 2>/dev/null || :`; do \
+	  if test -d $$i; then \
+	    sh -cx "install -d -m0755 debian/$*/usr/share/doc/$*/$${i##*/}" && \
+	    for j in $$i/*; do \
+	      sh -cx "install -m0644 $$j \
+	        debian/$*/usr/share/doc/$*/$${i##*/}/" || exit 1; \
+	    done || exit 1; \
+	    continue; \
+	  fi; \
 	  sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/" || exit 1; \
 	done
 	@test ! -r debian/$*.README.Debian || \
@@ -58,13 +72,13 @@ deb-checkuid:
 	@rm -rf debian/$*/DEBIAN
 	: debian/$*/DEBIAN/
 	@install -d -m0755 debian/$*/DEBIAN
-	@for i in conffiles shlibs; do \
+	@for i in conffiles shlibs templates; do \
 	  test ! -r debian/$*.$$i || \
 	    sh -cx "install -m0644 debian/$*.$$i debian/$*/DEBIAN/$$i" \
 	      || exit 1; \
 	done
 %.deb-DEBIAN-scripts:
-	@for i in preinst prerm postinst postrm; do \
+	@for i in preinst prerm postinst postrm config; do \
 	  test ! -r debian/$*.$$i || \
 	    sh -cx "install -m0755 debian/$*.$$i debian/$*/DEBIAN/$$i" \
 	      || exit 1; \

debian/rules

@@ -1,5 +1,9 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
 #export DH_OPTIONS
 DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
@@ -9,86 +13,88 @@ ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
   STRIP =: nostrip
 endif
 
-CFLAGS =-Wall -g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS +=-O0
-else
-  CFLAGS +=-O2
-endif
-
+CONFFLAGS =
 CC =gcc
 ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
-  CC =diet -v -Os gcc
+  CONFFLAGS =--disable-zlib
+  CC =diet -v -Os gcc -nostdinc
 endif
 
-DIR=`pwd`/debian/dropbear
+DIR =$(shell pwd)/debian/dropbear
 
 patch: deb-checkdir patch-stamp
 patch-stamp:
-#	no patches for now
-#	for i in debian/diff/*.diff; do patch -p0 <$$i || exit 1; done
+	for i in `ls -1 debian/diff/*.diff || :`; do \
+	  patch -p1 <$$i || exit 1; \
+	done
 	touch patch-stamp
 
 config.status: patch-stamp configure
-	CFLAGS="$(CFLAGS)"' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
-	  ./configure --host="$(DEB_HOST_GNU_TYPE)" \
-	    --build="$(DEB_BUILD_GNU_TYPE)" --prefix=/usr \
-	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info
+	CC='$(CC)' \
+	CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
+	  ./configure --host='$(DEB_HOST_GNU_TYPE)' \
+	    --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
+	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
+	    $(CONFFLAGS)
 
 build: deb-checkdir build-stamp
 build-stamp: config.status
-	$(MAKE) CC="$(CC)" LD="$(CC)"
+	$(MAKE) CC='$(CC)' LD='$(CC)'
 	touch build-stamp
 
 clean: deb-checkdir deb-checkuid
-	-$(MAKE) distclean
-#	test ! -e patch-stamp || \
-#	  for i in debian/diff/*.diff; do patch -p0 -R <$$i; done
+	test ! -r Makefile || $(MAKE) distclean
+	rm -f libtomcrypt/Makefile libtommath/Makefile
+	test ! -e patch-stamp || \
+	  for i in `ls -1r debian/diff/*.diff || :`; do \
+	    patch -p1 -R <$$i; \
+	  done
 	rm -f patch-stamp build-stamp config.log config.status
-	rm -rf "$(DIR)"
+	rm -rf '$(DIR)'
 	rm -f debian/files debian/substvars debian/copyright changelog
 
 install: deb-checkdir deb-checkuid build-stamp
-	rm -rf "$(DIR)"
-	install -d -m0755 "$(DIR)"/etc/dropbear
+	rm -rf '$(DIR)'
+	install -d -m0755 '$(DIR)'/etc/dropbear
 	# programs
-	install -d -m0755 "$(DIR)"/usr/sbin
-	install -m0755 dropbear "$(DIR)"/usr/sbin/dropbear
-	install -d -m0755 "$(DIR)"/usr/bin
-	install -m0755 dbclient "$(DIR)"/usr/bin/dbclient
-	install -m0755 dropbearkey "$(DIR)"/usr/bin/dropbearkey
-	install -d -m0755 "$(DIR)"/usr/lib/dropbear
+	install -d -m0755 '$(DIR)'/usr/sbin
+	install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear
+	install -d -m0755 '$(DIR)'/usr/bin
+	install -m0755 dbclient '$(DIR)'/usr/bin/dbclient
+	install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey
+	install -d -m0755 '$(DIR)'/usr/lib/dropbear
 	install -m0755 dropbearconvert \
-	  "$(DIR)"/usr/lib/dropbear/dropbearconvert
-	$(STRIP) -R .comment -R .note "$(DIR)"/usr/sbin/* \
-	  "$(DIR)"/usr/bin/* "$(DIR)"/usr/lib/dropbear/*
+	  '$(DIR)'/usr/lib/dropbear/dropbearconvert
+	$(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \
+	  '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/*
 	# init and run scripts
-	install -d -m0755 "$(DIR)"/etc/init.d
-	install -m0755 debian/dropbear.init "$(DIR)"/etc/init.d/dropbear
-	install -m0755 debian/service/run "$(DIR)"/etc/dropbear/run
-	install -d -m0755 "$(DIR)"/etc/dropbear/log
-	install -m0755 debian/service/log "$(DIR)"/etc/dropbear/log/run
-	ln -s /var/log/dropbear "$(DIR)"/etc/dropbear/log/main
-	ln -s /var/run/dropbear "$(DIR)"/etc/dropbear/supervise
-	ln -s /var/run/dropbear.log "$(DIR)"/etc/dropbear/log/supervise
+	install -d -m0755 '$(DIR)'/etc/init.d
+	install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
+	install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run
+	install -d -m0755 '$(DIR)'/etc/dropbear/log
+	install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
+	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
 	# man pages
-	install -d -m0755 "$(DIR)"/usr/share/man/man8
-	for i in dropbear.8 dropbearkey.8; do \
-	  install -m644 $$i "$(DIR)"/usr/share/man/man8/ || exit 1; \
+	install -d -m0755 '$(DIR)'/usr/share/man/man8
+	install -d -m0755 '$(DIR)'/usr/share/man/man1
+	install -m644 manpages/dropbear.8 '$(DIR)'/usr/share/man/man8/
+	for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \
+	  install -m644 manpages/$$i '$(DIR)'/usr/share/man/man1/ || exit 1; \
 	done
-	gzip -9 "$(DIR)"/usr/share/man/man8/*.8
+	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
+	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
 	# copyright, changelog
 	cat debian/copyright.in LICENSE >debian/copyright
-	ln -s CHANGES changelog
+	test -r changelog || ln -s CHANGES changelog
 
 binary-indep:
 
 binary-arch: install dropbear.deb
-	test "$(CC)" != 'gcc' || \
-	  dpkg-shlibdeps "$(DIR)"/usr/sbin/* "$(DIR)"/usr/bin/* \
-	    "$(DIR)"/usr/lib/dropbear/*
-	dpkg-gencontrol -isp -pdropbear -P"$(DIR)"
-	dpkg -b "$(DIR)" ..
+	test '$(CC)' != 'gcc' || \
+	  dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \
+	    '$(DIR)'/usr/lib/dropbear/*
+	dpkg-gencontrol -isp -pdropbear -P'$(DIR)'
+	dpkg -b '$(DIR)' ..
 
 binary: binary-arch binary-indep
 

dropbearkey.c

@@ -1,355 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-/* The format of the keyfiles is basically a raw dump of the buffer. Data types
- * are specified in the transport draft - string is a 32-bit len then the
- * non-null-terminated string, mp_int is a 32-bit len then the bignum data.
- * The actual functions are buf_put_rsa_priv_key() and buf_put_dss_priv_key()
-
- * RSA:
- * string	"ssh-rsa"
- * mp_int	e
- * mp_int	n
- * mp_int	d
- * mp_int	p (newer versions only)
- * mp_int	q (newer versions only) 
- *
- * DSS:
- * string	"ssh-dss"
- * mp_int	p
- * mp_int	q
- * mp_int	g
- * mp_int	y
- * mp_int	x
- *
- */
-#include "includes.h"
-#include "signkey.h"
-#include "buffer.h"
-#include "dbutil.h"
-
-#include "genrsa.h"
-#include "gendss.h"
-
-static void printhelp(char * progname);
-
-#define RSA_SIZE (1024/8) /* 1024 bit */
-#define DSS_SIZE (1024/8) /* 1024 bit */
-
-static void buf_writefile(buffer * buf, const char * filename);
-static void printpubkey(sign_key * key, int keytype);
-static void justprintpub(const char* filename);
-
-/* Print a help message */
-static void printhelp(char * progname) {
-
-	fprintf(stderr, "Usage: %s -t <type> -f <filename> [-s bits]\n"
-					"Options are:\n"
-					"-t type	Type of key to generate. One of:\n"
-#ifdef DROPBEAR_RSA
-					"		rsa\n"
-#endif
-#ifdef DROPBEAR_DSS
-					"		dss\n"
-#endif
-					"-f filename	Use filename for the secret key\n"
-					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
-					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
-#ifdef DEBUG_TRACE
-					"-v		verbose\n"
-#endif
-					,progname);
-}
-
-#if defined(DBMULTI_dropbearkey) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dropbearkey) && defined(DROPBEAR_MULTI)
-int dropbearkey_main(int argc, char ** argv) {
-#else
-int main(int argc, char ** argv) {
-#endif
-
-	int i;
-	char ** next = 0;
-	sign_key *key = NULL;
-	buffer *buf = NULL;
-	char * filename = NULL;
-	int keytype = -1;
-	char * typetext = NULL;
-	char * sizetext = NULL;
-	unsigned int bits;
-	unsigned int keysize;
-	int printpub = 0;
-
-	/* get the commandline options */
-	for (i = 1; i < argc; i++) {
-		if (argv[i] == NULL) {
-			continue; /* Whack */
-		} 
-		if (next) {
-			*next = argv[i];
-			next = NULL;
-			continue;
-		}
-
-		if (argv[i][0] == '-') {
-			switch (argv[i][1]) {
-				case 'f':
-					next = &filename;
-					break;
-				case 't':
-					next = &typetext;
-					break;
-				case 's':
-					next = &sizetext;
-					break;
-				case 'y':
-					printpub = 1;
-					break;
-				case 'h':
-					printhelp(argv[0]);
-					exit(EXIT_SUCCESS);
-					break;
-#ifdef DEBUG_TRACE
-				case 'v':
-					debug_trace = 1;
-					break;
-#endif
-				default:
-					fprintf(stderr, "Unknown argument %s\n", argv[i]);
-					printhelp(argv[0]);
-					exit(EXIT_FAILURE);
-					break;
-			}
-		}
-	}
-
-	if (!filename) {
-		fprintf(stderr, "Must specify a key filename\n");
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (printpub) {
-		justprintpub(filename);
-		/* Not reached */
-	}
-
-	/* check/parse args */
-	if (!typetext) {
-		fprintf(stderr, "Must specify key type\n");
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (strlen(typetext) == 3) {
-#ifdef DROPBEAR_RSA
-		if (strncmp(typetext, "rsa", 3) == 0) {
-			keytype = DROPBEAR_SIGNKEY_RSA;
-			TRACE(("type is rsa"));
-		}
-#endif
-#ifdef DROPBEAR_DSS
-		if (strncmp(typetext, "dss", 3) == 0) {
-			keytype = DROPBEAR_SIGNKEY_DSS;
-			TRACE(("type is dss"));
-		}
-#endif
-	}
-	if (keytype == -1) {
-		fprintf(stderr, "Unknown key type '%s'\n", typetext);
-		printhelp(argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	if (sizetext) {
-		if (sscanf(sizetext, "%u", &bits) != 1) {
-			fprintf(stderr, "Bits must be an integer\n");
-			exit(EXIT_FAILURE);
-		}
-	
-		if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
-			fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
-					" multiple of 8\n");
-			exit(EXIT_FAILURE);
-		}
-
-		keysize = bits / 8;
-	} else {
-		if (keytype == DROPBEAR_SIGNKEY_DSS) {
-			keysize = DSS_SIZE;
-		} else if (keytype == DROPBEAR_SIGNKEY_RSA) {
-			keysize = RSA_SIZE;
-		} else {
-			exit(EXIT_FAILURE); /* not reached */
-		}
-	}
-
-
-	fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8,
-			typetext, filename);
-
-	/* don't want the file readable by others */
-	umask(077);
-
-	/* now we can generate the key */
-	key = new_sign_key();
-	
-	fprintf(stderr, "Generating key, this may take a while...\n");
-	switch(keytype) {
-#ifdef DROPBEAR_RSA
-		case DROPBEAR_SIGNKEY_RSA:
-			key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */
-			break;
-#endif
-#ifdef DROPBEAR_DSS
-		case DROPBEAR_SIGNKEY_DSS:
-			key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */
-			break;
-#endif
-		default:
-			fprintf(stderr, "Internal error, bad key type\n");
-			exit(EXIT_FAILURE);
-	}
-
-	buf = buf_new(MAX_PRIVKEY_SIZE); 
-
-	buf_put_priv_key(buf, key, keytype);
-	buf_setpos(buf, 0);
-	buf_writefile(buf, filename);
-
-	buf_burn(buf);
-	buf_free(buf);
-
-	printpubkey(key, keytype);
-
-	sign_key_free(key);
-
-	return EXIT_SUCCESS;
-}
-#endif
-
-static void justprintpub(const char* filename) {
-
-	buffer *buf = NULL;
-	sign_key *key = NULL;
-	int keytype;
-	int ret;
-	int err = DROPBEAR_FAILURE;
-
-	buf = buf_new(MAX_PRIVKEY_SIZE);
-	ret = buf_readfile(buf, filename);
-
-	if (ret != DROPBEAR_SUCCESS) {
-		fprintf(stderr, "Failed reading '%s'\n", filename);
-		goto out;
-	}
-
-	key = new_sign_key();
-	keytype = DROPBEAR_SIGNKEY_ANY;
-
-	buf_setpos(buf, 0);
-	ret = buf_get_priv_key(buf, key, &keytype);
-	if (ret == DROPBEAR_FAILURE) {
-		fprintf(stderr, "Bad key in '%s'\n", filename);
-		goto out;
-	}
-
-	printpubkey(key, keytype);
-
-	err = DROPBEAR_SUCCESS;
-
-out:
-	buf_burn(buf);
-	buf_free(buf);
-	buf = NULL;
-	sign_key_free(key);
-	key = NULL;
-	exit(err);
-}
-
-static void printpubkey(sign_key * key, int keytype) {
-
-	buffer * buf = NULL;
-	unsigned char base64key[MAX_PUBKEY_SIZE*2];
-	unsigned long base64len;
-	int err;
-	const char * typestring = NULL;
-	char *fp = NULL;
-	int len;
-
-	buf = buf_new(MAX_PUBKEY_SIZE);
-	buf_put_pub_key(buf, key, keytype);
-	buf_setpos(buf, 4);
-
-	len = buf->len - buf->pos;
-
-	base64len = sizeof(base64key);
-	err = base64_encode(buf_getptr(buf, len), len, base64key, &base64len);
-
-	if (err != CRYPT_OK) {
-		fprintf(stderr, "base64 failed");
-	}
-
-	typestring = signkey_name_from_type(keytype, &err);
-
-	fp = sign_key_fingerprint(buf_getptr(buf, len), len);
-
-	printf("Public key portion is:\n%s %s\nFingerprint: %s\n",
-			typestring, base64key, fp);
-
-	m_free(fp);
-	buf_free(buf);
-}
-
-/* Write a buffer to a file specified, failing if the file exists */
-static void buf_writefile(buffer * buf, const char * filename) {
-
-	int fd;
-	int len;
-
-	fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
-	if (fd < 0) {
-		fprintf(stderr, "Couldn't create new file %s\n", filename);
-		perror("Reason");
-		buf_burn(buf);
-		exit(EXIT_FAILURE);
-	}
-
-	/* write the file now */
-	while (buf->pos != buf->len) {
-		len = write(fd, buf_getptr(buf, buf->len - buf->pos),
-				buf->len - buf->pos);
-		if (errno == EINTR) {
-			continue;
-		}
-		if (len <= 0) {
-			fprintf(stderr, "Failed writing file '%s'\n",filename);
-			perror("Reason");
-			exit(EXIT_FAILURE);
-		}
-		buf_incrpos(buf, len);
-	}
-
-	close(fd);
-}

fuzz/fuzz-common.c

@@ -0,0 +1,398 @@
+#define FUZZ_NO_REPLACE_STDERR
+#define FUZZ_NO_REPLACE_GETPW
+#include "includes.h"
+
+#include "includes.h"
+#include "dbutil.h"
+#include "runopts.h"
+#include "crypto_desc.h"
+#include "session.h"
+#include "dbrandom.h"
+#include "bignum.h"
+#include "atomicio.h"
+#include "fuzz-wrapfd.h"
+#include "fuzz.h"
+
+struct dropbear_fuzz_options fuzz;
+
+static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param);
+static void load_fixed_hostkeys(void);
+static void load_fixed_client_key(void);
+
+// This runs automatically before main, due to contructor attribute in fuzz.h
+void fuzz_early_setup(void) {
+    /* Set stderr to point to normal stderr by default */
+    fuzz.fake_stderr = stderr;
+}
+
+void fuzz_common_setup(void) {
+	disallow_core();
+    fuzz.fuzzing = 1;
+    fuzz.wrapfds = 1;
+    fuzz.do_jmp = 1;
+    fuzz.input = m_malloc(sizeof(buffer));
+    _dropbear_log = fuzz_dropbear_log;
+    crypto_init();
+    fuzz_seed("start", 5);
+    /* let any messages get flushed */
+    setlinebuf(stdout);
+#if DEBUG_TRACE
+    if (debug_trace)
+    {
+        fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n");
+    }
+    else
+#endif
+    if (getenv("DROPBEAR_KEEP_STDERR")) {
+        fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n");
+    } 
+    else 
+    {
+        fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n");
+        fuzz.fake_stderr = fopen("/dev/null", "w");
+        assert(fuzz.fake_stderr);
+    }
+}
+
+int fuzz_set_input(const uint8_t *Data, size_t Size) {
+
+    fuzz.input->data = (unsigned char*)Data;
+    fuzz.input->size = Size;
+    fuzz.input->len = Size;
+    fuzz.input->pos = 0;
+
+    memset(&ses, 0x0, sizeof(ses));
+    memset(&svr_ses, 0x0, sizeof(svr_ses));
+    memset(&cli_ses, 0x0, sizeof(cli_ses));
+    wrapfd_setup(fuzz.input);
+    // printhex("input", fuzz.input->data, fuzz.input->len);
+
+    fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16));
+
+    return DROPBEAR_SUCCESS;
+}
+
+#if DEBUG_TRACE
+static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) {
+    if (debug_trace) {
+        char printbuf[1024];
+        vsnprintf(printbuf, sizeof(printbuf), format, param);
+        fprintf(stderr, "%s\n", printbuf);
+    }
+}
+#else
+static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) {
+    /* No print */
+}
+#endif /* DEBUG_TRACE */
+
+void fuzz_svr_setup(void) {
+    fuzz_common_setup();
+    
+    _dropbear_exit = svr_dropbear_exit;
+
+    char *argv[] = { 
+		"dropbear",
+        "-E", 
+    };
+
+    int argc = sizeof(argv) / sizeof(*argv);
+    svr_getopts(argc, argv);
+
+    load_fixed_hostkeys();
+}
+
+void fuzz_svr_hook_preloop() {
+    if (fuzz.svr_postauth) {
+        ses.authstate.authdone = 1;
+        fill_passwd("root");
+    }
+}
+
+void fuzz_cli_setup(void) {
+    fuzz_common_setup();
+    
+	_dropbear_exit = cli_dropbear_exit;
+	_dropbear_log = cli_dropbear_log;
+
+    char *argv[] = { 
+		"dbclient",
+		"-y",
+        "localhost",
+        "uptime"
+    };
+
+    int argc = sizeof(argv) / sizeof(*argv);
+    cli_getopts(argc, argv);
+
+    load_fixed_client_key();
+    /* Avoid password prompt */
+    setenv(DROPBEAR_PASSWORD_ENV, "password", 1);
+}
+
+#include "fuzz-hostkeys.c"   
+
+static void load_fixed_client_key(void) {
+
+    buffer *b = buf_new(3000);
+    sign_key *key;
+    enum signkey_type keytype;
+
+    key = new_sign_key();
+    keytype = DROPBEAR_SIGNKEY_ANY;
+    buf_putbytes(b, keyed25519, keyed25519_len);
+    buf_setpos(b, 0);
+    if (buf_get_priv_key(b, key, &keytype) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ed25519 hostkey");
+    }
+    list_append(cli_opts.privkeys, key);
+
+    buf_free(b);
+}
+
+static void load_fixed_hostkeys(void) {
+
+    buffer *b = buf_new(3000);
+    enum signkey_type type;
+
+    TRACE(("load fixed hostkeys"))
+
+    svr_opts.hostkey = new_sign_key();
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyr, keyr_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_RSA;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed rsa hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyd, keyd_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_DSS;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed dss hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keye, keye_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ecdsa hostkey");
+    }
+
+    buf_setlen(b, 0);
+    buf_putbytes(b, keyed25519, keyed25519_len);
+    buf_setpos(b, 0);
+    type = DROPBEAR_SIGNKEY_ED25519;
+    if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
+        dropbear_exit("failed fixed ed25519 hostkey");
+    }
+
+    buf_free(b);
+}
+
+void fuzz_kex_fakealgos(void) {
+    ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
+    ses.newkeys->recv.algo_mac = &dropbear_nohash;
+}
+
+void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
+    if (local_host) {
+        *local_host = m_strdup("fuzzlocalhost");
+    }
+    if (local_port) {
+        *local_port = m_strdup("1234");
+    }
+    if (remote_host) {
+        *remote_host = m_strdup("fuzzremotehost");
+    }
+    if (remote_port) {
+        *remote_port = m_strdup("9876");
+    }
+}
+
+/* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */
+void fuzz_fake_send_kexdh_reply(void) {
+    assert(!ses.dh_K);
+    m_mp_alloc_init_multi(&ses.dh_K, NULL);
+    mp_set_ul(ses.dh_K, 12345678uL);
+    finish_kexhashbuf();
+}
+
+/* fake version of spawn_command() */
+int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
+    *ret_writefd = wrapfd_new_dummy();
+    *ret_readfd = wrapfd_new_dummy();
+    if (ret_errfd) {
+        *ret_errfd = wrapfd_new_dummy();
+    }
+    if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) {
+        m_close(*ret_writefd);
+        m_close(*ret_readfd);
+        if (ret_errfd) {
+            m_close(*ret_errfd);
+        }
+        return DROPBEAR_FAILURE;
+    } else {
+        *ret_pid = 999;
+        return DROPBEAR_SUCCESS;
+
+    }
+}
+
+/* Fake dropbear_listen, always returns failure for now.
+TODO make it sometimes return success with wrapfd_new_dummy() sockets.
+Making the listeners fake a new incoming connection will be harder. */
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
+        int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
+    if (errstring) {
+        *errstring = m_strdup("fuzzing can't listen (yet)");
+    }
+    return -1;
+}
+
+int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
+    static int once = 0;
+    if (!once) {
+        fuzz_svr_setup();
+        fuzz.skip_kexmaths = skip_kexmaths;
+        once = 1;
+    }
+
+    fuzz.svr_postauth = postauth;
+
+    if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+        return 0;
+    }
+
+    uint32_t wrapseed;
+    genrandom((void*)&wrapseed, sizeof(wrapseed));
+    wrapfd_setseed(wrapseed);
+
+    int fakesock = wrapfd_new_fuzzinput();
+
+    m_malloc_set_epoch(1);
+    fuzz.do_jmp = 1;
+    if (setjmp(fuzz.jmp) == 0) {
+        svr_session(fakesock, fakesock);
+        m_malloc_free_epoch(1, 0);
+    } else {
+        fuzz.do_jmp = 0;
+        m_malloc_free_epoch(1, 1);
+        TRACE(("dropbear_exit longjmped"))
+        /* dropbear_exit jumped here */
+    }
+
+    return 0;
+}
+
+int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths) {
+    static int once = 0;
+    if (!once) {
+        fuzz_cli_setup();
+        fuzz.skip_kexmaths = skip_kexmaths;
+        once = 1;
+    }
+
+    if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+        return 0;
+    }
+
+    // Allow to proceed sooner
+    ses.kexstate.donefirstkex = 1;
+
+    uint32_t wrapseed;
+    genrandom((void*)&wrapseed, sizeof(wrapseed));
+    wrapfd_setseed(wrapseed);
+
+    int fakesock = wrapfd_new_fuzzinput();
+
+    m_malloc_set_epoch(1);
+    fuzz.do_jmp = 1;
+    if (setjmp(fuzz.jmp) == 0) {
+        cli_session(fakesock, fakesock, NULL, 0);
+        m_malloc_free_epoch(1, 0);
+    } else {
+        fuzz.do_jmp = 0;
+        m_malloc_free_epoch(1, 1);
+        TRACE(("dropbear_exit longjmped"))
+        /* dropbear_exit jumped here */
+    }
+
+    return 0;
+}
+
+const void* fuzz_get_algo(const algo_type *algos, const char* name) {
+    const algo_type *t;
+    for (t = algos; t->name; t++) {
+        if (strcmp(t->name, name) == 0) {
+            return t->data;
+        }
+    }
+    assert(0);
+}
+
+void fuzz_dump(const unsigned char* data, size_t len) {
+    if (fuzz.dumping) {
+        TRACE(("dump %zu", len))
+        assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len);
+    }
+}
+
+static struct passwd pwd_root = {
+    .pw_name = "root",
+    .pw_passwd = "!",
+    .pw_uid = 0,
+    .pw_gid = 0,
+    .pw_dir = "/root",
+    .pw_shell = "/bin/sh",
+};
+
+static struct passwd pwd_other = {
+    .pw_name = "other",
+    .pw_passwd = "!",
+    .pw_uid = 100,
+    .pw_gid = 100,
+    .pw_dir = "/home/other",
+    .pw_shell = "/bin/sh",
+};
+
+
+/* oss-fuzz runs fuzzers under minijail, without /etc/passwd.
+We provide sufficient values for the fuzzers to run */
+struct passwd* fuzz_getpwnam(const char *login) {
+    if (!fuzz.fuzzing) {
+        return getpwnam(login);
+    }
+    if (strcmp(login, pwd_other.pw_name) == 0) {
+        return &pwd_other;
+    }
+    if (strcmp(login, pwd_root.pw_name) == 0) {
+        return &pwd_root;
+    }
+    return NULL;
+}
+
+struct passwd* fuzz_getpwuid(uid_t uid) {
+    if (!fuzz.fuzzing) {
+        return getpwuid(uid);
+    }
+    if (uid == pwd_other.pw_uid) {
+        return &pwd_other;
+    }
+    if (uid == pwd_root.pw_uid) {
+        return &pwd_root;
+    }
+    return NULL;
+}
+

fuzz/fuzz-harness.c

@@ -0,0 +1,66 @@
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+
+int main(int argc, char ** argv) {
+    int i;
+    buffer *input = buf_new(100000);
+    int quiet = 0;
+
+    for (i = 1; i < argc; i++) {
+#if DEBUG_TRACE
+        if (strcmp(argv[i], "-v") == 0) {
+            debug_trace++;
+            fprintf(stderr, "debug level -> %d\n", debug_trace);
+        }
+#endif
+        if (strcmp(argv[i], "-q") == 0) {
+            printf("Running quiet\n");
+            quiet = 1;
+        }
+    }
+
+    int old_fuzz_wrapfds = 0;
+    for (i = 1; i < argc; i++) {
+        if (argv[i][0] == '-') {
+            /* ignore arguments */
+            continue;
+        }
+
+        char* fn = argv[i];
+        buf_setlen(input, 0);
+        buf_readfile(input, fn);
+        buf_setpos(input, 0);
+
+		/* Run twice to catch problems with statefulness */
+        fuzz.wrapfds = old_fuzz_wrapfds;
+        if (!quiet) {
+            printf("Running %s once \n", fn);
+        }
+        LLVMFuzzerTestOneInput(input->data, input->len);
+        if (!quiet) {
+            printf("Running %s twice \n", fn);
+        }
+        LLVMFuzzerTestOneInput(input->data, input->len);
+        if (!quiet) {
+            printf("Done %s\n", fn);
+        }
+
+        /* Disable wrapfd so it won't interfere with buf_readfile() above */
+        old_fuzz_wrapfds = fuzz.wrapfds;
+        fuzz.wrapfds = 0;
+    }
+
+    printf("Finished\n");
+
+    return 0;
+}
+
+// Just to let it link
+size_t LLVMFuzzerMutate(uint8_t *UNUSED(Data), size_t UNUSED(Size), size_t UNUSED(MaxSize)) {
+    printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate");
+    abort();
+    return 0;
+}

fuzz/fuzz-hostkeys.c

@@ -0,0 +1,140 @@
+/* To be included in fuzz-common.c */
+
+static unsigned char keyr[] = {
+  0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x00,
+  0x00, 0x00, 0x03, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x01, 0x00, 0xb1,
+  0x06, 0x95, 0xc9, 0xa8, 0x38, 0xb9, 0x99, 0x91, 0xb5, 0x17, 0x39, 0xb9,
+  0xfa, 0xa4, 0x49, 0xf8, 0x2a, 0x4c, 0x14, 0xbd, 0xb6, 0x85, 0xdb, 0x38,
+  0x99, 0x44, 0xfa, 0xd6, 0xaa, 0x67, 0xef, 0x00, 0x75, 0x2b, 0x6a, 0x5c,
+  0x1b, 0x50, 0xa8, 0x52, 0xf9, 0xa7, 0xee, 0xe2, 0xb3, 0x80, 0x38, 0x92,
+  0x20, 0x86, 0x7c, 0xe5, 0x89, 0xb3, 0x06, 0xe4, 0x3b, 0xd1, 0xe2, 0x45,
+  0xea, 0xc1, 0xd5, 0x8e, 0x05, 0xfb, 0x90, 0x29, 0xd9, 0x41, 0xb3, 0x05,
+  0x31, 0x1e, 0xcc, 0xeb, 0x89, 0xdc, 0xd2, 0x6a, 0x99, 0x23, 0xbd, 0x7a,
+  0xbe, 0x8c, 0xe3, 0x3f, 0xa1, 0xe8, 0xf5, 0xb4, 0x51, 0x40, 0xb4, 0xb1,
+  0xc1, 0x16, 0x9f, 0x07, 0xbb, 0x99, 0xaa, 0x4b, 0x8f, 0x11, 0x19, 0x3c,
+  0x18, 0xbd, 0x6e, 0xce, 0x14, 0x54, 0x2c, 0x16, 0x4a, 0x5f, 0x89, 0xe4,
+  0x6b, 0x9f, 0x55, 0x68, 0xcc, 0x09, 0x8e, 0x4b, 0x92, 0xc8, 0x87, 0xfe,
+  0x09, 0xed, 0x53, 0x6e, 0xff, 0x5f, 0x15, 0x0d, 0x19, 0x9d, 0xa6, 0x54,
+  0xd2, 0xea, 0x59, 0x4f, 0xa1, 0x7c, 0xf6, 0xf5, 0x7f, 0x32, 0x23, 0xed,
+  0x72, 0xa8, 0x96, 0x17, 0x87, 0x06, 0xf2, 0xc7, 0xcd, 0xda, 0x4a, 0x10,
+  0xd1, 0xfd, 0xb8, 0xf1, 0xaf, 0x25, 0x55, 0x32, 0x45, 0x39, 0x95, 0xec,
+  0x0c, 0xa9, 0xf0, 0x47, 0x8b, 0x66, 0xe0, 0xb7, 0xa2, 0xf6, 0x35, 0x50,
+  0x27, 0xe7, 0x2f, 0x90, 0x35, 0x5b, 0xd5, 0x62, 0x19, 0xb4, 0x41, 0xd4,
+  0x52, 0xe7, 0x7f, 0x97, 0xfc, 0x5b, 0x4a, 0x5b, 0x19, 0x06, 0x65, 0x2d,
+  0x23, 0x29, 0x15, 0x8b, 0x05, 0xaf, 0xbe, 0xd3, 0x4a, 0x27, 0x5b, 0xc9,
+  0xc0, 0xd0, 0xd2, 0xba, 0x8b, 0x00, 0x7a, 0x2f, 0x39, 0xa0, 0x13, 0xb9,
+  0xe6, 0xf5, 0x4b, 0x21, 0x54, 0x57, 0xb3, 0xf9, 0x6c, 0x6f, 0xd0, 0x17,
+  0xf4, 0x50, 0x9d, 0x00, 0x00, 0x01, 0x00, 0x01, 0xf2, 0xda, 0x5f, 0xfb,
+  0xe2, 0xda, 0xfc, 0xe0, 0xdf, 0x3a, 0x0e, 0x14, 0x18, 0xc1, 0xd9, 0x1f,
+  0x43, 0xe3, 0x65, 0x3e, 0x07, 0xe7, 0x8d, 0xdc, 0x1d, 0x11, 0xc1, 0xd6,
+  0xc0, 0xd8, 0xda, 0x53, 0xf5, 0x04, 0x73, 0x51, 0x1b, 0x26, 0xef, 0x4e,
+  0xf5, 0xce, 0x3d, 0x77, 0x21, 0x94, 0xd0, 0xc7, 0xc1, 0xda, 0x19, 0x7d,
+  0xf8, 0xc5, 0x4c, 0xc8, 0xee, 0x7d, 0xd1, 0xbb, 0x02, 0x90, 0x2b, 0xff,
+  0x4e, 0x4d, 0xd7, 0x9d, 0x72, 0x0c, 0x60, 0x0f, 0x4b, 0x83, 0xf5, 0xc2,
+  0x26, 0xd6, 0x22, 0xb8, 0x60, 0x3a, 0xf9, 0x2f, 0x92, 0x2a, 0x2e, 0x14,
+  0xa7, 0x56, 0x1c, 0x56, 0x05, 0x41, 0x92, 0xac, 0xb1, 0x4e, 0x44, 0x1e,
+  0x70, 0x42, 0xda, 0xc7, 0xc8, 0x9c, 0xae, 0x29, 0x2d, 0x0c, 0x3a, 0xff,
+  0x9b, 0xb6, 0xad, 0xb4, 0xfb, 0x49, 0x28, 0x96, 0x74, 0xf5, 0x94, 0x74,
+  0xb7, 0x40, 0x93, 0x2b, 0x34, 0x29, 0xd2, 0x8a, 0xf3, 0x99, 0xf9, 0xe9,
+  0xd8, 0xcc, 0x48, 0x1d, 0x3e, 0xc1, 0x82, 0x35, 0x4f, 0xef, 0xb1, 0x81,
+  0x3c, 0xe1, 0xa1, 0x03, 0x65, 0xac, 0x21, 0x21, 0x40, 0x61, 0xfb, 0xd3,
+  0x54, 0xac, 0xa1, 0xf2, 0xf0, 0x61, 0xd9, 0x01, 0x4e, 0xc2, 0x28, 0xb1,
+  0x7c, 0x27, 0x6e, 0x56, 0x68, 0x69, 0x8f, 0xc5, 0xfd, 0xca, 0x39, 0x6e,
+  0x22, 0x09, 0xf1, 0xb4, 0xd5, 0xac, 0xb8, 0xe0, 0x1b, 0x21, 0x86, 0xf4,
+  0xc8, 0x15, 0xc6, 0x1f, 0x21, 0xae, 0xcb, 0xab, 0x5a, 0x09, 0x30, 0x9e,
+  0xdd, 0x6c, 0x38, 0x59, 0xec, 0x59, 0x3a, 0x08, 0xee, 0x46, 0x7b, 0x78,
+  0x23, 0xbc, 0xfc, 0xe2, 0xda, 0xe8, 0x1a, 0x65, 0xe6, 0xe0, 0x78, 0xd3,
+  0xb0, 0x03, 0x2e, 0xf1, 0xb8, 0xca, 0x8e, 0x90, 0x75, 0xaf, 0xf7, 0xa8,
+  0x48, 0xed, 0x82, 0xc9, 0xcf, 0x44, 0x56, 0xfc, 0x05, 0xfd, 0x6b, 0x00,
+  0x00, 0x00, 0x81, 0x00, 0xfc, 0x94, 0xdf, 0x42, 0xc7, 0x9a, 0xa2, 0xff,
+  0x32, 0xdf, 0x06, 0xb6, 0x4d, 0x90, 0x31, 0x28, 0x28, 0xdb, 0x03, 0xf9,
+  0xa6, 0xb3, 0xa2, 0x91, 0x4c, 0xdf, 0x6e, 0xf6, 0xb9, 0x44, 0x3b, 0xdd,
+  0x17, 0xc1, 0xc8, 0x1d, 0xd1, 0xc0, 0xc0, 0x30, 0x22, 0xbe, 0x24, 0x2e,
+  0x0e, 0xdf, 0xe0, 0x18, 0x37, 0x3e, 0xb8, 0x7f, 0xb2, 0x50, 0x34, 0xc4,
+  0x08, 0x5e, 0x69, 0x1f, 0xd5, 0xc9, 0xce, 0x47, 0x7d, 0x75, 0x5e, 0x3b,
+  0x87, 0xdd, 0x46, 0x35, 0x01, 0x0f, 0x17, 0x8a, 0xf1, 0xf1, 0xc4, 0xa9,
+  0x94, 0xa7, 0x6e, 0xce, 0x80, 0xe3, 0x17, 0x2e, 0xb0, 0xef, 0x63, 0xa7,
+  0x11, 0x86, 0x96, 0x4a, 0x63, 0x2d, 0x9e, 0x92, 0x62, 0x43, 0x43, 0x72,
+  0xa5, 0xdc, 0xa0, 0xcd, 0x19, 0x93, 0xd7, 0xe0, 0x80, 0x41, 0x27, 0xea,
+  0xe4, 0xe8, 0xc1, 0x91, 0x9e, 0x13, 0xb3, 0x9c, 0xd1, 0xed, 0xcb, 0xbf,
+  0x00, 0x00, 0x00, 0x81, 0x00, 0xb3, 0x6b, 0xee, 0xa4, 0x70, 0x4e, 0xfb,
+  0xf9, 0x7e, 0x2e, 0x74, 0x5d, 0x3e, 0x8b, 0x3f, 0xff, 0x8c, 0xde, 0x68,
+  0x38, 0xda, 0xce, 0xc0, 0x66, 0x4b, 0xca, 0x35, 0xc3, 0x97, 0xa8, 0xf0,
+  0x00, 0x8e, 0xb3, 0x46, 0x60, 0xd0, 0x4d, 0x7e, 0x7b, 0xdf, 0x17, 0x7b,
+  0x2f, 0xc4, 0x16, 0xee, 0x45, 0xdb, 0xa5, 0x5d, 0xc0, 0x72, 0xe9, 0xc6,
+  0x91, 0x0f, 0xd9, 0x30, 0x74, 0x6c, 0xde, 0x93, 0xb5, 0xb6, 0xaf, 0x52,
+  0x53, 0x3c, 0x08, 0x55, 0xea, 0xb8, 0x66, 0x07, 0xbe, 0xce, 0xf9, 0x80,
+  0x8d, 0xe0, 0xca, 0xdc, 0x63, 0xe8, 0x58, 0x94, 0x22, 0x4f, 0x08, 0x66,
+  0x13, 0x9e, 0x63, 0x2e, 0x92, 0x7a, 0xb6, 0x66, 0x94, 0x9b, 0x71, 0x66,
+  0xd3, 0x08, 0xc9, 0x89, 0xea, 0x78, 0x35, 0x0d, 0xf2, 0x25, 0x55, 0xd4,
+  0xb0, 0x9b, 0xea, 0x18, 0x77, 0xf6, 0x25, 0x02, 0xb4, 0x5e, 0x71, 0xea,
+  0xa3
+};
+static unsigned int keyr_len = 805;
+static unsigned char keye[] = {
+  0x00, 0x00, 0x00, 0x13, 0x65, 0x63, 0x64, 0x73, 0x61, 0x2d, 0x73, 0x68,
+  0x61, 0x32, 0x2d, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x00,
+  0x00, 0x00, 0x08, 0x6e, 0x69, 0x73, 0x74, 0x70, 0x32, 0x35, 0x36, 0x00,
+  0x00, 0x00, 0x41, 0x04, 0x0a, 0x00, 0x6c, 0x7c, 0x1c, 0xc4, 0x03, 0x44,
+  0x46, 0x70, 0xba, 0x00, 0x7c, 0x79, 0x89, 0x7b, 0xc3, 0xd6, 0x32, 0x98,
+  0x34, 0xe7, 0x1c, 0x60, 0x04, 0x73, 0xd9, 0xb5, 0x7e, 0x94, 0x04, 0x04,
+  0xea, 0xc8, 0xb8, 0xfb, 0xd4, 0x70, 0x9f, 0x29, 0xa7, 0x8d, 0x9a, 0x64,
+  0x3a, 0x8c, 0x45, 0x23, 0x37, 0x5a, 0x2b, 0x4f, 0x54, 0x91, 0x80, 0xf1,
+  0xac, 0x3a, 0xf5, 0x6d, 0xfa, 0xe8, 0x76, 0x20, 0x00, 0x00, 0x00, 0x21,
+  0x00, 0xc2, 0xaf, 0xbe, 0xdc, 0x06, 0xff, 0x3d, 0x08, 0x9b, 0x73, 0xe0,
+  0x3c, 0x58, 0x28, 0x70, 0x9b, 0x23, 0x39, 0x51, 0xd7, 0xbc, 0xa7, 0x1a,
+  0xf5, 0xb4, 0x23, 0xd3, 0xf6, 0x17, 0xa6, 0x9c, 0x02
+};
+static unsigned int keye_len = 141;
+static unsigned char keyd[] = {
+  0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2d, 0x64, 0x73, 0x73, 0x00,
+  0x00, 0x00, 0x81, 0x00, 0xb0, 0x02, 0x19, 0x8b, 0xf3, 0x46, 0xf9, 0xc5,
+  0x47, 0x78, 0x3d, 0x7f, 0x04, 0x10, 0x0a, 0x43, 0x8e, 0x00, 0x9e, 0xa4,
+  0x30, 0xfd, 0x47, 0xb9, 0x05, 0x9e, 0x95, 0xaa, 0x37, 0x9a, 0x91, 0xbf,
+  0xf8, 0xb9, 0xe0, 0x8d, 0x97, 0x49, 0x87, 0xe2, 0xe6, 0x90, 0xc1, 0xe4,
+  0x61, 0x57, 0x77, 0xfd, 0x91, 0x1d, 0xe1, 0x4b, 0xa0, 0xb2, 0xbc, 0xa1,
+  0x6a, 0x6a, 0xdd, 0x31, 0xda, 0xe7, 0x54, 0x03, 0xfd, 0x48, 0x62, 0x8a,
+  0x1d, 0x1d, 0xe2, 0x26, 0x76, 0x29, 0x08, 0xab, 0x65, 0x88, 0x74, 0x02,
+  0x1e, 0xa9, 0x29, 0x1b, 0x69, 0x3b, 0xb4, 0x5f, 0x62, 0x80, 0xa3, 0xa6,
+  0x4b, 0xc3, 0x0e, 0x89, 0x24, 0xe4, 0x8a, 0x31, 0xae, 0x89, 0x7a, 0x7a,
+  0x58, 0x44, 0x46, 0x77, 0x62, 0x33, 0xa2, 0x5d, 0x17, 0x0e, 0x0b, 0x64,
+  0xee, 0x1a, 0x02, 0xbd, 0xf8, 0x27, 0x86, 0xe1, 0x87, 0x92, 0x84, 0xc7,
+  0x00, 0x00, 0x00, 0x15, 0x00, 0xb3, 0x8b, 0x81, 0x39, 0x9c, 0xba, 0xe1,
+  0x1d, 0x9a, 0x8b, 0x89, 0xb3, 0x08, 0x9b, 0x12, 0xa8, 0x7b, 0xea, 0x25,
+  0x8d, 0x00, 0x00, 0x00, 0x80, 0x76, 0x3f, 0x72, 0xb2, 0xef, 0xc3, 0x16,
+  0xd8, 0x09, 0x36, 0x23, 0x03, 0xf9, 0x5c, 0xac, 0x8b, 0x51, 0x35, 0x2e,
+  0x36, 0xba, 0x39, 0xd0, 0x57, 0x19, 0x4f, 0x14, 0x8b, 0xea, 0x32, 0xfc,
+  0x86, 0x41, 0xea, 0x85, 0x71, 0x4d, 0x52, 0x0c, 0xff, 0xc1, 0xd3, 0xd5,
+  0xcd, 0x2e, 0x37, 0xcc, 0xe1, 0xcc, 0x22, 0x38, 0xa8, 0x47, 0x16, 0x34,
+  0x3b, 0x32, 0x9c, 0x2f, 0x0f, 0xcd, 0x5f, 0x7f, 0x06, 0x64, 0x89, 0xc5,
+  0x02, 0x4f, 0x9a, 0x70, 0x11, 0xf0, 0xaa, 0xe1, 0x7a, 0x75, 0x49, 0x8d,
+  0x0f, 0x8d, 0x5b, 0x54, 0xe2, 0xe7, 0x10, 0x6e, 0xe5, 0xbd, 0xb7, 0x62,
+  0xf7, 0x40, 0x59, 0x39, 0x31, 0xd9, 0x13, 0x7b, 0xa3, 0xdf, 0x0d, 0x31,
+  0x52, 0x43, 0xe0, 0xaf, 0x19, 0x12, 0x15, 0x12, 0x34, 0x01, 0x6f, 0xcf,
+  0x62, 0x21, 0xe4, 0xc8, 0x34, 0x69, 0xc9, 0x85, 0xe3, 0xde, 0xd7, 0x0c,
+  0xac, 0x00, 0x00, 0x00, 0x80, 0x41, 0xa3, 0xc5, 0xa4, 0x89, 0x86, 0xc8,
+  0x17, 0xf3, 0x8e, 0x68, 0x72, 0xbe, 0x13, 0x8b, 0x63, 0xe3, 0x07, 0xe3,
+  0xd5, 0xa4, 0xa2, 0xd3, 0x2c, 0x2f, 0xbe, 0x16, 0x71, 0xc9, 0x79, 0x64,
+  0x5a, 0x1e, 0x19, 0x82, 0x07, 0xe2, 0x93, 0xda, 0x22, 0xcf, 0x6d, 0xdd,
+  0x38, 0xcb, 0x6e, 0x6b, 0x0f, 0x95, 0x8d, 0xfa, 0x3f, 0xbb, 0xb8, 0x6a,
+  0x7d, 0xc3, 0x22, 0x1e, 0x49, 0xcf, 0x98, 0x73, 0x05, 0x5d, 0x97, 0xfa,
+  0x4c, 0xf2, 0x82, 0x3d, 0x98, 0x61, 0x4e, 0x96, 0x80, 0x26, 0x79, 0xda,
+  0x24, 0xf8, 0xa1, 0x9c, 0x71, 0x82, 0xe6, 0xc7, 0xdc, 0xc2, 0xa5, 0xd0,
+  0xf4, 0x36, 0xba, 0xaa, 0xee, 0xd3, 0x43, 0x46, 0x1d, 0xaa, 0x53, 0xea,
+  0x85, 0x2c, 0x1b, 0xc8, 0x7c, 0x3c, 0xe7, 0x06, 0x44, 0xab, 0x16, 0xad,
+  0xc6, 0x54, 0x91, 0x9a, 0xb9, 0xc0, 0xeb, 0x93, 0x8c, 0xca, 0x39, 0xcf,
+  0x6f, 0x00, 0x00, 0x00, 0x15, 0x00, 0x90, 0x26, 0x0a, 0xfc, 0x15, 0x99,
+  0x7b, 0xac, 0xaa, 0x0c, 0xa2, 0xca, 0x7b, 0xa8, 0xd4, 0xdf, 0x68, 0x56,
+  0xf9, 0x39
+};
+static unsigned int keyd_len = 458;
+static unsigned char keyed25519[] = {
+  0x00, 0x00, 0x00, 0x0b, 0x73, 0x73, 0x68, 0x2d, 0x65, 0x64, 0x32, 0x35,
+  0x35, 0x31, 0x39, 0x00, 0x00, 0x00, 0x40, 0x10, 0xb3, 0x79, 0x06, 0xe5,
+  0x9b, 0xe7, 0xe4, 0x6e, 0xec, 0xfe, 0xa5, 0x39, 0x21, 0x7c, 0xf6, 0x66,
+  0x8c, 0x0b, 0x6a, 0x01, 0x09, 0x05, 0xc7, 0x4f, 0x64, 0xa8, 0x24, 0xd2,
+  0x8d, 0xbd, 0xdd, 0xc6, 0x3c, 0x99, 0x1b, 0x2d, 0x3e, 0x33, 0x90, 0x19,
+  0xa4, 0xd5, 0xe9, 0x23, 0xfe, 0x8e, 0xd6, 0xd4, 0xf9, 0xb1, 0x11, 0x69,
+  0x7c, 0x57, 0x52, 0x0e, 0x41, 0xdb, 0x1b, 0x12, 0x87, 0xfa, 0xc9
+};
+static unsigned int keyed25519_len = 83;

fuzz/fuzz-sshpacketmutator.c

@@ -0,0 +1,306 @@
+/* A mutator/crossover for SSH protocol streams.
+   Attempts to mutate each SSH packet individually, keeping
+   lengths intact.
+   It will prepend a SSH-2.0-dbfuzz\r\n version string.
+
+   Linking this file to a binary will make libfuzzer pick up the custom mutator.
+
+   Care is taken to avoid memory allocation which would otherwise
+   slow exec/s substantially */
+
+#include "fuzz.h"
+#include "dbutil.h"
+
+size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+
+static const char* FIXED_VERSION = "SSH-2.0-dbfuzz\r\n";
+static const char* FIXED_IGNORE_MSG = 
+        "\x00\x00\x00\x10\x06\x02\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66";
+static const unsigned int FIXED_IGNORE_MSG_LEN = 16;
+#define MAX_FUZZ_PACKETS 500
+/* XXX This might need tuning */
+static const size_t MAX_OUT_SIZE = 50000;
+
+/* Splits packets from an input stream buffer "inp".
+The initial SSH version identifier is discarded.
+If packets are not recognised it will increment until an uint32 of valid
+packet length is found. */
+
+/* out_packets an array of num_out_packets*buffer, each of size RECV_MAX_PACKET_LEN */
+static void fuzz_get_packets(buffer *inp, buffer **out_packets, unsigned int *num_out_packets) {
+    /* Skip any existing banner. Format is
+          SSH-protoversion-softwareversion SP comments CR LF
+    so we look for SSH-2. then a subsequent LF */
+    unsigned char* version = memmem(inp->data, inp->len, "SSH-2.", strlen("SSH-2."));
+    if (version) {
+        buf_incrpos(inp, version - inp->data);
+        unsigned char* newline = memchr(&inp->data[inp->pos], '\n', inp->len - inp->pos);
+        if (newline) {
+            buf_incrpos(inp, newline - &inp->data[inp->pos]+1);
+        } else {
+            /* Give up on any version string */
+            buf_setpos(inp, 0);
+        }
+    }
+
+    const unsigned int max_out_packets = *num_out_packets;
+    *num_out_packets = 0;
+    while (1) {
+        if (inp->pos + 4 > inp->len) {
+            /* End of input */
+            break;
+        }
+
+        if (*num_out_packets >= max_out_packets) {
+            /* End of output */
+            break;
+        }
+
+        /* Read packet */
+        unsigned int packet_len = buf_getint(inp);
+        if (packet_len > RECV_MAX_PACKET_LEN-4) {
+            /* Bad length, try skipping a single byte */
+            buf_decrpos(inp, 3);
+            continue;
+        }
+        packet_len = MIN(packet_len, inp->len - inp->pos);
+
+        /* Check the packet length makes sense */
+        if (packet_len >= MIN_PACKET_LEN-4) {
+            /* Copy to output buffer. We're reusing buffers */
+            buffer* new_packet = out_packets[*num_out_packets];
+            (*num_out_packets)++;
+            buf_setlen(new_packet, 0);
+            // packet_len doesn't include itself
+            buf_putint(new_packet, packet_len);
+            buf_putbytes(new_packet, buf_getptr(inp, packet_len), packet_len);
+        }
+        buf_incrpos(inp, packet_len);
+    }
+}
+
+/* Mutate a packet buffer in-place.
+Returns DROPBEAR_FAILURE if it's too short */
+static int buf_llvm_mutate(buffer *buf) {
+    int ret;
+    /* Position it after packet_length and padding_length */
+    const unsigned int offset = 5;
+    buf_setpos(buf, 0);
+    buf_incrwritepos(buf, offset);
+    size_t max_size = buf->size - buf->pos;
+    size_t new_size = LLVMFuzzerMutate(buf_getwriteptr(buf, max_size),
+        buf->len - buf->pos, max_size);
+    size_t new_total = new_size + 1 + 4;
+    // Round down to a block size
+    new_total = new_total - (new_total % dropbear_nocipher.blocksize);
+
+    if (new_total >= 16) {
+        buf_setlen(buf, new_total);
+        // Fix up the length fields
+        buf_setpos(buf, 0);
+        // packet_length doesn't include itself, does include padding_length byte
+        buf_putint(buf, new_size+1);
+        // always just put minimum padding length = 4
+        buf_putbyte(buf, 4);
+        ret = DROPBEAR_SUCCESS;
+    } else {
+        // instead put a fake packet
+        buf_setlen(buf, 0);
+        buf_putbytes(buf, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+        ret = DROPBEAR_FAILURE;
+    }
+    return ret;
+}
+
+
+/* Persistent buffers to avoid constant allocations */
+static buffer *oup;
+static buffer *alloc_packetA;
+static buffer *alloc_packetB;
+static buffer* packets1[MAX_FUZZ_PACKETS];
+static buffer* packets2[MAX_FUZZ_PACKETS];
+
+/* Allocate buffers once at startup.
+   'constructor' here so it runs before dbmalloc's interceptor */
+static void alloc_static_buffers() __attribute__((constructor));
+static void alloc_static_buffers() {
+
+    int i;
+    oup = buf_new(MAX_OUT_SIZE);
+    alloc_packetA = buf_new(RECV_MAX_PACKET_LEN);
+    alloc_packetB = buf_new(RECV_MAX_PACKET_LEN);
+
+    for (i = 0; i < MAX_FUZZ_PACKETS; i++) {
+        packets1[i] = buf_new(RECV_MAX_PACKET_LEN);
+    }
+    for (i = 0; i < MAX_FUZZ_PACKETS; i++) {
+        packets2[i] = buf_new(RECV_MAX_PACKET_LEN);
+    }
+}
+
+size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+              size_t MaxSize, unsigned int Seed) {
+
+    buf_setlen(alloc_packetA, 0);
+    buf_setlen(alloc_packetB, 0);
+    buf_setlen(oup, 0);
+
+    unsigned int i;
+    size_t ret_len;
+    unsigned short randstate[3] = {0,0,0};
+    memcpy(randstate, &Seed, sizeof(Seed));
+
+    // printhex("mutator input", Data, Size);
+
+    /* 0.1% chance straight llvm mutate */
+    // if (nrand48(randstate) % 1000 == 0) {
+    //     ret_len = LLVMFuzzerMutate(Data, Size, MaxSize);
+    //     // printhex("mutator straight llvm", Data, ret_len);
+    //     return ret_len;
+    // }
+
+    buffer inp_buf = {.data = Data, .size = Size, .len = Size, .pos = 0};
+    buffer *inp = &inp_buf;
+
+    /* Parse packets */
+    unsigned int num_packets = MAX_FUZZ_PACKETS;
+    buffer **packets = packets1;
+    fuzz_get_packets(inp, packets, &num_packets);
+
+    if (num_packets == 0) {
+        // Make up a packet, writing direct to the buffer
+        inp->size = MaxSize;
+        buf_setlen(inp, 0);
+        buf_putbytes(inp, FIXED_VERSION, strlen(FIXED_VERSION));
+        buf_putbytes(inp, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+        // printhex("mutator no input", Data, inp->len);
+        return inp->len;
+    }
+
+    /* Start output */
+    /* Put a new banner to output */
+    buf_putbytes(oup, FIXED_VERSION, strlen(FIXED_VERSION));
+
+    /* Iterate output */
+    for (i = 0; i < num_packets+1; i++) {
+        // These are pointers to output
+        buffer *out_packetA = NULL, *out_packetB = NULL;
+        buf_setlen(alloc_packetA, 0);
+        buf_setlen(alloc_packetB, 0);
+
+        /* 2% chance each */
+        const int optA = nrand48(randstate) % 50;
+        if (optA == 0) {
+            /* Copy another */
+            unsigned int other = nrand48(randstate) % num_packets;
+            out_packetA = packets[other];
+            // printf("copy another %d / %d len %u\n", other, num_packets, out_packetA->len);
+        }
+        if (optA == 1) {
+            /* Mutate another */
+            unsigned int other = nrand48(randstate) % num_packets;
+            out_packetA = alloc_packetA;
+            buffer *from = packets[other];
+            buf_putbytes(out_packetA, from->data, from->len);
+            if (buf_llvm_mutate(out_packetA) == DROPBEAR_FAILURE) {
+                out_packetA = NULL;
+            }
+            // printf("mutate another %d / %d len %u -> %u\n", other, num_packets, from->len, out_packetA->len);
+        }
+
+        if (i < num_packets) {
+            int optB = nrand48(randstate) % 100;
+            if (optB == 1) {
+                /* small chance of drop */
+                /* Drop it */
+                //printf("%d drop\n", i);
+            } else { 
+                /* Odds of modification are proportional to packet position.
+                First packet has 20% chance, last has 100% chance */
+                int optC = nrand48(randstate) % 1000;
+                int mutate_cutoff = MAX(200, (1000 * (i+1) / num_packets));
+                if (optC < mutate_cutoff) {
+                    // // printf("%d mutate\n", i);
+                    out_packetB = alloc_packetB;
+                    buffer *from = packets[i];
+                    buf_putbytes(out_packetB, from->data, from->len);
+                    if (buf_llvm_mutate(out_packetB) == DROPBEAR_FAILURE) {
+                        out_packetB = from;
+                    }
+                    // printf("mutate self %d / %d len %u -> %u\n", i, num_packets, from->len, out_packetB->len);
+                } else {
+                    /* Copy as-is */
+                    out_packetB = packets[i];
+                    // printf("%d as-is len %u\n", i, out_packetB->len);
+                } 
+            }
+        }
+
+        if (out_packetA && oup->len + out_packetA->len <= oup->size) {
+            buf_putbytes(oup, out_packetA->data, out_packetA->len);
+        }
+        if (out_packetB && oup->len + out_packetB->len <= oup->size) {
+            buf_putbytes(oup, out_packetB->data, out_packetB->len);
+        }
+    }
+
+    ret_len = MIN(MaxSize, oup->len);
+    memcpy(Data, oup->data, ret_len);
+    // printhex("mutator done", Data, ret_len);
+    return ret_len;
+}
+
+size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
+                                            const uint8_t *Data2, size_t Size2,
+                                            uint8_t *Out, size_t MaxOutSize,
+                                            unsigned int Seed) {
+    unsigned short randstate[3] = {0,0,0};
+    memcpy(randstate, &Seed, sizeof(Seed));
+
+    unsigned int i;
+    buffer inp_buf1 = {.data = (void*)Data1, .size = Size1, .len = Size1, .pos = 0};
+    buffer *inp1 = &inp_buf1;
+    buffer inp_buf2 = {.data = (void*)Data2, .size = Size2, .len = Size2, .pos = 0};
+    buffer *inp2 = &inp_buf2;
+
+    unsigned int num_packets1 = MAX_FUZZ_PACKETS;
+    fuzz_get_packets(inp1, packets1, &num_packets1);
+    unsigned int num_packets2 = MAX_FUZZ_PACKETS;
+    fuzz_get_packets(inp2, packets2, &num_packets2);
+
+    // fprintf(stderr, "input 1 %u packets\n", num_packets1);
+    // printhex("crossover input1", Data1, Size1);
+    // fprintf(stderr, "input 2 %u packets\n", num_packets2);
+    // printhex("crossover input2", Data2, Size2);
+
+    buf_setlen(oup, 0);
+    /* Put a new banner to output */
+    buf_putbytes(oup, FIXED_VERSION, strlen(FIXED_VERSION));
+
+    if (num_packets1 == 0 && num_packets2 == 0) {
+        buf_putbytes(oup, FIXED_IGNORE_MSG, FIXED_IGNORE_MSG_LEN);
+    } else {
+        unsigned int min_out = MIN(num_packets1, num_packets2);
+        unsigned int max_out = num_packets1 + num_packets2;
+        unsigned int num_out = min_out + nrand48(randstate) % (max_out-min_out+1);
+
+        for (i = 0; i < num_out; i++) {
+            unsigned int choose = nrand48(randstate) % (num_packets1 + num_packets2);
+            buffer *p = NULL;
+            if (choose < num_packets1) {
+                p = packets1[choose];
+            } else {
+                p = packets2[choose-num_packets1];
+            }
+            if (oup->len + p->len <= oup->size) {
+                buf_putbytes(oup, p->data, p->len);
+            }
+        }
+    }
+
+    size_t ret_len = MIN(MaxOutSize, oup->len);
+    memcpy(Out, oup->data, ret_len);
+    // printhex("crossover output", Out, ret_len);
+    return ret_len;
+}
+

fuzz/fuzz-wrapfd.c

@@ -0,0 +1,279 @@
+#define FUZZ_SKIP_WRAP 1
+#include "includes.h"
+#include "fuzz-wrapfd.h"
+
+#include "dbutil.h"
+
+#include "fuzz.h"
+
+#define IOWRAP_MAXFD (FD_SETSIZE-1)
+static const int MAX_RANDOM_IN = 50000;
+static const double CHANCE_CLOSE = 1.0 / 600;
+static const double CHANCE_INTR = 1.0 / 900;
+static const double CHANCE_READ1 = 0.96;
+static const double CHANCE_READ2 = 0.5;
+static const double CHANCE_WRITE1 = 0.96;
+static const double CHANCE_WRITE2 = 0.5;
+
+struct fdwrap {
+	enum wrapfd_mode mode;
+	int closein;
+	int closeout;
+};
+
+static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {{UNUSED, 0, 0}};
+static int wrapfd_maxfd = -1;
+static unsigned short rand_state[3];
+static buffer *input_buf;
+static int devnull_fd = -1;
+
+static void wrapfd_remove(int fd);
+
+void wrapfd_setup(buffer *buf) {
+	TRACE(("wrapfd_setup"))
+
+	// clean old ones
+	int i;
+	for (i = 0; i <= wrapfd_maxfd; i++) {
+		if (wrap_fds[i].mode != UNUSED) {
+			wrapfd_remove(i);
+		}
+	}
+	wrapfd_maxfd = -1;
+
+	memset(rand_state, 0x0, sizeof(rand_state));
+	wrapfd_setseed(50);
+	input_buf = buf;
+}
+
+void wrapfd_setseed(uint32_t seed) {
+	memcpy(rand_state, &seed, sizeof(seed));
+	nrand48(rand_state);
+}
+
+int wrapfd_new_fuzzinput() {
+	if (devnull_fd == -1) {
+		devnull_fd = open("/dev/null", O_RDONLY);
+		assert(devnull_fd != -1);
+	}
+
+	int fd = dup(devnull_fd);
+	assert(fd != -1);
+	assert(wrap_fds[fd].mode == UNUSED);
+	wrap_fds[fd].mode = COMMONBUF;
+	wrap_fds[fd].closein = 0;
+	wrap_fds[fd].closeout = 0;
+	wrapfd_maxfd = MAX(fd, wrapfd_maxfd);
+
+	return fd;
+}
+
+int wrapfd_new_dummy() {
+	if (devnull_fd == -1) {
+		devnull_fd = open("/dev/null", O_RDONLY);
+		assert(devnull_fd != -1);
+	}
+
+	int fd = dup(devnull_fd);
+	if (fd == -1) {
+		return -1;
+	}
+	if (fd > IOWRAP_MAXFD) {
+		close(fd);
+		errno = EMFILE;
+		return -1;
+	}
+	assert(wrap_fds[fd].mode == UNUSED);
+	wrap_fds[fd].mode = DUMMY;
+	wrap_fds[fd].closein = 0;
+	wrap_fds[fd].closeout = 0;
+	wrapfd_maxfd = MAX(fd, wrapfd_maxfd);
+
+	return fd;
+}
+
+
+static void wrapfd_remove(int fd) {
+	TRACE(("wrapfd_remove %d", fd))
+	assert(fd >= 0);
+	assert(fd <= IOWRAP_MAXFD);
+	assert(wrap_fds[fd].mode != UNUSED);
+	wrap_fds[fd].mode = UNUSED;
+	close(fd);
+}
+
+int wrapfd_close(int fd) {
+	if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) {
+		wrapfd_remove(fd);
+		return 0;
+	} else {
+		return close(fd);
+	}
+}
+
+int wrapfd_read(int fd, void *out, size_t count) {
+	size_t maxread;
+
+	if (!fuzz.wrapfds) {
+		return read(fd, out, count);
+	}
+
+	if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) {
+		/* XXX - assertion failure? */
+		TRACE(("Bad read descriptor %d\n", fd))
+		errno = EBADF;
+		return -1;
+	}
+
+	assert(count != 0);
+
+	if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) {
+		wrap_fds[fd].closein = 1;
+		errno = ECONNRESET;
+		return -1;
+	}
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	if (input_buf && wrap_fds[fd].mode == COMMONBUF) {
+		maxread = MIN(input_buf->len - input_buf->pos, count);
+		/* returns 0 if buf is EOF, as intended */
+		if (maxread > 0) {
+			maxread = nrand48(rand_state) % maxread + 1;
+		}
+		memcpy(out, buf_getptr(input_buf, maxread), maxread);
+		buf_incrpos(input_buf, maxread);
+		return maxread;
+	}
+
+	// return fixed output, of random length
+	maxread = MIN(MAX_RANDOM_IN, count);
+	maxread = nrand48(rand_state) % maxread + 1;
+	memset(out, 0xef, maxread);
+	return maxread;
+}
+
+int wrapfd_write(int fd, const void* in, size_t count) {
+	unsigned const volatile char* volin = in;
+	unsigned int i;
+
+	if (!fuzz.wrapfds) {
+		return write(fd, in, count);
+	}
+
+	if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) {
+		/* XXX - assertion failure? */
+		TRACE(("Bad read descriptor %d\n", fd))
+		errno = EBADF;
+		return -1;
+	}
+
+	assert(count != 0);
+
+	/* force read to exercise sanitisers */
+	for (i = 0; i < count; i++) {
+		(void)volin[i];
+	}
+
+	if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) {
+		wrap_fds[fd].closeout = 1;
+		errno = ECONNRESET;
+		return -1;
+	}
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	return nrand48(rand_state) % (count+1);
+}
+
+int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, 
+	fd_set *exceptfds, struct timeval *timeout) {
+	int i, nset, sel;
+	int ret = 0;
+	int fdlist[IOWRAP_MAXFD+1];
+
+	if (!fuzz.wrapfds) {
+		return select(nfds, readfds, writefds, exceptfds, timeout);
+	}
+
+	assert(nfds <= IOWRAP_MAXFD+1);
+
+	if (erand48(rand_state) < CHANCE_INTR) {
+		errno = EINTR;
+		return -1;
+	}
+
+	/* read */
+	if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) {
+		for (i = 0, nset = 0; i < nfds; i++) {
+			if (FD_ISSET(i, readfds)) {
+				assert(wrap_fds[i].mode != UNUSED);
+				fdlist[nset] = i;
+				nset++;
+			}
+		}
+		DROPBEAR_FD_ZERO(readfds);
+
+		if (nset > 0) {
+			/* set one */
+			sel = fdlist[nrand48(rand_state) % nset];
+			FD_SET(sel, readfds);
+			ret++;
+
+			if (erand48(rand_state) < CHANCE_READ2) {
+				sel = fdlist[nrand48(rand_state) % nset];
+				if (!FD_ISSET(sel, readfds)) {
+					FD_SET(sel, readfds);
+					ret++;
+				}
+			}
+		}
+	}
+
+	/* write */
+	if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) {
+		for (i = 0, nset = 0; i < nfds; i++) {
+			if (FD_ISSET(i, writefds)) {
+				assert(wrap_fds[i].mode != UNUSED);
+				fdlist[nset] = i;
+				nset++;
+			}
+		}
+		DROPBEAR_FD_ZERO(writefds);
+
+		/* set one */
+		if (nset > 0) {
+			sel = fdlist[nrand48(rand_state) % nset];
+			FD_SET(sel, writefds);
+			ret++;
+
+			if (erand48(rand_state) < CHANCE_WRITE2) {
+				sel = fdlist[nrand48(rand_state) % nset];
+				if (!FD_ISSET(sel, writefds)) {
+					FD_SET(sel, writefds);
+					ret++;
+				}
+			}
+		}
+	}
+	return ret;
+}
+
+int fuzz_kill(pid_t pid, int sig) {
+	if (fuzz.fuzzing) {
+		TRACE(("fuzz_kill ignoring pid %d signal %d", (pid), sig))
+		if (sig >= 0) {
+			return 0;
+		} else {
+			errno = EINVAL;
+			return -1;
+		}
+	}
+	return kill(pid, sig);
+}

fuzz/fuzzer-cliconf.c

@@ -0,0 +1,79 @@
+/* fuzz target for cli-readconf.c */
+
+#include "fuzz.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+	/* Set up commandline args */
+	char* args[2] = { "dbclient", "far" };
+	cli_getopts(2, args);
+}
+
+// Needs to be outside so it doesn't get optimised away for the setjmp().
+// volatile doesn't seem to work, unsure why.
+static FILE *conf_file = NULL;
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+
+		/* remotehost most be set before config parsing */
+		m_free(cli_opts.remotehost);
+		cli_opts.remotehost = m_strdup("far");
+		/* optional arguments */
+		if (buf_getbool(fuzz.input)) {
+			m_free(cli_opts.username);
+			cli_opts.username = m_strdup("someone");
+		}
+		if (buf_getbool(fuzz.input)) {
+			m_free(cli_opts.remoteport);
+			cli_opts.remoteport = m_strdup("999");
+		}
+
+		buffer *conf_buf = buf_getstringbuf(fuzz.input);
+		if (conf_buf->len > 0)
+		{
+			conf_file = fmemopen(conf_buf->data, conf_buf->len, "r");
+			read_config_file("fuzz", conf_file, &cli_opts);
+			fclose(conf_file);
+			conf_file = NULL;
+		}
+		buf_free(conf_buf);
+
+		m_free(cli_opts.remotehost);
+		m_free(cli_opts.remoteport);
+		m_free(cli_opts.username);
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		// Cleanup
+		if (conf_file) {
+			fclose(conf_file);
+			conf_file = NULL;
+		}
+
+		m_free(cli_opts.remotehost);
+		m_free(cli_opts.remoteport);
+		m_free(cli_opts.username);
+
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-client.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_client(Data, Size, 0);
+}
+

fuzz/fuzzer-client_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_client(Data, Size, 1);
+}
+

fuzz/fuzzer-kexcurve25519.c

@@ -0,0 +1,69 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static struct key_context* keep_newkeys = NULL;
+/* An arbitrary limit */
+#define NUM_PARAMS 80
+static struct kex_curve25519_param *curve25519_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256");
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		curve25519_params[i] = gen_kexcurve25519_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_CURVE25519 */
+		ses.newkeys = keep_newkeys;
+
+		/* Choose from the collection of curve25519 params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_curve25519_param *curve25519_param = curve25519_params[e % NUM_PARAMS];
+
+		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexcurve25519_comb_key(curve25519_param, ecdh_qs, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		buf_free(ecdh_qs);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-kexdh.c

@@ -0,0 +1,72 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static struct key_context* keep_newkeys = NULL;
+#define NUM_PARAMS 80
+static struct kex_dh_param *dh_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "diffie-hellman-group14-sha256");
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		dh_params[i] = gen_kexdh_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_NORMAL_DH */
+		ses.newkeys = keep_newkeys;
+
+		/* Choose from the collection of ecdh params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_dh_param * dh_param = dh_params[e % NUM_PARAMS];
+
+		DEF_MP_INT(dh_e);
+		m_mp_init(&dh_e);
+		if (buf_getmpint(fuzz.input, &dh_e) != DROPBEAR_SUCCESS) {
+			dropbear_exit("Bad kex value");
+		}
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		mp_clear(&dh_e);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-kexecdh.c

@@ -0,0 +1,82 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "runopts.h"
+#include "algo.h"
+#include "bignum.h"
+
+static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */
+static struct key_context* keep_newkeys = NULL;
+/* number of generated parameters. An arbitrary limit, but will delay startup */
+#define NUM_PARAMS 80
+static struct kex_ecdh_param *ecdh_params[NUM_PARAMS];
+
+static void setup() __attribute__((constructor));
+// Perform initial setup here to avoid hitting timeouts on first run
+static void setup() {
+	fuzz_common_setup();
+	fuzz_svr_setup();
+
+	/* ses gets zeroed by fuzz_set_input */
+	keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	ecdh[0] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp256");
+	ecdh[1] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp384");
+	ecdh[2] = fuzz_get_algo(sshkex, "ecdh-sha2-nistp521");
+	assert(ecdh[0]);
+	assert(ecdh[1]);
+	assert(ecdh[2]);
+	keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
+	ses.newkeys = keep_newkeys;
+
+	/* Pre-generate parameters */
+	int i;
+	for (i = 0; i < NUM_PARAMS; i++) {
+		ses.newkeys->algo_kex = ecdh[i % 3];
+		ecdh_params[i] = gen_kexecdh_param();
+	}
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		/* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() 
+		with DROPBEAR_KEX_ECDH */
+		ses.newkeys = keep_newkeys;
+
+		/* random choice of ecdh 256, 384, 521 */
+		unsigned char b = buf_getbyte(fuzz.input);
+		ses.newkeys->algo_kex = ecdh[b % 3];
+
+		/* Choose from the collection of ecdh params */
+		unsigned int e = buf_getint(fuzz.input);
+		struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS];
+
+		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
+
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
+		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
+
+		mp_clear(ses.dh_K);
+		m_free(ses.dh_K);
+		buf_free(ecdh_qs);
+
+		buf_free(ses.hash);
+		buf_free(ses.session_id);
+		/* kexhashbuf is freed in kexdh_comb_key */
+
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-postauth_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 1, 1);
+}
+

fuzz/fuzzer-preauth.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 0, 0);
+}
+

fuzz/fuzzer-preauth_nomaths.c

@@ -0,0 +1,6 @@
+#include "fuzz.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	return fuzz_run_server(Data, Size, 1, 0);
+}
+

fuzz/fuzzer-pubkey.c

@@ -0,0 +1,54 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		buffer *line = buf_getstringbuf(fuzz.input);
+		buffer *keyblob = buf_getstringbuf(fuzz.input);
+
+		unsigned int algolen;
+		char* algoname = buf_getstring(keyblob, &algolen);
+
+		if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) {
+			dropbear_exit("fuzzer imagined a bogus algorithm");
+		}
+
+		int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
+			algoname, algolen,
+			keyblob->data, keyblob->len);
+
+		if (ret == DROPBEAR_SUCCESS) {
+			/* fuzz_checkpubkey_line() should have cleaned up for failure */
+			svr_pubkey_options_cleanup();
+		}
+
+		buf_free(line);
+		buf_free(keyblob);
+		m_free(algoname);
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzz/fuzzer-verify.c

@@ -0,0 +1,95 @@
+#include "fuzz.h"
+#include "session.h"
+#include "fuzz-wrapfd.h"
+#include "debug.h"
+#include "dss.h"
+#include "ed25519.h"
+
+static void setup_fuzzer(void) {
+	fuzz_common_setup();
+}
+
+static buffer *verifydata;
+
+/* Tests reading a public key and verifying a signature */
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+	static int once = 0;
+	if (!once) {
+		setup_fuzzer();
+		verifydata = buf_new(30);
+		buf_putstring(verifydata, "x", 1);
+		once = 1;
+	}
+
+	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
+	m_malloc_set_epoch(1);
+
+	if (setjmp(fuzz.jmp) == 0) {
+		sign_key *key = new_sign_key();
+		enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY;
+		if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) {
+			enum signature_type sigtype;
+			if (keytype == DROPBEAR_SIGNKEY_RSA) {
+				/* Flip a coin to decide rsa signature type */
+				int flag = buf_getbyte(fuzz.input);
+				if (flag & 0x01) {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA256;
+				} else {
+					sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
+				}
+			} else {
+				sigtype = signature_type_from_signkey(keytype);
+			}
+			if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) {
+				/* The fuzzer is capable of generating keys with a signature to match.
+				We don't want false positives if the key is bogus, since a client/server 
+				wouldn't be trusting a bogus key anyway */
+				int boguskey = 0;
+
+				if (keytype == DROPBEAR_SIGNKEY_DSS) {
+					/* So far have seen dss keys with bad p/q/g domain parameters */
+					int pprime, qprime, trials;
+					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p));
+					assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY);
+					trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q));
+					assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY);
+					boguskey = !(pprime && qprime);
+					/* Could also check g**q mod p == 1 */
+				}
+
+				if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) {
+					dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
+					if (eck && *eck) {
+						int i;
+						/* we've seen all-zero keys validate */
+						boguskey = 1;
+						for (i = 0; i < CURVE25519_LEN; i++) {
+							if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) {
+								boguskey = 0;
+							}
+						}
+
+					}
+				}
+
+				if (!boguskey) {
+					printf("Random key/signature managed to verify!\n");
+					abort();
+				}
+
+
+			}
+		}
+		sign_key_free(key);
+		m_malloc_free_epoch(1, 0);
+	} else {
+		m_malloc_free_epoch(1, 1);
+		TRACE(("dropbear_exit longjmped"))
+		/* dropbear_exit jumped here */
+	}
+
+	return 0;
+}

fuzzers_test.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# runs fuzz corpus with standalone fuzzers
+
+result=0
+
+test -d fuzzcorpus && hg --repository fuzzcorpus/ pull || hg clone https://hg.ucc.asn.au/dropbear-fuzzcorpus fuzzcorpus || exit 1
+for f in `make list-fuzz-targets`; do
+    # use xargs to split the too-long argument list
+    # -q quiet because travis has a logfile limit
+    echo fuzzcorpus/$f/* | xargs -n 1000 ./$f -q || result=1
+done
+
+exit $result

kex.h

@@ -1,69 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _KEX_H_
-#define _KEX_H_
-
-#include "includes.h"
-#include "algo.h"
-
-void send_msg_kexinit();
-void recv_msg_kexinit();
-void send_msg_newkeys();
-void recv_msg_newkeys();
-void kexfirstinitialise();
-void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv);
-void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
-		sign_key *hostkey);
-
-void recv_msg_kexdh_init(); // server
-
-void send_msg_kexdh_init(); // client
-void recv_msg_kexdh_reply(); // client
-
-extern const unsigned char dh_p_val[];
-#define DH_P_LEN 128 /* The length of the dh_p_val array */
-
-extern const int DH_G_VAL; /* == 2 */
-
-struct KEXState {
-
-	unsigned sentkexinit : 1; /*set when we've sent/recv kexinit packet */
-	unsigned recvkexinit : 1;
-	unsigned firstfollows : 1; /* true when first_kex_packet_follows is set */
-	unsigned sentnewkeys : 1; /* set once we've send/recv'ed MSG_NEWKEYS*/
-	unsigned recvnewkeys : 1;
-
-	unsigned donefirstkex : 1; /* Set to 1 after the first kex has completed,
-								  ie the transport layer has been set up */
-
-	long lastkextime; /* time of the last kex */
-	unsigned int datatrans; /* data transmitted since last kex */
-	unsigned int datarecv; /* data received since last kex */
-
-};
-
-#define MAX_KEXHASHBUF 2000
-
-#endif /* _KEX_H_ */

libtomcrypt/.travis.yml

@@ -0,0 +1,135 @@
+dist: trusty
+sudo: required
+
+language: c
+
+addons:
+  apt:
+    sources:
+    - ubuntu-toolchain-r-test
+    - llvm-toolchain-precise-3.8
+    packages:
+    - clang-3.8
+
+install:
+    - sudo apt-get update -qq
+    - sudo apt-get install libtommath-dev
+
+before_script:
+  - gem install coveralls-lcov
+  - curl http://ftp.de.debian.org/debian/pool/main/l/lcov/lcov_1.11.orig.tar.gz | tar xz
+  - export PATH=$PATH:`pwd`/lcov-1.11/bin
+  - curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
+  - sudo apt-get install libtfm-dev=0.13-5
+
+matrix:
+  fast_finish: true
+branches:
+  only:
+    - master
+    - develop
+    - /^release\/.*$/
+
+compiler:
+  - gcc
+  - clang
+script:
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile V=1"        "-DUSE_LTM -DLTM_DESC" "-ltommath"
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile.shared V=1" "-DUSE_TFM -DTFM_DESC" "-ltfm"
+env:
+  - |
+    BUILDSCRIPT="check_source.sh"
+    BUILDNAME="CHECK_SOURCES"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="scan_build.sh"
+    BUILDNAME="SCAN_BUILD"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="coverage.sh"
+    BUILDNAME="COVERAGE"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="STOCK"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="EASY"
+    BUILDOPTIONS="-DLTC_EASY"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL+NOTABLES"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST"
+    BUILDOPTIONS="-DLTC_NO_FAST"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_FAST -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_ASM"
+    BUILDOPTIONS="-DLTC_NO_ASM"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="PTHREAD"
+    BUILDOPTIONS="-DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+PTHREAD"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOTEST"
+    BUILDOPTIONS="-DLTC_NO_TEST"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOFILE"
+    BUILDOPTIONS="-DLTC_NO_FILE"
+
+after_failure:
+  - cat test_std.txt
+  - cat test_err.txt
+  - cat tv.txt
+
+after_script:
+  - cat gcc_1.txt
+  - cat gcc_2.txt
+
+notifications:
+  irc: "chat.freenode.net#libtom-notifications"

libtomcrypt/LICENSE

@@ -0,0 +1,29 @@
+LibTomCrypt is licensed under DUAL licensing terms.
+
+Choose and use the license of your needs.
+
+[LICENSE #1]
+
+LibTomCrypt is public domain.  As should all quality software be.
+
+Tom St Denis
+
+[/LICENSE #1]
+
+[LICENSE #2]
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO. 
+
+[/LICENSE #2]

libtomcrypt/Makefile.in

@@ -0,0 +1,299 @@
+# MAKEFILE that is intended to be compatible with any kind of make (GNU make, BSD make, ...)
+# works on: Linux, *BSD, Cygwin, AIX, HP-UX and hopefully other UNIX systems
+#
+# Please do not use here neither any special make syntax nor any unusual tools/utilities!
+#
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
+
+### USAGE:
+#
+# make -f makefile.unix all
+# ./test
+# make -f makefile.unix install
+#
+#Or:
+#
+# make -f makefile.unix CFLAGS="-O3 -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+# ./test
+# make -f makefile.unix PREFIX=/opt/libtom install
+#
+#Or if you are using Intel C compiler you might need something like:
+#
+# make -f makefile.unix CC=icc AR=xiar CFLAGS="-fast -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+#
+
+# Dropbear can build out of tree
+VPATH=@srcdir@
+srcdir=@srcdir@
+
+#The following can be overridden from command line e.g. "make -f makefile.unix CC=gcc ARFLAGS=rcs"
+DESTDIR   =
+PREFIX    = /usr/local
+LIBPATH   = $(PREFIX)/lib
+INCPATH   = $(PREFIX)/include
+DATAPATH  = $(PREFIX)/share/doc/libtomcrypt/pdf
+BINPATH   = $(PREFIX)/bin
+# Dropbear passes paths from parent makefile
+#CC        = cc
+#AR        = ar
+ARFLAGS   = r
+#RANLIB    = ranlib
+#CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
+EXTRALIBS = ../libtommath/libtommath.a
+
+#Compilation flags
+LTC_CFLAGS  = -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../src -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/ $(CFLAGS) $(CPPFLAGS)
+LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
+VERSION=1.18.1
+
+#Libraries to be created (this makefile builds only static libraries)
+LIBMAIN_S =libtomcrypt.a
+
+#List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
+src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
+src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
+src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
+src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
+src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o \
+src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
+src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
+src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
+src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
+src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
+src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
+src/pk/katja/katja_decrypt_key.o src/pk/katja/katja_encrypt_key.o src/pk/katja/katja_export.o \
+src/pk/katja/katja_exptmod.o src/pk/katja/katja_free.o src/pk/katja/katja_import.o \
+src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
+src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
+
+#List of test objects to compile (all goes to libtomcrypt_prof.a)
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
+
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
+
+#The default rule for make builds the libtomcrypt.a library (static)
+default: $(LIBMAIN_S)
+
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
+src/ciphers/aes/aes_enc.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c $(srcdir)/src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#SPECIAL: these are the rules to make certain object files
+src/ciphers/aes/aes.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: $(srcdir)/src/ciphers/twofish/twofish.c $(srcdir)/src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: $(srcdir)/src/hashes/whirl/whirl.c $(srcdir)/src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.o: $(srcdir)/src/hashes/sha2/sha256.c $(srcdir)/src/hashes/sha2/sha224.c
+
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
+
+#This is necessary for compatibility with BSD make (namely on OpenBSD)
+.SUFFIXES: .o .c
+.c.o:
+	$(CC) $(LTC_CFLAGS) -c $< -o $@
+
+#Create libtomcrypt.a
+$(LIBMAIN_S): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
+	$(RANLIB) $@
+
+#Demo tools/utilities
+hashsum: demos/hashsum.o $(LIBMAIN_S)
+	$(CC) demos/hashsum.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+ltcrypt: demos/ltcrypt.o $(LIBMAIN_S)
+	$(CC) demos/ltcrypt.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+small: demos/small.o $(LIBMAIN_S)
+	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+tv_gen: demos/tv_gen.o $(LIBMAIN_S)
+	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+timing: demos/timing.o $(LIBMAIN_S)
+	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+
+#Tests
+test: $(TOBJECTS) $(LIBMAIN_S)
+	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+	@echo "NOTICE: start the tests by: ./test"
+
+all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen sizes constants timing test
+
+#NOTE: this makefile works also on cygwin, thus we need to delete *.exe
+clean:
+	-@rm -f $(OBJECTS) $(TOBJECTS)
+	-@rm -f $(LIBMAIN_S)
+	-@rm -f demos/*.o *_tv.txt
+	-@rm -f test constants sizes tv_gen hashsum ltcrypt small timing
+	-@rm -f test.exe constants.exe sizes.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
+
+#Install the library + headers
+install: $(LIBMAIN_S) $(HEADERS)
+	@mkdir -p $(DESTDIR)$(INCPATH) $(DESTDIR)$(LIBPATH)/pkgconfig
+	@cp $(LIBMAIN_S) $(DESTDIR)$(LIBPATH)/
+	@cp $(HEADERS) $(DESTDIR)$(INCPATH)/
+	@sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION),' libtomcrypt.pc.in > $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
+
+#Install useful tools
+install_bins: hashsum
+	@mkdir -p $(DESTDIR)$(BINPATH)
+	@cp hashsum $(DESTDIR)$(BINPATH)/
+
+#Install documentation
+install_docs: doc/crypt.pdf
+	@mkdir -p $(DESTDIR)$(DATAPATH)
+	@cp doc/crypt.pdf $(DESTDIR)$(DATAPATH)/

libtomcrypt/README

@@ -0,0 +1,3 @@
+See doc/crypt.pdf
+
+

libtomcrypt/TODO

@@ -0,0 +1,3 @@
+for 1.18
+- document new ECC functions
+- add test for new functions

libtomcrypt/build.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+echo "$1 ($2, $3)..."
+
+make clean 1>/dev/null 2>/dev/null
+
+echo -n "building..."
+
+if [ -f /proc/cpuinfo ]
+then
+  MAKE_JOBS=$(( ($(cat /proc/cpuinfo | grep -E '^processor[[:space:]]*:' | tail -n -1 | cut -d':' -f2) + 1) * 2 + 1 ))
+else
+  MAKE_JOBS=8
+fi
+
+CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j$MAKE_JOBS -f $3 all_test 1>gcc_1.txt 2>gcc_2.txt
+mret=$?
+cnt=$(wc -l < gcc_2.txt)
+# ignore 1 line since ar prints to stderr instead of stdout and ar is called for
+# $(LIBNAME)
+if [[ $mret -ne 0 ]] || [[ $cnt -gt 1 ]]; then
+   echo "build $1 failed! printing gcc_2.txt now for convenience"
+   cat gcc_2.txt
+   exit 1
+fi
+
+echo -n "testing..."
+
+if [ -a test ] && [ -f test ] && [ -x test ]; then
+   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
+   if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
+      for f in *_tv.txt; do
+         # check for lines starting with '<' ($f might be a subset of notes/$f)
+         difftroubles=$(diff -i -w -B $f notes/$f | grep '^<')
+         if [ -n "$difftroubles" ]; then
+            echo "FAILURE: $f"
+            diff -i -w -B $f notes/$f
+            echo "tv_gen $f failed" && rm -f testok.txt && exit 1
+         else
+            true
+         fi
+      done
+   fi
+fi
+
+
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   if [ "$LTC_COVERAGE" != "" ]; then
+      ./coverage_more.sh > test_coverage_more.txt || exit 1
+      lcov_opts="--capture --no-external --directory src -q"
+      lcov_out=$(echo coverage_$1_$2_$3 | tr ' -=+' '_')".info"
+      lcov $lcov_opts --output-file $lcov_out
+   fi
+   exit 0
+fi
+exit 1
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/check_source.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# output version
+bash printinfo.sh
+
+make clean > /dev/null
+
+echo "checking..."
+./helper.pl --check-source --check-makefiles --check-defines|| exit 1
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -e
+
+if [ "$TRAVIS_CI" == "private" ]; then
+    exit 0
+fi
+
+if [ "$#" != "5" ]; then
+    echo "Usage is: ${0} \"coverage\" \"<prepend CFLAGS>\" \"<makefile>\" \"<append CFLAGS>\" <math library to link to>"
+    echo "CC=gcc ${0} \"coverage\" \" \" \"makefile\" \"-DUSE_LTM -DLTM_DESC -I../libtommath\" ../libtommath/libtommath.a"
+    exit -1
+fi
+
+if [ -z "$(echo $CC | grep "gcc")" ]; then
+    echo "no gcc detected, early exit success"
+    exit 0
+fi
+
+if [ "$(echo $3 | grep -v 'makefile[.]')" == "" ]; then
+    echo "only run $0 for the regular makefile, early exit success"
+    exit 0
+fi
+
+# output version
+bash printinfo.sh
+
+bash build.sh " $1" " $2" " $3 COVERAGE=1" "$4" "$5"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+   echo
+   echo "Test failed"
+   exit 1
+fi
+
+./coverage_more.sh > test_coverage_more.txt || { rm -f testok.txt && exit 1 ; }
+
+make lcov-single
+# if this was executed as './coverage.sh ...' create coverage locally
+if [[ "${0%% *}" == "./${0##*/}" ]]; then
+   make lcov-html
+else
+   coveralls-lcov coverage.info
+fi
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage_more.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+./sizes
+./constants
+
+for i in $(for j in $(echo $(./hashsum -h | awk '/Algorithms/,EOF' | tail -n +2)); do echo $j; done | sort); do echo -n "$i: " && ./hashsum -a $i tests/test.key ; done > hashsum_tv.txt
+difftroubles=$(diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt | grep '^<') || true
+if [ -n "$difftroubles" ]; then
+  echo "FAILURE: hashsum_tv.tx"
+  diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt
+  echo "hashsum failed"
+  exit 1
+else
+  echo "hashsum okay"
+fi
+
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverity.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+if [ $# -lt 2 ]
+then
+  echo "usage is: ${0##*/} <path to coverity scan> <extra compiler options>"
+  echo "e.g. \"${0##*/} \"/usr/local/bin/coverity\" \"-DLTM_DESC -I/path/to/libtommath/\"\""
+  exit -1
+fi
+
+PATH=$PATH:$1/bin
+
+make clean
+rm -r cov-int/
+
+myCflags=""
+myCflags="$myCflags -O2 ${2}"
+myCflags="$myCflags -pipe -Werror -Wpointer-arith -Winit-self -Wextra -Wall -Wformat -Wformat-security"
+
+CFLAGS="$myCflags" cov-build --dir cov-int  make -f makefile.unix $MAKE_OPTS IGNORE_SPEED=1 1>gcc_1.txt
+
+if [ $? -ne 0 ]
+then
+  echo "make failed"
+  exit -1
+fi
+
+# zipup everything
+tar caf libtomcrypt.lzma cov-int
+
+mytoken=$(cat .coverity_token)
+mymail=$(cat .coverity_mail)
+myversion=$(git describe --dirty)
+
+curl -k --form project=libtomcrypt \
+  --form token=${mytoken} \
+  --form email=${mymail} \
+  --form file=@libtomcrypt.lzma \
+  --form version=\"${myversion}\" \
+  --form description="\"libtomcrypt version ${myversion}\"" \
+  https://scan.coverity.com/builds?project=libtom%2Flibtomcrypt

libtomcrypt/crypt.lof

@@ -0,0 +1,24 @@
+\addvspace {10\p@ }
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {2.1}{\ignorespaces Load And Store Macros}}{9}{figure.2.1}
+\contentsline {figure}{\numberline {2.2}{\ignorespaces Rotate Macros}}{9}{figure.2.2}
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {3.1}{\ignorespaces Built--In Software Ciphers}}{19}{figure.3.1}
+\contentsline {figure}{\numberline {3.2}{\ignorespaces Twofish Build Options}}{21}{figure.3.2}
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {4.1}{\ignorespaces Built--In Software Hashes}}{59}{figure.4.1}
+\addvspace {10\p@ }
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {6.1}{\ignorespaces List of Provided PRNGs}}{84}{figure.6.1}
+\addvspace {10\p@ }
+\addvspace {10\p@ }
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {9.1}{\ignorespaces DSA Key Sizes}}{121}{figure.9.1}
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {10.1}{\ignorespaces List of ASN.1 Supported Types}}{129}{figure.10.1}
+\addvspace {10\p@ }
+\addvspace {10\p@ }
+\contentsline {figure}{\numberline {12.1}{\ignorespaces RSA/DH Key Strength}}{151}{figure.12.1}
+\contentsline {figure}{\numberline {12.2}{\ignorespaces ECC Key Strength}}{151}{figure.12.2}
+\addvspace {10\p@ }
+\addvspace {10\p@ }

libtomcrypt/demos/constants.c

@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+
+/**
+  @file demo_crypt_constants.c
+
+  Demo how to get various constants to dynamic languages
+  like Python
+
+  Larry Bugbee, February 2013
+*/
+
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific constant name, get and print its value */
+      char name[] = "CTR_COUNTER_BIG_ENDIAN";
+      int value;
+      char *names_list;
+      unsigned int names_list_len;
+
+      if (crypt_get_constant(name, &value) != 0) exit(EXIT_FAILURE);
+      printf("\n  %s is %d \n\n", name, value);
+
+      /* get and print the length of the names (and values) list */
+
+      if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", names_list_len);
+
+      /* get and print the names (and values) list */
+      if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported constants:\n\n%s\n\n", names_list);
+      free(names_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all constants");
+         _print_line("-s name", "List a single constant given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *names_list;
+         unsigned int names_list_len;
+         /* get and print the length of the names (and values) list */
+         if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and values) list */
+         if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+         if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", names_list);
+         free(names_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         int value;
+         if (crypt_get_constant(argv[2], &value) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], value);
+      }
+   }
+
+   return 0;
+}
+
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/demo_dynamic.py

@@ -0,0 +1,309 @@
+
+
+"""
+    demo_dynamic.py                                    v2b
+
+    This program demonstrates Python's use of the dynamic
+    language support additions to LTC, namely access to LTC
+    constants, struct and union sizes, and the binding of a
+    math package to LTC.  Also provided are simple code
+    fragments to illustrate how one might write a Python
+    wrapper for LTC and how an app might call the wrapper.
+    This or a similar model should work for Ruby and other
+    dynamic languages.
+
+    This instance uses Python's ctypes and requires a single
+    .dylib linking together LTC and a math library.  Building
+    a single .dylib is needed because LTC wants a fairly tight
+    relationship between itself and the mathlib.  (ctypes can
+    load multiple .dylibs, but it does not support this level
+    of tight coupling between otherwise independent libraries.)
+
+    My .dylib was created on OSX/macOS with the following:
+        sudo make -j5 -f makefile.shared                        \
+            CFLAGS="-DUSE_TFM -DTFM_DESC -I/usr/local/include"  \
+            EXTRALIBS=/usr/local/lib/libtfm.a  install
+
+    For python 2.7.12 on Ubuntu Xenial the following worked for
+    me (without MPI support):
+        sudo make -f makefile.shared install PREFIX="/usr"
+
+    Reminder: you don't need to bind in a math library unless
+              you are going to use LTC functions that need a
+              mathlib.  For example, public key crypto requires
+              a mathlib; hashing and symmetric encryption do not.
+
+    ------
+
+    This code was originally written for Python 2.7 with the
+    ctypes standard library.  This version is modified to run
+    under both Python 2.7 and 3.6.
+
+    Arguably the biggest change for Python3 has to do with
+    strings.  Under Python2, native strings are ASCII bytes and
+    passing them to LTC is natural and requires no conversion.
+    Under Python3 all native strings are Unicode which requires
+    they be converted to bytes before use by LTC.
+
+    Note the following for Python3.
+        - ASCII keys, IVs and other string arguments must be
+          'bytes'.  Define them with a 'b' prefix or convert
+          via the 'bytes()' function.
+        - "strings" returned from LTC are bytes and conversion
+          to Unicode might be necessary for proper printing.
+          If so, use <string>.decode('utf-8').
+        - The Python2 'print' statement becomes a function in
+          Python3 which requires parenthesis, eg. 'print()'.
+
+    NB: Unicode is achieved under Python2 by either defining
+        a Unicode string with a 'u' prefix or passing ASCII
+        strings thru the 'unicode()' function.
+
+    Larry Bugbee
+    March 2014      v1
+    August 2017     v2b
+
+"""
+
+
+import sys
+from ctypes import *
+from ctypes.util import find_library
+
+# switches to enable/disable selected output
+SHOW_ALL_CONSTANTS      = True
+SHOW_ALL_SIZES          = True
+SHOW_SELECTED_CONSTANTS = True
+SHOW_SELECTED_SIZES     = True
+SHOW_BUILD_OPTIONS_ALGS = True
+SHOW_SHA256_EXAMPLE     = True
+SHOW_CHACHA_EXAMPLE     = True
+
+print(' ')
+print('  demo_dynamic.py')
+
+def inprint(s, indent=0):
+    "prints strings indented, including multline strings"
+    for line in s.split('\n'):
+        print(' '*indent + line)
+
+#-------------------------------------------------------------------------------
+# load the .dylib
+
+libname = 'tomcrypt'
+libpath = find_library(libname)
+print(' ')
+print('  path to library %s: %s' % (libname, libpath))
+
+LTC = cdll.LoadLibrary(libpath)
+print('  loaded: %s' % LTC)
+print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get list of all supported constants followed by a list of all
+# supported sizes.  One alternative: these lists may be parsed
+# and used as needed.
+
+if SHOW_ALL_CONSTANTS:
+    print('-'*60)
+    print('  all supported constants and their values:')
+
+    # get size to allocate for constants output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_constants(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_constants(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+if SHOW_ALL_SIZES:
+    print('-'*60)
+    print('  all supported sizes:')
+
+    # get size to allocate for sizes output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_sizes(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_sizes(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get individually named constants and sizes
+
+if SHOW_SELECTED_CONSTANTS:
+    print('-'*60)
+    print('\n  selected constants:')
+
+    names = [
+        b'ENDIAN_LITTLE',
+        b'ENDIAN_64BITWORD',
+        b'PK_PUBLIC',
+        b'LTC_MILLER_RABIN_REPS',
+        b'CTR_COUNTER_BIG_ENDIAN',
+    ]
+    for name in names:
+        const_value = c_int(0)
+        rc = LTC.crypt_get_constant(name, byref(const_value))
+        value = const_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+if SHOW_SELECTED_SIZES:
+    print('-'*60)
+    print('\n  selected sizes:')
+
+    names = [
+        b'rijndael_key',
+        b'rsa_key',
+        b'symmetric_CTR',
+        b'twofish_key',
+        b'ecc_point',
+        b'gcm_state',
+        b'sha512_state',
+    ]
+    for name in names:
+        size_value = c_int(0)
+        rc = LTC.crypt_get_size(name, byref(size_value))
+        value = size_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# LibTomCrypt exposes one interesting string that can be accessed
+# via Python's ctypes module, "crypt_build_settings", which
+# provides a list of this build's compiler switches and supported
+# algorithms.  If someday LTC exposes other interesting strings,
+# they can be found with:
+#   nm /usr/local/lib/libtomcrypt.dylib | grep " D "
+
+def get_named_string(lib, name):
+    return c_char_p.in_dll(lib, name).value.decode("utf-8")
+
+if SHOW_BUILD_OPTIONS_ALGS:
+    print('-'*60)
+    print('This is a string compiled into LTC showing compile')
+    print('options and algorithms supported by this build \n')
+#    print(get_named_string(LTC, 'crypt_build_settings'))
+    inprint(get_named_string(LTC, 'crypt_build_settings'), 4)
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# here is an example of how Python code can be written to access
+# LTC's implementation of SHA256 and ChaCha,
+
+# - - - - - - - - - - - - -
+# definitions
+
+from binascii import hexlify, unhexlify
+
+def _err2str(err):
+    # define return type
+    errstr = LTC.error_to_string
+    errstr.restype = c_char_p
+    # get and return err string
+    return errstr(err)
+
+def _get_size(name):
+    size = c_int(0)
+    rc = LTC.crypt_get_size(bytes(name), byref(size))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_size(%s) rc = %d' % (name, rc))
+    return size.value
+
+def _get_constant(name):
+    constant = c_int(0)
+    rc = LTC.crypt_get_constant(bytes(name), byref(constant))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_constant(%s) rc = %d' % (name, rc))
+    return constant.value
+
+CRYPT_OK = _get_constant(b'CRYPT_OK')
+
+class SHA256(object):
+    def __init__(self):
+        self.state = c_buffer(_get_size(b'sha256_state'))
+        LTC.sha256_init(byref(self.state))
+    def update(self, data):
+        LTC.sha256_process(byref(self.state), data, len(data))
+    def digest(self):
+        md = c_buffer(32)
+        LTC.sha256_done(byref(self.state), byref(md))
+        return md.raw
+
+class ChaCha(object):
+    def __init__(self, key, rounds):
+        self.state   = c_buffer(_get_size(b'chacha_state'))
+        self.counter = c_int(1)
+        err = LTC.chacha_setup(byref(self.state), key, len(key), rounds)
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_setup(), err = %d, "%s"' % (err, _err2str(err)))
+    def set_iv32(self, iv):
+        err = LTC.chacha_ivctr32(byref(self.state), iv, len(iv), byref(self.counter))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_ivctr32(), err = %d, "%s"' % (err, _err2str(err)))
+    def crypt(self, datain):
+        dataout = c_buffer(len(datain))
+        err = LTC.chacha_crypt(byref(self.state), datain, len(datain), byref(dataout))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_crypt(), err = %d, "%s"' % (err, _err2str(err)))
+        return dataout.raw
+
+# - - - - - - - - - - - - -
+# a SHA256 app fragment
+
+if SHOW_SHA256_EXAMPLE:
+    print('-'*60)
+    data = b'hello world'               # we want bytes, not Unicode
+
+    sha256 = SHA256()
+    sha256.update(data)
+    md = sha256.digest()
+
+    template = '\n  the SHA256 digest for "%s" is %s \n'
+    print(template % (data, hexlify(md)))
+
+# - - - - - - - - - - - - -
+# a ChaCha app fragment
+
+if SHOW_CHACHA_EXAMPLE:
+    print('-'*60)
+    key     = b'hownowbrowncow\x00\x00' # exactly 16 or 32 bytes
+    rounds  = 12                        # common values: 8, 12, 20
+    iv      = b'123456789012'           # exactly 12 bytes
+    plain   = b'Kilroy was here, there, and everywhere!'
+
+    cha = ChaCha(key, rounds)
+    cha.set_iv32(iv)
+    cipher = cha.crypt(plain)
+
+    template = '\n  ChaCha%d ciphertext   for "%s" is "%s"'
+    print(template % (rounds, plain, hexlify(cipher)))
+
+    cha.set_iv32(iv)                    # reset to decrypt
+    decrypted = cha.crypt(cipher)
+
+    template = '  ChaCha%d decoded text for "%s" is "%s" \n'
+    print(template % (rounds, plain, decrypted.decode("utf-8")))
+
+# Footnote: Keys should be erased fm memory as soon as possible after use,
+# and that includes Python.  For a tip on how to do that in Python, see
+# http://buggywhip.blogspot.com/2010/12/erase-keys-and-credit-card-numbers-in.html
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------

libtomcrypt/demos/encrypt.c

@@ -0,0 +1,241 @@
+/* encrypt V1.1 Fri Oct 18 04:28:03 NZDT 2002 */
+/* File de/encryption, using libtomcrypt */
+/* Written by Daniel Richards <kyhwana@world-net.co.nz> */
+/* Help from Tom St Denis with various bits */
+/* This code is public domain, no rights reserved. */
+/* Encrypts by default, -d flag enables decryption */
+/* ie: ./encrypt blowfish story.txt story.ct */
+/* ./encrypt -d blowfish story.ct story.pt */
+
+#include <tomcrypt.h>
+
+int errno;
+
+int usage(char *name) 
+{
+   int x;
+
+   printf("Usage: %s [-d](ecrypt) cipher infile outfile\nCiphers:\n", name);
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      printf("%s\n",cipher_descriptor[x].name);
+   }
+   exit(1);
+}
+
+void register_algs(void)
+{
+   int x;
+   
+#ifdef LTC_RIJNDAEL
+  register_cipher (&aes_desc);
+#endif
+#ifdef LTC_BLOWFISH
+  register_cipher (&blowfish_desc);
+#endif
+#ifdef LTC_XTEA
+  register_cipher (&xtea_desc);
+#endif
+#ifdef LTC_RC5
+  register_cipher (&rc5_desc);
+#endif
+#ifdef LTC_RC6
+  register_cipher (&rc6_desc);
+#endif
+#ifdef LTC_SAFERP
+  register_cipher (&saferp_desc);
+#endif
+#ifdef LTC_TWOFISH
+  register_cipher (&twofish_desc);
+#endif
+#ifdef LTC_SAFER
+  register_cipher (&safer_k64_desc);
+  register_cipher (&safer_sk64_desc);
+  register_cipher (&safer_k128_desc);
+  register_cipher (&safer_sk128_desc);
+#endif
+#ifdef LTC_RC2
+  register_cipher (&rc2_desc);
+#endif
+#ifdef LTC_DES
+  register_cipher (&des_desc);
+  register_cipher (&des3_desc);
+#endif
+#ifdef LTC_CAST5
+  register_cipher (&cast5_desc);
+#endif
+#ifdef LTC_NOEKEON
+  register_cipher (&noekeon_desc);
+#endif
+#ifdef LTC_SKIPJACK
+  register_cipher (&skipjack_desc);
+#endif
+#ifdef LTC_KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+#ifdef LTC_ANUBIS
+  register_cipher (&anubis_desc);
+#endif
+
+   if (register_hash(&sha256_desc) == -1) {
+      printf("Error registering LTC_SHA256\n");
+      exit(-1);
+   } 
+
+   if (register_prng(&yarrow_desc) == -1) {
+      printf("Error registering yarrow PRNG\n");
+      exit(-1);
+   }
+
+   if (register_prng(&sprng_desc) == -1) {
+      printf("Error registering sprng PRNG\n");
+      exit(-1);
+   }
+}
+
+int main(int argc, char *argv[]) 
+{
+   unsigned char plaintext[512],ciphertext[512];
+   unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
+   unsigned char inbuf[512]; /* i/o block size */
+   unsigned long outlen, y, ivsize, x, decrypt;
+   symmetric_CTR ctr;
+   int cipher_idx, hash_idx, ks;
+   char *infile, *outfile, *cipher;
+   prng_state prng;
+   FILE *fdin, *fdout;
+
+   /* register algs, so they can be printed */
+   register_algs();
+
+   if (argc < 4) {
+      return usage(argv[0]);
+   }
+
+   if (!strcmp(argv[1], "-d")) {
+      decrypt = 1;
+      cipher  = argv[2];
+      infile  = argv[3];
+      outfile = argv[4];
+   } else {
+      decrypt = 0;
+      cipher  = argv[1];
+      infile  = argv[2];
+      outfile = argv[3];
+   }   
+
+   /* file handles setup */
+   fdin = fopen(infile,"rb");
+   if (fdin == NULL) {
+      perror("Can't open input for reading");
+      exit(-1);
+   }
+
+   fdout = fopen(outfile,"wb");
+   if (fdout == NULL) { 
+      perror("Can't open output for writing");
+      exit(-1);
+   }
+ 
+   cipher_idx = find_cipher(cipher);
+   if (cipher_idx == -1) {
+      printf("Invalid cipher entered on command line.\n");
+      exit(-1);
+   }
+
+   hash_idx = find_hash("sha256");
+   if (hash_idx == -1) {
+      printf("LTC_SHA256 not found...?\n");
+      exit(-1);
+   }
+
+   ivsize = cipher_descriptor[cipher_idx].block_length;
+   ks = hash_descriptor[hash_idx].hashsize;
+   if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) { 
+      printf("Invalid keysize???\n");
+      exit(-1);
+   }
+
+   printf("\nEnter key: ");
+   fgets((char *)tmpkey,sizeof(tmpkey), stdin);
+   outlen = sizeof(key);
+   if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+      printf("Error hashing key: %s\n", error_to_string(errno));
+      exit(-1);
+   }
+   
+   if (decrypt) {
+      /* Need to read in IV */
+      if (fread(IV,1,ivsize,fdin) != ivsize) {
+         printf("Error reading IV from input.\n");
+         exit(-1);
+      }
+   
+      if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(errno));
+         exit(-1);
+      }
+
+      /* IV done */
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_decrypt error: %s\n", error_to_string(errno));
+            exit(-1);
+         }
+
+         if (fwrite(plaintext,1,y,fdout) != y) {
+            printf("Error writing to file.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdin);
+      fclose(fdout);
+
+   } else {  /* encrypt */
+      /* Setup yarrow for random bytes for IV */
+      
+      if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
+         printf("Error setting up PRNG, %s\n", error_to_string(errno));
+      }      
+
+      /* You can use rng_get_bytes on platforms that support it */
+      /* x = rng_get_bytes(IV,ivsize,NULL);*/
+      x = yarrow_read(IV,ivsize,&prng);
+      if (x != ivsize) {
+         printf("Error reading PRNG for IV required.\n");
+         exit(-1);
+      }
+   
+      if (fwrite(IV,1,ivsize,fdout) != ivsize) {
+         printf("Error writing IV to output.\n");
+         exit(-1);
+      }
+
+      if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(errno));
+         exit(-1);
+      }
+
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_encrypt error: %s\n", error_to_string(errno));
+            exit(-1);
+         }
+
+         if (fwrite(ciphertext,1,y,fdout) != y) {
+            printf("Error writing to output.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));   
+      fclose(fdout);
+      fclose(fdin);
+   }
+   return 0;
+}
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/hashsum.c

@@ -0,0 +1,300 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/*
+ * Written by Daniel Richards <kyhwana@world-net.co.nz> 6/7/2002
+ * hash.c: This app uses libtomcrypt to hash either stdin or a file
+ * This file is Public Domain. No rights are reserved.
+ * Compile with 'gcc hashsum.c -o hashsum -ltomcrypt'
+ * This example isn't really big enough to warrent splitting into
+ * more functions ;)
+*/
+
+#include <tomcrypt.h>
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+
+#if !defined(PATH_MAX) && defined(_MSC_VER)
+#include <windows.h>
+#define PATH_MAX MAX_PATH
+#endif
+
+/* thanks http://stackoverflow.com/a/8198009 */
+#define _base(x) ((x >= '0' && x <= '9') ? '0' : \
+         (x >= 'a' && x <= 'f') ? 'a' - 10 : \
+         (x >= 'A' && x <= 'F') ? 'A' - 10 : \
+            '\255')
+#define HEXOF(x) (x - _base(x))
+
+static char* hashsum;
+
+static void cleanup(void)
+{
+   free(hashsum);
+}
+
+static void die(int status)
+{
+   unsigned long w, x;
+   FILE* o = status == EXIT_SUCCESS ? stdout : stderr;
+   fprintf(o, "usage: %s -a algorithm [-c] [file...]\n\n", hashsum);
+   fprintf(o, "\t-c\tCheck the hash(es) of the file(s) written in [file].\n");
+   fprintf(o, "\t\t(-a not required)\n");
+   fprintf(o, "\nAlgorithms:\n\t");
+   w = 0;
+   for (x = 0; hash_descriptor[x].name != NULL; x++) {
+      w += fprintf(o, "%-14s", hash_descriptor[x].name);
+      if (w >= 70) {
+         fprintf(o, "\n\t");
+         w = 0;
+      }
+   }
+   if (w != 0) fprintf(o, "\n");
+   exit(status);
+}
+
+static void printf_hex(unsigned char* hash_buffer, unsigned long w)
+{
+   unsigned long x;
+   for (x = 0; x < w; x++) {
+       printf("%02x",hash_buffer[x]);
+   }
+}
+
+static void check_file(int argn, int argc, char **argv)
+{
+   int err, failed, invalid;
+   unsigned char is_buffer[MAXBLOCKSIZE], should_buffer[MAXBLOCKSIZE];
+   char buf[PATH_MAX + (MAXBLOCKSIZE * 3)];
+   /* iterate through all files */
+   while(argn < argc) {
+      char* s;
+      FILE* f = fopen(argv[argn], "rb");
+      if(f == NULL) {
+         int n = snprintf(buf, sizeof(buf), "%s: %s", hashsum, argv[argn]);
+         if (n > 0 && n < (int)sizeof(buf))
+            perror(buf);
+         else
+            perror(argv[argn]);
+         exit(EXIT_FAILURE);
+      }
+      failed = 0;
+      invalid = 0;
+      /* read the file line by line */
+      while((s = fgets(buf, sizeof(buf), f)) != NULL)
+      {
+         int tries, n;
+         unsigned long hash_len, w, x;
+         char* space = strstr(s, " ");
+
+         /* skip lines with comments */
+         if (buf[0] == '#') continue;
+
+         if (space == NULL) {
+            fprintf(stderr, "%s: no properly formatted checksum lines found\n", hashsum);
+            goto ERR;
+         }
+
+         hash_len = space - s;
+         hash_len /= 2;
+
+         if (hash_len > sizeof(should_buffer)) {
+            fprintf(stderr, "%s: hash too long\n", hashsum);
+            goto ERR;
+         }
+
+         /* convert the hex-string back to binary */
+         for (x = 0; x < hash_len; ++x) {
+            should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]);
+         }
+
+         space++;
+         if (*space != '*') {
+            fprintf(stderr, "%s: unsupported input mode '%c'\n", hashsum, *space);
+            goto ERR;
+         }
+         space++;
+
+         for (n = 0; n < (buf + sizeof(buf)) - space; ++n) {
+            if(iscntrl((int)space[n])) {
+               space[n] = '\0';
+               break;
+            }
+         }
+
+         /* try all hash algorithms that have the appropriate hash size */
+         tries = 0;
+         for (x = 0; hash_descriptor[x].name != NULL; ++x) {
+            if (hash_descriptor[x].hashsize == hash_len) {
+               tries++;
+               w = sizeof(is_buffer);
+               if ((err = hash_file(x, space, is_buffer, &w)) != CRYPT_OK) {
+                  fprintf(stderr, "%s: File hash error: %s: %s\n", hashsum, space, error_to_string(err));
+ERR:
+                  fclose(f);
+                  exit(EXIT_FAILURE);
+               }
+               if(XMEMCMP(should_buffer, is_buffer, w) == 0) {
+                  printf("%s: OK\n", space);
+                  break;
+               }
+            }
+         } /* for */
+         if (hash_descriptor[x].name == NULL) {
+            if(tries > 0) {
+               printf("%s: FAILED\n", space);
+               failed++;
+            }
+            else {
+               invalid++;
+            }
+         }
+      } /* while */
+      fclose(f);
+      if(invalid) {
+         fprintf(stderr, "%s: WARNING: %d %s is improperly formatted\n", hashsum, invalid, invalid > 1?"lines":"line");
+      }
+      if(failed) {
+         fprintf(stderr, "%s: WARNING: %d computed %s did NOT match\n", hashsum, failed, failed > 1?"checksums":"checksum");
+      }
+      argn++;
+   }
+   exit(EXIT_SUCCESS);
+}
+
+int main(int argc, char **argv)
+{
+   int idxs[TAB_SIZE], idx, check, y, z, err, argn;
+   unsigned long w, x;
+   unsigned char hash_buffer[MAXBLOCKSIZE];
+
+   hashsum = strdup(basename(argv[0]));
+   atexit(cleanup);
+
+   /* You need to register algorithms before using them */
+   register_all_ciphers();
+   register_all_hashes();
+   if (argc > 1 && (strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)) {
+      die(EXIT_SUCCESS);
+   }
+   if (argc < 3) {
+      die(EXIT_FAILURE);
+   }
+
+   for (x = 0; x < sizeof(idxs)/sizeof(idxs[0]); ++x) {
+      idxs[x] = -2;
+   }
+   argn = 1;
+   check = 0;
+   idx = 0;
+
+   while(argn < argc){
+      if(strcmp("-a", argv[argn]) == 0) {
+         argn++;
+         if(argn < argc) {
+            idxs[idx] = find_hash(argv[argn]);
+            if (idxs[idx] == -1) {
+               struct {
+                  const char* is;
+                  const char* should;
+               } shasum_compat[] =
+                     {
+#ifdef LTC_SHA1
+                           { "1",        sha1_desc.name },
+#endif
+#ifdef LTC_SHA224
+                           { "224",      sha224_desc.name  },
+#endif
+#ifdef LTC_SHA256
+                           { "256",      sha256_desc.name  },
+#endif
+#ifdef LTC_SHA384
+                           { "384",      sha384_desc.name  },
+#endif
+#ifdef LTC_SHA512
+                           { "512",      sha512_desc.name  },
+#endif
+#ifdef LTC_SHA512_224
+                           { "512224",   sha512_224_desc.name  },
+#endif
+#ifdef LTC_SHA512_256
+                           { "512256",   sha512_256_desc.name  },
+#endif
+                           { NULL, NULL }
+                     };
+               for (x = 0; shasum_compat[x].is != NULL; ++x) {
+                  if(XSTRCMP(shasum_compat[x].is, argv[argn]) == 0) {
+                     idxs[idx] = find_hash(shasum_compat[x].should);
+                     break;
+                  }
+               }
+            }
+            if (idxs[idx] == -1) {
+               fprintf(stderr, "%s: Unrecognized algorithm\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            idx++;
+            if ((size_t)idx >= sizeof(idxs)/sizeof(idxs[0])) {
+               fprintf(stderr, "%s: Too many '-a' options chosen\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            argn++;
+            continue;
+         }
+         else {
+            die(EXIT_FAILURE);
+         }
+      }
+      if(strcmp("-c", argv[argn]) == 0) {
+         check = 1;
+         argn++;
+         continue;
+      }
+      break;
+   }
+
+   if (check == 1) {
+      check_file(argn, argc, argv);
+   }
+
+   if (argc == argn) {
+      w = sizeof(hash_buffer);
+      if ((err = hash_filehandle(idxs[0], stdin, hash_buffer, &w)) != CRYPT_OK) {
+         fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+         return EXIT_FAILURE;
+      } else {
+          for (x = 0; x < w; x++) {
+              printf("%02x",hash_buffer[x]);
+          }
+          printf(" *-\n");
+      }
+   } else {
+      for (z = argn; z < argc; z++) {
+         for (y = 0; y < idx; ++y) {
+            w = sizeof(hash_buffer);
+            if ((err = hash_file(idxs[y],argv[z],hash_buffer,&w)) != CRYPT_OK) {
+               fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+               return EXIT_FAILURE;
+            } else {
+                printf_hex(hash_buffer, w);
+                printf(" *%s\n", argv[z]);
+            }
+         }
+      }
+   }
+   return EXIT_SUCCESS;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/ltcrypt.c

@@ -0,0 +1,205 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* encrypt V1.1 Fri Oct 18 04:28:03 NZDT 2002 */
+/* File de/encryption, using libtomcrypt */
+/* Written by Daniel Richards <kyhwana@world-net.co.nz> */
+/* Help from Tom St Denis with various bits */
+/* This code is public domain, no rights reserved. */
+/* Encrypts by default, -d flag enables decryption */
+/* ie: ./encrypt blowfish story.txt story.ct */
+/* ./encrypt -d blowfish story.ct story.pt */
+
+#include <tomcrypt.h>
+
+int usage(char *name)
+{
+   int x;
+
+   printf("Usage encrypt: %s cipher infile outfile\n", name);
+   printf("Usage decrypt: %s -d cipher infile outfile\n", name);
+   printf("Usage test:    %s -t cipher\nCiphers:\n", name);
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      printf("%s\n",cipher_descriptor[x].name);
+   }
+   exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+   unsigned char plaintext[512],ciphertext[512];
+   unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
+   unsigned char inbuf[512]; /* i/o block size */
+   unsigned long outlen, y, ivsize, x, decrypt;
+   symmetric_CTR ctr;
+   int cipher_idx, hash_idx, ks;
+   char *infile, *outfile, *cipher;
+   prng_state prng;
+   FILE *fdin, *fdout;
+   int err;
+
+   /* register algs, so they can be printed */
+   register_all_ciphers();
+   register_all_hashes();
+   register_all_prngs();
+
+   if (argc < 4) {
+      if ((argc > 2) && (!strcmp(argv[1], "-t"))) {
+        cipher  = argv[2];
+        cipher_idx = find_cipher(cipher);
+        if (cipher_idx == -1) {
+          printf("Invalid cipher %s entered on command line.\n", cipher);
+          exit(-1);
+        } /* if */
+        if (cipher_descriptor[cipher_idx].test)
+        {
+          if (cipher_descriptor[cipher_idx].test() != CRYPT_OK)
+          {
+            printf("Error when testing cipher %s.\n", cipher);
+            exit(-1);
+          }
+          else
+          {
+            printf("Testing cipher %s succeeded.\n", cipher);
+            exit(0);
+          } /* if ... else */
+        } /* if */
+      }
+      return usage(argv[0]);
+   }
+
+   if (!strcmp(argv[1], "-d")) {
+      decrypt = 1;
+      cipher  = argv[2];
+      infile  = argv[3];
+      outfile = argv[4];
+   } else {
+      decrypt = 0;
+      cipher  = argv[1];
+      infile  = argv[2];
+      outfile = argv[3];
+   }
+
+   /* file handles setup */
+   fdin = fopen(infile,"rb");
+   if (fdin == NULL) {
+      perror("Can't open input for reading");
+      exit(-1);
+   }
+
+   fdout = fopen(outfile,"wb");
+   if (fdout == NULL) {
+      perror("Can't open output for writing");
+      exit(-1);
+   }
+
+   cipher_idx = find_cipher(cipher);
+   if (cipher_idx == -1) {
+      printf("Invalid cipher entered on command line.\n");
+      exit(-1);
+   }
+
+   hash_idx = find_hash("sha256");
+   if (hash_idx == -1) {
+      printf("LTC_SHA256 not found...?\n");
+      exit(-1);
+   }
+
+   ivsize = cipher_descriptor[cipher_idx].block_length;
+   ks = hash_descriptor[hash_idx].hashsize;
+   if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
+      printf("Invalid keysize???\n");
+      exit(-1);
+   }
+
+   printf("\nEnter key: ");
+   if(fgets((char *)tmpkey,sizeof(tmpkey), stdin) == NULL)
+      exit(-1);
+   outlen = sizeof(key);
+   if ((err = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+      printf("Error hashing key: %s\n", error_to_string(err));
+      exit(-1);
+   }
+
+   if (decrypt) {
+      /* Need to read in IV */
+      if (fread(IV,1,ivsize,fdin) != ivsize) {
+         printf("Error reading IV from input.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      /* IV done */
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_decrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(plaintext,1,y,fdout) != y) {
+            printf("Error writing to file.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdin);
+      fclose(fdout);
+
+   } else {  /* encrypt */
+      /* Setup yarrow for random bytes for IV */
+
+      if ((err = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
+         printf("Error setting up PRNG, %s\n", error_to_string(err));
+      }
+
+      /* You can use rng_get_bytes on platforms that support it */
+      /* x = rng_get_bytes(IV,ivsize,NULL);*/
+      x = yarrow_read(IV,ivsize,&prng);
+      if (x != ivsize) {
+         printf("Error reading PRNG for IV required.\n");
+         exit(-1);
+      }
+
+      if (fwrite(IV,1,ivsize,fdout) != ivsize) {
+         printf("Error writing IV to output.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_encrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(ciphertext,1,y,fdout) != y) {
+            printf("Error writing to output.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdout);
+      fclose(fdin);
+   }
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/multi.c

@@ -0,0 +1,110 @@
+/* test the multi helpers... */
+#include <tomcrypt.h>
+
+int main(void)
+{
+   unsigned char key[16], buf[2][MAXBLOCKSIZE];
+   unsigned long len, len2;
+
+
+/* register algos */
+   register_hash(&sha256_desc);
+   register_cipher(&aes_desc);
+
+/* HASH testing */
+   len = sizeof(buf[0]);
+   hash_memory(find_hash("sha256"), (unsigned char*)"hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL, 0);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* LTC_HMAC */
+   len = sizeof(buf[0]);
+   hmac_memory(find_hash("sha256"), key, 16, (unsigned char*)"hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* LTC_OMAC */
+   len = sizeof(buf[0]);
+   omac_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* PMAC */
+   len = sizeof(buf[0]);
+   pmac_memory(find_cipher("aes"), key, 16, (unsigned char*)"hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"he", 2UL, "llo", 3UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, (unsigned char*)"h", 1UL, "e", 1UL, "l", 1UL, "l", 1UL, "o", 1UL, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+
+   printf("All passed\n");
+   return EXIT_SUCCESS;
+}
+
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/openssl-enc.c

@@ -0,0 +1,397 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/*
+ * Demo to do the rough equivalent of:
+ *
+ *    openssl enc -aes-256-cbc -pass pass:foobar -in infile -out outfile -p
+ *
+ * Compilation:
+ *
+ *    $(CC) -I /path/to/headers -L .../libs \
+ *          -o openssl-enc \
+ *          openssl-enc.c -ltomcrypt
+ *
+ * Usage:
+ *
+ *    ./openssl-enc <enc|dec> infile outfile "passphrase" [salt]
+ *
+ * If provided, the salt must be EXACTLY a 16-char hex string.
+ *
+ * Demo is an example of:
+ *
+ * - (When decrypting) yanking salt out of the OpenSSL "Salted__..." header
+ * - OpenSSL-compatible key derivation (in OpenSSL's modified PKCS#5v1 approach)
+ * - Grabbing an Initialization Vector from the key generator
+ * - Performing simple block encryption using AES
+ * - PKCS#7-type padding (which hopefully can get ripped out of this demo and
+ *   made a libtomcrypt thing someday).
+ *
+ * This program is free for all purposes without any express guarantee it
+ * works. If you really want to see a license here, assume the WTFPL :-)
+ *
+ * BJ Black, bblack@barracuda.com, https://wjblack.com
+ *
+ * BUGS:
+ *       Passing a password on a command line is a HORRIBLE idea.  Don't use
+ *       this program for serious work!
+ */
+
+#include <tomcrypt.h>
+
+#ifndef LTC_RIJNDAEL
+#error Cannot compile this demo; Rijndael (AES) required
+#endif
+#ifndef LTC_CBC_MODE
+#error Cannot compile this demo; CBC mode required
+#endif
+#ifndef LTC_PKCS_5
+#error Cannot compile this demo; PKCS5 required
+#endif
+#ifndef LTC_RNG_GET_BYTES
+#error Cannot compile this demo; random generator required
+#endif
+#ifndef LTC_MD5
+#error Cannot compile this demo; MD5 required
+#endif
+
+/* OpenSSL by default only runs one hash round */
+#define OPENSSL_ITERATIONS 1
+/* Use aes-256-cbc, so 256 bits of key, 128 of IV */
+#define KEY_LENGTH (256>>3)
+#define IV_LENGTH (128>>3)
+/* PKCS#5v1 requires exactly an 8-byte salt */
+#define SALT_LENGTH 8
+/* The header OpenSSL puts on an encrypted file */
+static char salt_header[] = { 'S', 'a', 'l', 't', 'e', 'd', '_', '_' };
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+/* A simple way to handle the possibility that a block may increase in size
+   after padding. */
+union paddable {
+   unsigned char unpad[1024];
+   unsigned char pad[1024+MAXBLOCKSIZE];
+};
+
+/*
+ * Print usage and exit with a bad status (and perror() if any errno).
+ *
+ * Input:        argv[0] and the error string
+ * Output:       <no return>
+ * Side Effects: print messages and barf (does exit(3))
+ */
+void barf(const char *pname, const char *err)
+{
+   printf("Usage: %s <enc|dec> infile outfile passphrase [salt]\n", pname);
+   printf("\n");
+   printf("       # encrypts infile->outfile, random salt\n");
+   printf("       %s enc infile outfile \"passphrase\"\n", pname);
+   printf("\n");
+   printf("       # encrypts infile->outfile, salt from cmdline\n");
+   printf("       %s enc infile outfile pass 0123456789abcdef\n", pname);
+   printf("\n");
+   printf("       # decrypts infile->outfile, pulls salt from infile\n");
+   printf("       %s dec infile outfile pass\n", pname);
+   printf("\n");
+   printf("       # decrypts infile->outfile, salt specified\n");
+   printf("       # (don't try to read the salt from infile)\n");
+   printf("       %s dec infile outfile pass 0123456789abcdef"
+          "\n", pname);
+   printf("\n");
+   printf("Application Error: %s\n", err);
+   if(errno)
+      perror("     System Error");
+   exit(-1);
+}
+
+/*
+ * Parse a salt value passed in on the cmdline.
+ *
+ * Input:        string passed in and a buf to put it in (exactly 8 bytes!)
+ * Output:       CRYPT_OK if parsed OK, CRYPT_ERROR if not
+ * Side Effects: none
+ */
+int parse_hex_salt(unsigned char *in, unsigned char *out)
+{
+   int idx;
+   for(idx=0; idx<SALT_LENGTH; idx++)
+      if(sscanf((char*)in+idx*2, "%02hhx", out+idx) != 1)
+         return CRYPT_ERROR;
+   return CRYPT_OK;
+}
+
+/*
+ * Parse the Salted__[+8 bytes] from an OpenSSL-compatible file header.
+ *
+ * Input:        file to read from and a to put the salt in (exactly 8 bytes!)
+ * Output:       CRYPT_OK if parsed OK, CRYPT_ERROR if not
+ * Side Effects: infile's read pointer += 16
+ */
+int parse_openssl_header(FILE *in, unsigned char *out)
+{
+   unsigned char tmp[SALT_LENGTH];
+   if(fread(tmp, 1, sizeof(tmp), in) != sizeof(tmp))
+      return CRYPT_ERROR;
+   if(memcmp(tmp, salt_header, sizeof(tmp)))
+      return CRYPT_ERROR;
+   if(fread(tmp, 1, sizeof(tmp), in) != sizeof(tmp))
+      return CRYPT_ERROR;
+   memcpy(out, tmp, sizeof(tmp));
+   return CRYPT_OK;
+}
+
+/*
+ * Dump a hexed stream of bytes (convenience func).
+ *
+ * Input:        buf to read from, length
+ * Output:       none
+ * Side Effects: bytes printed as a hex blob, no lf at the end
+ */
+void dump_bytes(unsigned char *in, unsigned long len)
+{
+   unsigned long idx;
+   for(idx=0; idx<len; idx++)
+      printf("%02hhX", *(in+idx));
+}
+
+/*
+ * Pad or unpad a message using PKCS#7 padding.
+ * Padding will add 1-(blocksize) bytes and unpadding will remove that amount.
+ * Set is_padding to 1 to pad, 0 to unpad.
+ *
+ * Input:        paddable buffer, size read, block length of cipher, mode
+ * Output:       number of bytes after padding resp. after unpadding
+ * Side Effects: none
+ */
+size_t pkcs7_pad(union paddable *buf, size_t nb, int block_length,
+                 int is_padding)
+{
+   unsigned char padval;
+   off_t idx;
+
+   if(is_padding) {
+      /* We are PADDING this block (and therefore adding bytes) */
+      /* The pad value in PKCS#7 is the number of bytes remaining in
+         the block, so for a 16-byte block and 3 bytes left, it's
+         0x030303.  In the oddball case where nb is an exact multiple
+         multiple of block_length, set the padval to blocksize (i.e.
+         add one full block) */
+      padval = (unsigned char) (block_length - (nb % block_length));
+      padval = padval ? padval : block_length;
+
+      memset(buf->pad+nb, padval, padval);
+      return nb+padval;
+   } else {
+      /* We are UNPADDING this block (and removing bytes)
+         We really just need to verify that the pad bytes are correct,
+         so start at the end of the string and work backwards. */
+
+      /* Figure out what the padlength should be by looking at the
+         last byte */
+      idx = nb-1;
+      padval = buf->pad[idx];
+
+      /* padval must be nonzero and <= block length */
+      if(padval <= 0 || padval > block_length)
+         return 0;
+
+      /* First byte's accounted for; do the rest */
+      idx--;
+
+      while(idx >= (off_t)(nb-padval))
+         if(buf->pad[idx] != padval)
+            return 0;
+         else
+            idx--;
+
+      /* If we got here, the pad checked out, so return a smaller
+         number of bytes than nb (basically where we left off+1) */
+      return idx+1;
+   }
+}
+
+/*
+ * Perform an encrypt/decrypt operation to/from files using AES+CBC+PKCS7 pad.
+ * Set encrypt to 1 to encrypt, 0 to decrypt.
+ *
+ * Input:        in/out files, key, iv, and mode
+ * Output:       CRYPT_OK if no error
+ * Side Effects: bytes slurped from infile, pushed to outfile, fds updated.
+ */
+int do_crypt(FILE *infd, FILE *outfd, unsigned char *key, unsigned char *iv,
+             int encrypt)
+{
+   union paddable inbuf, outbuf;
+   int cipher, ret;
+   symmetric_CBC cbc;
+   size_t nb;
+
+   /* Register your cipher! */
+   cipher = register_cipher(&aes_desc);
+   if(cipher == -1)
+      return CRYPT_INVALID_CIPHER;
+
+   /* Start a CBC session with cipher/key/val params */
+   ret = cbc_start(cipher, iv, key, KEY_LENGTH, 0, &cbc);
+   if( ret != CRYPT_OK )
+      return -1;
+
+   do {
+      /* Get bytes from the source */
+      nb = fread(inbuf.unpad, 1, sizeof(inbuf.unpad), infd);
+      if(!nb)
+         return encrypt ? CRYPT_OK : CRYPT_ERROR;
+
+      /* Barf if we got a read error */
+      if(ferror(infd))
+         return CRYPT_ERROR;
+
+      if(encrypt) {
+         /* We're encrypting, so pad first (if at EOF) and then
+            crypt */
+         if(feof(infd))
+            nb = pkcs7_pad(&inbuf, nb,
+                           aes_desc.block_length, 1);
+
+         ret = cbc_encrypt(inbuf.pad, outbuf.pad, nb, &cbc);
+         if(ret != CRYPT_OK)
+            return ret;
+
+      } else {
+         /* We're decrypting, so decrypt and then unpad if at
+            EOF */
+         ret = cbc_decrypt(inbuf.unpad, outbuf.unpad, nb, &cbc);
+         if( ret != CRYPT_OK )
+            return ret;
+
+         if( feof(infd) )
+            nb = pkcs7_pad(&outbuf, nb,
+                           aes_desc.block_length, 0);
+         if(nb == 0)
+            /* The file didn't decrypt correctly */
+            return CRYPT_ERROR;
+
+      }
+
+      /* Push bytes to outfile */
+      if(fwrite(outbuf.unpad, 1, nb, outfd) != nb)
+         return CRYPT_ERROR;
+
+   } while(!feof(infd));
+
+   /* Close up */
+   cbc_done(&cbc);
+
+   return CRYPT_OK;
+}
+
+/* Convenience macro for the various barfable places below */
+#define BARF(a) { \
+   if(infd) fclose(infd); \
+   if(outfd) { fclose(outfd); remove(argv[3]); } \
+   barf(argv[0], a); \
+}
+/*
+ * The main routine.  Mostly validate cmdline params, open files, run the KDF,
+ * and do the crypt.
+ */
+int main(int argc, char *argv[]) {
+   unsigned char salt[SALT_LENGTH];
+   FILE *infd = NULL, *outfd = NULL;
+   int encrypt = -1;
+   int hash = -1;
+   int ret;
+   unsigned char keyiv[KEY_LENGTH + IV_LENGTH];
+   unsigned long keyivlen = (KEY_LENGTH + IV_LENGTH);
+   unsigned char *key, *iv;
+
+   /* Check proper number of cmdline args */
+   if(argc < 5 || argc > 6)
+      BARF("Invalid number of arguments");
+
+   /* Check proper mode of operation */
+   if     (!strncmp(argv[1], "enc", 3))
+      encrypt = 1;
+   else if(!strncmp(argv[1], "dec", 3))
+      encrypt = 0;
+   else
+      BARF("Bad command name");
+
+   /* Check we can open infile/outfile */
+   infd = fopen(argv[2], "rb");
+   if(infd == NULL)
+      BARF("Could not open infile");
+   outfd = fopen(argv[3], "wb");
+   if(outfd == NULL)
+      BARF("Could not open outfile");
+
+   /* Get the salt from wherever */
+   if(argc == 6) {
+      /* User-provided */
+      if(parse_hex_salt((unsigned char*) argv[5], salt) != CRYPT_OK)
+         BARF("Bad user-specified salt");
+   } else if(!strncmp(argv[1], "enc", 3)) {
+      /* Encrypting; get from RNG */
+      if(rng_get_bytes(salt, sizeof(salt), NULL) != sizeof(salt))
+         BARF("Not enough random data");
+   } else {
+      /* Parse from infile (decrypt only) */
+      if(parse_openssl_header(infd, salt) != CRYPT_OK)
+         BARF("Invalid OpenSSL header in infile");
+   }
+
+   /* Fetch the MD5 hasher for PKCS#5 */
+   hash = register_hash(&md5_desc);
+   if(hash == -1)
+      BARF("Could not register MD5 hash");
+
+   /* Set things to a sane initial state */
+   zeromem(keyiv, sizeof(keyiv));
+   key = keyiv + 0;      /* key comes first */
+   iv = keyiv + KEY_LENGTH;   /* iv comes next */
+
+   /* Run the key derivation from the provided passphrase.  This gets us
+      the key and iv. */
+   ret = pkcs_5_alg1_openssl((unsigned char*)argv[4], strlen(argv[4]), salt,
+                             OPENSSL_ITERATIONS, hash, keyiv, &keyivlen );
+   if(ret != CRYPT_OK)
+      BARF("Could not derive key/iv from passphrase");
+
+   /* Display the salt/key/iv like OpenSSL cmdline does when -p */
+   printf("salt="); dump_bytes(salt, sizeof(salt)); printf("\n");
+   printf("key=");  dump_bytes(key, KEY_LENGTH);    printf("\n");
+   printf("iv =");  dump_bytes(iv,  IV_LENGTH );    printf("\n");
+
+   /* If we're encrypting, write the salt header as OpenSSL does */
+   if(!strncmp(argv[1], "enc", 3)) {
+      if(fwrite(salt_header, 1, sizeof(salt_header), outfd) !=
+         sizeof(salt_header) )
+         BARF("Error writing salt header to outfile");
+      if(fwrite(salt, 1, sizeof(salt), outfd) != sizeof(salt))
+         BARF("Error writing salt to outfile");
+   }
+
+   /* At this point, the files are open, the salt has been figured out,
+      and we're ready to pump data through crypt. */
+
+   /* Do the crypt operation */
+   if(do_crypt(infd, outfd, key, iv, encrypt) != CRYPT_OK)
+      BARF("Error during crypt operation");
+
+   /* Clean up */
+   fclose(infd); fclose(outfd);
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/sizes.c

@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+#include "tomcrypt.h"
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+/**
+  @file demo_crypt_sizes.c
+
+  Demo how to get various sizes to dynamic languages
+  like Python - Larry Bugbee, February 2013
+*/
+
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific size name, get and print its size */
+      char name[] = "ltc_hash_descriptor";
+      unsigned int size;
+      char *sizes_list;
+      unsigned int sizes_list_len;
+      if (crypt_get_size(name, &size) != 0) exit(EXIT_FAILURE);
+      printf("\n  size of '%s' is %u \n\n", name, size);
+
+      /* get and print the length of the names (and sizes) list */
+      if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", sizes_list_len);
+
+      /* get and print the names (and sizes) list */
+      if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported sizes:\n\n%s\n\n", sizes_list);
+      free(sizes_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all sizes");
+         _print_line("-s name", "List a single size given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *sizes_list;
+         unsigned int sizes_list_len;
+         /* get and print the length of the names (and sizes) list */
+         if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and sizes) list */
+         if ((sizes_list = malloc(sizes_list_len)) == NULL) exit(EXIT_FAILURE);
+         if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", sizes_list);
+         free(sizes_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         unsigned int size;
+         if (crypt_get_size(argv[2], &size) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], size);
+      }
+   }
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */