Bump version

- Avoid logging repeated failed username messages

.gitignore

@@ -0,0 +1,22 @@
+*~
+*.o
+*.a
+*.da
+*.bb
+*.bbg
+*.prof
+/autom4te.cache
+/config.log
+/config.status
+/dbclient
+/dropbear
+/dropbearconvert
+/dropbearkey
+/dropbearmulti
+/scp
+/scp-progress
+Makefile
+config.h
+config.h.in
+configure
+default_options_guard.h

.hgsigs

@@ -9,3 +9,17 @@ deb211f75ca194e2fcf0d2e5f71c60474e42ec95 0 iEYEABECAAYFAlJO01cACgkQjPn4sExkf7yDq
 a50a1dc743317fad9b3737bc68fbca640659bb6d 0 iEYEABECAAYFAlJeqL0ACgkQjPn4sExkf7yVqACg6IP0fU29+Feh/TDeemDA+2XAzrIAoIdZfMDvVYlDoWotZD8ACFnf5H1P
 9ec083a21adfcb099f21eb03704b66d14a4ba800 0 iEYEABECAAYFAlKE4JoACgkQjPn4sExkf7wLDgCghkVGwMjI138bEv+ORVzN7zIH7cEAoLckaxZc1k1aXlmlSCRlP8cuKH3o
 3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4
+277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn
+96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m
+caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq
+2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu
+1d2d81b1b7c1b100e9c369e40b9fa5b2d491eea9 0 iEYEABECAAYFAlTKOKUACgkQjPn4sExkf7xWMACfYFozyHiRk5GaocTa5z6Ws1uyB4kAoLubxoxcnM3E7AA9mHAzc3OB5M0Y
+a687f835236c7025b5cb2968fe9c4ebc4a49f0ea 0 iQIcBAABCgAGBQJVxg62AAoJEPSYMBLCC7qsC+EQAKw8YWogrVHhIFct2fx/nqybSPVrhFyKFKHhq7K/lZeVm0MGIWdSyVcQgP+Hs2jWNBWzG4AJ1BtifHWQH6IDh7W5RuwOXu5KobgPW9BsN3EVE9KIR+xe9jCAmFl9rIw0tNpy1q6R0TpYXx/sWlMilxecyEGyr2Ias2Sm19aY2mOEv8PLfh9BLfrJEKtt2NxL7TX8ScPwJXJMmVIQjN9WK4Ptx3tjcGNRivEVR/dftP5sJx2DBJx9avyDqrfloMW7Q7sPgJ88MPruCDxedOkbzH7JdHe3Humr2G4LsI0KPU7pNN6EBDjhJ+SVXuOyAgu5j/C0R+0ggGfjSrjDu8WjHyclFlwwu2MSGuHf111I1qkLtaRY3H1FZO5Y2gbLwBLQ82svA4klcBIxtP5jKAZDTh1jQMYsfKotvZdawOWrPDkNmKoUg2JXLHAtj9Dd0uGIhqfspZY3qlpzxw9uCkljWclUBD097ygotwAb2XdLoAWZ3KdvoPM+k448vIAQ7Q/aqcnm/dLQJr3Le029gpkOKoWKaQTlk0itrRGpgETHAhE2LnmWxYSKp6NYSKMgEONbfDiVNLyDTOlvpPiEb20RsOP64xA4wVDGmPenCURmMYoepQK6oJdtkNtCdth2S49KxPQAC+Dem4YZ7b+5b+cXrK5Nz7elBxZzRQWdjmZ4JDQK
+ef4b26364b0cdda1084751d7de3d76c589e2d9cb 0 iQIcBAABCgAGBQJVxg7BAAoJEESTFJTynGdz9Q4P/A0Kq4H52rQqxq42PoEMFbVQIUfkFzyWjAz8eEGLmP5x5/sdpyxZDEyBSUG55uyNvOPTHE+Sd3t2h2Iieq749qwYgqggXC0P+C0zGzW3hB5Rv6dTUrKN1yCyaWE2tY488RsyVlcAs4vrp1Cum5Gv8/BUVKjzZmkZ1iq/3RyrvbLEiLoMrcLnQ+sUdaYHvfEwxDbzpOEvepg8iDJBitTrfG9xHp9otX6ucahwn1EumFvC5mvUxbiQ9jv76t4FJztjMoB24hPCH9T1FjB8uNsoM+j2Z67r81eJrGgNpJzjX0S3lY/AADZGhfGnfybTM9gFuQayIJuCJqduQibVwYkAAnPi17NmbdwPu0Rdz55oU+ft09XLVm/qkQcD1EP5bxYWnLIEMkkZQnFx7WdMpjKK9oGxZHeFYAKEgPgePCkk4TQ4PxNa+3854H19AUssQlaueGcbDLyPIRiSyqhleXawGfaJi+1jBt0DM7CNbAHAUWUE07VhQzNGWjabdEk4eXKTmDL+mZJFdHGBhyCve8sPmZBYJvM2PRgcXe8fwFh+R7gVj6kFbZJvgM9kG7EeF+4ZMEXG4yKpV/SKfMMeEPBCZjFxZhlJJ0fsZbB1Y/iLw8LXnJ0fa/5xFYv6k+iytfom/rqS4iUD7NWTjcEYHjd4EO4QlPD2Ef/AWOO8YBUBv8kA
+af074dbcb68ff8670b3818e0d66d5dc6f1bd5877 0 iQIcBAABCgAGBQJWVdQfAAoJEPSYMBLCC7qs+n4P/RgZU3GsLFJN7v7Cn6NOdKdfjJBmlbCtK9KwlZZaj8fW4noqnLDcDd6a2xT4mDV3rCE6+QYialGXjNkkNCBwD9Z+gFc8spOtThrpQ54dgWzbgDlYB1y7Hp7DoWoJQIlU6Od9nWBemcSrAviOFNAX8+S6poRdEhrHgMcv2xJoqHjvT7X8gob0RnJcYxW5nLWzDaJV58QnX6QlXg4ClSB6IoCeEawdW6WzXlZ9MGsRycTtx1ool7Uo6Vo2xg48n9TaJqM/lbSsMAjHxO/fdTJMWzTId1fuZxJGFVeJbkhjSwlf7fkVXxrgDxjvIAmFDR8TSTfJo50CD82j5rPcd7KSEpQ12ImBUsntPDgOtt/mJZ3HcFds86OZ7NkPpqoJGVFFQ8yUpe//DNSB2Ovg1FrwhSKOq/9N61BBwk1INVFDp1hMq45PIa9gI9zW/99inGDeSSQlxa4iafEUEjXZTRYuX7mFjnWm5q7r134J7kyWQtN/jNUZ71F0mvhnemufgpNY/I/D7K6qkONpbDZ2nuzkhfoqugzhHYp467UePM0qmLTLdXGPPMukoGorpWeiSb2T25AEKm7N4A9NwPmdAnoFjAibjF9FAuU03sl+pu9MqFb+1ldsqjNfxhcJmoAUR5vy3pED9ailCb/OCBVTHkDPfTEhGU3waO9tPM+5x2rGB5fe
+5bb5976e6902a0c9fba974a880c68c9487ee1e77 0 iQIcBAABCgAGBQJWVyIKAAoJEESTFJTynGdzQosP/0k5bVTerpUKZLjyNuMU8o0eyc7njkX8EyMOyGbtcArKpzO2opSBTRsuCT9Zsk1iiQ1GMTY1quKD7aNr86Hipqo4th/+ZXmLe9mmaCDukKjD0ZYC4dBVUy6RSUAMvdkDP9sZs7CMTO/22a9SqOsKTv3s2NN6XnsBGnmNbvVx5hkAk5hMVNFrjKIaexzI/7bWQIDRo2HQCaWaL06JvWEDSEQd2mynGSXxT/+m4hBnuGg6qxn2pd4XfG0g10tDAFx64HQkWgZqSB+F8z71Cvfjondy1zjJYgtABqNlwCKQJZhRUW2+PblqQnz08TUy83XN2vtisOju4avGcHSaBgBbMvg8Wx4ZtM7sPP9pLrhhOTd5ceERHeTceTJy+iI1SQFvccjrRfs5aJ0zAQX5q6f4bV0zp5SmxkvnZUEkZIoetkM8VrPOYugqx31LtHAWfVT9NM+VkV/rrxLhk6J0giIQvC9MPWxRDileFVDszPiOgTLcxWjOziOLT+xijcj7dtx1b/f2bNCduN5G7i+icjjTlCNtyRPRqhBqn705W7F+xESP2gsscM/1BjQ7TGidU5m1njdkUjbrqm3+Qic6iqkG7SfETHmQB9mHqpJ0hACRPvZlhwB7oimNHllkrlw8UJw9f0SiuLjfERIgVS2EOp+mAia0RU7MlTt19o017M1ffEYL
+926e7275cef4f4f2a4251597ee4814748394824c 0 iQIcBAABCgAGBQJWYES4AAoJEESTFJTynGdzdT0P/0O/1frevtr698DwMe6kmJx35P6Bqq8szntMxYucv0HROTfr85JRcCCSvl/2SflDS215QmOxdvYLGLUWPJNz/gURCLpzsT88KLF68Y1tC72nl4Fj+LGIOlsWsvwEqQqw0v4iQkHIfcxI6q7g1r9Hfldf/ju4bzQ4HnKLxm6KNcLLoAsuehVpQ+njHpLmlLAGHU5a84B7xeXHFR+U/EBPxSdm637rNhmpLpkuK2Mym/Mzv7BThKDstpB8lhFHIwAVNqi3Cy4nGYxFZOJpooUN9pDornqAwuzHmOAMs9+49L8GZ1de5PBRGyFKibzjBIUWPEU9EIkfJVaVwTlqYK8Q/IRi9HjITPx6GpE8cZhdSvAibrQdb6BbIDrZ8eCvD9vnod6Uk0Jb9/ui6nCF9x+CN/3Qez4epV5+JCMYsqCiXFkVPm9Lab6L2eGZis7Q2TXImA/sSV+E4BGfH2urpkKlnuXTTtDp4XRG+lOISkIBXgjVY+uy8soVKNdx1gv+LeY8hu/oQ2NyOlaOeL47aSQ3who4Pk6pVRUOl6zfcKo9Vs6xDWm35A3Z6x/mrAENaXasB0JrfY5nIbefJUpbeSmi76fYldU98HdQNHPHCSeiKVYl7v/B6gi2JXp5xngLZz/5VVAurago7sRmpIp7G/AqU6LNE85IUzG8aQz8AfR0d1dW
+fd1981f41c626a969f07b4823848deaefef3c8aa 0 iQIcBAABCgAGBQJW4W2TAAoJEESTFJTynGdzuOcP/j6tvB2WRwSj39KoJuRcRebFWWv4ZHiQXYMXWa3X0Ppzz52r9W0cXDjjlp5FyGdovCQsK+IXmjPo5cCvWBrZJYA6usFr9ssnUtTC+45lvPxPYwj47ZGPngCXDt7LD+v08XhqCu4LsctXIP/zejd30KVS1eR2RHI+tnEyaIKC0Xaa0igcv74MZX7Q8/U+B730QMX5adfYAHoeyRhoctRWaxVV3To7Vadd9jNXP45MRY5auhRcK7XyQcS85vJeCRoysfDUas4ERRQWYkX+68GyzO9GrkYFle931Akw2K6ZZfUuiC2TrF5xv1eRP1Zm2GX481U4ZGFTI8IzZL8sVQ6tvzq2Mxsecu589JNui9aB2d8Gp2Su/E2zn0h0ShIRmviGzf2HiBt+Bnji5X2h/fJKWbLaWge0MdOU5Jidfyh9k0YT7xo4piJLJYSaZ3nv+j4jTYnTfL7uYvuWbYkJ1T32aQVCan7Eup3BFAgQjzbWYi1XQVg6fvu8uHPpS3tNNA9EAMeeyTyg1l6zI2EIU5gPfd/dKmdyotY2lZBkFZNJqFkKRZuzjWekcw7hAxS+Bd68GKklt/DGrQiVycAgimqwXrfkzzQagawq2fXL2uXB8ghlsyxKLSQPnAtBF2Jcn5FH2z7HOQ+e18ZrFfNy0cYa/4OdH6K5aK1igTzhZZP2Urn0
+70705edee9dd29cd3d410f19fbd15cc3489313e2 0 iQIcBAABCgAGBQJW7CQRAAoJEESTFJTynGdzTj0QAJL38CKSZthBAeI9c6B+IlwIeT6kPZaPqk1pkycCTWOe87NiNU9abrsF+JrjTuRQiO1EpM2IvfQEIXTijUcMxvld3PnzrZDDv6UvBLtOkn3i++HSVRO0MOuTKI8gFDEPUxRtcaCKXEbqYnf1OTK25FT09Vb//qP9mK1thvlLJmbV+D2a9MkMK66rom1d1h+347IsuwsM+ycHjB80VVAQLA7VYLC5YIwmL17dSmcQLvetfikAMwwmUE+KES4qiLSaqOcAWcKcU67RZzgMMv5o0rESlQmv1nj0mHZtHoUR71sd21emPaRXLOr0oT5YogWUphKq2qVthRn2B06+vd3hPdtn92CmJw9j7zT2jl4OeSjNm9qfAajsRzHIANssFxkGAb7w/LxcMoO29JC+01iUUJMdOVm+4Ns6wGI7qxssWPKdB+VbQUDlHrXLR+sopO524uhkYoWB6DVfTj4R6tImaHtj5/VXON0lsYaLGj8cSH60emL6nNQ0lYV/bSlk6l0s+0x3uXGZnp9oKA+vqMzHfG3vJeMm6KUqtFVjUsYx+q8nHm5/SlWxj1EwnkH8s8ELKZAUXjd76nWEwJ7JFRNRSQWvjOUh3/rsOo4JopzZXPsjCjm+Vql9TG0X6hB21noai32oD5RvfhtR/NX6sXNS5TKZz/j/cMsMnAAsSKb6W7Jm
+9030ffdbe5625e35ed7189ab84a41dfc8d413e9c 0 iQIcBAABCgAGBQJXkOg0AAoJEESTFJTynGdzc1kP/3vSKCnhOOvjCjnpTQadYcCUq8vTNnfLHYVu0R4ItPa/jT6RmxoaYP+lZnLnnBx9+aX7kzwHsa9BUX3MbMEyLrOzX2I+bDJbNPhQyupyCuPYlf5Q9KVcO9YlpbsC4q5XBzCn3j2+pT8kSfi9uD8fgY3TgE4w9meINrfQAealfjwMLT8S/I49/ni0r+usSfk/dnSShJYDUO7Ja0VWbJea/GkkZTu30bCnMUZPjRApipU3hPP63WFjkSMT1rp2mAXbWqyr9lf8z32yxzM9nMSjq4ViRFzFlkGtE3EVRJ4PwkO7JuiWAMPJpiQcEr+r52cCsmWhiGyHuINo01MwoMO9/n6uL1WVa3mJcE9se3xBOvfgDu2FRFGCAdm1tef+AGVo9EG1uJXi0sX2yUc6DMeuYaRWrXMMlZh7zp9cuNU9Y/lLui9RFmq66yeXG3Z2B72doju3Ig5QGrNNw2AOsSzeHdAtOp6ychqPcl9QfIeJQG18KyPSefZKM3G8YRKBRIwXFEH6iZJe5ZIP4iXrHDMn2JqtTRtDqKR8VNDAgb9z4Ffx8QRxFyj5JzTTMM1GddHb9udLvTQlO0ULYG7hCSMRNzvUBE2aTw8frjLRyfyyg3QpDu/hz8op8s1ecE8rTCD8RuX9DiiylNozypPtGNS+UDbAmkc1PCWaRpPVl+9K6787
+5c9207ceedaea794f958224c19214d66af6e2d56 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlkdtooACgkQRJMUlPKcZ3P6ZxAAmLy/buZB/d96DJF/pViRWt/fWdjQFC4MqWfeSLW02OZ8Qkm1vPL3ln6WPHC2thy3xZWVg2uan3pLk/XXnsIFu8Q7r1EAfFFpvlMUmdl7asE8V6ilaeqmiI7bIvGMFbf4cZkQliLjiFkJX56tFHRCNi+rb7WgRuru3/GzPXUq2AvXZvFpFJgik0B72TxVlmCKeBRZq1FvP0UhAH48RJWYJksdEyzh2paMfjX9ZO5Q2SFFrmPw6k2ArdJFC1AYcgceZC84y06RKJ0WiSntUPlEUXgQbQVVWbtQDhjfJXMr/beuroNdT/vsRraLVkAzvhaDXNnHlAJNLQxci+AcLpnzZhxMW+ax7RRtrpXGxRN4cs0lBGUcSkaDybFqMYXwEjXAE8w6fdJRWCIlxctkAW/iNEO4kAG97hI2Qwcw5oU2Ymnv09zyGR+XJE35pJqPulJHExdwanJHvmjH0QF7TNFS82yxS5dKnP954cj3Lu9SWGYWjxQJRmLtOwb+lqqol4VTxG7Ois4uef9/Tpp9skeMZXVeNlpn2wrp6iFcX3uiiVDg9VKkl3ig6UqCiqQSuiIN87RXwUOeHXlCnW3adz3Xei0ziBrwLSql7lBIHGEAlUUNmJ3CrR8IwQtcynGEMKfNIeZ/XK+uNlm9cJIqZf1fzqc8KexlyS9AS0i/kiYZTr4=

.hgtags

@@ -42,3 +42,16 @@ e76614145aea67f66e4a4257685c771efba21aa1 DROPBEAR_2013.58
 a50a1dc743317fad9b3737bc68fbca640659bb6d DROPBEAR_2013.60
 e894dbc015ba7ff4c3bf897ee20e28ca90c55a16 DROPBEAR_2013.61test
 3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62
+2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63
+0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64
+e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65
+735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66
+cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67
+809feaa9408f036734129c77f2b3c7e779d4f099 DROPBEAR_2015.68
+1637dbd262124d113e52967df46afd6c715e4fad DROPBEAR_2015.69
+79a6ef02307d05cb9dda10465cb5b807baa8f62e DROPBEAR_2015.70
+9a944a243f08be6b22d32f166a0690eb4872462b DROPBEAR_2015.71
+78b12b6549be08b0bea3da329b2578060a76ca31 DROPBEAR_2016.72
+309e1c4a87682b6ca7d80b8555a1db416c3cb7ac DROPBEAR_2016.73
+0ed3d2bbf956cb8a9bf0f4b5a86b7dd9688205cb DROPBEAR_2016.74
+c31276613181c5cff7854e7ef586ace03424e55e DROPBEAR_2017.75

.travis.yml

@@ -0,0 +1,56 @@
+language: c
+
+git:
+  depth: 3
+
+matrix:
+  include:
+    # subsequent matrix options use these first settings
+    - os: linux
+      compiler: gcc
+      env: WEXTRAFLAGS=-Werror
+    - env: MULTI=1 WEXTRAFLAGS=-Werror
+    # libtom has some warnings, so no WEXTRAFLAGS
+    - env: BUNDLEDLIBTOM=--enable-bundled-libtom WEXTRAFLAGS=""
+    - env: NOWRITEV=1 WEXTRAFLAGS=-Werror
+    # libtomcrypt 1.18.1 fixes clang problems, distro doesn't have that yet
+    - os: linux
+      compiler: clang
+      env: BUNDLEDLIBTOM=--enable-bundled-libtom WEXTRAFLAGS=""
+    - os: osx
+      compiler: clang
+      env: WEXTRAFLAGS=""
+
+# container-based builds
+sudo: false
+addons:
+  apt:
+    packages:
+    # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise
+    - zlib1g-dev
+    - libtomcrypt-dev
+    - libtommath-dev
+
+
+before_install:
+  - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi  # workaround
+
+script:
+  - autoconf && autoheader && ./configure "$BUNDLEDLIBTOM" CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS" --prefix="$HOME/inst"
+  - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi
+  - make -j3 
+  # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+  - make install 
+
+after_success:
+  - ~/inst/bin/dropbearkey -t rsa -f testrsa
+  - ~/inst/bin/dropbearkey -t dss -f testdss
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
+
+branches:
+  only:
+    - master
+    - coverity
+

CHANGES

@@ -1,3 +1,376 @@
+2018.76 - 27 February 2018
+
+> > > Configuration/compatibility changes
+  IMPORTANT
+  Custom configuration is now specified in local_options.h rather than options.h
+  Available options and defaults can be seen in default_options.h
+
+  To migrate your configuration, compare your customised options.h against the
+  upstream options.h from your relevant version. Any customised options should
+  be put in localoptions.h
+
+- "configure --enable-static" should now be used instead of "make STATIC=1"
+  This will avoid 'hardened build' flags that conflict with static binaries
+
+- Set 'hardened build' flags by default if supported by the compiler.
+  These can be disabled with configure --disable-harden if needed.
+  -Wl,-pie
+  -Wl,-z,now -Wl,-z,relro
+  -fstack-protector-strong
+  -D_FORTIFY_SOURCE=2
+  # spectre v2 mitigation
+  -mfunction-return=thunk
+  -mindirect-branch=thunk
+
+  Spectre patch from Loganaden Velvindron
+
+- "dropbear -r" option for hostkeys no longer attempts to load the default
+  hostkey paths as well. If desired these can be specified manually. 
+  Patch from CamVan Nguyen
+
+- group1-sha1 key exchange is disabled in the server by default since
+  the fixed 1024-bit group may be susceptible to attacks
+
+- twofish ciphers are now disabled in the default configuration
+
+- Default generated ECDSA key size is now 256 (rather than 521) 
+  for better interoperability
+
+- Minimum RSA key length has been increased to 1024 bits
+
+> > > Other features and fixes
+
+- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
+
+- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
+  See dbclient manpage for a socat example. Patch from Harald Becker
+
+- Add "-c forced_command" option. Patch from Jeremy Kerr
+
+- Restricted group -G option added with patch from stellarpower
+
+- Support server-chosen TCP forwarding ports, patch from houseofkodai
+
+- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
+  Patch from houseofkodai
+
+- Makefile will now rebuild object files when header files are modified
+
+- Add group14-256 and group16 key exchange options
+
+- curve25519-sha256 also supported without @libssh.org suffix
+
+- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
+  This fixes building with some recent versions of clang
+
+- Set PAM_RHOST which is needed by modules such as pam_abl
+
+- Improvements to DSS and RSA public key validation, found by OSS-Fuzz. 
+
+- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
+
+- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
+
+- Numerous code cleanups and small issues fixed by Francois Perrad
+
+- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
+  platforms. Reported by Oliver Schneider and Andrew Bainbridge
+
+- Fix some platform portability problems, from Ben Gardner
+
+- Add EXEEXT filename suffix for building dropbearmulti, from William Foster
+
+- Support --enable-<option> properly for configure, from Stefan Hauser
+
+- configure have_openpty result can be cached, from Eric Bénard
+
+- handle platforms that return close() < -1 on failure, from Marco Wenzel
+
+- Build and configuration cleanups from Michael Witten
+
+- Fix libtomcrypt/libtommath linking order, from Andre McCurdy
+
+- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
+
+- Update curve25519-donna implementation to current version
+
+2017.75 - 18 May 2017
+
+- Security: Fix double-free in server TCP listener cleanup
+  A double-free in the server could be triggered by an authenticated user if
+  dropbear is running with -a (Allow connections to forwarded ports from any host)
+  This could potentially allow arbitrary code execution as root by an authenticated user.
+  Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
+  CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
+
+- Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
+  Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
+  is to switch to user permissions when opening authorized_keys
+
+  A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
+  couldn't normally read. If they managed to get that file to contain valid
+  authorized_keys with command= options it might be possible to read other
+  contents of that file.
+  This information disclosure is to an already authenticated user.
+  Thanks to Jann Horn of Google Project Zero for reporting this.
+  CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
+
+- Generate hostkeys with dropbearkey atomically and flush to disk with fsync
+  Thanks to Andrei Gherzan for a patch
+
+- Fix out of tree builds with bundled libtom
+  Thanks to Henrik Nordström and Peter Krefting for patches.
+
+2016.74 - 21 July 2016
+
+- Security: Message printout was vulnerable to format string injection.
+
+  If specific usernames including "%" symbols can be created on a system
+  (validated by getpwnam()) then an attacker could run arbitrary code as root
+  when connecting to Dropbear server.
+
+  A dbclient user who can control username or host arguments could potentially
+  run arbitrary code as the dbclient user. This could be a problem if scripts
+  or webpages pass untrusted input to the dbclient program.
+  CVE-2016-7406
+  https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
+
+- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
+  the local dropbearconvert user when parsing malicious key files
+  CVE-2016-7407
+  https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
+
+- Security: dbclient could run arbitrary code as the local dbclient user if
+  particular -m or -c arguments are provided. This could be an issue where
+  dbclient is used in scripts.
+  CVE-2016-7408
+  https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
+
+- Security: dbclient or dropbear server could expose process memory to the
+  running user if compiled with DEBUG_TRACE and running with -v
+  CVE-2016-7409
+  https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
+
+  The security issues were reported by an anonymous researcher working with
+  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
+
+- Fix port forwarding failure when connecting to domains that have both
+  IPv4 and IPv6 addresses. The bug was introduced in 2015.68
+
+- Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
+  for the patch
+
+
+2016.73 - 18 March 2016
+
+- Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
+
+- Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
+
+- Option to exit when a TCP forward fails, patch from Konstantin Tokarev
+
+- New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
+  in the style of OpenSSH, though implementing all OpenSSH options is not planned.
+
+- Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
+
+- Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
+
+- Various cleanups for issues found by a lint tool, patch from Francois Perrad
+
+- Fix tab indent consistency, patch from Francois Perrad
+
+- Fix issues found by cppcheck, reported by Mike Tzou
+
+- Use system memset_s() or explicit_bzero() if available to clear memory. Also make
+  libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
+
+- Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
+
+- Improved Travis CI test running, thanks to Mike Tzou
+
+- Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
+
+2016.72 - 9 March 2016
+
+- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
+  found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
+  https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
+
+2015.71 - 3 December 2015
+
+- Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
+
+- Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
+  Frank Stollenwerk for reporting and investigation
+
+- Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
+
+- Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
+  broke in 2015.70
+
+- Fix server race condition that could cause sessions to hang on exit,
+  https://github.com/robotframework/SSHLibrary/issues/128
+
+2015.70 - 26 November 2015
+
+- Fix server password authentication on Linux, broke in 2015.69
+
+2015.69 - 25 November 2015
+
+- Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
+
+- Avoid hang on session close when multiple sessions are started, affects Qt Creator
+  Patch from Andrzej Szombierski
+
+- Reduce per-channel memory consumption in common case, increase default
+  channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
+  webpages
+
+- Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
+
+- Manpage improvements from Guilhem Moulin
+
+- Build fixes for Android from Mike Frysinger
+
+- Don't display the MOTD when an explicit command is run from Guilhem Moulin
+
+- Check curve25519 shared secret isn't zero
+
+2015.68 - Saturday 8 August 2015
+
+- Reduce local data copying for improved efficiency. Measured 30%
+  increase in throughput for connections to localhost
+
+- Forwarded TCP ports connect asynchronously and try all available addresses
+  (IPv4, IPv6, round robin DNS)
+
+- Fix all compile warnings, many patches from Gaël Portay
+  Note that configure with -Werror may not be successful on some platforms (OS X)
+  and some configuration options may still result in unused variable
+  warnings.
+
+- Use TCP Fast Open on Linux if available. Saves a round trip at connection
+  to hosts that have previously been connected. 
+  Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
+  Client side is disabled by default pending further compatibility testing
+  with networks and systems.
+
+- Increase maximum command length to 9000 bytes
+
+- Free memory before exiting, patch from Thorsten Horstmann. Useful for
+  Dropbear ports to embedded systems and for checking memory leaks
+  with valgrind. Only partially implemented for dbclient.
+  This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
+
+- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
+  there is a leading slash (~ isn't treated specially)
+
+- Fix small ECC memory leaks
+
+- Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
+  Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
+
+- Twofish-ctr cipher is supported though disabled by default
+
+- Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
+  to CL Ouyang
+
+- Fix null pointer crash with restrictions in authorized_keys without a command, patch from
+  Guilhem Moulin
+
+- Ensure authentication timeout is handled while reading the initial banner,
+  thanks to CL Ouyang for finding it.
+
+- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
+
+2015.67 - Wednesday 28 January 2015
+
+- Call fsync() after generating private keys to ensure they aren't lost if a
+  reboot occurs. Thanks to Peter Korsgaard
+
+- Disable non-delayed zlib compression by default on the server. Can be
+  enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+
+- Default client key path ~/.ssh/id_dropbear
+
+- Prefer stronger algorithms by default, from Fedor Brunner. 
+  AES256 over 3DES
+  Diffie-hellman group14 over group1
+
+- Add option to disable CBC ciphers.
+
+- Disable twofish in default options.h
+
+- Enable sha2 HMAC algorithms by default, the code was already required
+  for ECC key exchange. sha1 is the first preference still for performance. 
+
+- Fix installing dropbear.8 in a separate build directory, from Like Ma
+
+- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+
+- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+
+- Minor bug fixes, a few issues found by Coverity scan
+
+2014.66 - Thursday 23 October 2014
+
+- Use the same keepalive handling behaviour as OpenSSH. This will work better 
+  with some SSH implementations that have different behaviour with unknown 
+  message types.
+
+- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own 
+  keepalive message
+
+- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
+
+- Fix wtmp which broke since 2013.62, patch from Whoopie
+
+2014.65 - Friday 8 August 2014
+
+- Fix 2014.64 regression, server session hang on exit with scp (and probably
+  others), thanks to NiLuJe for tracking it down
+
+- Fix 2014.64 regression, clock_gettime() error handling which broke on older
+  Linux kernels, reported by NiLuJe
+
+- Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
+  wasn't caught
+
+- Avoid error message when trying to set QoS on proxycommand or multihop pipes
+
+- Use /usr/bin/xauth, thanks to Mike Frysinger
+
+- Don't exit the client if the local user entry can't be found, thanks to iquaba
+
+2014.64 - Sunday 27 July 2014
+
+- Fix compiling with ECDSA and DSS disabled
+
+- Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
+  thanks to Ronny Meeus
+
+- The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval". 
+  If no response is received after 3 keepalives then the session is terminated. This
+  will close connections faster than waiting for a TCP timeout.
+
+- Rework TCP priority setting. New settings are
+	if (connecting || ptys || x11) tos = LOWDELAY
+	else if (tcp_forwards) tos = 0
+	else tos = BULK
+  Thanks to Catalin Patulea for the suggestion.
+
+- Improve handling of many concurrent new TCP forwarded connections, should now
+  be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
+  and investigating it.
+
+- Make sure that exit messages from the client are printed, regression in 2013.57
+
+- Use monotonic clock where available, timeouts won't be affected by system time
+  changes
+
+- Add -V for version
+
 2014.63 - Wednesday 19 February 2014
 
 - Fix ~. to terminate a client interactive session after waking a laptop
@@ -24,7 +397,7 @@
   still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
   This is a longstanding bug but is triggered more easily since 2013.57
 
-- Fix README for ecdsa keys, from Caralin Patulea
+- Fix README for ecdsa keys, from Catalin Patulea
 
 - Ensure that generated RSA keys are always exactly the length
   requested. Previously Dropbear always generated N+16 or N+15 bit keys.
@@ -56,6 +429,8 @@ kernels, from Steve Dover
 
 2013.61test - Thursday 14 November 2013
 
+- Default generated RSA key size changed from 1024 to 2048 bits
+
 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
   be generated) and ECDH for setting up encryption keys (no intervention
   required). This is significantly faster.
@@ -101,9 +476,11 @@ kernels, from Steve Dover
 - Limit the size of decompressed payloads, avoids memory exhaustion denial
   of service 
   Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
+  https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
 
 - Avoid disclosing existence of valid users through inconsistent delays
   Thanks to Logan Lamb for reporting. CVE-2013-4434
+  https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a
 
 - Update config.guess and config.sub for newer architectures
 
@@ -206,6 +583,7 @@ though probably will be soon
   This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
   Thanks to Danny Fullerton of Mantor Organization for reporting
   the bug.
+  https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
 
 - Compile fix, only apply IPV6 socket options if they are available in headers
   Thanks to Gustavo Zacarias for the patch

INSTALL

@@ -1,20 +1,26 @@
 Basic Dropbear build instructions:
 
-- Edit options.h to set which features you want.
-- Edit debug.h if you want any debug options (not usually required).
+- Edit localoptions.h to set which features you want. Available options
+  are described in default_options.h, these will be overridden by
+  anything set in localoptions.h
 
-(If using a non-tarball copy, "autoconf; autoheader")
+- If using a Mercurial or Git checkout, "autoconf; autoheader"
 
-./configure      (optionally with --disable-zlib or --disable-syslog,
+- Configure for your system:
+  ./configure     (optionally with --disable-zlib or --disable-syslog,
                   or --help for other options)
 
-Now compile:
+- Compile:
 
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
+  make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
 
-And install (/usr/local/bin is usual default):
+- Optionally install, or copy the binaries another way
 
-make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
+  make install (/usr/local/bin is usual default):
+
+  or
+
+  make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
 
 (you can leave items out of the PROGRAMS list to avoid compiling them. If you
 recompile after changing the PROGRAMS list, you *MUST* "make clean" before
@@ -22,7 +28,11 @@ recompiling - bad things will happen otherwise)
 
 See MULTI for instructions on making all-in-one binaries.
 
-If you want to compile statically, add "STATIC=1" to the make command-line.
+If you want to compile statically use ./configure --enable-static
+
+By default Dropbear adds various build flags that improve robustness 
+against programming bugs (good for security). If these cause problems
+they can be disabled with ./configure --disable-harden
 
 Binaries can be stripped with "make strip"
 

LICENSE

@@ -8,7 +8,7 @@ The majority of code is written by Matt Johnston, under the license below.
 Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
 same license:
 
-Copyright (c) 2002-2013 Matt Johnston
+Copyright (c) 2002-2015 Matt Johnston
 Portions copyright (c) 2004 Mihnea Stoenescu
 All rights reserved.
 

Makefile.in

@@ -2,12 +2,11 @@
 # @configure_input@
 
 # invocation:
-# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
 #
-# to make a multiple-program statically linked binary "staticdropbearmulti".
+# to make a multiple-program binary "dropbearmulti".
 # This example will include dropbear, scp, dropbearkey, dropbearconvert, and
 # dbclient functionality, and includes the progress-bar functionality in scp.
-# Hopefully that seems intuitive.
 
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
@@ -20,11 +19,18 @@ LIBTOM_LIBS=@LIBTOM_LIBS@
 
 ifeq (@BUNDLED_LIBTOM@, 1)
 LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) 
+LIBTOM_CLEAN=ltc-clean ltm-clean
 CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
-LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
+LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
 endif
 
-COMMONOBJS=dbutil.o buffer.o \
+OPTION_HEADERS = default_options_guard.h sysoptions.h
+ifneq ($(wildcard localoptions.h),)
+CFLAGS+=-DLOCALOPTIONS_H_EXISTS
+OPTION_HEADERS += localoptions.h
+endif
+
+COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
 		signkey.o rsa.o dbrandom.o \
 		queue.o \
@@ -40,12 +46,12 @@ SVROBJS=svr-kex.o svr-auth.o sshpty.o \
 CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-runopts.o cli-chansession.o \
 		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
-		cli-agentfwd.o list.o
+		cli-agentfwd.o 
 
 CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
 			common-channel.o common-chansession.o termcodes.o loginrec.o \
-			tcp-accept.o listener.o process-packet.o \
-			common-runopts.o circbuffer.o curve25519-donna.o
+			tcp-accept.o listener.o process-packet.o dh_groups.o \
+			common-runopts.o circbuffer.o curve25519-donna.o list.o netio.o
 
 KEYOBJS=dropbearkey.o
 
@@ -53,13 +59,6 @@ CONVERTOBJS=dropbearconvert.o keyimport.o
 
 SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
 
-HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
-		dss.h bignum.h signkey.h rsa.h dbrandom.h service.h auth.h \
-		debug.h channel.h chansession.h config.h queue.h sshpty.h \
-		termcodes.h gendss.h genrsa.h runopts.h includes.h \
-		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
-		listener.h fake-rfc2553.h ecc.h ecdsa.h
-
 dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
 dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
 dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
@@ -76,6 +75,8 @@ bindir=@bindir@
 sbindir=@sbindir@
 mandir=@mandir@
 
+.DELETE_ON_ERROR:
+
 CC=@CC@
 AR=@AR@
 RANLIB=@RANLIB@
@@ -88,9 +89,10 @@ LDFLAGS=@LDFLAGS@
 
 EXEEXT=@EXEEXT@
 
+STATIC=@STATIC@
+
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
-space:= $(empty) $(empty)
 ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z))))
 	CFLAGS+= -DDROPBEAR_SERVER
 endif
@@ -98,7 +100,6 @@ ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z)
 	CFLAGS+= -DDROPBEAR_CLIENT
 endif
 
-
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
@@ -109,7 +110,7 @@ ifeq ($(STATIC), 1)
 endif
 
 ifeq ($(MULTI), 1)
-	TARGETS=dropbearmulti
+	TARGETS=dropbearmulti$(EXEEXT)
 else
 	TARGETS=$(PROGRAMS)
 endif
@@ -121,33 +122,44 @@ endif
 
 all: $(TARGETS)
 
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
+%.o : %.c $(HEADERS)
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+default_options_guard.h: default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	@mv $@.tmp $@
+
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
 
 install: $(addprefix inst_, $(TARGETS))
 
-insmultidropbear: dropbearmulti
+insmultidropbear: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
-	$(INSTALL) -m 644 dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
+	$(INSTALL) -m 644 $(srcdir)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
 
-insmulti%: dropbearmulti
+insmulti%: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(bindir)
 	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
 	if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
 
-# dropbear should go in sbin, so it needs a seperate rule
+# dropbear should go in sbin, so it needs a separate rule
 inst_dropbear: dropbear
 	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
-	$(INSTALL) -m 644 dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
+	$(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
 
-inst_%: $*
+inst_%: %
 	$(INSTALL) -d $(DESTDIR)$(bindir)
 	$(INSTALL) $*$(EXEEXT) $(DESTDIR)$(bindir)
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
@@ -155,7 +167,6 @@ inst_%: $*
 
 inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS)) 
 
-
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
 dropbear: $(dropbearobjs)
 dbclient: $(dbclientobjs)
@@ -194,32 +205,34 @@ link%:
 	-rm -f $*$(EXEEXT)
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
-$(STATIC_LTC): options.h
-	cd libtomcrypt && $(MAKE)
+$(STATIC_LTC): $(OPTION_HEADERS)
+	$(MAKE) -C libtomcrypt
 
-$(STATIC_LTM): options.h
-	cd libtommath && $(MAKE)
+$(STATIC_LTM): $(OPTION_HEADERS)
+	$(MAKE) -C libtommath
 
 .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
 
 ltc-clean:
-	cd libtomcrypt && $(MAKE) clean
+	$(MAKE) -C libtomcrypt clean
 
 ltm-clean:
-	cd libtommath && $(MAKE) clean
+	$(MAKE) -C libtommath clean
 
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
 
-clean: ltc-clean ltm-clean thisclean
+clean: $(LIBTOM_CLEAN) thisclean
 
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
-			dropbearmulti *.o *.da *.bb *.bbg *.prof 
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
+			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof
 
 distclean: clean tidy
 	-rm -f config.h
 	-rm -f Makefile
+	-rm -f default_options_guard.h
 
 tidy:
 	-rm -f *~ *.gcov */*~

README

@@ -8,8 +8,8 @@ which performs multiple tasks, to save disk space)
 
 SMALL has some tips on creating small binaries.
 
-See TODO for a few of the things I know need looking at, and please contact
-me if you have any questions/bugs found/features/ideas/comments etc :)
+Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
+There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear
 
 Matt Johnston
 matt@ucc.asn.au

TODO

@@ -1,27 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- default private dbclient keys
-
-- Make options.h generated from configure perhaps?
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- CTR mode
-- SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-
-- Client agent forwarding
-
-- Handle restrictions in ~/.ssh/authorized_keys ?

agentfwd.h

@@ -21,8 +21,8 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
-#ifndef _AGENTFWD_H_
-#define _AGENTFWD_H_
+#ifndef DROPBEAR_AGENTFWD_H_
+#define DROPBEAR_AGENTFWD_H_
 
 #include "includes.h"
 #include "chansession.h"
@@ -30,7 +30,7 @@
 #include "auth.h"
 #include "list.h"
 
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 
 /* An agent reply can be reasonably large, as it can
  * contain a list of all public keys held by the agent.
@@ -40,8 +40,8 @@
 /* client functions */
 void cli_load_agent_keys(m_list * ret_list);
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-	buffer *data_buf);
-void cli_setup_agent(struct Channel *channel);
+	const buffer *data_buf);
+void cli_setup_agent(const struct Channel *channel);
 
 #ifdef __hpux
 #define seteuid(a)       setresuid(-1, (a), -1)
@@ -50,14 +50,14 @@ void cli_setup_agent(struct Channel *channel);
 
 extern const struct ChanType cli_chan_agent;
 
-#endif /* ENABLE_CLI_AGENTFWD */
+#endif /* DROPBEAR_CLI_AGENTFWD */
 
-#ifdef ENABLE_SVR_AGENTFWD
+#if DROPBEAR_SVR_AGENTFWD
 
 int svr_agentreq(struct ChanSess * chansess);
 void svr_agentcleanup(struct ChanSess * chansess);
-void svr_agentset(struct ChanSess *chansess);
+void svr_agentset(const struct ChanSess *chansess);
 
-#endif /* ENABLE_SVR_AGENTFWD */
+#endif /* DROPBEAR_SVR_AGENTFWD */
 
-#endif /* _AGENTFWD_H_ */
+#endif /* DROPBEAR_AGENTFWD_H_ */

algo.h

@@ -22,9 +22,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _ALGO_H_
+#ifndef DROPBEAR_ALGO_H_
 
-#define _ALGO_H_
+#define DROPBEAR_ALGO_H_
 
 #include "includes.h"
 #include "buffer.h"
@@ -35,7 +35,7 @@
 
 struct Algo_Type {
 
-	const unsigned char *name; /* identifying name */
+	const char *name; /* identifying name */
 	char val; /* a value for this cipher, or -1 for invalid */
 	const void *data; /* algorithm specific data */
 	char usable; /* whether we can use this algorithm */
@@ -51,6 +51,7 @@ extern algo_type sshhostkey[];
 extern algo_type sshciphers[];
 extern algo_type sshhashes[];
 extern algo_type ssh_compress[];
+extern algo_type ssh_delaycompress[];
 extern algo_type ssh_nocompress[];
 
 extern const struct dropbear_cipher dropbear_nocipher;
@@ -82,9 +83,15 @@ struct dropbear_hash {
 };
 
 enum dropbear_kex_mode {
+#if DROPBEAR_NORMAL_DH
 	DROPBEAR_KEX_NORMAL_DH,
+#endif
+#if DROPBEAR_ECDH
 	DROPBEAR_KEX_ECDH,
+#endif
+#if DROPBEAR_CURVE25519
 	DROPBEAR_KEX_CURVE25519,
+#endif
 };
 
 struct dropbear_kex {
@@ -95,7 +102,7 @@ struct dropbear_kex {
 	const int dh_p_len;
 
 	/* elliptic curve DH KEX */
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 	const struct dropbear_ecc_curve *ecc_curve;
 #else
 	const void* dummy;
@@ -105,8 +112,8 @@ struct dropbear_kex {
 	const struct ltc_hash_descriptor *hash_desc;
 };
 
-int have_algo(char* algo, size_t algolen, algo_type algos[]);
-void buf_put_algolist(buffer * buf, algo_type localalgos[]);
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]);
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]);
 
 enum kexguess2_used {
 	KEXGUESS2_LOOK,
@@ -121,10 +128,10 @@ enum kexguess2_used {
 algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
 		enum kexguess2_used *kexguess2, int *goodguess);
 
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 int check_user_algos(const char* user_algo_list, algo_type * algos, 
 		const char *algo_desc);
-char * algolist_string(algo_type algos[]);
+char * algolist_string(const algo_type algos[]);
 #endif
 
 enum {
@@ -133,4 +140,4 @@ enum {
 	DROPBEAR_COMP_ZLIB_DELAY,
 };
 
-#endif /* _ALGO_H_ */
+#endif /* DROPBEAR_ALGO_H_ */

atomicio.c

@@ -1,6 +1,8 @@
+/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */
 /*
- * Copied from OpenSSH 3.6.1p2.
+ * Copied from OpenSSH/OpenBSD.
  * 
+ * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
  * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
  * All rights reserved.
  *
@@ -25,38 +27,32 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* RCSID("OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp "); */
+#include "includes.h"
 
 #include "atomicio.h"
 
 /*
- * ensure all of data on socket comes through. f==read || f==write
+ * ensure all of data on socket comes through. f==read || f==vwrite
  */
-ssize_t
-atomicio(f, fd, _s, n)
-	ssize_t (*f) ();
-	int fd;
-	void *_s;
-	size_t n;
+size_t
+atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
 {
 	char *s = _s;
-	ssize_t res;
 	size_t pos = 0;
+	ssize_t res;
 
 	while (n > pos) {
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
-#ifdef EWOULDBLOCK
-			if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
-#else
 			if (errno == EINTR || errno == EAGAIN)
-#endif
 				continue;
+			return 0;
 		case 0:
-			return (res);
+			errno = EPIPE;
+			return pos;
 		default:
-			pos += res;
+			pos += (size_t)res;
 		}
 	}
 	return (pos);

atomicio.h

@@ -1,8 +1,7 @@
+/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */
 
 /*
- * Copied from OpenSSH 3.6.1p2, required for loginrec.c
- *
- * $OpenBSD: atomicio.h,v 1.4 2001/06/26 06:32:46 itojun Exp $
+ * Copied from OpenSSH/OpenBSD, required for loginrec.c
  *
  * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
  * All rights reserved.
@@ -28,9 +27,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "includes.h"
-
 /*
- * Ensure all of data on socket comes through. f==read || f==write
+ * Ensure all of data on socket comes through. f==read || f==vwrite
  */
-ssize_t	atomicio(ssize_t (*)(), int, void *, size_t);
+size_t	atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
+
+#define vwrite (ssize_t (*)(int, void *, size_t))write

auth.h

@@ -22,32 +22,32 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _AUTH_H_
-#define _AUTH_H_
+#ifndef DROPBEAR_AUTH_H_
+#define DROPBEAR_AUTH_H_
 
 #include "includes.h"
 #include "signkey.h"
 #include "chansession.h"
 
-void svr_authinitialise();
-void cli_authinitialise();
+void svr_authinitialise(void);
+void cli_authinitialise(void);
 
 /* Server functions */
-void recv_msg_userauth_request();
+void recv_msg_userauth_request(void);
 void send_msg_userauth_failure(int partial, int incrfail);
-void send_msg_userauth_success();
-void send_msg_userauth_banner(buffer *msg);
-void svr_auth_password();
-void svr_auth_pubkey();
-void svr_auth_pam();
+void send_msg_userauth_success(void);
+void send_msg_userauth_banner(const buffer *msg);
+void svr_auth_password(void);
+void svr_auth_pubkey(void);
+void svr_auth_pam(void);
 
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
-int svr_pubkey_allows_agentfwd();
-int svr_pubkey_allows_tcpfwd();
-int svr_pubkey_allows_x11fwd();
-int svr_pubkey_allows_pty();
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+int svr_pubkey_allows_agentfwd(void);
+int svr_pubkey_allows_tcpfwd(void);
+int svr_pubkey_allows_x11fwd(void);
+int svr_pubkey_allows_pty(void);
 void svr_pubkey_set_forced_command(struct ChanSess *chansess);
-void svr_pubkey_options_cleanup();
+void svr_pubkey_options_cleanup(void);
 int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
 #else
 /* no option : success */
@@ -56,34 +56,34 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 #define svr_pubkey_allows_x11fwd() 1
 #define svr_pubkey_allows_pty() 1
 static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
-static inline void svr_pubkey_options_cleanup() { }
+static inline void svr_pubkey_options_cleanup(void) { }
 #define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
 #endif
 
 /* Client functions */
-void recv_msg_userauth_failure();
-void recv_msg_userauth_success();
-void recv_msg_userauth_specific_60();
-void recv_msg_userauth_pk_ok();
-void recv_msg_userauth_info_request();
-void cli_get_user();
-void cli_auth_getmethods();
-int cli_auth_try();
-void recv_msg_userauth_banner();
-void cli_pubkeyfail();
-void cli_auth_password();
-int cli_auth_pubkey();
-void cli_auth_interactive();
-char* getpass_or_cancel(char* prompt);
-void cli_auth_pubkey_cleanup();
+void recv_msg_userauth_failure(void);
+void recv_msg_userauth_success(void);
+void recv_msg_userauth_specific_60(void);
+void recv_msg_userauth_pk_ok(void);
+void recv_msg_userauth_info_request(void);
+void cli_get_user(void);
+void cli_auth_getmethods(void);
+int cli_auth_try(void);
+void recv_msg_userauth_banner(void);
+void cli_pubkeyfail(void);
+void cli_auth_password(void);
+int cli_auth_pubkey(void);
+void cli_auth_interactive(void);
+char* getpass_or_cancel(const char* prompt);
+void cli_auth_pubkey_cleanup(void);
 
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
 #define AUTH_TYPE_NONE      1
-#define AUTH_TYPE_PUBKEY    1 << 1
-#define AUTH_TYPE_PASSWORD  1 << 2
-#define AUTH_TYPE_INTERACT  1 << 3
+#define AUTH_TYPE_PUBKEY    (1 << 1)
+#define AUTH_TYPE_PASSWORD  (1 << 2)
+#define AUTH_TYPE_INTERACT  (1 << 3)
 
 #define AUTH_METHOD_NONE "none"
 #define AUTH_METHOD_NONE_LEN 4
@@ -105,12 +105,14 @@ struct AuthState {
 	unsigned char authtypes; /* Flags indicating which auth types are still 
 								valid */
 	unsigned int failcount; /* Number of (failed) authentication attempts.*/
-	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
-							  client and server (though has differing [obvious]
+	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
+							  client and server (though has differing 
 							  meanings). */
-	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
+	unsigned int perm_warn; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
 							   logged. */
+	unsigned int checkusername_failed;  /* Server only, set if checkusername
+	                                has already failed */
 
 	/* These are only used for the server */
 	uid_t pw_uid;
@@ -119,12 +121,12 @@ struct AuthState {
 	char *pw_shell;
 	char *pw_name;
 	char *pw_passwd;
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 	struct PubKeyOptions* pubkey_options;
 #endif
 };
 
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 struct PubKeyOptions;
 struct PubKeyOptions {
 	/* Flags */
@@ -133,8 +135,8 @@ struct PubKeyOptions {
 	int no_x11_forwarding_flag;
 	int no_pty_flag;
 	/* "command=" option. */
-	unsigned char * forced_command;
+	char * forced_command;
 };
 #endif
 
-#endif /* _AUTH_H_ */
+#endif /* DROPBEAR_AUTH_H_ */

bignum.c

@@ -39,33 +39,49 @@ void m_mp_init(mp_int *mp) {
  * on error */
 void m_mp_init_multi(mp_int *mp, ...) 
 {
-    mp_int* cur_arg = mp;
-    va_list args;
+	mp_int* cur_arg = mp;
+	va_list args;
 
-    va_start(args, mp);        /* init args to next argument from caller */
-    while (cur_arg != NULL) {
-        if (mp_init(cur_arg) != MP_OKAY) {
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		if (mp_init(cur_arg) != MP_OKAY) {
 			dropbear_exit("Mem alloc error");
-        }
-        cur_arg = va_arg(args, mp_int*);
-    }
-    va_end(args);
+		}
+		cur_arg = va_arg(args, mp_int*);
+	}
+	va_end(args);
 }
 
 void m_mp_alloc_init_multi(mp_int **mp, ...) 
 {
-    mp_int** cur_arg = mp;
-    va_list args;
+	mp_int** cur_arg = mp;
+	va_list args;
 
-    va_start(args, mp);        /* init args to next argument from caller */
-    while (cur_arg != NULL) {
-    	*cur_arg = m_malloc(sizeof(mp_int));
-        if (mp_init(*cur_arg) != MP_OKAY) {
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		*cur_arg = m_malloc(sizeof(mp_int));
+		if (mp_init(*cur_arg) != MP_OKAY) {
 			dropbear_exit("Mem alloc error");
-        }
-        cur_arg = va_arg(args, mp_int**);
-    }
-    va_end(args);
+		}
+		cur_arg = va_arg(args, mp_int**);
+	}
+	va_end(args);
+}
+
+void m_mp_free_multi(mp_int **mp, ...) 
+{
+	mp_int** cur_arg = mp;
+	va_list args;
+
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		if (*cur_arg) {
+			mp_clear(*cur_arg);
+		}
+		m_free(*cur_arg);
+		cur_arg = va_arg(args, mp_int**);
+	}
+	va_end(args);
 }
 
 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {

bignum.h

@@ -22,17 +22,17 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _BIGNUM_H_
-#define _BIGNUM_H_
+#ifndef DROPBEAR_BIGNUM_H_
+#define DROPBEAR_BIGNUM_H_
 
-#include "includes.h"
-#include "dbutil.h"
+#include "dbhelpers.h"
 
 void m_mp_init(mp_int *mp);
 void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL;
 void m_mp_alloc_init_multi(mp_int **mp, ...) ATTRIB_SENTINEL;
+void m_mp_free_multi(mp_int **mp, ...)  ATTRIB_SENTINEL;
 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
 				hash_state *hs, mp_int *mp);
 
-#endif /* _BIGNUM_H_ */
+#endif /* DROPBEAR_BIGNUM_H_ */

buffer.c

@@ -46,17 +46,15 @@ buffer* buf_new(unsigned int size) {
 		dropbear_exit("buf->size too big");
 	}
 
-	buf = (buffer*)m_malloc(sizeof(buffer));
+	buf = (buffer*)m_malloc(sizeof(buffer)+size);
 
 	if (size > 0) {
-		buf->data = (unsigned char*)m_malloc(size);
+		buf->data = (unsigned char*)buf + sizeof(buffer);
 	} else {
 		buf->data = NULL;
 	}
 
 	buf->size = size;
-	buf->pos = 0;
-	buf->len = 0;
 
 	return buf;
 
@@ -65,12 +63,11 @@ buffer* buf_new(unsigned int size) {
 /* free the buffer's data and the buffer itself */
 void buf_free(buffer* buf) {
 
-	m_free(buf->data)
 	m_free(buf);
 }
 
 /* overwrite the contents of the buffer to clear it */
-void buf_burn(buffer* buf) {
+void buf_burn(const buffer* buf) {
 	
 	m_burn(buf->data, buf->size);
 
@@ -78,28 +75,31 @@ void buf_burn(buffer* buf) {
 
 /* resize a buffer, pos and len will be repositioned if required when
  * downsizing */
-void buf_resize(buffer *buf, unsigned int newsize) {
+buffer* buf_resize(buffer *buf, unsigned int newsize) {
 
 	if (newsize > BUF_MAX_SIZE) {
 		dropbear_exit("buf->size too big");
 	}
 
-	buf->data = m_realloc(buf->data, newsize);
+	buf = m_realloc(buf, sizeof(buffer)+newsize);
+	buf->data = (unsigned char*)buf + sizeof(buffer);
 	buf->size = newsize;
 	buf->len = MIN(newsize, buf->len);
 	buf->pos = MIN(newsize, buf->pos);
-
+	return buf;
 }
 
 /* Create a copy of buf, allocating required memory etc. */
 /* The new buffer is sized the same as the length of the source buffer. */
-buffer* buf_newcopy(buffer* buf) {
+buffer* buf_newcopy(const buffer* buf) {
 	
 	buffer* ret;
 
 	ret = buf_new(buf->len);
 	ret->len = buf->len;
-	memcpy(ret->data, buf->data, buf->len);
+	if (buf->len > 0) {
+		memcpy(ret->data, buf->data, buf->len);
+	}
 	return ret;
 }
 
@@ -109,6 +109,7 @@ void buf_setlen(buffer* buf, unsigned int len) {
 		dropbear_exit("Bad buf_setlen");
 	}
 	buf->len = len;
+	buf->pos = MIN(buf->pos, buf->len);
 }
 
 /* Increment the length of the buffer */
@@ -127,7 +128,7 @@ void buf_setpos(buffer* buf, unsigned int pos) {
 	buf->pos = pos;
 }
 
-/* increment the postion by incr, increasing the buffer length if required */
+/* increment the position by incr, increasing the buffer length if required */
 void buf_incrwritepos(buffer* buf, unsigned int incr) {
 	if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
 		dropbear_exit("Bad buf_incrwritepos");
@@ -141,9 +142,10 @@ void buf_incrwritepos(buffer* buf, unsigned int incr) {
 /* increment the position by incr, negative values are allowed, to
  * decrement the pos*/
 void buf_incrpos(buffer* buf,  int incr) {
-	if (incr > BUF_MAX_INCR ||
-			(unsigned int)((int)buf->pos + incr) > buf->len 
-			|| ((int)buf->pos + incr) < 0) {
+	if (incr > BUF_MAX_INCR 
+		|| incr < -BUF_MAX_INCR 
+		|| (unsigned int)((int)buf->pos + incr) > buf->len
+		|| ((int)buf->pos + incr) < 0) {
 		dropbear_exit("Bad buf_incrpos");
 	}
 	buf->pos += incr;
@@ -182,9 +184,9 @@ void buf_putbyte(buffer* buf, unsigned char val) {
 
 /* returns an in-place pointer to the buffer, checking that
  * the next len bytes from that position can be used */
-unsigned char* buf_getptr(buffer* buf, unsigned int len) {
+unsigned char* buf_getptr(const buffer* buf, unsigned int len) {
 
-	if (buf->pos + len > buf->len) {
+	if (len > BUF_MAX_INCR || buf->pos + len > buf->len) {
 		dropbear_exit("Bad buf_getptr");
 	}
 	return &buf->data[buf->pos];
@@ -192,9 +194,9 @@ unsigned char* buf_getptr(buffer* buf, unsigned int len) {
 
 /* like buf_getptr, but checks against total size, not used length.
  * This allows writing past the used length, but not past the size */
-unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) {
 
-	if (buf->pos + len > buf->size) {
+	if (len > BUF_MAX_INCR || buf->pos + len > buf->size) {
 		dropbear_exit("Bad buf_getwriteptr");
 	}
 	return &buf->data[buf->pos];
@@ -203,10 +205,10 @@ unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
 /* Return a null-terminated string, it is malloced, so must be free()ed
  * Note that the string isn't checked for null bytes, hence the retlen
  * may be longer than what is returned by strlen */
-unsigned char* buf_getstring(buffer* buf, unsigned int *retlen) {
+char* buf_getstring(buffer* buf, unsigned int *retlen) {
 
 	unsigned int len;
-	unsigned char* ret;
+	char* ret;
 	len = buf_getint(buf);
 	if (len > MAX_STRING_LEN) {
 		dropbear_exit("String too long");
@@ -225,15 +227,15 @@ unsigned char* buf_getstring(buffer* buf, unsigned int *retlen) {
 
 /* Return a string as a newly allocated buffer */
 buffer * buf_getstringbuf(buffer *buf) {
-	buffer *ret;
-	unsigned char* str;
-	unsigned int len;
-	str = buf_getstring(buf, &len);
-	ret = m_malloc(sizeof(*ret));
-	ret->data = str;
-	ret->len = len;
-	ret->size = len;
-	ret->pos = 0;
+	buffer *ret = NULL;
+	unsigned int len = buf_getint(buf);
+	if (len > MAX_STRING_LEN) {
+		dropbear_exit("String too long");
+	}
+	ret = buf_new(len);
+	memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len);
+	buf_incrpos(buf, len);
+	buf_incrlen(ret, len);
 	return ret;
 }
 
@@ -262,16 +264,16 @@ void buf_putint(buffer* buf, int unsigned val) {
 }
 
 /* put a SSH style string into the buffer, increasing buffer len if required */
-void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) {
+void buf_putstring(buffer* buf, const char* str, unsigned int len) {
 	
 	buf_putint(buf, len);
-	buf_putbytes(buf, str, len);
+	buf_putbytes(buf, (const unsigned char*)str, len);
 
 }
 
 /* puts an entire buffer as a SSH string. ignore pos of buf_str. */
 void buf_putbufstring(buffer *buf, const buffer* buf_str) {
-	buf_putstring(buf, buf_str->data, buf_str->len);
+	buf_putstring(buf, (const char*)buf_str->data, buf_str->len);
 }
 
 /* put the set of len bytes into the buffer, incrementing the pos, increasing

buffer.h

@@ -22,14 +22,15 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _BUFFER_H_
+#ifndef DROPBEAR_BUFFER_H_
 
-#define _BUFFER_H_
+#define DROPBEAR_BUFFER_H_
 
 #include "includes.h"
 
 struct buf {
-
+	/* don't manipulate data member outside of buffer.c - it
+	is a pointer into the malloc holding buffer itself */
 	unsigned char * data;
 	unsigned int len; /* the used size */
 	unsigned int pos;
@@ -40,10 +41,11 @@ struct buf {
 typedef struct buf buffer;
 
 buffer * buf_new(unsigned int size);
-void buf_resize(buffer *buf, unsigned int newsize);
+/* Possibly returns a new buffer*, like realloc() */
+buffer * buf_resize(buffer *buf, unsigned int newsize);
 void buf_free(buffer* buf);
-void buf_burn(buffer* buf);
-buffer* buf_newcopy(buffer* buf);
+void buf_burn(const buffer* buf);
+buffer* buf_newcopy(const buffer* buf);
 void buf_setlen(buffer* buf, unsigned int len);
 void buf_incrlen(buffer* buf, unsigned int incr);
 void buf_setpos(buffer* buf, unsigned int pos);
@@ -52,17 +54,17 @@ void buf_incrwritepos(buffer* buf, unsigned int incr);
 unsigned char buf_getbyte(buffer* buf);
 unsigned char buf_getbool(buffer* buf);
 void buf_putbyte(buffer* buf, unsigned char val);
-unsigned char* buf_getptr(buffer* buf, unsigned int len);
-unsigned char* buf_getwriteptr(buffer* buf, unsigned int len);
-unsigned char* buf_getstring(buffer* buf, unsigned int *retlen);
+unsigned char* buf_getptr(const buffer* buf, unsigned int len);
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len);
+char* buf_getstring(buffer* buf, unsigned int *retlen);
 buffer * buf_getstringbuf(buffer *buf);
 void buf_eatstring(buffer *buf);
 void buf_putint(buffer* buf, unsigned int val);
-void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len);
+void buf_putstring(buffer* buf, const char* str, unsigned int len);
 void buf_putbufstring(buffer *buf, const buffer* buf_str);
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
 void buf_putmpint(buffer* buf, mp_int * mp);
 int buf_getmpint(buffer* buf, mp_int* mp);
 unsigned int buf_getint(buffer* buf);
 
-#endif /* _BUFFER_H_ */
+#endif /* DROPBEAR_BUFFER_H_ */

channel.h

@@ -22,21 +22,13 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CHANNEL_H_
-#define _CHANNEL_H_
+#ifndef DROPBEAR_CHANNEL_H_
+#define DROPBEAR_CHANNEL_H_
 
 #include "includes.h"
 #include "buffer.h"
 #include "circbuffer.h"
 
-/* channel->type values */
-#define CHANNEL_ID_NONE 0
-#define CHANNEL_ID_SESSION 1
-#define CHANNEL_ID_X11 2
-#define CHANNEL_ID_AGENT 3
-#define CHANNEL_ID_TCPDIRECT 4
-#define CHANNEL_ID_TCPFORWARDED 5
-
 #define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED    1
 #define SSH_OPEN_CONNECT_FAILED                 2
 #define SSH_OPEN_UNKNOWN_CHANNEL_TYPE           3
@@ -49,6 +41,13 @@
 
 struct ChanType;
 
+enum dropbear_channel_prio {
+	DROPBEAR_CHANNEL_PRIO_INTERACTIVE, /* pty shell, x11 */
+	DROPBEAR_CHANNEL_PRIO_UNKNOWABLE, /* tcp - can't know what's being forwarded */
+	DROPBEAR_CHANNEL_PRIO_BULK, /* the rest - probably scp or something */
+	DROPBEAR_CHANNEL_PRIO_EARLY, /* channel is still being set up */
+};
+
 struct Channel {
 
 	unsigned int index; /* the local channel index */
@@ -74,6 +73,7 @@ struct Channel {
 	 * to ensure we don't run it twice (nor type->checkclose()). */
 	int close_handler_done;
 
+	struct dropbear_progress_connection *conn_pending;
 	int initconn; /* used for TCP forwarding, whether the channel has been
 					 fully initialised */
 
@@ -84,49 +84,61 @@ struct Channel {
 	int flushing;
 
 	/* Used by client chansession to handle ~ escaping, NULL ignored otherwise */
-	void (*read_mangler)(struct Channel*, unsigned char* bytes, int *len);
+	void (*read_mangler)(const struct Channel*, const unsigned char* bytes, int *len);
 
 	const struct ChanType* type;
+
+	enum dropbear_channel_prio prio;
 };
 
 struct ChanType {
 
-	int sepfds; /* Whether this channel has seperate pipes for in/out or not */
-	char *name;
+	int sepfds; /* Whether this channel has separate pipes for in/out or not */
+	const char *name;
 	int (*inithandler)(struct Channel*);
-	int (*check_close)(struct Channel*);
+	int (*check_close)(const struct Channel*);
 	void (*reqhandler)(struct Channel*);
-	void (*closehandler)(struct Channel*);
-
+	void (*closehandler)(const struct Channel*);
 };
 
-void chaninitialise(const struct ChanType *chantypes[]);
-void chancleanup();
-void setchannelfds(fd_set *readfd, fd_set *writefd);
-void channelio(fd_set *readfd, fd_set *writefd);
-struct Channel* getchannel();
+/* Callback for connect_remote */
+void channel_connect_done(int result, int sock, void* user_data, const char* errstring);
 
-void recv_msg_channel_open();
-void recv_msg_channel_request();
-void send_msg_channel_failure(struct Channel *channel);
-void send_msg_channel_success(struct Channel *channel);
-void recv_msg_channel_data();
-void recv_msg_channel_extended_data();
-void recv_msg_channel_window_adjust();
-void recv_msg_channel_close();
-void recv_msg_channel_eof();
+void chaninitialise(const struct ChanType *chantypes[]);
+void chancleanup(void);
+void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads);
+void channelio(const fd_set *readfd, const fd_set *writefd);
+struct Channel* getchannel(void);
+/* Returns an arbitrary channel that is in a ready state - not
+being initialised and no EOF in either direction. NULL if none. */
+struct Channel* get_any_ready_channel(void);
+
+void recv_msg_channel_open(void);
+void recv_msg_channel_request(void);
+void send_msg_channel_failure(const struct Channel *channel);
+void send_msg_channel_success(const struct Channel *channel);
+void recv_msg_channel_data(void);
+void recv_msg_channel_extended_data(void);
+void recv_msg_channel_window_adjust(void);
+void recv_msg_channel_close(void);
+void recv_msg_channel_eof(void);
 
 void common_recv_msg_channel_data(struct Channel *channel, int fd, 
 		circbuffer * buf);
 
-#ifdef DROPBEAR_CLIENT
+#if DROPBEAR_CLIENT
 extern const struct ChanType clichansess;
 #endif
 
-#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
+#if DROPBEAR_LISTENERS || DROPBEAR_CLIENT
 int send_msg_channel_open_init(int fd, const struct ChanType *type);
-void recv_msg_channel_open_confirmation();
-void recv_msg_channel_open_failure();
+void recv_msg_channel_open_confirmation(void);
+void recv_msg_channel_open_failure(void);
 #endif
+void start_send_channel_request(const struct Channel *channel, const char *type);
 
-#endif /* _CHANNEL_H_ */
+void send_msg_request_success(void);
+void send_msg_request_failure(void);
+
+
+#endif /* DROPBEAR_CHANNEL_H_ */

chansession.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CHANSESSION_H_
-#define _CHANSESSION_H_
+#ifndef DROPBEAR_CHANSESSION_H_
+#define DROPBEAR_CHANSESSION_H_
 
 #include "loginrec.h"
 #include "channel.h"
@@ -39,23 +39,26 @@ struct exitinfo {
 
 struct ChanSess {
 
-	unsigned char * cmd; /* command to exec */
+	char * cmd; /* command to exec */
 	pid_t pid; /* child process pid */
 
 	/* pty details */
 	int master; /* the master terminal fd*/
 	int slave;
-	unsigned char * tty;
-	unsigned char * term;
+	char * tty;
+	char * term;
 
 	/* exit details */
 	struct exitinfo exit;
 
-	/* Used to set $SSH_CONNECTION in the child session. 
-	Is only set temporarily before forking */
+
+	/* These are only set temporarily before forking */
+	/* Used to set $SSH_CONNECTION in the child session.  */
 	char *connection_string;
+	/* Used to set $SSH_CLIENT in the child session. */
+	char *client_string;
 	
-#ifndef DISABLE_X11FWD
+#if DROPBEAR_X11FWD
 	struct Listener * x11listener;
 	int x11port;
 	char * x11authprot;
@@ -64,13 +67,13 @@ struct ChanSess {
 	unsigned char x11singleconn;
 #endif
 
-#ifdef ENABLE_SVR_AGENTFWD
+#if DROPBEAR_SVR_AGENTFWD
 	struct Listener * agentlistener;
 	char * agentfile;
 	char * agentdir;
 #endif
 
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 	char *original_command;
 #endif
 };
@@ -83,15 +86,15 @@ struct ChildPid {
 
 void addnewvar(const char* param, const char* var);
 
-void cli_send_chansess_request();
-void cli_tty_cleanup();
-void cli_chansess_winchange();
-#ifdef ENABLE_CLI_NETCAT
-void cli_send_netcat_request();
+void cli_send_chansess_request(void);
+void cli_tty_cleanup(void);
+void cli_chansess_winchange(void);
+#if DROPBEAR_CLI_NETCAT
+void cli_send_netcat_request(void);
 #endif
-void cli_start_send_channel_request(struct Channel *channel, unsigned char *type);
 
-void svr_chansessinitialise();
+void svr_chansessinitialise(void);
+void svr_chansess_checksignal(void);
 extern const struct ChanType svrchansess;
 
 struct SigMap {
@@ -101,4 +104,4 @@ struct SigMap {
 
 extern const struct SigMap signames[];
 
-#endif /* _CHANSESSION_H_ */
+#endif /* DROPBEAR_CHANSESSION_H_ */

circbuffer.c

@@ -37,9 +37,8 @@ circbuffer * cbuf_new(unsigned int size) {
 	}
 
 	cbuf = (circbuffer*)m_malloc(sizeof(circbuffer));
-	if (size > 0) {
-		cbuf->data = (unsigned char*)m_malloc(size);
-	}
+	/* data is malloced on first write */
+	cbuf->data = NULL;
 	cbuf->used = 0;
 	cbuf->readpos = 0;
 	cbuf->writepos = 0;
@@ -50,41 +49,26 @@ circbuffer * cbuf_new(unsigned int size) {
 
 void cbuf_free(circbuffer * cbuf) {
 
-	m_burn(cbuf->data, cbuf->size);
-	m_free(cbuf->data);
+	if (cbuf->data) {
+		m_burn(cbuf->data, cbuf->size);
+		m_free(cbuf->data);
+	}
 	m_free(cbuf);
 }
 
-unsigned int cbuf_getused(circbuffer * cbuf) {
+unsigned int cbuf_getused(const circbuffer * cbuf) {
 
 	return cbuf->used;
 
 }
 
-unsigned int cbuf_getavail(circbuffer * cbuf) {
+unsigned int cbuf_getavail(const circbuffer * cbuf) {
 
 	return cbuf->size - cbuf->used;
 
 }
 
-unsigned int cbuf_readlen(circbuffer *cbuf) {
-
-	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
-	dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
-
-	if (cbuf->used == 0) {
-		TRACE(("cbuf_readlen: unused buffer"))
-		return 0;
-	}
-
-	if (cbuf->readpos < cbuf->writepos) {
-		return cbuf->writepos - cbuf->readpos;
-	}
-
-	return cbuf->size - cbuf->readpos;
-}
-
-unsigned int cbuf_writelen(circbuffer *cbuf) {
+unsigned int cbuf_writelen(const circbuffer *cbuf) {
 
 	dropbear_assert(cbuf->used <= cbuf->size);
 	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
@@ -102,12 +86,19 @@ unsigned int cbuf_writelen(circbuffer *cbuf) {
 	return cbuf->size - cbuf->writepos;
 }
 
-unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len) {
-	if (len > cbuf_readlen(cbuf)) {
-		dropbear_exit("Bad cbuf read");
-	}
+void cbuf_readptrs(const circbuffer *cbuf,
+	unsigned char **p1, unsigned int *len1, 
+	unsigned char **p2, unsigned int *len2) {
+	*p1 = &cbuf->data[cbuf->readpos];
+	*len1 = MIN(cbuf->used, cbuf->size - cbuf->readpos);
 
-	return &cbuf->data[cbuf->readpos];
+	if (*len1 < cbuf->used) {
+		*p2 = cbuf->data;
+		*len2 = cbuf->used - *len1;
+	} else {
+		*p2 = NULL;
+		*len2 = 0;
+	}
 }
 
 unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
@@ -116,6 +107,11 @@ unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
 		dropbear_exit("Bad cbuf write");
 	}
 
+	if (!cbuf->data) {
+		/* lazy allocation */
+		cbuf->data = (unsigned char*)m_malloc(cbuf->size);
+	}
+
 	return &cbuf->data[cbuf->writepos];
 }
 
@@ -131,10 +127,6 @@ void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
 
 
 void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
-	if (len > cbuf_readlen(cbuf)) {
-		dropbear_exit("Bad cbuf read");
-	}
-
 	dropbear_assert(cbuf->used >= len);
 	cbuf->used -= len;
 	cbuf->readpos = (cbuf->readpos + len) % cbuf->size;

circbuffer.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _CIRCBUFFER_H_
-#define _CIRCBUFFER_H_
+#ifndef DROPBEAR_CIRCBUFFER_H_
+#define DROPBEAR_CIRCBUFFER_H_
 struct circbuf {
 
 	unsigned int size;
@@ -38,12 +38,14 @@ typedef struct circbuf circbuffer;
 circbuffer * cbuf_new(unsigned int size);
 void cbuf_free(circbuffer * cbuf);
 
-unsigned int cbuf_getused(circbuffer * cbuf); /* how much data stored */
-unsigned int cbuf_getavail(circbuffer * cbuf); /* how much we can write */
-unsigned int cbuf_readlen(circbuffer *cbuf); /* max linear read len */
-unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */
+unsigned int cbuf_getused(const circbuffer * cbuf); /* how much data stored */
+unsigned int cbuf_getavail(const circbuffer * cbuf); /* how much we can write */
+unsigned int cbuf_writelen(const circbuffer *cbuf); /* max linear write len */
 
-unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len);
+/* returns pointers to the two portions of the circular buffer that can be read */
+void cbuf_readptrs(const circbuffer *cbuf,
+	unsigned char **p1, unsigned int *len1, 
+	unsigned char **p2, unsigned int *len2);
 unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len);
 void cbuf_incrwrite(circbuffer *cbuf, unsigned int len);
 void cbuf_incrread(circbuffer *cbuf, unsigned int len);

cli-agentfwd.c

@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 
 #include "agentfwd.h"
 #include "session.h"
@@ -108,7 +108,7 @@ static int new_agent_chan(struct Channel * channel) {
    data        Any data, depending on packet type.  Encoding as in the ssh packet
                protocol.
 */
-static buffer * agent_request(unsigned char type, buffer *data) {
+static buffer * agent_request(unsigned char type, const buffer *data) {
 
 	buffer * payload = NULL;
 	buffer * inbuf = NULL;
@@ -130,7 +130,7 @@ static buffer * agent_request(unsigned char type, buffer *data) {
 	}
 	buf_setpos(payload, 0);
 
-	ret = atomicio(write, fd, buf_getptr(payload, payload->len), payload->len);
+	ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len);
 	if ((size_t)ret != payload->len) {
 		TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno)))
 		goto out;
@@ -155,7 +155,7 @@ static buffer * agent_request(unsigned char type, buffer *data) {
 		goto out;
 	}
 	
-	buf_resize(inbuf, readlen);
+	inbuf = buf_resize(inbuf, readlen);
 	buf_setpos(inbuf, 0);
 	ret = atomicio(read, fd, buf_getwriteptr(inbuf, readlen), readlen);
 	if ((size_t)ret != readlen) {
@@ -210,13 +210,14 @@ static void agent_get_key_list(m_list * ret_list)
 		ret = buf_get_pub_key(key_buf, pubkey, &key_type);
 		buf_free(key_buf);
 		if (ret != DROPBEAR_SUCCESS) {
-			/* This is slack, properly would cleanup vars etc */
-			dropbear_exit("Bad pubkey received from agent");
-		}
-		pubkey->type = key_type;
-		pubkey->source = SIGNKEY_SOURCE_AGENT;
+			TRACE(("Skipping bad/unknown type pubkey from agent"));
+			sign_key_free(pubkey);
+		} else {
+			pubkey->type = key_type;
+			pubkey->source = SIGNKEY_SOURCE_AGENT;
 
-		list_append(ret_list, pubkey);
+			list_append(ret_list, pubkey);
+		}
 
 		/* We'll ignore the comment for now. might want it later.*/
 		buf_eatstring(inbuf);
@@ -229,12 +230,12 @@ out:
 	}
 }
 
-void cli_setup_agent(struct Channel *channel) {
+void cli_setup_agent(const struct Channel *channel) {
 	if (!getenv("SSH_AUTH_SOCK")) {
 		return;
 	}
 	
-	cli_start_send_channel_request(channel, "auth-agent-req@openssh.com");
+	start_send_channel_request(channel, "auth-agent-req@openssh.com");
 	/* Don't want replies */
 	buf_putbyte(ses.writepayload, 0);
 	encrypt_packet();
@@ -253,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
 }
 
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-		buffer *data_buf) {
+		const buffer *data_buf) {
 	buffer *request_data = NULL;
 	buffer *response = NULL;
 	unsigned int siglen;

cli-auth.c

@@ -43,15 +43,15 @@ void cli_auth_getmethods() {
 	TRACE(("enter cli_auth_getmethods"))
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
-	buf_putstring(ses.writepayload, cli_opts.username, 
+	buf_putstring(ses.writepayload, cli_opts.username,
 			strlen(cli_opts.username));
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
 			SSH_SERVICE_CONNECTION_LEN);
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
 
-#ifdef DROPBEAR_CLI_IMMEDIATE_AUTH
+#if DROPBEAR_CLI_IMMEDIATE_AUTH
 	/* We can't haven't two auth requests in-flight with delayed zlib mode
 	since if the first one succeeds then the remote side will 
 	expect the second one to be compressed. 
@@ -60,9 +60,11 @@ void cli_auth_getmethods() {
 	*/
 	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
 		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
+#if DROPBEAR_USE_PASSWORD_ENV
 		if (getenv(DROPBEAR_PASSWORD_ENV)) {
 			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
 		}
+#endif
 		if (cli_auth_try() == DROPBEAR_SUCCESS) {
 			TRACE(("skipped initial none auth query"))
 			/* Note that there will be two auth responses in-flight */
@@ -75,9 +77,10 @@ void cli_auth_getmethods() {
 
 void recv_msg_userauth_banner() {
 
-	unsigned char* banner = NULL;
+	char* banner = NULL;
 	unsigned int bannerlen;
 	unsigned int i, linecount;
+	int truncated = 0;
 
 	TRACE(("enter recv_msg_userauth_banner"))
 	if (ses.authstate.authdone) {
@@ -90,26 +93,29 @@ void recv_msg_userauth_banner() {
 
 	if (bannerlen > MAX_BANNER_SIZE) {
 		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
-		goto out;
-	}
+		truncated = 1;
+	} else {
+		cleantext(banner);
 
-	cleantext(banner);
-
-	/* Limit to 25 lines */
-	linecount = 1;
-	for (i = 0; i < bannerlen; i++) {
-		if (banner[i] == '\n') {
-			if (linecount >= MAX_BANNER_LINES) {
-				banner[i] = '\0';
-				break;
+		/* Limit to 24 lines */
+		linecount = 1;
+		for (i = 0; i < bannerlen; i++) {
+			if (banner[i] == '\n') {
+				if (linecount >= MAX_BANNER_LINES) {
+					banner[i] = '\0';
+					truncated = 1;
+					break;
+				}
+				linecount++;
 			}
-			linecount++;
 		}
+		fprintf(stderr, "%s\n", banner);
 	}
 
-	fprintf(stderr, "%s\n", banner);
+	if (truncated) {
+		fprintf(stderr, "[Banner from the server is too long]\n");
+	}
 
-out:
 	m_free(banner);
 	TRACE(("leave recv_msg_userauth_banner"))
 }
@@ -121,21 +127,21 @@ out:
  * SSH_MSG_USERAUTH_INFO_REQUEST. */
 void recv_msg_userauth_specific_60() {
 
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
 		recv_msg_userauth_pk_ok();
 		return;
 	}
 #endif
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
 		recv_msg_userauth_info_request();
 		return;
 	}
 #endif
 
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
 		/* Eventually there could be proper password-changing
 		 * support. However currently few servers seem to
@@ -151,8 +157,8 @@ void recv_msg_userauth_specific_60() {
 
 void recv_msg_userauth_failure() {
 
-	unsigned char * methods = NULL;
-	unsigned char * tok = NULL;
+	char * methods = NULL;
+	char * tok = NULL;
 	unsigned int methlen = 0;
 	unsigned int partial = 0;
 	unsigned int i = 0;
@@ -174,12 +180,12 @@ void recv_msg_userauth_failure() {
 	the "none" auth request, and then a response to the immediate auth request. 
 	We need to be careful handling them. */
 	if (cli_ses.ignore_next_auth_response) {
-		TRACE(("ignore next response, state set to USERAUTH_REQ_SENT"))
 		cli_ses.state = USERAUTH_REQ_SENT;
+		cli_ses.ignore_next_auth_response = 0;
+		TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT"));
+		return;
 	} else  {
-		cli_ses.state = USERAUTH_FAIL_RCVD;
-		cli_ses.lastauthtype = AUTH_TYPE_NONE;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 		/* If it was a pubkey auth request, we should cross that key 
 		 * off the list. */
 		if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
@@ -187,7 +193,7 @@ void recv_msg_userauth_failure() {
 		}
 #endif
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 		/* If we get a failure message for keyboard interactive without
 		 * receiving any request info packet, then we don't bother trying
 		 * keyboard interactive again */
@@ -197,10 +203,10 @@ void recv_msg_userauth_failure() {
 			cli_ses.auth_interact_failed = 1;
 		}
 #endif
+		cli_ses.state = USERAUTH_FAIL_RCVD;
+		cli_ses.lastauthtype = AUTH_TYPE_NONE;
 	}
 
-	cli_ses.ignore_next_auth_response = 0;
-
 	methods = buf_getstring(ses.payload, &methlen);
 
 	partial = buf_getbool(ses.payload);
@@ -227,19 +233,19 @@ void recv_msg_userauth_failure() {
 	for (i = 0; i <= methlen; i++) {
 		if (methods[i] == '\0') {
 			TRACE(("auth method '%s'", tok))
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 			if (strncmp(AUTH_METHOD_PUBKEY, tok,
 				AUTH_METHOD_PUBKEY_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 			}
 #endif
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 			if (strncmp(AUTH_METHOD_INTERACT, tok,
 				AUTH_METHOD_INTERACT_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
 			}
 #endif
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 			if (strncmp(AUTH_METHOD_PASSWORD, tok,
 				AUTH_METHOD_PASSWORD_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
@@ -267,7 +273,7 @@ void recv_msg_userauth_success() {
 	cli_ses.state = USERAUTH_SUCCESS_RCVD;
 	cli_ses.lastauthtype = AUTH_TYPE_NONE;
 
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	cli_auth_pubkey_cleanup();
 #endif
 }
@@ -281,14 +287,14 @@ int cli_auth_try() {
 	
 	/* Order to try is pubkey, interactive, password.
 	 * As soon as "finished" is set for one, we don't do any more. */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		finished = cli_auth_pubkey();
 		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
 	}
 #endif
 
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
@@ -300,7 +306,7 @@ int cli_auth_try() {
 	}
 #endif
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 			fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
@@ -324,19 +330,20 @@ int cli_auth_try() {
 	return DROPBEAR_FAILURE;
 }
 
+#if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH
 /* A helper for getpass() that exits if the user cancels. The returned
  * password is statically allocated by getpass() */
-char* getpass_or_cancel(char* prompt)
+char* getpass_or_cancel(const char* prompt)
 {
 	char* password = NULL;
 	
-#ifdef DROPBEAR_PASSWORD_ENV
-    /* Password provided in an environment var */
-    password = getenv(DROPBEAR_PASSWORD_ENV);
-    if (password)
-    {
-        return password;
-    }
+#if DROPBEAR_USE_PASSWORD_ENV
+	/* Password provided in an environment var */
+	password = getenv(DROPBEAR_PASSWORD_ENV);
+	if (password)
+	{
+		return password;
+	}
 #endif
 
 	password = getpass(prompt);
@@ -347,3 +354,4 @@ char* getpass_or_cancel(char* prompt)
 	}
 	return password;
 }
+#endif

cli-authinteract.c

@@ -29,12 +29,12 @@
 #include "ssh.h"
 #include "runopts.h"
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 
-static unsigned char* get_response(unsigned char* prompt)
+static char* get_response(char* prompt)
 {
 	FILE* tty = NULL;
-	unsigned char* response = NULL;
+	char* response = NULL;
 	/* not a password, but a reasonable limit */
 	char buf[DROPBEAR_MAX_CLI_PASS];
 	char* ret = NULL;
@@ -50,13 +50,13 @@ static unsigned char* get_response(unsigned char* prompt)
 	}
 
 	if (ret == NULL) {
-		response = (unsigned char*)m_strdup("");
+		response = m_strdup("");
 	} else {
 		unsigned int buflen = strlen(buf);
 		/* fgets includes newlines */
 		if (buflen > 0 && buf[buflen-1] == '\n')
 			buf[buflen-1] = '\0';
-		response = (unsigned char*)m_strdup(buf);
+		response = m_strdup(buf);
 	}
 
 	m_burn(buf, sizeof(buf));
@@ -66,14 +66,14 @@ static unsigned char* get_response(unsigned char* prompt)
 
 void recv_msg_userauth_info_request() {
 
-	unsigned char *name = NULL;
-	unsigned char *instruction = NULL;
+	char *name = NULL;
+	char *instruction = NULL;
 	unsigned int num_prompts = 0;
 	unsigned int i;
 
-	unsigned char *prompt = NULL;
+	char *prompt = NULL;
 	unsigned int echo = 0;
-	unsigned char *response = NULL;
+	char *response = NULL;
 
 	TRACE(("enter recv_msg_recv_userauth_info_request"))
 
@@ -121,7 +121,7 @@ void recv_msg_userauth_info_request() {
 		echo = buf_getbool(ses.payload);
 
 		if (!echo) {
-			unsigned char* p = getpass_or_cancel(prompt);
+			char* p = getpass_or_cancel(prompt);
 			response = m_strdup(p);
 			m_burn(p, strlen(p));
 		} else {
@@ -153,7 +153,7 @@ void cli_auth_interactive() {
 			strlen(cli_opts.username));
 
 	/* service name */
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
 			SSH_SERVICE_CONNECTION_LEN);
 
 	/* method */
@@ -172,4 +172,4 @@ void cli_auth_interactive() {
 	TRACE(("leave cli_auth_interactive"))
 
 }
-#endif	/* ENABLE_CLI_INTERACT_AUTH */
+#endif	/* DROPBEAR_CLI_INTERACT_AUTH */

cli-authpasswd.c

@@ -29,9 +29,9 @@
 #include "ssh.h"
 #include "runopts.h"
 
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 
-#ifdef ENABLE_CLI_ASKPASS_HELPER
+#if DROPBEAR_CLI_ASKPASS_HELPER
 /* Returns 1 if we want to use the askpass program, 0 otherwise */
 static int want_askpass()
 {
@@ -113,7 +113,7 @@ static char *gui_getpass(const char *prompt) {
 	TRACE(("leave gui_getpass"))
 	return(buf);
 }
-#endif /* ENABLE_CLI_ASKPASS_HELPER */
+#endif /* DROPBEAR_CLI_ASKPASS_HELPER */
 
 void cli_auth_password() {
 
@@ -125,7 +125,7 @@ void cli_auth_password() {
 
 	snprintf(prompt, sizeof(prompt), "%s@%s's password: ", 
 				cli_opts.username, cli_opts.remotehost);
-#ifdef ENABLE_CLI_ASKPASS_HELPER
+#if DROPBEAR_CLI_ASKPASS_HELPER
 	if (want_askpass())
 	{
 		password = gui_getpass(prompt);
@@ -143,10 +143,10 @@ void cli_auth_password() {
 	buf_putstring(ses.writepayload, cli_opts.username,
 			strlen(cli_opts.username));
 
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
 			SSH_SERVICE_CONNECTION_LEN);
 
-	buf_putstring(ses.writepayload, AUTH_METHOD_PASSWORD, 
+	buf_putstring(ses.writepayload, AUTH_METHOD_PASSWORD,
 			AUTH_METHOD_PASSWORD_LEN);
 
 	buf_putbyte(ses.writepayload, 0); /* FALSE - so says the spec */
@@ -158,4 +158,4 @@ void cli_auth_password() {
 
 	TRACE(("leave cli_auth_password"))
 }
-#endif	/* ENABLE_CLI_PASSWORD_AUTH */
+#endif	/* DROPBEAR_CLI_PASSWORD_AUTH */

cli-authpubkey.c

@@ -32,7 +32,7 @@
 #include "auth.h"
 #include "agentfwd.h"
 
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
 
 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
@@ -58,7 +58,7 @@ void recv_msg_userauth_pk_ok() {
 	buffer* keybuf = NULL;
 	char* algotype = NULL;
 	unsigned int algolen;
-	int keytype;
+	enum signkey_type keytype;
 	unsigned int remotelen;
 
 	TRACE(("enter recv_msg_userauth_pk_ok"))
@@ -121,8 +121,8 @@ void recv_msg_userauth_pk_ok() {
 }
 
 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, 
-			buffer *data_buf) {
-#ifdef ENABLE_CLI_AGENTFWD
+			const buffer *data_buf) {
+#if DROPBEAR_CLI_AGENTFWD
 	if (key->source == SIGNKEY_SOURCE_AGENT) {
 		/* Format the agent signature ourselves, as buf_put_sign would. */
 		buffer *sigblob;
@@ -131,7 +131,7 @@ void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
 		buf_putbufstring(buf, sigblob);
 		buf_free(sigblob);
 	} else 
-#endif /* ENABLE_CLI_AGENTFWD */
+#endif /* DROPBEAR_CLI_AGENTFWD */
 	{
 		buf_put_sign(buf, key, type, data_buf);
 	}
@@ -141,7 +141,7 @@ void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 
 	const char *algoname = NULL;
-	int algolen;
+	unsigned int algolen;
 	buffer* sigbuf = NULL;
 
 	TRACE(("enter send_msg_userauth_pubkey"))
@@ -152,10 +152,10 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 	buf_putstring(ses.writepayload, cli_opts.username,
 			strlen(cli_opts.username));
 
-	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
 			SSH_SERVICE_CONNECTION_LEN);
 
-	buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY, 
+	buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY,
 			AUTH_METHOD_PUBKEY_LEN);
 
 	buf_putbyte(ses.writepayload, realsign);
@@ -185,7 +185,7 @@ int cli_auth_pubkey() {
 
 	TRACE(("enter cli_auth_pubkey"))
 
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	if (!cli_opts.agent_keys_loaded) {
 		/* get the list of available keys from the agent */
 		cli_load_agent_keys(cli_opts.privkeys);
@@ -209,7 +209,7 @@ int cli_auth_pubkey() {
 
 void cli_auth_pubkey_cleanup() {
 
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	m_close(cli_opts.agent_fd);
 	cli_opts.agent_fd = -1;
 #endif

cli-chansession.c

@@ -35,15 +35,15 @@
 #include "chansession.h"
 #include "agentfwd.h"
 
-static void cli_closechansess(struct Channel *channel);
+static void cli_closechansess(const struct Channel *channel);
 static int cli_initchansess(struct Channel *channel);
 static void cli_chansessreq(struct Channel *channel);
-static void send_chansess_pty_req(struct Channel *channel);
-static void send_chansess_shell_req(struct Channel *channel);
-static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len);
+static void send_chansess_pty_req(const struct Channel *channel);
+static void send_chansess_shell_req(const struct Channel *channel);
+static void cli_escape_handler(const struct Channel *channel, const unsigned char* buf, int *len);
+static int cli_init_netcat(struct Channel *channel);
 
-
-static void cli_tty_setup();
+static void cli_tty_setup(void);
 
 const struct ChanType clichansess = {
 	0, /* sepfds */
@@ -56,7 +56,7 @@ const struct ChanType clichansess = {
 
 static void cli_chansessreq(struct Channel *channel) {
 
-	unsigned char* type = NULL;
+	char* type = NULL;
 	int wantreply;
 
 	TRACE(("enter cli_chansessreq"))
@@ -83,7 +83,7 @@ out:
 	
 
 /* If the main session goes, we close it up */
-static void cli_closechansess(struct Channel *UNUSED(channel)) {
+static void cli_closechansess(const struct Channel *UNUSED(channel)) {
 	cli_tty_cleanup(); /* Restore tty modes etc */
 
 	/* This channel hasn't gone yet, so we have > 1 */
@@ -92,17 +92,6 @@ static void cli_closechansess(struct Channel *UNUSED(channel)) {
 	}
 }
 
-void cli_start_send_channel_request(struct Channel *channel, 
-		unsigned char *type) {
-
-	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
-	buf_putint(ses.writepayload, channel->remotechan);
-
-	buf_putstring(ses.writepayload, type, strlen(type));
-
-}
-
 /* Taken from OpenSSH's sshtty.c:
  * RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
 static void cli_tty_setup() {
@@ -281,13 +270,13 @@ void cli_chansess_winchange() {
 	cli_ses.winchange = 0;
 }
 
-static void send_chansess_pty_req(struct Channel *channel) {
+static void send_chansess_pty_req(const struct Channel *channel) {
 
-	unsigned char* term = NULL;
+	char* term = NULL;
 
 	TRACE(("enter send_chansess_pty_req"))
 
-	cli_start_send_channel_request(channel, "pty-req");
+	start_send_channel_request(channel, "pty-req");
 
 	/* Don't want replies */
 	buf_putbyte(ses.writepayload, 0);
@@ -314,9 +303,9 @@ static void send_chansess_pty_req(struct Channel *channel) {
 	TRACE(("leave send_chansess_pty_req"))
 }
 
-static void send_chansess_shell_req(struct Channel *channel) {
+static void send_chansess_shell_req(const struct Channel *channel) {
 
-	unsigned char* reqtype = NULL;
+	char* reqtype = NULL;
 
 	TRACE(("enter send_chansess_shell_req"))
 
@@ -330,7 +319,7 @@ static void send_chansess_shell_req(struct Channel *channel) {
 		reqtype = "shell";
 	}
 
-	cli_start_send_channel_request(channel, reqtype);
+	start_send_channel_request(channel, reqtype);
 
 	/* XXX TODO */
 	buf_putbyte(ses.writepayload, 0); /* Don't want replies */
@@ -357,11 +346,16 @@ static int cli_init_stdpipe_sess(struct Channel *channel) {
 	return 0;
 }
 
+static int cli_init_netcat(struct Channel *channel) {
+	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
+	return cli_init_stdpipe_sess(channel);
+}
+
 static int cli_initchansess(struct Channel *channel) {
 
 	cli_init_stdpipe_sess(channel);
 
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	if (cli_opts.agent_fwd) {
 		cli_setup_agent(channel);
 	}
@@ -369,8 +363,9 @@ static int cli_initchansess(struct Channel *channel) {
 
 	if (cli_opts.wantpty) {
 		send_chansess_pty_req(channel);
+		channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
 	} else {
-		set_sock_priority(ses.sock_out, DROPBEAR_PRIO_BULK);
+		channel->prio = DROPBEAR_CHANNEL_PRIO_BULK;
 	}
 
 	send_chansess_shell_req(channel);
@@ -384,12 +379,12 @@ static int cli_initchansess(struct Channel *channel) {
 	return 0; /* Success */
 }
 
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 
 static const struct ChanType cli_chan_netcat = {
 	0, /* sepfds */
 	"direct-tcpip",
-	cli_init_stdpipe_sess, /* inithandler */
+	cli_init_netcat, /* inithandler */
 	NULL,
 	NULL,
 	cli_closechansess
@@ -397,7 +392,7 @@ static const struct ChanType cli_chan_netcat = {
 
 void cli_send_netcat_request() {
 
-	const unsigned char* source_host = "127.0.0.1";
+	const char* source_host = "127.0.0.1";
 	const int source_port = 22;
 
 	TRACE(("enter cli_send_netcat_request"))
@@ -408,7 +403,7 @@ void cli_send_netcat_request() {
 		dropbear_exit("Couldn't open initial channel");
 	}
 
-	buf_putstring(ses.writepayload, cli_opts.netcat_host, 
+	buf_putstring(ses.writepayload, cli_opts.netcat_host,
 			strlen(cli_opts.netcat_host));
 	buf_putint(ses.writepayload, cli_opts.netcat_port);
 
@@ -443,7 +438,6 @@ do_escape(unsigned char c) {
 		case '.':
 			dropbear_exit("Terminated");
 			return 1;
-			break;
 		case 0x1a:
 			/* ctrl-z */
 			cli_tty_cleanup();
@@ -452,13 +446,13 @@ do_escape(unsigned char c) {
 			cli_tty_setup();
 			cli_ses.winchange = 1;
 			return 1;
-			break;
+		default:
+			return 0;
 	}
-	return 0;
 }
 
 static
-void cli_escape_handler(struct Channel* UNUSED(channel), unsigned char* buf, int *len) {
+void cli_escape_handler(const struct Channel* UNUSED(channel), const unsigned char* buf, int *len) {
 	char c;
 	int skip_char = 0;
 

cli-kex.c

@@ -39,7 +39,7 @@
 #include "ecc.h"
 
 
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen);
 #define MAX_KNOWNHOSTS_LINE 4500
 
 void send_msg_kexdh_init() {
@@ -48,6 +48,7 @@ void send_msg_kexdh_init() {
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.dh_param) {
@@ -58,8 +59,9 @@ void send_msg_kexdh_init() {
 			}
 			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
 			break;
+#endif
+#if DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.ecdh_param) {
 				if (cli_ses.ecdh_param) {
@@ -68,9 +70,9 @@ void send_msg_kexdh_init() {
 				cli_ses.ecdh_param = gen_kexecdh_param();
 			}
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
-#endif
 			break;
-#ifdef DROPBEAR_CURVE25519
+#endif
+#if DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.curve25519_param) {
@@ -79,9 +81,9 @@ void send_msg_kexdh_init() {
 				}
 				cli_ses.curve25519_param = gen_kexcurve25519_param();
 			}
-			buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN);
-#endif
+			buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
 			break;
+#endif
 	}
 
 	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
@@ -118,6 +120,7 @@ void recv_msg_kexdh_reply() {
 	}
 
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			DEF_MP_INT(dh_f);
@@ -131,37 +134,38 @@ void recv_msg_kexdh_reply() {
 			mp_clear(&dh_f);
 			}
 			break;
+#endif
+#if DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
-#ifdef DROPBEAR_CURVE25519
+#endif
+#if DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
+#endif
 	}
 
 	if (cli_ses.dh_param) {
 		free_kexdh_param(cli_ses.dh_param);
 		cli_ses.dh_param = NULL;
 	}
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 	if (cli_ses.ecdh_param) {
 		free_kexecdh_param(cli_ses.ecdh_param);
 		cli_ses.ecdh_param = NULL;
 	}
 #endif
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
 	if (cli_ses.curve25519_param) {
 		free_kexcurve25519_param(cli_ses.curve25519_param);
 		cli_ses.curve25519_param = NULL;
@@ -181,16 +185,16 @@ void recv_msg_kexdh_reply() {
 	TRACE(("leave recv_msg_kexdh_init"))
 }
 
-static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen,
+static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen,
 	const char* algoname) {
 
 	char* fp = NULL;
 	FILE *tty = NULL;
-	char response = 'z';
+	int response = 'z';
 
 	fp = sign_key_fingerprint(keyblob, keybloblen);
 	if (cli_opts.always_accept_key) {
-		fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n",
+		dropbear_log(LOG_INFO, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n",
 				cli_opts.remotehost,
 				algoname,
 				fp);
@@ -278,7 +282,7 @@ out:
 	return hostsfile;
 }
 
-static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen) {
 
 	FILE *hostsfile = NULL;
 	int readonly = 0;
@@ -290,7 +294,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	int ret;
 
 	if (cli_opts.no_hostkey_check) {
-		fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost);
+		dropbear_log(LOG_INFO, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost);
 		return;
 	}
 
@@ -322,7 +326,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 		}
 
 		/* Compare hostnames */
-		if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen),
+		if (strncmp(cli_opts.remotehost, (const char *) buf_getptr(line, hostlen),
 					hostlen) != 0) {
 			continue;
 		}
@@ -334,7 +338,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 			continue;
 		}
 
-		if (strncmp(buf_getptr(line, algolen), algoname, algolen) != 0) {
+		if (strncmp((const char *) buf_getptr(line, algolen), algoname, algolen) != 0) {
 			TRACE(("algo doesn't match"))
 			continue;
 		}
@@ -346,7 +350,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 		}
 
 		/* Now we're at the interesting hostkey */
-		ret = cmp_base64_key(keyblob, keybloblen, algoname, algolen,
+		ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algoname, algolen,
 						line, &fingerprint);
 
 		if (ret == DROPBEAR_SUCCESS) {
@@ -382,9 +386,9 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 		fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
 		buf_setpos(line, 0);
 		buf_setlen(line, 0);
-		buf_putbytes(line, cli_opts.remotehost, hostlen);
+		buf_putbytes(line, (const unsigned char *) cli_opts.remotehost, hostlen);
 		buf_putbyte(line, ' ');
-		buf_putbytes(line, algoname, algolen);
+		buf_putbytes(line, (const unsigned char *) algoname, algolen);
 		buf_putbyte(line, ' ');
 		len = line->size - line->pos;
 		/* The only failure with base64 is buffer_overflow, but buf_getwriteptr

cli-main.c

@@ -30,23 +30,25 @@
 #include "session.h"
 #include "dbrandom.h"
 #include "crypto_desc.h"
+#include "netio.h"
 
 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 static void cli_dropbear_log(int priority, const char* format, va_list param);
 
-#ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out);
+#if DROPBEAR_CLI_PROXYCMD
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out);
+static void kill_proxy_sighandler(int signo);
 #endif
 
-#if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI)
+#if defined(DBMULTI_dbclient) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dbclient) && DROPBEAR_MULTI
 int cli_main(int argc, char ** argv) {
 #else
 int main(int argc, char ** argv) {
 #endif
 
 	int sock_in, sock_out;
-	char* error = NULL;
+	struct dropbear_progress_connection *progress = NULL;
 
 	_dropbear_exit = cli_dropbear_exit;
 	_dropbear_log = cli_dropbear_log;
@@ -58,33 +60,38 @@ int main(int argc, char ** argv) {
 
 	cli_getopts(argc, argv);
 
-	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
-				cli_opts.remotehost, cli_opts.remoteport))
+#ifndef DISABLE_SYSLOG
+	if (opts.usingsyslog) {
+		startsyslog("dbclient");
+	}
+#endif
+
+	TRACE(("user='%s' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username,
+				cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port))
 
 	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
 		dropbear_exit("signal() error");
 	}
 
-#ifdef ENABLE_CLI_PROXYCMD
+	pid_t proxy_cmd_pid = 0;
+#if DROPBEAR_CLI_PROXYCMD
 	if (cli_opts.proxycmd) {
-		cli_proxy_cmd(&sock_in, &sock_out);
+		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
 		m_free(cli_opts.proxycmd);
+		if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
+			signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
+			signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) {
+			dropbear_exit("signal() error");
+		}
 	} else
 #endif
 	{
-		int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
-				0, &error);
-		sock_in = sock_out = sock;
-	 	if (cli_opts.wantpty) {
-			set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY);
-	 	}
+		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
+			cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port);
+		sock_in = sock_out = -1;
 	}
 
-	if (sock_in < 0) {
-		dropbear_exit("%s", error);
-	}
-
-	cli_session(sock_in, sock_out);
+	cli_session(sock_in, sock_out, progress, proxy_cmd_pid);
 
 	/* not reached */
 	return -1;
@@ -92,39 +99,51 @@ int main(int argc, char ** argv) {
 #endif /* DBMULTI stuff */
 
 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
+	char exitmsg[150];
+	char fullmsg[300];
 
-	char fmtbuf[300];
+	/* Note that exit message must be rendered before session cleanup */
 
-	if (!sessinitdone) {
-		snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s",
-				format);
+	/* Render the formatted exit message */
+	vsnprintf(exitmsg, sizeof(exitmsg), format, param);
+
+	/* Add the prefix depending on session/auth state */
+	if (!ses.init_done) {
+		snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg);
 	} else {
-		snprintf(fmtbuf, sizeof(fmtbuf), 
+		snprintf(fullmsg, sizeof(fullmsg), 
 				"Connection to %s@%s:%s exited: %s", 
 				cli_opts.username, cli_opts.remotehost, 
-				cli_opts.remoteport, format);
+				cli_opts.remoteport, exitmsg);
 	}
 
 	/* Do the cleanup first, since then the terminal will be reset */
 	session_cleanup();
+	/* Avoid printing onwards from terminal cruft */
+	fprintf(stderr, "\n");
 
-	_dropbear_log(LOG_INFO, fmtbuf, param);
-
+	dropbear_log(LOG_INFO, "%s", fullmsg);
 	exit(exitcode);
 }
 
-static void cli_dropbear_log(int UNUSED(priority), 
+static void cli_dropbear_log(int priority,
 		const char* format, va_list param) {
 
 	char printbuf[1024];
 
 	vsnprintf(printbuf, sizeof(printbuf), format, param);
 
-	fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf);
+#ifndef DISABLE_SYSLOG
+	if (opts.usingsyslog) {
+		syslog(priority, "%s", printbuf);
+	}
+#endif
 
+	fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf);
+	fflush(stderr);
 }
 
-static void exec_proxy_cmd(void *user_data_cmd) {
+static void exec_proxy_cmd(const void *user_data_cmd) {
 	const char *cmd = user_data_cmd;
 	char *usershell;
 
@@ -133,17 +152,44 @@ static void exec_proxy_cmd(void *user_data_cmd) {
 	dropbear_exit("Failed to run '%s'\n", cmd);
 }
 
-#ifdef ENABLE_CLI_PROXYCMD
-static void cli_proxy_cmd(int *sock_in, int *sock_out) {
+#if DROPBEAR_CLI_PROXYCMD
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
+	char * ex_cmd = NULL;
+	size_t ex_cmdlen;
 	int ret;
 
+	/* File descriptor "-j &3" */
+	if (*cli_opts.proxycmd == '&') {
+		char *p = cli_opts.proxycmd + 1;
+		int sock = strtoul(p, &p, 10);
+		/* must be a single number, and not stdin/stdout/stderr */
+		if (sock > 2 && sock < 1024 && *p == '\0') {
+			*sock_in = sock;
+			*sock_out = sock;
+			return;
+		}
+	}
+
+	/* Normal proxycommand */
+
+	/* So that spawn_command knows which shell to run */
 	fill_passwd(cli_opts.own_user);
 
-	ret = spawn_command(exec_proxy_cmd, cli_opts.proxycmd,
-			sock_out, sock_in, NULL, NULL);
+	ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
+	ex_cmd = m_malloc(ex_cmdlen);
+	snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd);
+
+	ret = spawn_command(exec_proxy_cmd, ex_cmd,
+			sock_out, sock_in, NULL, pid_out);
+	m_free(ex_cmd);
 	if (ret == DROPBEAR_FAILURE) {
 		dropbear_exit("Failed running proxy command");
 		*sock_in = *sock_out = -1;
 	}
 }
-#endif /* ENABLE_CLI_PROXYCMD */
+
+static void kill_proxy_sighandler(int UNUSED(signo)) {
+	kill_proxy_command();
+	_exit(1);
+}
+#endif /* DROPBEAR_CLI_PROXYCMD */

cli-runopts.c

@@ -33,24 +33,25 @@
 
 cli_runopts cli_opts; /* GLOBAL */
 
-static void printhelp();
+static void printhelp(void);
 static void parse_hostname(const char* orighostarg);
 static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
-static void fill_own_user();
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename);
+static void fill_own_user(void);
+#if DROPBEAR_CLI_PUBKEY_AUTH
+static void loadidentityfile(const char* filename, int warnfail);
 #endif
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 static void addforward(const char* str, m_list *fwdlist);
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 static void add_netcat(const char *str);
 #endif
+static void add_extendedopt(const char *str);
 
 static void printhelp() {
 
 	fprintf(stderr, "Dropbear SSH client v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
 					"Usage: %s [options] [user@]host[/port][,[user@]host/port],...] [command]\n"
 #else
 					"Usage: %s [options] [user@]host[/port] [command]\n"
@@ -64,62 +65,74 @@ static void printhelp() {
 					"-y    Always accept remote host key if unknown\n"
 					"-y -y Don't perform any remote host key checking (caution)\n"
 					"-s    Request a subsystem (use by external sftp)\n"
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-					"-i <identityfile>   (multiple allowed)\n"
+					"-o option     Set option in OpenSSH-like format ('-o help' to list options)\n"
+#if DROPBEAR_CLI_PUBKEY_AUTH
+					"-i <identityfile>   (multiple allowed, default %s)\n"
 #endif
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 					"-A    Enable agent auth forwarding\n"
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 					"-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding\n"
 					"-g    Allow remote hosts to connect to forwarded ports\n"
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 					"-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
 					"-K <keepalive>  (0 is never, default %d)\n"
 					"-I <idle_timeout>  (0 is never, default %d)\n"
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 					"-B <endhost:endport> Netcat-alike forwarding\n"
 #endif				
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 					"-J <proxy_program> Use program pipe rather than TCP connection\n"
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 					"-c <cipher list> Specify preferred ciphers ('-c help' to list options)\n"
 					"-m <MAC list> Specify preferred MACs for packet verification (or '-m help')\n"
 #endif
-#ifdef DEBUG_TRACE
+					"-b    [bind_address][:bind_port]\n"
+					"-V    Version\n"
+#if DEBUG_TRACE
 					"-v    verbose (compiled with DEBUG_TRACE)\n"
 #endif
 					,DROPBEAR_VERSION, cli_opts.progname,
+#if DROPBEAR_CLI_PUBKEY_AUTH
+					DROPBEAR_DEFAULT_CLI_AUTHKEY,
+#endif
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 					
 }
 
 void cli_getopts(int argc, char ** argv) {
 	unsigned int i, j;
-	char ** next = 0;
+	char ** next = NULL;
+	enum {
+		OPT_EXTENDED_OPTIONS,
+#if DROPBEAR_CLI_PUBKEY_AUTH
+		OPT_AUTHKEY,
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+		OPT_LOCALTCPFWD,
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+		OPT_REMOTETCPFWD,
+#endif
+#if DROPBEAR_CLI_NETCAT
+		OPT_NETCAT,
+#endif
+		/* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */
+		OPT_OTHER
+	} opt;
 	unsigned int cmdlen;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	int nextiskey = 0; /* A flag if the next argument is a keyfile */
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-	int nextislocal = 0;
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-	int nextisremote = 0;
-#endif
-#ifdef ENABLE_CLI_NETCAT
-	int nextisnetcat = 0;
-#endif
-	char* dummy = NULL; /* Not used for anything real */
 
 	char* recv_window_arg = NULL;
 	char* keepalive_arg = NULL;
 	char* idle_timeout_arg = NULL;
 	char *host_arg = NULL;
+	char *bind_arg = NULL;
+	char c;
 
 	/* see printhelp() for options */
 	cli_opts.progname = argv[0];
@@ -133,87 +146,66 @@ void cli_getopts(int argc, char ** argv) {
 	cli_opts.always_accept_key = 0;
 	cli_opts.no_hostkey_check = 0;
 	cli_opts.is_subsystem = 0;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	cli_opts.privkeys = list_new();
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
+	cli_opts.exit_on_fwd_failure = 0;
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
 	cli_opts.localfwds = list_new();
 	opts.listen_fwd_all = 0;
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = list_new();
 #endif
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	cli_opts.agent_fwd = 0;
 	cli_opts.agent_fd = -1;
 	cli_opts.agent_keys_loaded = 0;
 #endif
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 	cli_opts.proxycmd = NULL;
 #endif
+	cli_opts.bind_address = NULL;
+	cli_opts.bind_port = NULL;
 #ifndef DISABLE_ZLIB
-	opts.enable_compress = 1;
+	opts.compress_mode = DROPBEAR_COMPRESS_ON;
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 	opts.cipher_list = NULL;
 	opts.mac_list = NULL;
+#endif
+#ifndef DISABLE_SYSLOG
+	opts.usingsyslog = 0;
 #endif
 	/* not yet
 	opts.ipv4 = 1;
 	opts.ipv6 = 1;
 	*/
 	opts.recv_window = DEFAULT_RECV_WINDOW;
+	opts.keepalive_secs = DEFAULT_KEEPALIVE;
+	opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
 
 	fill_own_user();
 
-	/* Iterate all the arguments */
 	for (i = 1; i < (unsigned int)argc; i++) {
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-		if (nextiskey) {
-			/* Load a hostkey since the previous argument was "-i" */
-			loadidentityfile(argv[i]);
-			nextiskey = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
-		if (nextisremote) {
-			TRACE(("nextisremote true"))
-			addforward(argv[i], cli_opts.remotefwds);
-			nextisremote = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
-		if (nextislocal) {
-			TRACE(("nextislocal true"))
-			addforward(argv[i], cli_opts.localfwds);
-			nextislocal = 0;
-			continue;
-		}
-#endif
-#ifdef ENABLE_CLI_NETCAT
-		if (nextisnetcat) {
-			TRACE(("nextisnetcat true"))
-			add_netcat(argv[i]);
-			nextisnetcat = 0;
-			continue;
-		}
-#endif
-		if (next) {
-			/* The previous flag set a value to assign */
-			*next = argv[i];
-			if (*next == NULL) {
-				dropbear_exit("Invalid null argument");
+		/* Handle non-flag arguments such as hostname or commands for the remote host */
+		if (argv[i][0] != '-')
+		{
+			if (host_arg == NULL) {
+				host_arg = argv[i];
+				continue;
 			}
-			next = NULL;
-			continue;
+			/* Commands to pass to the remote host. No more flag handling,
+			commands are consumed below */
+			break;
 		}
 
-		if (argv[i][0] == '-') {
-			/* A flag *waves* */
-
-			switch (argv[i][1]) {
+		/* Begins with '-' */
+		opt = OPT_OTHER;
+		for (j = 1; (c = argv[i][j]) != '\0' && !next && opt == OPT_OTHER; j++) {
+			switch (c) {
 				case 'y': /* always accept the remote hostkey */
 					if (cli_opts.always_accept_key) {
 						/* twice means no checking at all */
@@ -224,14 +216,9 @@ void cli_getopts(int argc, char ** argv) {
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
 					break;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 				case 'i': /* an identityfile */
-					/* Keep scp happy when it changes "-i file" to "-ifile" */
-					if (strlen(argv[i]) > 2) {
-						loadidentityfile(&argv[i][2]);
-					} else  {
-						nextiskey = 1;
-					}
+					opt = OPT_AUTHKEY;
 					break;
 #endif
 				case 't': /* we want a pty */
@@ -249,25 +236,28 @@ void cli_getopts(int argc, char ** argv) {
 				case 's':
 					cli_opts.is_subsystem = 1;
 					break;
-#ifdef ENABLE_CLI_LOCALTCPFWD
+				case 'o':
+					opt = OPT_EXTENDED_OPTIONS;
+					break;
+#if DROPBEAR_CLI_LOCALTCPFWD
 				case 'L':
-					nextislocal = 1;
+					opt = OPT_LOCALTCPFWD;
 					break;
 				case 'g':
 					opts.listen_fwd_all = 1;
 					break;
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 				case 'R':
-					nextisremote = 1;
+					opt = OPT_REMOTETCPFWD;
 					break;
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 				case 'B':
-					nextisnetcat = 1;
+					opt = OPT_NETCAT;
 					break;
 #endif
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 				case 'J':
 					next = &cli_opts.proxycmd;
 					break;
@@ -291,12 +281,12 @@ void cli_getopts(int argc, char ** argv) {
 				case 'I':
 					next = &idle_timeout_arg;
 					break;
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 				case 'A':
 					cli_opts.agent_fwd = 1;
 					break;
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 				case 'c':
 					next = &opts.cipher_list;
 					break;
@@ -304,86 +294,125 @@ void cli_getopts(int argc, char ** argv) {
 					next = &opts.mac_list;
 					break;
 #endif
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;
 					break;
 #endif
 				case 'F':
 				case 'e':
-#ifndef ENABLE_USER_ALGO_LIST
+#if !DROPBEAR_USER_ALGO_LIST
 				case 'c':
 				case 'm':
 #endif
 				case 'D':
-#ifndef ENABLE_CLI_REMOTETCPFWD
+#if !DROPBEAR_CLI_REMOTETCPFWD
 				case 'R':
 #endif
-#ifndef ENABLE_CLI_LOCALTCPFWD
+#if !DROPBEAR_CLI_LOCALTCPFWD
 				case 'L':
 #endif
-				case 'o':
+				case 'V':
+					print_version();
+					exit(EXIT_SUCCESS);
+					break;
 				case 'b':
-					next = &dummy;
+					next = &bind_arg;
+					break;
 				default:
-					fprintf(stderr, 
-						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
+					fprintf(stderr,
+						"WARNING: Ignoring unknown option -%c\n", c);
 					break;
 			} /* Switch */
-			
-			/* Now we handle args where they might be "-luser" (no spaces)*/
-			if (next && strlen(argv[i]) > 2) {
-				*next = &argv[i][2];
-				next = NULL;
-			}
-
-			continue; /* next argument */
-
-		} else {
-			TRACE(("non-flag arg: '%s'", argv[i]))
-
-			/* Either the hostname or commands */
-
-			if (host_arg == NULL) {
-				host_arg = argv[i];
-			} else {
-
-				/* this is part of the commands to send - after this we
-				 * don't parse any more options, and flags are sent as the
-				 * command */
-				cmdlen = 0;
-				for (j = i; j < (unsigned int)argc; j++) {
-					cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */
-				}
-				/* Allocate the space */
-				cli_opts.cmd = (char*)m_malloc(cmdlen);
-				cli_opts.cmd[0] = '\0';
-
-				/* Append all the bits */
-				for (j = i; j < (unsigned int)argc; j++) {
-					strlcat(cli_opts.cmd, argv[j], cmdlen);
-					strlcat(cli_opts.cmd, " ", cmdlen);
-				}
-				/* It'll be null-terminated here */
-
-				/* We've eaten all the options and flags */
-				break;
-			}
 		}
+
+		if (!next && opt == OPT_OTHER) /* got a flag */
+			continue;
+
+		if (c == '\0') {
+			i++;
+			j = 0;
+			if (!argv[i])
+				dropbear_exit("Missing argument");
+		}
+
+		if (opt == OPT_EXTENDED_OPTIONS) {
+			TRACE(("opt extended"))
+			add_extendedopt(&argv[i][j]);
+		}
+		else
+#if DROPBEAR_CLI_PUBKEY_AUTH
+		if (opt == OPT_AUTHKEY) {
+			TRACE(("opt authkey"))
+			loadidentityfile(&argv[i][j], 1);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+		if (opt == OPT_REMOTETCPFWD) {
+			TRACE(("opt remotetcpfwd"))
+			addforward(&argv[i][j], cli_opts.remotefwds);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+		if (opt == OPT_LOCALTCPFWD) {
+			TRACE(("opt localtcpfwd"))
+			addforward(&argv[i][j], cli_opts.localfwds);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_NETCAT
+		if (opt == OPT_NETCAT) {
+			TRACE(("opt netcat"))
+			add_netcat(&argv[i][j]);
+		}
+		else
+#endif
+		if (next) {
+			/* The previous flag set a value to assign */
+			*next = &argv[i][j];
+			if (*next == NULL)
+				dropbear_exit("Invalid null argument");
+			next = NULL;
+		}
+	}
+
+	/* Done with options/flags; now handle the hostname (which may not
+	 * start with a hyphen) and optional command */
+
+	if (host_arg == NULL) { /* missing hostname */
+		printhelp();
+		exit(EXIT_FAILURE);
+	}
+	TRACE(("host is: %s", host_arg))
+
+	if (i < (unsigned int)argc) {
+		/* Build the command to send */
+		cmdlen = 0;
+		for (j = i; j < (unsigned int)argc; j++)
+			cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */
+
+		/* Allocate the space */
+		cli_opts.cmd = (char*)m_malloc(cmdlen);
+		cli_opts.cmd[0] = '\0';
+
+		/* Append all the bits */
+		for (j = i; j < (unsigned int)argc; j++) {
+			strlcat(cli_opts.cmd, argv[j], cmdlen);
+			strlcat(cli_opts.cmd, " ", cmdlen);
+		}
+		/* It'll be null-terminated here */
+		TRACE(("cmd is: %s", cli_opts.cmd))
 	}
 
 	/* And now a few sanity checks and setup */
 
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 	parse_ciphers_macs();
 #endif
 
-	if (host_arg == NULL) {
-		printhelp();
-		exit(EXIT_FAILURE);
-	}
-
-#ifdef ENABLE_CLI_PROXYCMD                                                                                                                                   
+#if DROPBEAR_CLI_PROXYCMD                                                                                                                                   
 	if (cli_opts.proxycmd) {
 		/* To match the common path of m_freeing it */
 		cli_opts.proxycmd = m_strdup(cli_opts.proxycmd);
@@ -394,6 +423,18 @@ void cli_getopts(int argc, char ** argv) {
 		cli_opts.remoteport = "22";
 	}
 
+	if (bind_arg) {
+		/* split [host][:port] */
+		char *port = strrchr(bind_arg, ':');
+		if (port) {
+			cli_opts.bind_port = m_strdup(port+1);
+			*port = '\0';
+		}
+		if (strlen(bind_arg) > 0) {
+			cli_opts.bind_address = m_strdup(bind_arg);
+		}
+	}
+
 	/* If not explicitly specified with -t or -T, we don't want a pty if
 	 * there's a command, but we do otherwise */
 	if (cli_opts.wantpty == 9) {
@@ -431,31 +472,43 @@ void cli_getopts(int argc, char ** argv) {
 		opts.idle_timeout_secs = val;
 	}
 
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 	if (cli_opts.cmd && cli_opts.netcat_host) {
 		dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);
 	}
 #endif
 
+#if (DROPBEAR_CLI_PUBKEY_AUTH)
+	{
+		char *expand_path = expand_homedir_path(DROPBEAR_DEFAULT_CLI_AUTHKEY);
+		loadidentityfile(expand_path, 0);
+		m_free(expand_path);
+	}
+#endif
+
 	/* The hostname gets set up last, since
 	 * in multi-hop mode it will require knowledge
 	 * of other flags such as -i */
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
 	parse_multihop_hostname(host_arg, argv[0]);
 #else
 	parse_hostname(host_arg);
 #endif
 }
 
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename) {
+#if DROPBEAR_CLI_PUBKEY_AUTH
+static void loadidentityfile(const char* filename, int warnfail) {
 	sign_key *key;
 	enum signkey_type keytype;
 
+	TRACE(("loadidentityfile %s", filename))
+
 	key = new_sign_key();
 	keytype = DROPBEAR_SIGNKEY_ANY;
 	if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
-		fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
+		if (warnfail) {
+			dropbear_log(LOG_WARNING, "Failed loading keyfile '%s'\n", filename);
+		}
 		sign_key_free(key);
 	} else {
 		key->type = keytype;
@@ -466,7 +519,7 @@ static void loadidentityfile(const char* filename) {
 }
 #endif
 
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
 
 static char*
 multihop_passthrough_args() {
@@ -476,11 +529,14 @@ multihop_passthrough_args() {
 	m_list_elem *iter;
 	/* Fill out -i, -y, -W options that make sense for all
 	 * the intermediate processes */
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
 	{
 		sign_key * key = (sign_key*)iter->item;
 		len += 3 + strlen(key->filename);
 	}
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
+
 	len += 30; /* space for -W <size>, terminator. */
 	ret = m_malloc(len);
 	total = 0;
@@ -498,10 +554,11 @@ multihop_passthrough_args() {
 
 	if (opts.recv_window != DEFAULT_RECV_WINDOW)
 	{
-		int written = snprintf(ret+total, len-total, "-W %d ", opts.recv_window);
+		int written = snprintf(ret+total, len-total, "-W %u ", opts.recv_window);
 		total += written;
 	}
 
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
 	{
 		sign_key * key = (sign_key*)iter->item;
@@ -510,6 +567,7 @@ multihop_passthrough_args() {
 		dropbear_assert((unsigned int)written < size);
 		total += written;
 	}
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
 
 	/* if args were passed, total will be not zero, and it will have a space at the end, so remove that */
 	if (total > 0) 
@@ -587,13 +645,13 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0)
 				passthrough_args, remainder);
 #ifndef DISABLE_ZLIB
 		/* The stream will be incompressible since it's encrypted. */
-		opts.enable_compress = 0;
+		opts.compress_mode = DROPBEAR_COMPRESS_OFF;
 #endif
 		m_free(passthrough_args);
 	}
 	m_free(hostbuf);
 }
-#endif /* !ENABLE_CLI_MULTIHOP */
+#endif /* !DROPBEAR_CLI_MULTIHOP */
 
 /* Parses a [user@]hostname[/port] argument. */
 static void parse_hostname(const char* orighostarg) {
@@ -632,7 +690,7 @@ static void parse_hostname(const char* orighostarg) {
 	}
 }
 
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 static void add_netcat(const char* origstr) {
 	char *portstr = NULL;
 	
@@ -676,14 +734,16 @@ static void fill_own_user() {
 	uid = getuid();
 
 	pw = getpwuid(uid);
-	if (pw == NULL || pw->pw_name == NULL) {
-		dropbear_exit("Unknown own user");
+	if (pw && pw->pw_name != NULL) {
+		cli_opts.own_user = m_strdup(pw->pw_name);
+	} else {
+		dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway.");
+		cli_opts.own_user = m_strdup("unknown");
 	}
 
-	cli_opts.own_user = m_strdup(pw->pw_name);
 }
 
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 /* Turn a "[listenaddr:]listenport:remoteaddr:remoteport" string into into a forwarding
  * set, and add it to the forwarding list */
 static void addforward(const char* origstr, m_list *fwdlist) {
@@ -778,3 +838,76 @@ badport:
 	dropbear_exit("Bad TCP port in '%s'", origstr);
 }
 #endif
+
+static int match_extendedopt(const char** strptr, const char *optname) {
+	int seen_eq = 0;
+	int optlen = strlen(optname);
+	const char *str = *strptr;
+
+	while (isspace(*str)) {
+		++str;
+	}
+
+	if (strncasecmp(str, optname, optlen) != 0) {
+		return DROPBEAR_FAILURE;
+	}
+
+	str += optlen;
+
+	while (isspace(*str) || (!seen_eq && *str == '=')) {
+		if (*str == '=') {
+			seen_eq = 1;
+		}
+		++str;
+	}
+
+	if (str-*strptr == optlen) {
+		/* matched just a prefix of optname */
+		return DROPBEAR_FAILURE;
+	}
+
+	*strptr = str;
+	return DROPBEAR_SUCCESS;
+}
+
+static int parse_flag_value(const char *value) {
+	if (strcmp(value, "yes") == 0 || strcmp(value, "true") == 0) {
+		return 1;
+	} else if (strcmp(value, "no") == 0 || strcmp(value, "false") == 0) {
+		return 0;
+	}
+
+	dropbear_exit("Bad yes/no argument '%s'", value);
+}
+
+static void add_extendedopt(const char* origstr) {
+	const char *optstr = origstr;
+
+	if (strcmp(origstr, "help") == 0) {
+		dropbear_log(LOG_INFO, "Available options:\n"
+#if DROPBEAR_CLI_ANYTCPFWD
+			"\tExitOnForwardFailure\n"
+#endif
+#ifndef DISABLE_SYSLOG
+			"\tUseSyslog\n"
+#endif
+		);
+		exit(EXIT_SUCCESS);
+	}
+
+#if DROPBEAR_CLI_ANYTCPFWD
+	if (match_extendedopt(&optstr, "ExitOnForwardFailure") == DROPBEAR_SUCCESS) {
+		cli_opts.exit_on_fwd_failure = parse_flag_value(optstr);
+		return;
+	}
+#endif
+
+#ifndef DISABLE_SYSLOG
+	if (match_extendedopt(&optstr, "UseSyslog") == DROPBEAR_SUCCESS) {
+		opts.usingsyslog = parse_flag_value(optstr);
+		return;
+	}
+#endif
+
+	dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
+}

cli-session.c

@@ -37,13 +37,15 @@
 #include "chansession.h"
 #include "agentfwd.h"
 #include "crypto_desc.h"
+#include "netio.h"
 
-static void cli_remoteclosed();
-static void cli_sessionloop();
-static void cli_session_init();
-static void cli_finished();
+static void cli_remoteclosed(void) ATTRIB_NORETURN;
+static void cli_sessionloop(void);
+static void cli_session_init(pid_t proxy_cmd_pid);
+static void cli_finished(void) ATTRIB_NORETURN;
 static void recv_msg_service_accept(void);
 static void cli_session_cleanup(void);
+static void recv_msg_global_request_cli(void);
 
 struct clientsession cli_ses; /* GLOBAL */
 
@@ -68,38 +70,61 @@ static const packettype cli_packettypes[] = {
 	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
 	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
 	{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
-#ifdef  ENABLE_CLI_REMOTETCPFWD
+	{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli},
+	{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
+	{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
+#if DROPBEAR_CLI_REMOTETCPFWD
 	{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
 	{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
+#else
+	/* For keepalive */
+	{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response},
+	{SSH_MSG_REQUEST_FAILURE, ignore_recv_response},
 #endif
-	{0, 0} /* End */
+	{0, NULL} /* End */
 };
 
 static const struct ChanType *cli_chantypes[] = {
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 	&cli_chan_tcpremote,
 #endif
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	&cli_chan_agent,
 #endif
 	NULL /* Null termination */
 };
 
-void cli_session(int sock_in, int sock_out) {
+void cli_connected(int result, int sock, void* userdata, const char *errstring)
+{
+	struct sshsession *myses = userdata;
+	if (result == DROPBEAR_FAILURE) {
+		dropbear_exit("Connect failed: %s", errstring);
+	}
+	myses->sock_in = myses->sock_out = sock;
+	update_channel_prio();
+}
+
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) {
 
 	common_session_init(sock_in, sock_out);
 
+	if (progress) {
+		connect_set_writequeue(progress, &ses.writequeue);
+	}
+
 	chaninitialise(cli_chantypes);
 
 	/* Set up cli_ses vars */
-	cli_session_init();
+	cli_session_init(proxy_cmd_pid);
 
 	/* Ready to go */
-	sessinitdone = 1;
+	ses.init_done = 1;
 
 	/* Exchange identification */
 	send_session_identification();
 
+	kexfirstinitialise(); /* initialise the kex state */
+
 	send_msg_kexinit();
 
 	session_loop(cli_sessionloop);
@@ -108,13 +133,13 @@ void cli_session(int sock_in, int sock_out) {
 
 }
 
-#ifdef USE_KEX_FIRST_FOLLOWS
+#if DROPBEAR_KEX_FIRST_FOLLOWS
 static void cli_send_kex_first_guess() {
 	send_msg_kexdh_init();
 }
 #endif
 
-static void cli_session_init() {
+static void cli_session_init(pid_t proxy_cmd_pid) {
 
 	cli_ses.state = STATE_NOTHING;
 	cli_ses.kex_state = KEX_NOTHING;
@@ -133,18 +158,13 @@ static void cli_session_init() {
 
 	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
 									  specific exit status */
+	cli_ses.proxy_cmd_pid = proxy_cmd_pid;
+	TRACE(("proxy command PID='%d'", proxy_cmd_pid));
 
 	/* Auth */
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
 
-#ifdef DROPBEAR_NONE_CIPHER
-	cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
-	set_algo_usable(sshciphers, "none", 0);
-#else
-	cli_ses.cipher_none_after_auth = 0;
-#endif
-
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 
@@ -155,13 +175,13 @@ static void cli_session_init() {
 
 	ses.isserver = 0;
 
-#ifdef USE_KEX_FIRST_FOLLOWS
+#if DROPBEAR_KEX_FIRST_FOLLOWS
 	ses.send_kex_first_guess = cli_send_kex_first_guess;
 #endif
 
 }
 
-static void send_msg_service_request(char* servicename) {
+static void send_msg_service_request(const char* servicename) {
 
 	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
 
@@ -242,12 +262,9 @@ static void cli_sessionloop() {
 			return;
 
 		case USERAUTH_SUCCESS_RCVD:
-
-#ifdef DROPBEAR_NONE_CIPHER
-			if (cli_ses.cipher_none_after_auth)
-			{
-				set_algo_usable(sshciphers, "none", 1);
-				send_msg_kexinit();
+#ifndef DISABLE_SYSLOG
+			if (opts.usingsyslog) {
+				dropbear_log(LOG_INFO, "Authentication succeeded.");
 			}
 #endif
 
@@ -255,7 +272,7 @@ static void cli_sessionloop() {
 				int devnull;
 				/* keeping stdin open steals input from the terminal and
 				   is confusing, though stdout/stderr could be useful. */
-				devnull = open(_PATH_DEVNULL, O_RDONLY);
+				devnull = open(DROPBEAR_PATH_DEVNULL, O_RDONLY);
 				if (devnull < 0) {
 					dropbear_exit("Opening /dev/null: %d %s",
 							errno, strerror(errno));
@@ -267,7 +284,7 @@ static void cli_sessionloop() {
 				}
 			}
 			
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 			if (cli_opts.netcat_host) {
 				cli_send_netcat_request();
 			} else 
@@ -276,10 +293,10 @@ static void cli_sessionloop() {
 				cli_send_chansess_request();
 			}
 
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 			setup_localtcp();
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 			setup_remotetcp();
 #endif
 
@@ -308,17 +325,31 @@ static void cli_sessionloop() {
 
 }
 
+void kill_proxy_command(void) {
+	/*
+	 * Send SIGHUP to proxy command if used. We don't wait() in
+	 * case it hangs and instead rely on init to reap the child
+	 */
+	if (cli_ses.proxy_cmd_pid > 1) {
+		TRACE(("killing proxy command with PID='%d'", cli_ses.proxy_cmd_pid));
+		kill(cli_ses.proxy_cmd_pid, SIGHUP);
+	}
+}
+
 static void cli_session_cleanup(void) {
 
-	if (!sessinitdone) {
+	if (!ses.init_done) {
 		return;
 	}
 
+	kill_proxy_command();
+
 	/* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if
 	 * we don't revert the flags */
-	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
-	fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
-	fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
+	/* Ignore return value since there's nothing we can do */
+	(void)fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
+	(void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
+	(void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
 
 	cli_tty_cleanup();
 
@@ -348,10 +379,10 @@ static void cli_remoteclosed() {
 /* Operates in-place turning dirty (untrusted potentially containing control
  * characters) text into clean text. 
  * Note: this is safe only with ascii - other charsets could have problems. */
-void cleantext(unsigned char* dirtytext) {
+void cleantext(char* dirtytext) {
 
 	unsigned int i, j;
-	unsigned char c;
+	char c;
 
 	j = 0;
 	for (i = 0; dirtytext[i] != '\0'; i++) {
@@ -366,3 +397,9 @@ void cleantext(unsigned char* dirtytext) {
 	/* Null terminate */
 	dirtytext[j] = '\0';
 }
+
+static void recv_msg_global_request_cli(void) {
+	TRACE(("recv_msg_global_request_cli"))
+	/* Send a proper rejection */
+	send_msg_request_failure();
+}

cli-tcpfwd.c

@@ -23,15 +23,15 @@
  * SOFTWARE. */
 
 #include "includes.h"
-#include "options.h"
 #include "dbutil.h"
 #include "tcpfwd.h"
 #include "channel.h"
 #include "runopts.h"
 #include "session.h"
 #include "ssh.h"
+#include "netio.h"
 
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 static int newtcpforwarded(struct Channel * channel);
 
 const struct ChanType cli_chan_tcpremote = {
@@ -44,7 +44,7 @@ const struct ChanType cli_chan_tcpremote = {
 };
 #endif
 
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 static int cli_localtcp(const char* listenaddr, 
 		unsigned int listenport, 
 		const char* remoteaddr,
@@ -52,14 +52,31 @@ static int cli_localtcp(const char* listenaddr,
 static const struct ChanType cli_chan_tcplocal = {
 	1, /* sepfds */
 	"direct-tcpip",
-	NULL,
+	tcp_prio_inithandler,
 	NULL,
 	NULL,
 	NULL
 };
 #endif
 
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
+static void fwd_failed(const char* format, ...) ATTRIB_PRINTF(1,2);
+static void fwd_failed(const char* format, ...)
+{
+	va_list param;
+	va_start(param, format);
+
+	if (cli_opts.exit_on_fwd_failure) {
+		_dropbear_exit(EXIT_FAILURE, format, param);
+	} else {
+		_dropbear_log(LOG_WARNING, format, param);
+	}
+
+	va_end(param);
+}
+#endif
+
+#if DROPBEAR_CLI_LOCALTCPFWD
 void setup_localtcp() {
 	m_list_elem *iter;
 	int ret;
@@ -74,7 +91,7 @@ void setup_localtcp() {
 				fwd->connectaddr,
 				fwd->connectport);
 		if (ret == DROPBEAR_FAILURE) {
-			dropbear_log(LOG_WARNING, "Failed local port forward %s:%d:%s:%d",
+			fwd_failed("Failed local port forward %s:%d:%s:%d",
 					fwd->listenaddr,
 					fwd->listenport,
 					fwd->connectaddr,
@@ -126,9 +143,9 @@ static int cli_localtcp(const char* listenaddr,
 	TRACE(("leave cli_localtcp: %d", ret))
 	return ret;
 }
-#endif /* ENABLE_CLI_LOCALTCPFWD */
+#endif /* DROPBEAR_CLI_LOCALTCPFWD */
 
-#ifdef  ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 static void send_msg_global_request_remotetcp(const char *addr, int port) {
 
 	TRACE(("enter send_msg_global_request_remotetcp"))
@@ -180,7 +197,10 @@ void cli_recv_msg_request_failure() {
 		struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item;
 		if (!fwd->have_reply) {
 			fwd->have_reply = 1;
-			dropbear_log(LOG_WARNING, "Remote TCP forward request failed (port %d -> %s:%d)", fwd->listenport, fwd->connectaddr, fwd->connectport);
+			fwd_failed("Remote TCP forward request failed (port %d -> %s:%d)",
+					fwd->listenport,
+					fwd->connectaddr,
+					fwd->connectport);
 			return;
 		}
 	}
@@ -210,12 +230,11 @@ void setup_remotetcp() {
 
 static int newtcpforwarded(struct Channel * channel) {
 
-    char *origaddr = NULL;
+	char *origaddr = NULL;
 	unsigned int origport;
 	m_list_elem * iter = NULL;
-	struct TCPFwdEntry *fwd;
+	struct TCPFwdEntry *fwd = NULL;
 	char portstring[NI_MAXSERV];
-	int sock;
 	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
 
 	origaddr = buf_getstring(ses.payload, NULL);
@@ -245,28 +264,18 @@ static int newtcpforwarded(struct Channel * channel) {
 	}
 
 
-	if (iter == NULL) {
+	if (iter == NULL || fwd == NULL) {
 		/* We didn't request forwarding on that port */
-        	cleantext(origaddr);
+		cleantext(origaddr);
 		dropbear_log(LOG_INFO, "Server sent unrequested forward from \"%s:%d\"", 
                 origaddr, origport);
 		goto out;
 	}
 	
-	snprintf(portstring, sizeof(portstring), "%d", fwd->connectport);
-	sock = connect_remote(fwd->connectaddr, portstring, 1, NULL);
-	if (sock < 0) {
-		TRACE(("leave newtcpdirect: sock failed"))
-		err = SSH_OPEN_CONNECT_FAILED;
-		goto out;
-	}
+	snprintf(portstring, sizeof(portstring), "%u", fwd->connectport);
+	channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel, NULL, NULL);
 
-	ses.maxfd = MAX(ses.maxfd, sock);
-
-	/* We don't set readfd, that will get set after the connection's
-	 * progress succeeds */
-	channel->writefd = sock;
-	channel->initconn = 1;
+	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
 	
 	err = SSH_OPEN_IN_PROGRESS;
 
@@ -275,4 +284,4 @@ out:
 	TRACE(("leave newtcpdirect: err %d", err))
 	return err;
 }
-#endif /* ENABLE_CLI_REMOTETCPFWD */
+#endif /* DROPBEAR_CLI_REMOTETCPFWD */

common-algo.c

@@ -27,7 +27,7 @@
 #include "algo.h"
 #include "session.h"
 #include "dbutil.h"
-#include "kex.h"
+#include "dh_groups.h"
 #include "ltc_prng.h"
 #include "ecc.h"
 
@@ -53,27 +53,27 @@ static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV),
 
 /* Remember to add new ciphers/hashes to regciphers/reghashes too */
 
-#ifdef DROPBEAR_AES256
+#if DROPBEAR_AES256
 static const struct dropbear_cipher dropbear_aes256 = 
 	{&aes_desc, 32, 16};
 #endif
-#ifdef DROPBEAR_AES128
+#if DROPBEAR_AES128
 static const struct dropbear_cipher dropbear_aes128 = 
 	{&aes_desc, 16, 16};
 #endif
-#ifdef DROPBEAR_BLOWFISH
+#if DROPBEAR_BLOWFISH
 static const struct dropbear_cipher dropbear_blowfish = 
 	{&blowfish_desc, 16, 8};
 #endif
-#ifdef DROPBEAR_TWOFISH256
+#if DROPBEAR_TWOFISH256
 static const struct dropbear_cipher dropbear_twofish256 = 
 	{&twofish_desc, 32, 16};
 #endif
-#ifdef DROPBEAR_TWOFISH128
+#if DROPBEAR_TWOFISH128
 static const struct dropbear_cipher dropbear_twofish128 = 
 	{&twofish_desc, 16, 16};
 #endif
-#ifdef DROPBEAR_3DES
+#if DROPBEAR_3DES
 static const struct dropbear_cipher dropbear_3des = 
 	{&des3_desc, 24, 8};
 #endif
@@ -84,11 +84,15 @@ const struct dropbear_cipher dropbear_nocipher =
 
 /* A few void* s are required to silence warnings
  * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
+#if DROPBEAR_ENABLE_CBC_MODE
 const struct dropbear_cipher_mode dropbear_mode_cbc =
 	{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
+
 const struct dropbear_cipher_mode dropbear_mode_none =
 	{void_start, void_cipher, void_cipher};
-#ifdef DROPBEAR_ENABLE_CTR_MODE
+
+#if DROPBEAR_ENABLE_CTR_MODE
 /* a wrapper to make ctr_start and cbc_start look the same */
 static int dropbear_big_endian_ctr_start(int cipher, 
 		const unsigned char *IV, 
@@ -98,28 +102,28 @@ static int dropbear_big_endian_ctr_start(int cipher,
 }
 const struct dropbear_cipher_mode dropbear_mode_ctr =
 	{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
-#endif
+#endif /* DROPBEAR_ENABLE_CTR_MODE */
 
 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
    {&hash_desc, keysize, hashsize} */
 
-#ifdef DROPBEAR_SHA1_HMAC
+#if DROPBEAR_SHA1_HMAC
 static const struct dropbear_hash dropbear_sha1 = 
 	{&sha1_desc, 20, 20};
 #endif
-#ifdef DROPBEAR_SHA1_96_HMAC
+#if DROPBEAR_SHA1_96_HMAC
 static const struct dropbear_hash dropbear_sha1_96 = 
 	{&sha1_desc, 20, 12};
 #endif
-#ifdef DROPBEAR_SHA2_256_HMAC
+#if DROPBEAR_SHA2_256_HMAC
 static const struct dropbear_hash dropbear_sha2_256 = 
 	{&sha256_desc, 32, 32};
 #endif
-#ifdef DROPBEAR_SHA2_512_HMAC
+#if DROPBEAR_SHA2_512_HMAC
 static const struct dropbear_hash dropbear_sha2_512 =
 	{&sha512_desc, 64, 64};
 #endif
-#ifdef DROPBEAR_MD5_HMAC
+#if DROPBEAR_MD5_HMAC
 static const struct dropbear_hash dropbear_md5 = 
 	{&md5_desc, 16, 16};
 #endif
@@ -133,69 +137,79 @@ const struct dropbear_hash dropbear_nohash =
  * that is also supported by the server will get used. */
 
 algo_type sshciphers[] = {
-#ifdef DROPBEAR_ENABLE_CTR_MODE
-#ifdef DROPBEAR_AES128
+#if DROPBEAR_ENABLE_CTR_MODE
+#if DROPBEAR_AES128
 	{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
 #endif
-#ifdef DROPBEAR_3DES
-	{"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
-#endif
-#ifdef DROPBEAR_AES256
+#if DROPBEAR_AES256
 	{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
 #endif
+#if DROPBEAR_TWOFISH_CTR
+/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */
+#if DROPBEAR_TWOFISH256
+	{"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_TWOFISH128
+	{"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr},
+#endif
+#endif /* DROPBEAR_TWOFISH_CTR */
 #endif /* DROPBEAR_ENABLE_CTR_MODE */
 
-/* CBC modes are always enabled */
-#ifdef DROPBEAR_AES128
+#if DROPBEAR_ENABLE_CBC_MODE
+#if DROPBEAR_AES128
 	{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
 #endif
-#ifdef DROPBEAR_3DES
-	{"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
-#endif
-#ifdef DROPBEAR_AES256
+#if DROPBEAR_AES256
 	{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
 #endif
-#ifdef DROPBEAR_TWOFISH256
+#if DROPBEAR_TWOFISH256
 	{"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
 	{"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
 #endif
-#ifdef DROPBEAR_TWOFISH128
+#if DROPBEAR_TWOFISH128
 	{"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
 #endif
-#ifdef DROPBEAR_BLOWFISH
+#if DROPBEAR_3DES
+	{"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_3DES
+	{"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_BLOWFISH
 	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
 #endif
-#ifdef DROPBEAR_NONE_CIPHER
-	{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
-#endif
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
 	{NULL, 0, NULL, 0, NULL}
 };
 
 algo_type sshhashes[] = {
-#ifdef DROPBEAR_SHA2_256_HMAC
-	{"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
-#endif
-#ifdef DROPBEAR_SHA2_512_HMAC
-	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
-#endif
-#ifdef DROPBEAR_SHA1_96_HMAC
+#if DROPBEAR_SHA1_96_HMAC
 	{"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL},
 #endif
-#ifdef DROPBEAR_SHA1_HMAC
+#if DROPBEAR_SHA1_HMAC
 	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
 #endif
-#ifdef DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
+#if DROPBEAR_SHA2_256_HMAC
+	{"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
 #endif
-#ifdef DROPBEAR_NONE_INTEGRITY
-	{"none", 0, (void*)&dropbear_nohash, 1, NULL},
+#if DROPBEAR_SHA2_512_HMAC
+	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
+#endif
+#if DROPBEAR_MD5_HMAC
+	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
 };
 
 #ifndef DISABLE_ZLIB
 algo_type ssh_compress[] = {
+	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
 	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
+
+algo_type ssh_delaycompress[] = {
 	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
 	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
 	{NULL, 0, NULL, 0, NULL}
@@ -208,66 +222,87 @@ algo_type ssh_nocompress[] = {
 };
 
 algo_type sshhostkey[] = {
-#ifdef DROPBEAR_ECDSA
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECDSA
+#if DROPBEAR_ECC_256
 	{"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 	{"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 	{"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL},
 #endif
 #endif
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 	{"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
 #endif
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 	{"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
 };
 
+#if DROPBEAR_DH_GROUP1
 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
-static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
+#endif
+#if DROPBEAR_DH_GROUP14_SHA1
+static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
+#endif
+#if DROPBEAR_DH_GROUP14_SHA256
+static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
+#endif
+#if DROPBEAR_DH_GROUP16
+static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
+#endif
 
 /* These can't be const since dropbear_ecc_fill_dp() fills out
  ecc_curve at runtime */
-#ifdef DROPBEAR_ECDH
-#ifdef DROPBEAR_ECC_256
-static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
+#if DROPBEAR_ECDH
+#if DROPBEAR_ECC_256
+static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
 #endif
-#ifdef DROPBEAR_ECC_384
-static struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
+#if DROPBEAR_ECC_384
+static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
 #endif
-#ifdef DROPBEAR_ECC_521
-static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
+#if DROPBEAR_ECC_521
+static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
 #endif
 #endif /* DROPBEAR_ECDH */
 
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
 /* Referred to directly */
 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
 #endif
 
 algo_type sshkex[] = {
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
+	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
 	{"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECDH
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECDH
+#if DROPBEAR_ECC_521
 	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 	{"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
+#if DROPBEAR_DH_GROUP14_SHA256
+	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP14_SHA1
+	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
-	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL},
-#ifdef USE_KEXGUESS2
+#endif
+#if DROPBEAR_DH_GROUP16
+	{"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL},
+#endif
+#if DROPBEAR_KEXGUESS2
 	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
@@ -277,7 +312,7 @@ algo_type sshkex[] = {
  * against.
  * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
  * otherwise */
-int have_algo(char* algo, size_t algolen, algo_type algos[]) {
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]) {
 
 	int i;
 
@@ -292,23 +327,24 @@ int have_algo(char* algo, size_t algolen, algo_type algos[]) {
 }
 
 /* Output a comma separated list of algorithms to a buffer */
-void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]) {
 
 	unsigned int i, len;
 	unsigned int donefirst = 0;
 	buffer *algolist = NULL;
 
-	algolist = buf_new(200);
+	algolist = buf_new(300);
 	for (i = 0; localalgos[i].name != NULL; i++) {
 		if (localalgos[i].usable) {
 			if (donefirst)
 				buf_putbyte(algolist, ',');
 			donefirst = 1;
 			len = strlen(localalgos[i].name);
-			buf_putbytes(algolist, localalgos[i].name, len);
+			buf_putbytes(algolist, (const unsigned char *) localalgos[i].name, len);
 		}
 	}
-	buf_putstring(buf, algolist->data, algolist->len);
+	buf_putstring(buf, (const char*)algolist->data, algolist->len);
+	TRACE(("algolist add '%*s'", algolist->len, algolist->data))
 	buf_free(algolist);
 }
 
@@ -321,12 +357,12 @@ algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
 		enum kexguess2_used *kexguess2, int *goodguess)
 {
 
-	unsigned char * algolist = NULL;
-	const unsigned char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO];
+	char * algolist = NULL;
+	const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO];
 	unsigned int len;
 	unsigned int remotecount, localcount, clicount, servcount, i, j;
 	algo_type * ret = NULL;
-	const unsigned char **clinames, **servnames;
+	const char **clinames, **servnames;
 
 	if (goodguess) {
 		*goodguess = 0;
@@ -428,42 +464,10 @@ out:
 	return ret;
 }
 
-#ifdef DROPBEAR_NONE_CIPHER
-
-void
-set_algo_usable(algo_type algos[], const char * algo_name, int usable)
-{
-	algo_type *a;
-	for (a = algos; a->name != NULL; a++)
-	{
-		if (strcmp(a->name, algo_name) == 0)
-		{
-			a->usable = usable;
-			return;
-		}
-	}
-}
-
-int
-get_algo_usable(algo_type algos[], const char * algo_name)
-{
-	algo_type *a;
-	for (a = algos; a->name != NULL; a++)
-	{
-		if (strcmp(a->name, algo_name) == 0)
-		{
-			return a->usable;
-		}
-	}
-	return 0;
-}
-
-#endif /* DROPBEAR_NONE_CIPHER */
-
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 
 char *
-algolist_string(algo_type algos[])
+algolist_string(const algo_type algos[])
 {
 	char *ret_list;
 	buffer *b = buf_new(200);
@@ -471,7 +475,7 @@ algolist_string(algo_type algos[])
 	buf_setpos(b, b->len);
 	buf_putbyte(b, '\0');
 	buf_setpos(b, 4);
-	ret_list = m_strdup(buf_getptr(b, b->len - b->pos));
+	ret_list = m_strdup((const char *) buf_getptr(b, b->len - b->pos));
 	buf_free(b);
 	return ret_list;
 }
@@ -491,21 +495,6 @@ check_algo(const char* algo_name, algo_type *algos)
 	return NULL;
 }
 
-static void
-try_add_algo(const char *algo_name, algo_type *algos, 
-		const char *algo_desc, algo_type * new_algos, int *num_ret)
-{
-	algo_type *match_algo = check_algo(algo_name, algos);
-	if (!match_algo)
-	{
-		dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", algo_name, algo_desc);
-		return;
-	}
-
-	new_algos[*num_ret] = *match_algo;
-	(*num_ret)++;
-}
-
 /* Checks a user provided comma-separated algorithm list for available
  * options. Any that are not acceptable are removed in-place. Returns the
  * number of valid algorithms. */
@@ -513,30 +502,43 @@ int
 check_user_algos(const char* user_algo_list, algo_type * algos, 
 		const char *algo_desc)
 {
-	algo_type new_algos[MAX_PROPOSED_ALGO];
-	/* this has two passes. first we sweep through the given list of
-	 * algorithms and mark them as usable=2 in the algo_type[] array... */
-	int num_ret = 0;
+	algo_type new_algos[MAX_PROPOSED_ALGO+1];
 	char *work_list = m_strdup(user_algo_list);
-	char *last_name = work_list;
+	char *start = work_list;
 	char *c;
-	for (c = work_list; *c; c++)
+	int n;
+	/* So we can iterate and look for null terminator */
+	memset(new_algos, 0x0, sizeof(new_algos));
+	for (c = work_list, n = 0; ; c++)
 	{
-		if (*c == ',')
-		{
+		char oc = *c;
+		if (n >= MAX_PROPOSED_ALGO) {
+			dropbear_exit("Too many algorithms '%s'", user_algo_list);
+		}
+		if (*c == ',' || *c == '\0') {
+			algo_type *match_algo = NULL;
 			*c = '\0';
-			try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
+			match_algo = check_algo(start, algos);
+			if (match_algo) {
+				if (check_algo(start, new_algos)) {
+					TRACE(("Skip repeated algorithm '%s'", start))
+				} else {
+					new_algos[n] = *match_algo;
+					n++;
+				}
+			} else {
+				dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc);
+			}
 			c++;
-			last_name = c;
+			start = c;
+		}
+		if (oc == '\0') {
+			break;
 		}
 	}
-	try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
 	m_free(work_list);
-
-	new_algos[num_ret].name = NULL;
-
-	/* Copy one more as a blank delimiter */
-	memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
-	return num_ret;
+	/* n+1 to include a null terminator */
+	memcpy(algos, new_algos, sizeof(*new_algos) * (n+1));
+	return n;
 }
-#endif /* ENABLE_USER_ALGO_LIST */
+#endif /* DROPBEAR_USER_ALGO_LIST */

common-channel.c

@@ -32,24 +32,24 @@
 #include "circbuffer.h"
 #include "dbutil.h"
 #include "channel.h"
-#include "ssh.h"
 #include "listener.h"
 #include "runopts.h"
+#include "netio.h"
 
 static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
-		const unsigned char *text, const unsigned char *lang);
-static void send_msg_channel_open_confirmation(struct Channel* channel,
+		const char *text, const char *lang);
+static void send_msg_channel_open_confirmation(const struct Channel* channel,
 		unsigned int recvwindow, 
 		unsigned int recvmaxpacket);
-static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf);
-static void send_msg_channel_window_adjust(struct Channel *channel, 
+static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf,
+	const unsigned char *moredata, unsigned int *morelen);
+static void send_msg_channel_window_adjust(const struct Channel *channel,
 		unsigned int incr);
 static void send_msg_channel_data(struct Channel *channel, int isextended);
 static void send_msg_channel_eof(struct Channel *channel);
 static void send_msg_channel_close(struct Channel *channel);
 static void remove_channel(struct Channel *channel);
-static void check_in_progress(struct Channel *channel);
-static unsigned int write_pending(struct Channel * channel);
+static unsigned int write_pending(const struct Channel * channel);
 static void check_close(struct Channel *channel);
 static void close_chan_fd(struct Channel *channel, int fd, int how);
 
@@ -59,6 +59,13 @@ static void close_chan_fd(struct Channel *channel, int fd, int how);
 #define ERRFD_IS_READ(channel) ((channel)->extrabuf == NULL)
 #define ERRFD_IS_WRITE(channel) (!ERRFD_IS_READ(channel))
 
+/* allow space for:
+ * 1 byte  byte      SSH_MSG_CHANNEL_DATA
+ * 4 bytes uint32    recipient channel
+ * 4 bytes string    data
+ */
+#define RECV_MAX_CHANNEL_DATA_LEN (RECV_MAX_PAYLOAD_LEN-(1+4+4))
+
 /* Initialise all the channels */
 void chaninitialise(const struct ChanType *chantypes[]) {
 
@@ -70,7 +77,7 @@ void chaninitialise(const struct ChanType *chantypes[]) {
 
 	ses.chantypes = chantypes;
 
-#ifdef USING_LISTENERS
+#if DROPBEAR_LISTENERS
 	listeners_initialise();
 #endif
 
@@ -92,15 +99,6 @@ void chancleanup() {
 	TRACE(("leave chancleanup"))
 }
 
-static void
-chan_initwritebuf(struct Channel *channel)
-{
-	dropbear_assert(channel->writebuf->size == 0 && channel->recvwindow == 0);
-	cbuf_free(channel->writebuf);
-	channel->writebuf = cbuf_new(opts.recv_window);
-	channel->recvwindow = opts.recv_window;
-}
-
 /* Create a new channel entry, send a reply confirm or failure */
 /* If remotechan, transwindow and transmaxpacket are not know (for a new
  * outgoing connection, with them to be filled on confirmation), they should
@@ -156,16 +154,17 @@ static struct Channel* newchannel(unsigned int remotechan,
 	newchan->writefd = FD_UNINIT;
 	newchan->readfd = FD_UNINIT;
 	newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
-	newchan->initconn = 0;
 	newchan->await_open = 0;
 	newchan->flushing = 0;
 
-	newchan->writebuf = cbuf_new(0); /* resized later by chan_initwritebuf */
-	newchan->recvwindow = 0;
+	newchan->writebuf = cbuf_new(opts.recv_window);
+	newchan->recvwindow = opts.recv_window;
 
 	newchan->extrabuf = NULL; /* The user code can set it up */
 	newchan->recvdonelen = 0;
-	newchan->recvmaxpacket = RECV_MAX_PAYLOAD_LEN;
+	newchan->recvmaxpacket = RECV_MAX_CHANNEL_DATA_LEN;
+
+	newchan->prio = DROPBEAR_CHANNEL_PRIO_EARLY; /* inithandler sets it */
 
 	ses.channels[i] = newchan;
 	ses.chancount++;
@@ -199,13 +198,16 @@ struct Channel* getchannel() {
 }
 
 /* Iterate through the channels, performing IO if available */
-void channelio(fd_set *readfds, fd_set *writefds) {
+void channelio(const fd_set *readfds, const fd_set *writefds) {
 
+	/* Listeners such as TCP, X11, agent-auth */
 	struct Channel *channel;
 	unsigned int i;
 
 	/* foreach channel */
 	for (i = 0; i < ses.chansize; i++) {
+		/* Close checking only needs to occur for channels that had IO events */
+		int do_check_close = 0;
 
 		channel = ses.channels[i];
 		if (channel == NULL) {
@@ -217,6 +219,7 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 		if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) {
 			TRACE(("send normal readfd"))
 			send_msg_channel_data(channel, 0);
+			do_check_close = 1;
 		}
 
 		/* read stderr data and send it over the wire */
@@ -224,32 +227,34 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 			&& FD_ISSET(channel->errfd, readfds)) {
 				TRACE(("send normal errfd"))
 				send_msg_channel_data(channel, 1);
+			do_check_close = 1;
 		}
 
 		/* write to program/pipe stdin */
 		if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) {
-			if (channel->initconn) {
-				/* XXX should this go somewhere cleaner? */
-				check_in_progress(channel);
-				continue; /* Important not to use the channel after
-							 check_in_progress(), as it may be NULL */
-			}
-			writechannel(channel, channel->writefd, channel->writebuf);
+			writechannel(channel, channel->writefd, channel->writebuf, NULL, NULL);
+			do_check_close = 1;
 		}
 		
 		/* stderr for client mode */
 		if (ERRFD_IS_WRITE(channel)
 				&& channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) {
-			writechannel(channel, channel->errfd, channel->extrabuf);
+			writechannel(channel, channel->errfd, channel->extrabuf, NULL, NULL);
+			do_check_close = 1;
+		}
+
+		if (ses.channel_signal_pending) {
+			/* SIGCHLD can change channel state for server sessions */
+			do_check_close = 1;
 		}
 	
 		/* handle any channel closing etc */
-		check_close(channel);
-
+		if (do_check_close) {
+			check_close(channel);
+		}
 	}
 
-	/* Listeners such as TCP, X11, agent-auth */
-#ifdef USING_LISTENERS
+#if DROPBEAR_LISTENERS
 	handle_listeners(readfds);
 #endif
 }
@@ -257,7 +262,7 @@ void channelio(fd_set *readfds, fd_set *writefds) {
 
 /* Returns true if there is data remaining to be written to stdin or
  * stderr of a channel's endpoint. */
-static unsigned int write_pending(struct Channel * channel) {
+static unsigned int write_pending(const struct Channel * channel) {
 
 	if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
 		return 1;
@@ -352,27 +357,26 @@ static void check_close(struct Channel *channel) {
  * if so, set up the channel properly. Otherwise, the channel is cleaned up, so
  * it is important that the channel reference isn't used after a call to this
  * function */
-static void check_in_progress(struct Channel *channel) {
+void channel_connect_done(int result, int sock, void* user_data, const char* UNUSED(errstring)) {
 
-	int val;
-	socklen_t vallen = sizeof(val);
+	struct Channel *channel = user_data;
 
-	TRACE(("enter check_in_progress"))
+	TRACE(("enter channel_connect_done"))
 
-	if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen)
-			|| val != 0) {
-		send_msg_channel_open_failure(channel->remotechan,
-				SSH_OPEN_CONNECT_FAILED, "", "");
-		close(channel->writefd);
-		remove_channel(channel);
-		TRACE(("leave check_in_progress: fail"))
-	} else {
-		chan_initwritebuf(channel);
+	if (result == DROPBEAR_SUCCESS)
+	{
+		channel->readfd = channel->writefd = sock;
+		channel->conn_pending = NULL;
 		send_msg_channel_open_confirmation(channel, channel->recvwindow,
 				channel->recvmaxpacket);
-		channel->readfd = channel->writefd;
-		channel->initconn = 0;
-		TRACE(("leave check_in_progress: success"))
+		TRACE(("leave channel_connect_done: success"))
+	}
+	else
+	{
+		send_msg_channel_open_failure(channel->remotechan,
+				SSH_OPEN_CONNECT_FAILED, "", "");
+		remove_channel(channel);
+		TRACE(("leave check_in_progress: fail"))
 	}
 }
 
@@ -380,7 +384,7 @@ static void check_in_progress(struct Channel *channel) {
 /* Send the close message and set the channel as closed */
 static void send_msg_channel_close(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_close %p", channel))
+	TRACE(("enter send_msg_channel_close %p", (void*)channel))
 	if (channel->type->closehandler 
 			&& !channel->close_handler_done) {
 		channel->type->closehandler(channel);
@@ -418,35 +422,120 @@ static void send_msg_channel_eof(struct Channel *channel) {
 	TRACE(("leave send_msg_channel_eof"))
 }
 
-/* Called to write data out to the local side of the channel. 
- * Only called when we know we can write to a channel, writes as much as
- * possible */
-static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
+#ifndef HAVE_WRITEV
+static int writechannel_fallback(struct Channel* channel, int fd, circbuffer *cbuf,
+	const unsigned char *UNUSED(moredata), unsigned int *morelen) {
 
-	int len, maxlen;
+	unsigned char *circ_p1, *circ_p2;
+	unsigned int circ_len1, circ_len2;
+	ssize_t written;
 
-	TRACE(("enter writechannel fd %d", fd))
-
-	maxlen = cbuf_readlen(cbuf);
-
-	/* Write the data out */
-	len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen);
-	if (len <= 0) {
-		TRACE(("errno %d len %d", errno, len))
-		if (len < 0 && errno != EINTR) {
-			close_chan_fd(channel, fd, SHUT_WR);
-		}
-		TRACE(("leave writechannel: len <= 0"))
-		return;
+	if (morelen) {
+		/* fallback doesn't consume moredata */
+		*morelen = 0;
 	}
-	TRACE(("writechannel wrote %d", len))
 
-	cbuf_incrread(cbuf, len);
-	channel->recvdonelen += len;
+	/* Write the first portion of the circular buffer */
+	cbuf_readptrs(cbuf, &circ_p1, &circ_len1, &circ_p2, &circ_len2);
+	written = write(fd, circ_p1, circ_len1);
+	if (written < 0) {
+		if (errno != EINTR && errno != EAGAIN) {
+			TRACE(("channel IO write error fd %d %s", fd, strerror(errno)))
+			close_chan_fd(channel, fd, SHUT_WR);
+			return DROPBEAR_FAILURE;
+		}
+	} else {
+		cbuf_incrread(cbuf, written);
+		channel->recvdonelen += written;
+	}
+	return DROPBEAR_SUCCESS;
+}
+#endif /* !HAVE_WRITEV */
+
+#ifdef HAVE_WRITEV
+static int writechannel_writev(struct Channel* channel, int fd, circbuffer *cbuf,
+	const unsigned char *moredata, unsigned int *morelen) {
+
+	struct iovec iov[3];
+	unsigned char *circ_p1, *circ_p2;
+	unsigned int circ_len1, circ_len2;
+	int io_count = 0;
+
+	ssize_t written;
+
+	cbuf_readptrs(cbuf, &circ_p1, &circ_len1, &circ_p2, &circ_len2);
+
+	if (circ_len1 > 0) {
+		TRACE(("circ1 %d", circ_len1))
+		iov[io_count].iov_base = circ_p1;
+		iov[io_count].iov_len = circ_len1;
+		io_count++;
+	}
+
+	if (circ_len2 > 0) {
+		TRACE(("circ2 %d", circ_len2))
+		iov[io_count].iov_base = circ_p2;
+		iov[io_count].iov_len = circ_len2;
+		io_count++;
+	}
+
+	if (morelen) {
+		assert(moredata);
+		TRACE(("more %d", *morelen))
+		iov[io_count].iov_base = (void*)moredata;
+		iov[io_count].iov_len  = *morelen;
+		io_count++;
+	}
+
+	if (io_count == 0) {
+		/* writechannel may sometimes be called twice in a main loop iteration.
+		From common_recv_msg_channel_data() then channelio().
+		The second call may not have any data to write, so we just return. */
+		TRACE(("leave writechannel, no data"))
+		return DROPBEAR_SUCCESS;
+	}
+
+	if (morelen) {
+		/* Default return value, none consumed */
+		*morelen = 0;
+	}
+
+	written = writev(fd, iov, io_count);
+
+	if (written < 0) {
+		if (errno != EINTR && errno != EAGAIN) {
+			TRACE(("channel IO write error fd %d %s", fd, strerror(errno)))
+			close_chan_fd(channel, fd, SHUT_WR);
+			return DROPBEAR_FAILURE;
+		}
+	} else {
+		int cbuf_written = MIN(circ_len1+circ_len2, (unsigned int)written);
+		cbuf_incrread(cbuf, cbuf_written);
+		if (morelen) {
+			*morelen = written - cbuf_written;
+		}
+		channel->recvdonelen += written;
+	}
+	return DROPBEAR_SUCCESS;
+}
+#endif /* HAVE_WRITEV */
+
+/* Called to write data out to the local side of the channel. 
+   Writes the circular buffer contents and also the "moredata" buffer
+   if not null. Will ignore EAGAIN.
+   Returns DROPBEAR_FAILURE if writing to fd had an error and the channel is being closed, DROPBEAR_SUCCESS otherwise */
+static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf,
+	const unsigned char *moredata, unsigned int *morelen) {
+	int ret = DROPBEAR_SUCCESS;
+	TRACE(("enter writechannel fd %d", fd))
+#ifdef HAVE_WRITEV
+	ret = writechannel_writev(channel, fd, cbuf, moredata, morelen);
+#else
+	ret = writechannel_fallback(channel, fd, cbuf, moredata, morelen);
+#endif
 
 	/* Window adjust handling */
 	if (channel->recvdonelen >= RECV_WINDOWEXTEND) {
-		/* Set it back to max window */
 		send_msg_channel_window_adjust(channel, channel->recvdonelen);
 		channel->recvwindow += channel->recvdonelen;
 		channel->recvdonelen = 0;
@@ -458,11 +547,13 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 			channel->recvwindow <= cbuf_getavail(channel->extrabuf));
 	
 	TRACE(("leave writechannel"))
+	return ret;
 }
 
+
 /* Set the file descriptors for the main select in session.c
  * This avoid channels which don't have any window available, are closed, etc*/
-void setchannelfds(fd_set *readfds, fd_set *writefds) {
+void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads) {
 	
 	unsigned int i;
 	struct Channel * channel;
@@ -480,7 +571,7 @@ void setchannelfds(fd_set *readfds, fd_set *writefds) {
 		FD if there's the possibility of "~."" to kill an 
 		interactive session (the read_mangler) */
 		if (channel->transwindow > 0
-		   && (ses.dataallowed || channel->read_mangler)) {
+		   && ((ses.dataallowed && allow_reads) || channel->read_mangler)) {
 
 			if (channel->readfd >= 0) {
 				FD_SET(channel->readfd, readfds);
@@ -492,8 +583,7 @@ void setchannelfds(fd_set *readfds, fd_set *writefds) {
 		}
 
 		/* Stuff from the wire */
-		if (channel->initconn
-			||(channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0)) {
+		if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
 				FD_SET(channel->writefd, writefds);
 		}
 
@@ -504,7 +594,7 @@ void setchannelfds(fd_set *readfds, fd_set *writefds) {
 
 	} /* foreach channel */
 
-#ifdef USING_LISTENERS
+#if DROPBEAR_LISTENERS
 	set_listener_fds(readfds);
 #endif
 
@@ -560,14 +650,16 @@ static void remove_channel(struct Channel * channel) {
 	}
 
 
-	/* close the FDs in case they haven't been done
-	 * yet (they might have been shutdown etc) */
-	TRACE(("CLOSE writefd %d", channel->writefd))
-	close(channel->writefd);
-	TRACE(("CLOSE readfd %d", channel->readfd))
-	close(channel->readfd);
-	TRACE(("CLOSE errfd %d", channel->errfd))
-	close(channel->errfd);
+	if (IS_DROPBEAR_SERVER || (channel->writefd != STDOUT_FILENO)) {
+		/* close the FDs in case they haven't been done
+		 * yet (they might have been shutdown etc) */
+		TRACE(("CLOSE writefd %d", channel->writefd))
+		m_close(channel->writefd);
+		TRACE(("CLOSE readfd %d", channel->readfd))
+		m_close(channel->readfd);
+		TRACE(("CLOSE errfd %d", channel->errfd))
+		m_close(channel->errfd);
+	}
 
 	if (!channel->close_handler_done
 		&& channel->type->closehandler) {
@@ -575,10 +667,16 @@ static void remove_channel(struct Channel * channel) {
 		channel->close_handler_done = 1;
 	}
 
+	if (channel->conn_pending) {
+		cancel_connect(channel->conn_pending);
+	}
+
 	ses.channels[channel->index] = NULL;
 	m_free(channel);
 	ses.chancount--;
 
+	update_channel_prio();
+
 	TRACE(("leave remove_channel"))
 }
 
@@ -590,7 +688,7 @@ void recv_msg_channel_request() {
 
 	channel = getchannel();
 
-	TRACE(("enter recv_msg_channel_request %p", channel))
+	TRACE(("enter recv_msg_channel_request %p", (void*)channel))
 
 	if (channel->sent_close) {
 		TRACE(("leave recv_msg_channel_request: already closed channel"))
@@ -601,7 +699,12 @@ void recv_msg_channel_request() {
 			&& !channel->close_handler_done) {
 		channel->type->reqhandler(channel);
 	} else {
-		send_msg_channel_failure(channel);
+		int wantreply;
+		buf_eatstring(ses.payload);
+		wantreply = buf_getbool(ses.payload);
+		if (wantreply) {
+			send_msg_channel_failure(channel);
+		}
 	}
 
 	TRACE(("leave recv_msg_channel_request"))
@@ -718,6 +821,8 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
 	unsigned int maxdata;
 	unsigned int buflen;
 	unsigned int len;
+	unsigned int consumed;
+	int res;
 
 	TRACE(("enter recv_msg_channel_data"))
 
@@ -744,25 +849,36 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
 		dropbear_exit("Oversized packet");
 	}
 
-	/* We may have to run throught twice, if the buffer wraps around. Can't
-	 * just "leave it for next time" like with writechannel, since this
-	 * is payload data */
-	len = datalen;
-	while (len > 0) {
-		buflen = cbuf_writelen(cbuf);
-		buflen = MIN(buflen, len);
-
-		memcpy(cbuf_writeptr(cbuf, buflen), 
-				buf_getptr(ses.payload, buflen), buflen);
-		cbuf_incrwrite(cbuf, buflen);
-		buf_incrpos(ses.payload, buflen);
-		len -= buflen;
-	}
-
 	dropbear_assert(channel->recvwindow >= datalen);
 	channel->recvwindow -= datalen;
 	dropbear_assert(channel->recvwindow <= opts.recv_window);
 
+	/* Attempt to write the data immediately without having to put it in the circular buffer */
+	consumed = datalen;
+	res = writechannel(channel, fd, cbuf, buf_getptr(ses.payload, datalen), &consumed);
+
+	datalen -= consumed;
+	buf_incrpos(ses.payload, consumed);
+
+
+	/* We may have to run throught twice, if the buffer wraps around. Can't
+	 * just "leave it for next time" like with writechannel, since this
+	 * is payload data.
+	 * If the writechannel() failed then remaining data is discarded */
+	if (res == DROPBEAR_SUCCESS) {
+		len = datalen;
+		while (len > 0) {
+			buflen = cbuf_writelen(cbuf);
+			buflen = MIN(buflen, len);
+
+			memcpy(cbuf_writeptr(cbuf, buflen), 
+					buf_getptr(ses.payload, buflen), buflen);
+			cbuf_incrwrite(cbuf, buflen);
+			buf_incrpos(ses.payload, buflen);
+			len -= buflen;
+		}
+	}
+
 	TRACE(("leave recv_msg_channel_data"))
 }
 
@@ -787,7 +903,7 @@ void recv_msg_channel_window_adjust() {
 
 /* Increment the incoming data window for a channel, and let the remote
  * end know */
-static void send_msg_channel_window_adjust(struct Channel* channel, 
+static void send_msg_channel_window_adjust(const struct Channel* channel,
 		unsigned int incr) {
 
 	TRACE(("sending window adjust %d", incr))
@@ -803,7 +919,7 @@ static void send_msg_channel_window_adjust(struct Channel* channel,
 /* Handle a new channel request, performing any channel-type-specific setup */
 void recv_msg_channel_open() {
 
-	unsigned char *type;
+	char *type;
 	unsigned int typelen;
 	unsigned int remotechan, transwindow, transmaxpacket;
 	struct Channel *channel;
@@ -852,6 +968,7 @@ void recv_msg_channel_open() {
 
 	if (channel == NULL) {
 		TRACE(("newchannel returned NULL"))
+		errtype = SSH_OPEN_RESOURCE_SHORTAGE;
 		goto failure;
 	}
 
@@ -869,7 +986,9 @@ void recv_msg_channel_open() {
 		}
 	}
 
-	chan_initwritebuf(channel);
+	if (channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+		channel->prio = DROPBEAR_CHANNEL_PRIO_BULK;
+	}
 
 	/* success */
 	send_msg_channel_open_confirmation(channel, channel->recvwindow,
@@ -882,12 +1001,14 @@ failure:
 
 cleanup:
 	m_free(type);
+	
+	update_channel_prio();
 
 	TRACE(("leave recv_msg_channel_open"))
 }
 
 /* Send a failure message */
-void send_msg_channel_failure(struct Channel *channel) {
+void send_msg_channel_failure(const struct Channel *channel) {
 
 	TRACE(("enter send_msg_channel_failure"))
 	CHECKCLEARTOWRITE();
@@ -900,7 +1021,7 @@ void send_msg_channel_failure(struct Channel *channel) {
 }
 
 /* Send a success message */
-void send_msg_channel_success(struct Channel *channel) {
+void send_msg_channel_success(const struct Channel *channel) {
 
 	TRACE(("enter send_msg_channel_success"))
 	CHECKCLEARTOWRITE();
@@ -915,7 +1036,7 @@ void send_msg_channel_success(struct Channel *channel) {
 /* Send a channel open failure message, with a corresponding reason
  * code (usually resource shortage or unknown chan type) */
 static void send_msg_channel_open_failure(unsigned int remotechan, 
-		int reason, const unsigned char *text, const unsigned char *lang) {
+		int reason, const char *text, const char *lang) {
 
 	TRACE(("enter send_msg_channel_open_failure"))
 	CHECKCLEARTOWRITE();
@@ -923,8 +1044,8 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE);
 	buf_putint(ses.writepayload, remotechan);
 	buf_putint(ses.writepayload, reason);
-	buf_putstring(ses.writepayload, text, strlen((char*)text));
-	buf_putstring(ses.writepayload, lang, strlen((char*)lang));
+	buf_putstring(ses.writepayload, text, strlen(text));
+	buf_putstring(ses.writepayload, lang, strlen(lang));
 
 	encrypt_packet();
 	TRACE(("leave send_msg_channel_open_failure"))
@@ -932,7 +1053,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
 
 /* Confirm a channel open, and let the remote end know what number we've
  * allocated and the receive parameters */
-static void send_msg_channel_open_confirmation(struct Channel* channel,
+static void send_msg_channel_open_confirmation(const struct Channel* channel,
 		unsigned int recvwindow, 
 		unsigned int recvmaxpacket) {
 
@@ -964,7 +1085,7 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
 		}
 	} else {
 		TRACE(("CLOSE some fd %d", fd))
-		close(fd);
+		m_close(fd);
 		closein = closeout = 1;
 	}
 
@@ -987,17 +1108,17 @@ static void close_chan_fd(struct Channel *channel, int fd, int how) {
 	if (channel->type->sepfds && channel->readfd == FD_CLOSED 
 		&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
 		TRACE(("CLOSE (finally) of %d", fd))
-		close(fd);
+		m_close(fd);
 	}
 }
 
 
-#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
+#if (DROPBEAR_LISTENERS) || (DROPBEAR_CLIENT)
 /* Create a new channel, and start the open request. This is intended
  * for X11, agent, tcp forwarding, and should be filled with channel-specific
  * options, with the calling function calling encrypt_packet() after
  * completion. It is mandatory for the caller to encrypt_packet() if
- * DROPBEAR_SUCCESS is returned */
+ * a channel is returned. NULL is returned on failure. */
 int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 
 	struct Channel* chan;
@@ -1011,7 +1132,6 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 
 	/* Outbound opened channels don't make use of in-progress connections,
 	 * we can set it up straight away */
-	chan_initwritebuf(chan);
 
 	/* set fd non-blocking */
 	setnonblocking(fd);
@@ -1028,7 +1148,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 	buf_putstring(ses.writepayload, type->name, strlen(type->name));
 	buf_putint(ses.writepayload, chan->index);
 	buf_putint(ses.writepayload, opts.recv_window);
-	buf_putint(ses.writepayload, RECV_MAX_PAYLOAD_LEN);
+	buf_putint(ses.writepayload, RECV_MAX_CHANNEL_DATA_LEN);
 
 	TRACE(("leave send_msg_channel_open_init()"))
 	return DROPBEAR_SUCCESS;
@@ -1063,9 +1183,14 @@ void recv_msg_channel_open_confirmation() {
 		if (ret > 0) {
 			remove_channel(channel);
 			TRACE(("inithandler returned failure %d", ret))
+			return;
 		}
 	}
 
+	if (channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+		channel->prio = DROPBEAR_CHANNEL_PRIO_BULK;
+	}
+	update_channel_prio();
 	
 	TRACE(("leave recv_msg_channel_open_confirmation"))
 }
@@ -1084,4 +1209,43 @@ void recv_msg_channel_open_failure() {
 
 	remove_channel(channel);
 }
-#endif /* USING_LISTENERS */
+#endif /* DROPBEAR_LISTENERS */
+
+void send_msg_request_success() {
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS);
+	encrypt_packet();
+}
+
+void send_msg_request_failure() {
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE);
+	encrypt_packet();
+}
+
+struct Channel* get_any_ready_channel() {
+	size_t i;
+	if (ses.chancount == 0) {
+		return NULL;
+	}
+	for (i = 0; i < ses.chansize; i++) {
+		struct Channel *chan = ses.channels[i];
+		if (chan
+				&& !(chan->sent_eof || chan->recv_eof)
+				&& !(chan->await_open)) {
+			return chan;
+		}
+	}
+	return NULL;
+}
+
+void start_send_channel_request(const struct Channel *channel,
+		const char *type) {
+
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
+	buf_putint(ses.writepayload, channel->remotechan);
+
+	buf_putstring(ses.writepayload, type, strlen(type));
+
+}

common-kex.c

@@ -29,6 +29,7 @@
 #include "buffer.h"
 #include "session.h"
 #include "kex.h"
+#include "dh_groups.h"
 #include "ssh.h"
 #include "packet.h"
 #include "bignum.h"
@@ -37,55 +38,13 @@
 #include "ecc.h"
 #include "crypto_desc.h"
 
-/* diffie-hellman-group1-sha1 value for p */
-const unsigned char dh_p_1[DH_P_1_LEN] = {
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
-
-/* diffie-hellman-group14-sha1 value for p */
-const unsigned char dh_p_14[DH_P_14_LEN] = {
-	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
-	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
-	0xFF, 0xFF, 0xFF, 0xFF};
-
-/* Same for group1 and group14 */
-static const int DH_G_VAL = 2;
-
-static void kexinitialise();
-static void gen_new_keys();
+static void kexinitialise(void);
+static void gen_new_keys(void);
 #ifndef DISABLE_ZLIB
-static void gen_new_zstream_recv();
-static void gen_new_zstream_trans();
+static void gen_new_zstream_recv(void);
+static void gen_new_zstream_trans(void);
 #endif
-static void read_kex_algos();
+static void read_kex_algos(void);
 /* helper function for gen_new_keys */
 static void hashkeys(unsigned char *out, unsigned int outlen, 
 		const hash_state * hs, const unsigned char X);
@@ -238,14 +197,24 @@ void recv_msg_newkeys() {
 void kexfirstinitialise() {
 	ses.kexstate.donefirstkex = 0;
 
-#ifndef DISABLE_ZLIB
-	if (opts.enable_compress) {
-		ses.compress_algos = ssh_compress;
-	} else
-#endif
+#ifdef DISABLE_ZLIB
+	ses.compress_algos = ssh_nocompress;
+#else
+	switch (opts.compress_mode)
 	{
-		ses.compress_algos = ssh_nocompress;
+		case DROPBEAR_COMPRESS_DELAYED:
+			ses.compress_algos = ssh_delaycompress;
+			break;
+
+		case DROPBEAR_COMPRESS_ON:
+			ses.compress_algos = ssh_compress;
+			break;
+
+		case DROPBEAR_COMPRESS_OFF:
+			ses.compress_algos = ssh_nocompress;
+			break;
 	}
+#endif
 	kexinitialise();
 }
 
@@ -270,7 +239,7 @@ static void kexinitialise() {
 
 	ses.kexstate.our_first_follows_matches = 0;
 
-	ses.kexstate.lastkextime = time(NULL);
+	ses.kexstate.lastkextime = monotonic_now();
 
 }
 
@@ -303,7 +272,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
 		hash_desc->done(&hs2, tmpout);
 		memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
 	}
-
+	m_burn(&hs2, sizeof(hash_state));
 }
 
 /* Generate the actual encryption/integrity keys, using the results of the
@@ -339,17 +308,17 @@ static void gen_new_keys() {
 	ses.hash = NULL;
 
 	if (IS_DROPBEAR_CLIENT) {
-	    trans_IV	= C2S_IV;
-	    recv_IV		= S2C_IV;
-	    trans_key	= C2S_key;
-	    recv_key	= S2C_key;
+		trans_IV	= C2S_IV;
+		recv_IV		= S2C_IV;
+		trans_key	= C2S_key;
+		recv_key	= S2C_key;
 		mactransletter = 'E';
 		macrecvletter = 'F';
 	} else {
-	    trans_IV	= S2C_IV;
-	    recv_IV		= C2S_IV;
-	    trans_key	= S2C_key;
-	    recv_key	= C2S_key;
+		trans_IV	= S2C_IV;
+		recv_IV		= C2S_IV;
+		trans_key	= S2C_key;
+		recv_key	= C2S_key;
 		mactransletter = 'F';
 		macrecvletter = 'E';
 	}
@@ -403,6 +372,7 @@ static void gen_new_keys() {
 	m_burn(C2S_key, sizeof(C2S_key));
 	m_burn(S2C_IV, sizeof(S2C_IV));
 	m_burn(S2C_key, sizeof(S2C_key));
+	m_burn(&hs, sizeof(hash_state));
 
 	TRACE(("leave gen_new_keys"))
 }
@@ -500,7 +470,7 @@ void recv_msg_kexinit() {
 
 	/* start the kex hash */
 	local_ident_len = strlen(LOCAL_IDENT);
-	remote_ident_len = strlen((char*)ses.remoteident);
+	remote_ident_len = strlen(ses.remoteident);
 
 	kexhashbuf_len = local_ident_len + remote_ident_len
 		+ ses.transkexinit->len + ses.payload->len
@@ -514,17 +484,18 @@ void recv_msg_kexinit() {
 		read_kex_algos();
 
 		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, local_ident_len);
+		buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
+		buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			ses.transkexinit->data, ses.transkexinit->len);
+		buf_putstring(ses.kexhashbuf,
+			(const char*)ses.transkexinit->data, ses.transkexinit->len);
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
+		buf_setpos(ses.payload, ses.payload_beginning);
+		buf_putstring(ses.kexhashbuf,
+			(const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
+			ses.payload->len-ses.payload->pos);
 		ses.requirenext = SSH_MSG_KEXDH_REPLY;
 	} else {
 		/* SERVER */
@@ -532,18 +503,19 @@ void recv_msg_kexinit() {
 		/* read the peer's choice of algos */
 		read_kex_algos();
 		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
+		buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-				(unsigned char*)LOCAL_IDENT, local_ident_len);
+		buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
-	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
+		buf_setpos(ses.payload, ses.payload_beginning);
+		buf_putstring(ses.kexhashbuf, 
+			(const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
+			ses.payload->len-ses.payload->pos);
 
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
-	    buf_putstring(ses.kexhashbuf,
-			ses.transkexinit->data, ses.transkexinit->len);
+		buf_putstring(ses.kexhashbuf,
+			(const char*)ses.transkexinit->data, ses.transkexinit->len);
 
 		ses.requirenext = SSH_MSG_KEXDH_INIT;
 	}
@@ -618,16 +590,20 @@ void free_kexdh_param(struct kex_dh_param *param)
 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
 		sign_key *hostkey) {
 
-	mp_int dh_p;
+	DEF_MP_INT(dh_p);
+	DEF_MP_INT(dh_p_min1);
 	mp_int *dh_e = NULL, *dh_f = NULL;
 
-	/* read the prime and generator*/
-	m_mp_init(&dh_p);
+	m_mp_init_multi(&dh_p, &dh_p_min1, NULL);
 	load_dh_p(&dh_p);
 
-	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
-	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
-			|| mp_cmp_d(dh_pub_them, 0) != MP_GT) {
+	if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { 
+		dropbear_exit("Diffie-Hellman error");
+	}
+
+	/* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */
+	if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT 
+			|| mp_cmp_d(dh_pub_them, 1) != MP_GT) {
 		dropbear_exit("Diffie-Hellman error");
 	}
 	
@@ -638,7 +614,7 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
 	}
 
 	/* clear no longer needed vars */
-	mp_clear_multi(&dh_p, NULL);
+	mp_clear_multi(&dh_p, &dh_p_min1, NULL);
 
 	/* From here on, the code needs to work with the _same_ vars on each side,
 	 * not vice-versaing for client/server */
@@ -664,7 +640,7 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
 	finish_kexhashbuf();
 }
 
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 struct kex_ecdh_param *gen_kexecdh_param() {
 	struct kex_ecdh_param *param = m_malloc(sizeof(*param));
 	if (ecc_make_key_ex(NULL, dropbear_ltc_prng, 
@@ -686,6 +662,9 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 	ecc_key *Q_C, *Q_S, *Q_them;
 
 	Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve);
+	if (Q_them == NULL) {
+		dropbear_exit("ECC error");
+	}
 
 	ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key);
 
@@ -713,7 +692,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 }
 #endif /* DROPBEAR_ECDH */
 
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
 struct kex_curve25519_param *gen_kexcurve25519_param () {
 	/* Per http://cr.yp.to/ecdh.html */
 	struct kex_curve25519_param *param = m_malloc(sizeof(*param));
@@ -735,11 +714,12 @@ void free_kexcurve25519_param(struct kex_curve25519_param *param)
 	m_free(param);
 }
 
-void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them,
+void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them,
 	sign_key *hostkey) {
 	unsigned char out[CURVE25519_LEN];
 	const unsigned char* Q_C = NULL;
 	const unsigned char* Q_S = NULL;
+	char zeroes[CURVE25519_LEN] = {0};
 
 	if (buf_pub_them->len != CURVE25519_LEN)
 	{
@@ -747,6 +727,11 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	}
 
 	curve25519_donna(out, param->priv, buf_pub_them->data);
+
+	if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
+		dropbear_exit("Bad curve25519");
+	}
+
 	m_mp_alloc_init_multi(&ses.dh_K, NULL);
 	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
 	m_burn(out, sizeof(out));
@@ -764,9 +749,9 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	/* K_S, the host key */
 	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
 	/* Q_C, client's ephemeral public key octet string */
-	buf_putstring(ses.kexhashbuf, Q_C, CURVE25519_LEN);
+	buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN);
 	/* Q_S, server's ephemeral public key octet string */
-	buf_putstring(ses.kexhashbuf, Q_S, CURVE25519_LEN);
+	buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN);
 	/* K, the shared secret */
 	buf_putmpint(ses.kexhashbuf, ses.dh_K);
 
@@ -789,13 +774,16 @@ static void finish_kexhashbuf(void) {
 	hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize));
 	buf_setlen(ses.hash, hash_desc->hashsize);
 
-#ifdef DEBUG_KEXHASH
-	printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len);
-	printhex("kexhash", ses.hash->data, ses.hash->len);
+#if defined(DEBUG_KEXHASH) && DEBUG_TRACE
+	if (!debug_trace) {
+		printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len);
+		printhex("kexhash", ses.hash->data, ses.hash->len);
+	}
 #endif
 
 	buf_burn(ses.kexhashbuf);
 	buf_free(ses.kexhashbuf);
+	m_burn(&hs, sizeof(hash_state));
 	ses.kexhashbuf = NULL;
 	
 	/* first time around, we set the session_id to H */
@@ -803,7 +791,6 @@ static void finish_kexhashbuf(void) {
 		/* create the session_id, this never needs freeing */
 		ses.session_id = buf_newcopy(ses.hash);
 	}
-
 }
 
 /* read the other side's algo list. buf_match_algo is a callback to match
@@ -827,7 +814,7 @@ static void read_kex_algos() {
 	int allgood = 1; /* we AND this with each goodguess and see if its still
 						true after */
 
-#ifdef USE_KEXGUESS2
+#if DROPBEAR_KEXGUESS2
 	enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
 #else
 	enum kexguess2_used kexguess2 = KEXGUESS2_NO;

common-runopts.c

@@ -62,7 +62,7 @@ out:
 	return ret;
 }
 
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 void
 parse_ciphers_macs()
 {
@@ -106,3 +106,8 @@ parse_ciphers_macs()
 }
 #endif
 
+void print_version() {
+	fprintf(stderr, "Dropbear v%s\n", DROPBEAR_VERSION);
+}
+
+

common-session.c

@@ -1,7 +1,7 @@
 /*
  * Dropbear - a SSH2 server
  * 
- * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) Matt Johnston
  * All rights reserved.
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -34,23 +34,22 @@
 #include "kex.h"
 #include "channel.h"
 #include "runopts.h"
+#include "netio.h"
 
-static void checktimeouts();
-static long select_timeout();
+static void checktimeouts(void);
+static long select_timeout(void);
 static int ident_readln(int fd, char* buf, int count);
-static void read_session_identification();
+static void read_session_identification(void);
 
 struct sshsession ses; /* GLOBAL */
 
-/* need to know if the session struct has been initialised, this way isn't the
- * cleanest, but works OK */
-int sessinitdone = 0; /* GLOBAL */
-
-/* this is set when we get SIGINT or SIGTERM, the handler is in main.c */
-int exitflag = 0; /* GLOBAL */
-
 /* called only at the start of a session, set up initial state */
 void common_session_init(int sock_in, int sock_out) {
+	time_t now;
+
+#if DEBUG_TRACE
+	debug_start_net();
+#endif
 
 	TRACE(("enter session_init"))
 
@@ -58,9 +57,23 @@ void common_session_init(int sock_in, int sock_out) {
 	ses.sock_out = sock_out;
 	ses.maxfd = MAX(sock_in, sock_out);
 
-	ses.connect_time = 0;
-	ses.last_trx_packet_time = 0;
-	ses.last_packet_time = 0;
+	if (sock_in >= 0) {
+		setnonblocking(sock_in);
+	}
+	if (sock_out >= 0) {
+		setnonblocking(sock_out);
+	}
+
+	ses.socket_prio = DROPBEAR_PRIO_DEFAULT;
+	/* Sets it to lowdelay */
+	update_channel_prio();
+
+	now = monotonic_now();
+	ses.connect_time = now;
+	ses.last_packet_time_keepalive_recv = now;
+	ses.last_packet_time_idle = now;
+	ses.last_packet_time_any_sent = 0;
+	ses.last_packet_time_keepalive_sent = 0;
 	
 	if (pipe(ses.signal_pipe) < 0) {
 		dropbear_exit("Signal pipe failed");
@@ -71,8 +84,6 @@ void common_session_init(int sock_in, int sock_out) {
 	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]);
 	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]);
 	
-	kexfirstinitialise(); /* initialise the kex state */
-
 	ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN);
 	ses.transseq = 0;
 
@@ -125,7 +136,7 @@ void common_session_init(int sock_in, int sock_out) {
 	TRACE(("leave session_init"))
 }
 
-void session_loop(void(*loophandler)()) {
+void session_loop(void(*loophandler)(void)) {
 
 	fd_set readfd, writefd;
 	struct timeval timeout;
@@ -133,6 +144,7 @@ void session_loop(void(*loophandler)()) {
 
 	/* main loop, select()s for all sockets in use */
 	for(;;) {
+		const int writequeue_has_space = (ses.writequeue_len <= 2*TRANS_MAX_PAYLOAD_LEN);
 
 		timeout.tv_sec = select_timeout();
 		timeout.tv_usec = 0;
@@ -140,25 +152,37 @@ void session_loop(void(*loophandler)()) {
 		FD_ZERO(&readfd);
 		dropbear_assert(ses.payload == NULL);
 
-		/* during initial setup we flush out the KEXINIT packet before
-		 * attempting to read the remote version string, which might block */
-		if (ses.sock_in != -1 && (ses.remoteident || isempty(&ses.writequeue))) {
-			FD_SET(ses.sock_in, &readfd);
-		}
-		if (ses.sock_out != -1 && !isempty(&ses.writequeue)) {
-			FD_SET(ses.sock_out, &writefd);
-		}
-		
 		/* We get woken up when signal handlers write to this pipe.
 		   SIGCHLD in svr-chansession is the only one currently. */
 		FD_SET(ses.signal_pipe[0], &readfd);
 
 		/* set up for channels which can be read/written */
-		setchannelfds(&readfd, &writefd);
+		setchannelfds(&readfd, &writefd, writequeue_has_space);
+
+		/* Pending connections to test */
+		set_connect_fds(&writefd);
+
+		/* We delay reading from the input socket during initial setup until
+		after we have written out our initial KEXINIT packet (empty writequeue). 
+		This means our initial packet can be in-flight while we're doing a blocking
+		read for the remote ident.
+		We also avoid reading from the socket if the writequeue is full, that avoids
+		replies backing up */
+		if (ses.sock_in != -1 
+			&& (ses.remoteident || isempty(&ses.writequeue)) 
+			&& writequeue_has_space) {
+			FD_SET(ses.sock_in, &readfd);
+		}
+
+		/* Ordering is important, this test must occur after any other function
+		might have queued packets (such as connection handlers) */
+		if (ses.sock_out != -1 && !isempty(&ses.writequeue)) {
+			FD_SET(ses.sock_out, &writefd);
+		}
 
 		val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout);
 
-		if (exitflag) {
+		if (ses.exitflag) {
 			dropbear_exit("Terminated by signal");
 		}
 		
@@ -178,21 +202,18 @@ void session_loop(void(*loophandler)()) {
 		/* We'll just empty out the pipe if required. We don't do
 		any thing with the data, since the pipe's purpose is purely to
 		wake up the select() above. */
+		ses.channel_signal_pending = 0;
 		if (FD_ISSET(ses.signal_pipe[0], &readfd)) {
 			char x;
+			TRACE(("signal pipe set"))
 			while (read(ses.signal_pipe[0], &x, 1) > 0) {}
+			ses.channel_signal_pending = 1;
 		}
 
 		/* check for auth timeout, rekeying required etc */
 		checktimeouts();
 
-		/* process session socket's incoming/outgoing data */
-		if (ses.sock_out != -1) {
-			if (FD_ISSET(ses.sock_out, &writefd) && !isempty(&ses.writequeue)) {
-				write_packet();
-			}
-		}
-
+		/* process session socket's incoming data */
 		if (ses.sock_in != -1) {
 			if (FD_ISSET(ses.sock_in, &readfd)) {
 				if (!ses.remoteident) {
@@ -209,17 +230,26 @@ void session_loop(void(*loophandler)()) {
 				process_packet();
 			}
 		}
-		
+
 		/* if required, flush out any queued reply packets that
 		were being held up during a KEX */
 		maybe_flush_reply_queue();
 
+		handle_connect_fds(&writefd);
+
+		/* loop handler prior to channelio, in case the server loophandler closes
+		channels on process exit */
+		loophandler();
+
 		/* process pipes etc for the channels, ses.dataallowed == 0
 		 * during rekeying ) */
 		channelio(&readfd, &writefd);
 
-		if (loophandler) {
-			loophandler();
+		/* process session socket's outgoing data */
+		if (ses.sock_out != -1) {
+			if (!isempty(&ses.writequeue)) {
+				write_packet();
+			}
 		}
 
 	} /* for(;;) */
@@ -227,35 +257,67 @@ void session_loop(void(*loophandler)()) {
 	/* Not reached */
 }
 
+static void cleanup_buf(buffer **buf) {
+	if (!*buf) {
+		return;
+	}
+	buf_burn(*buf);
+	buf_free(*buf);
+	*buf = NULL;
+}
+
 /* clean up a session on exit */
 void session_cleanup() {
 	
 	TRACE(("enter session_cleanup"))
 	
 	/* we can't cleanup if we don't know the session state */
-	if (!sessinitdone) {
-		TRACE(("leave session_cleanup: !sessinitdone"))
+	if (!ses.init_done) {
+		TRACE(("leave session_cleanup: !ses.init_done"))
 		return;
 	}
 
+	/* BEWARE of changing order of functions here. */
+
+	/* Must be before extra_session_cleanup() */
+	chancleanup();
+
 	if (ses.extra_session_cleanup) {
 		ses.extra_session_cleanup();
 	}
 
-	chancleanup();
-	
-	/* Cleaning up keys must happen after other cleanup
-	functions which might queue packets */
-	if (ses.session_id) {
-		buf_burn(ses.session_id);
-		buf_free(ses.session_id);
-		ses.session_id = NULL;
+	/* After these are freed most functions will fail */
+#if DROPBEAR_CLEANUP
+	/* listeners call cleanup functions, this should occur before
+	other session state is freed. */
+	remove_all_listeners();
+
+	remove_connect_pending();
+
+	while (!isempty(&ses.writequeue)) {
+		buf_free(dequeue(&ses.writequeue));
 	}
-	if (ses.hash) {
-		buf_burn(ses.hash);
-		buf_free(ses.hash);
-		ses.hash = NULL;
+
+	m_free(ses.remoteident);
+	m_free(ses.authstate.pw_dir);
+	m_free(ses.authstate.pw_name);
+	m_free(ses.authstate.pw_shell);
+	m_free(ses.authstate.pw_passwd);
+	m_free(ses.authstate.username);
+#endif
+
+	cleanup_buf(&ses.session_id);
+	cleanup_buf(&ses.hash);
+	cleanup_buf(&ses.payload);
+	cleanup_buf(&ses.readbuf);
+	cleanup_buf(&ses.writepayload);
+	cleanup_buf(&ses.kexhashbuf);
+	cleanup_buf(&ses.transkexinit);
+	if (ses.dh_K) {
+		mp_clear(ses.dh_K);
 	}
+	m_free(ses.dh_K);
+
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
 
@@ -264,10 +326,8 @@ void session_cleanup() {
 
 void send_session_identification() {
 	buffer *writebuf = buf_new(strlen(LOCAL_IDENT "\r\n") + 1);
-	buf_putbytes(writebuf, LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n"));
-	buf_putbyte(writebuf, 0x0); /* packet type */
-	buf_setpos(writebuf, 0);
-	enqueue(&ses.writequeue, writebuf);
+	buf_putbytes(writebuf, (const unsigned char *) LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n"));
+	writebuf_enqueue(writebuf, 0);
 }
 
 static void read_session_identification() {
@@ -293,7 +353,7 @@ static void read_session_identification() {
 	}
 
 	if (!done) {
-		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf))
+		TRACE(("error reading remote ident: %s\n", strerror(errno)))
 		ses.remoteclosed();
 	} else {
 		/* linebuf is already null terminated */
@@ -385,11 +445,37 @@ static int ident_readln(int fd, char* buf, int count) {
 	return pos+1;
 }
 
-void send_msg_ignore() {
+void ignore_recv_response() {
+	/* Do nothing */
+	TRACE(("Ignored msg_request_response"))
+}
+
+static void send_msg_keepalive() {
+	time_t old_time_idle = ses.last_packet_time_idle;
+	struct Channel *chan = get_any_ready_channel();
+
 	CHECKCLEARTOWRITE();
-	buf_putbyte(ses.writepayload, SSH_MSG_IGNORE);
-	buf_putstring(ses.writepayload, "", 0);
+
+	if (chan) {
+		/* Channel requests are preferable, more implementations
+		handle them than SSH_MSG_GLOBAL_REQUEST */
+		TRACE(("keepalive channel request %d", chan->index))
+		start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING);
+	} else {
+		TRACE(("keepalive global request"))
+		/* Some peers will reply with SSH_MSG_REQUEST_FAILURE, 
+		some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */
+		buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); 
+		buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING,
+			strlen(DROPBEAR_KEEPALIVE_STRING));
+	}
+	buf_putbyte(ses.writepayload, 1); /* want_reply */
 	encrypt_packet();
+
+	ses.last_packet_time_keepalive_sent = monotonic_now();
+
+	/* keepalives shouldn't update idle timeout, reset it back */
+	ses.last_packet_time_idle = old_time_idle;
 }
 
 /* Check all timeouts which are required. Currently these are the time for
@@ -397,10 +483,10 @@ void send_msg_ignore() {
 static void checktimeouts() {
 
 	time_t now;
-
-	now = time(NULL);
+	now = monotonic_now();
 	
-	if (ses.connect_time != 0 && now - ses.connect_time >= AUTH_TIMEOUT) {
+	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
+		&& now - ses.connect_time >= AUTH_TIMEOUT) {
 			dropbear_close("Timeout before auth");
 	}
 
@@ -416,30 +502,69 @@ static void checktimeouts() {
 		send_msg_kexinit();
 	}
 	
-	if (opts.keepalive_secs > 0 
-			&& now - ses.last_trx_packet_time >= opts.keepalive_secs) {
-		send_msg_ignore();
+	if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
+		/* Avoid sending keepalives prior to auth - those are
+		not valid pre-auth packet types */
+
+		/* Send keepalives if we've been idle */
+		if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
+			send_msg_keepalive();
+		}
+
+		/* Also send an explicit keepalive message to trigger a response
+		if the remote end hasn't sent us anything */
+		if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs
+			&& now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) {
+			send_msg_keepalive();
+		}
+
+		if (now - ses.last_packet_time_keepalive_recv 
+			>= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) {
+			dropbear_exit("Keepalive timeout");
+		}
 	}
 
-	if (opts.idle_timeout_secs > 0 && ses.last_packet_time > 0
-			&& now - ses.last_packet_time >= opts.idle_timeout_secs) {
+	if (opts.idle_timeout_secs > 0 
+			&& now - ses.last_packet_time_idle >= opts.idle_timeout_secs) {
 		dropbear_close("Idle timeout");
 	}
 }
 
+static void update_timeout(long limit, long now, long last_event, long * timeout) {
+	TRACE2(("update_timeout limit %ld, now %ld, last %ld, timeout %ld",
+		limit, now, last_event, *timeout))
+	if (last_event > 0 && limit > 0) {
+		*timeout = MIN(*timeout, last_event+limit-now);
+		TRACE2(("new timeout %ld", *timeout))
+	}
+}
+
 static long select_timeout() {
 	/* determine the minimum timeout that might be required, so
 	as to avoid waking when unneccessary */
-	long ret = LONG_MAX;
-	if (KEX_REKEY_TIMEOUT > 0)
-		ret = MIN(KEX_REKEY_TIMEOUT, ret);
-	if (AUTH_TIMEOUT > 0)
-		ret = MIN(AUTH_TIMEOUT, ret);
-	if (opts.keepalive_secs > 0)
-		ret = MIN(opts.keepalive_secs, ret);
-    if (opts.idle_timeout_secs > 0)
-        ret = MIN(opts.idle_timeout_secs, ret);
-	return ret;
+	long timeout = KEX_REKEY_TIMEOUT;
+	long now = monotonic_now();
+
+	if (!ses.kexstate.sentkexinit) {
+		update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout);
+	}
+
+	if (ses.authstate.authdone != 1 && IS_DROPBEAR_SERVER) {
+		/* AUTH_TIMEOUT is only relevant before authdone */
+		update_timeout(AUTH_TIMEOUT, now, ses.connect_time, &timeout);
+	}
+
+	if (ses.authstate.authdone) {
+		update_timeout(opts.keepalive_secs, now, 
+			MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent),
+			&timeout);
+	}
+
+	update_timeout(opts.idle_timeout_secs, now, ses.last_packet_time_idle,
+		&timeout);
+
+	/* clamp negative timeouts to zero - event has already triggered */
+	return MAX(timeout, 0);
 }
 
 const char* get_user_shell() {
@@ -487,3 +612,52 @@ void fill_passwd(const char* username) {
 	}
 }
 
+/* Called when channels are modified */
+void update_channel_prio() {
+	enum dropbear_prio new_prio;
+	int any = 0;
+	unsigned int i;
+
+	TRACE(("update_channel_prio"))
+
+	if (ses.sock_out < 0) {
+		TRACE(("leave update_channel_prio: no socket"))
+		return;
+	}
+
+	new_prio = DROPBEAR_PRIO_BULK;
+	for (i = 0; i < ses.chansize; i++) {
+		struct Channel *channel = ses.channels[i];
+		if (!channel || channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+			if (channel && channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+				TRACE(("update_channel_prio: early %d", channel->index))
+			}
+			continue;
+		}
+		any = 1;
+		if (channel->prio == DROPBEAR_CHANNEL_PRIO_INTERACTIVE)
+		{
+			TRACE(("update_channel_prio: lowdelay %d", channel->index))
+			new_prio = DROPBEAR_PRIO_LOWDELAY;
+			break;
+		} else if (channel->prio == DROPBEAR_CHANNEL_PRIO_UNKNOWABLE
+			&& new_prio == DROPBEAR_PRIO_BULK)
+		{
+			TRACE(("update_channel_prio: unknowable %d", channel->index))
+			new_prio = DROPBEAR_PRIO_DEFAULT;
+		}
+	}
+
+	if (any == 0) {
+		/* lowdelay during setup */
+		TRACE(("update_channel_prio: not any"))
+		new_prio = DROPBEAR_PRIO_LOWDELAY;
+	}
+
+	if (new_prio != ses.socket_prio) {
+		TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio))
+		set_sock_priority(ses.sock_out, new_prio);
+		ses.socket_prio = new_prio;
+	}
+}
+

compat.c

@@ -114,8 +114,8 @@ size_t strlcpy(char *dst, const char *src, size_t size) {
 #endif /* HAVE_STRLCPY */
 
 #ifndef HAVE_STRLCAT
-/* taken from openbsd-compat for OpenSSH 3.6.1p1 */
-/* "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $"
+/* taken from openbsd-compat for OpenSSH 7.2p2 */
+/* "$OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $"
  *
  * Appends src to string dst of size siz (unlike strncat, siz is the
  * full size of dst, not space left).  At most siz-1 characters
@@ -123,15 +123,12 @@ size_t strlcpy(char *dst, const char *src, size_t size) {
  * Returns strlen(src) + MIN(siz, strlen(initial dst)).
  * If retval >= siz, truncation occurred.
  */
-	size_t
-strlcat(dst, src, siz)
-	char *dst;
-	const char *src;
-	size_t siz;
+size_t
+strlcat(char *dst, const char *src, size_t siz)
 {
-	register char *d = dst;
-	register const char *s = src;
-	register size_t n = siz;
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
 	size_t dlen;
 
 	/* Find the end of dst and adjust bytes left but don't go past end */
@@ -177,7 +174,7 @@ int daemon(int nochdir, int noclose) {
 	if (!nochdir)
 		(void)chdir("/");
 
-	if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+	if (!noclose && (fd = open(DROPBEAR_PATH_DEVNULL, O_RDWR, 0)) != -1) {
 		(void)dup2(fd, STDIN_FILENO);
 		(void)dup2(fd, STDOUT_FILENO);
 		(void)dup2(fd, STDERR_FILENO);
@@ -235,7 +232,7 @@ void setusershell() {
 
 static char **initshells() {
 	/* don't touch this list. */
-	const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
 	register char **sp, *cp;
 	register FILE *fp;
 	struct stat statb;

compat.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _COMPAT_H_
-#define _COMPAT_H_
+#ifndef DROPBEAR_COMPAT_H_
+#define DROPBEAR_COMPAT_H_
 
 #include "includes.h"
 
@@ -44,13 +44,13 @@ char *basename(const char* path);
 #endif
 
 #ifndef HAVE_GETUSERSHELL
-char *getusershell();
-void setusershell();
-void endusershell();
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
 #endif
 
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
+#ifndef DROPBEAR_PATH_DEVNULL
+#define DROPBEAR_PATH_DEVNULL "/dev/null"
 #endif
 
-#endif /* _COMPAT_H_ */
+#endif /* DROPBEAR_COMPAT_H_ */

configure.ac

@@ -9,19 +9,112 @@ AC_PREREQ(2.59)
 AC_INIT
 AC_CONFIG_SRCDIR(buffer.c)
 
-OLDCFLAGS=$CFLAGS
 # Checks for programs.
 AC_PROG_CC
-AC_PROG_MAKE_SET
 
 if test -z "$LD" ; then
 	LD=$CC
 fi
 AC_SUBST(LD)	
 
+AC_DEFUN(DB_TRYADDCFLAGS, 
+[{
+		OLDFLAGS="$CFLAGS"
+		TESTFLAGS="$1"
+		CFLAGS="$CFLAGS $TESTFLAGS"
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
+			)
+}])
+
+# set compile flags prior to other tests
 if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
 	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
-	CFLAGS="-Os -W -Wall -Wno-pointer-sign"
+	CFLAGS="-Os -W -Wall"
+fi
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
+DB_TRYADDCFLAGS([-Wno-pointer-sign])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
+DB_TRYADDCFLAGS([-fno-strict-overflow])
+
+STATIC=0
+AC_ARG_ENABLE(static,
+	[  --enable-static         Build static binaries],
+	[
+		if test "x$enableval" = "xyes"; then
+			STATIC=1
+			AC_MSG_NOTICE(Static Build)
+		fi
+	], [])
+AC_SUBST(STATIC)
+
+hardenbuild=1
+AC_ARG_ENABLE(harden,
+	[  --disable-harden        Don't set hardened build flags],
+	[
+		if test "x$enableval" = "xno"; then
+			hardenbuild=0
+			AC_MSG_NOTICE(Disabling hardened build flags)
+		fi
+	], [])
+
+if test "$hardenbuild" -eq 1; then
+	AC_MSG_NOTICE(Checking for available hardened build flags:)
+	# relocation flags don't make sense for static builds
+	if test "$STATIC" -ne 1; then
+		# pie
+		DB_TRYADDCFLAGS([-fPIE])
+
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-pie"
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[
+				LDFLAGS="$OLDLDFLAGS"
+				TESTFLAGS="-pie"
+				LDFLAGS="$LDFLAGS $TESTFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+					)
+			]
+			)
+		# readonly elf relocation sections (relro)
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+			)
+	fi # non-static
+	# stack protector. -strong is good but only in gcc 4.9 or later
+	OLDCFLAGS="$CFLAGS"
+	TESTFLAGS="-fstack-protector-strong"
+	CFLAGS="$CFLAGS $TESTFLAGS"
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+	    [
+			CFLAGS="$OLDCFLAGS"
+			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
+			CFLAGS="$CFLAGS $TESTFLAGS"
+			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+			    )
+	    ]
+	    )
+	# FORTIFY_SOURCE
+	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
+
+	# Spectre v2 mitigations
+	DB_TRYADDCFLAGS([-mfunction-return=thunk])
+	DB_TRYADDCFLAGS([-mindirect-branch=thunk])
+
 fi
 
 # large file support is useful for scp
@@ -45,8 +138,8 @@ case "$host" in
 	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
 	if test "$sol2ver" -ge 8; then
 		AC_MSG_RESULT(yes)
-		AC_DEFINE(DISABLE_UTMP,,Disable utmp)
-		AC_DEFINE(DISABLE_WTMP,,Disable wtmp)
+		AC_DEFINE(DISABLE_UTMP,1,Disable utmp)
+		AC_DEFINE(DISABLE_WTMP,1,Disable wtmp)
 	else
 		AC_MSG_RESULT(no)
 	fi
@@ -55,18 +148,18 @@ case "$host" in
 	;;
 
 *-*-aix*)
-	AC_DEFINE(AIX,,Using AIX)
+	AC_DEFINE(AIX,1,Using AIX)
 	# OpenSSH thinks it's broken. If it isn't, let me know.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
 	
 *-*-hpux*)
 	LIBS="$LIBS -lsec"
 	# It's probably broken.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
 *-dec-osf*)
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
 esac
 
@@ -80,11 +173,21 @@ AC_CHECK_DECL(__UCLIBC__,
 	[
 	no_loginfunc_check=1
 	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
-	],,,)
+	],,)
 
-# Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
+dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
+dnl but we don't want link all binaries to -lcrypt, just dropbear server.
+dnl OS X doesn't need -lcrypt 
+AC_CHECK_FUNC(crypt, found_crypt_func=here)
+AC_CHECK_LIB(crypt, crypt, 
+	[
+	CRYPTLIB="-lcrypt"
+	found_crypt_func=here
+	])
 AC_SUBST(CRYPTLIB)	
+if test "t$found_crypt_func" = there; then
+AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
+fi
 
 # Check if zlib is needed
 AC_ARG_WITH(zlib,
@@ -108,7 +211,7 @@ AC_ARG_ENABLE(zlib,
 	[  --disable-zlib          Don't include zlib support],
 	[
 		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_ZLIB,, Use zlib)
+			AC_DEFINE(DISABLE_ZLIB,1,Use zlib)
 			AC_MSG_NOTICE(Disabling zlib)
 		else
 			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
@@ -142,20 +245,20 @@ AC_ARG_WITH(pam,
 
 
 AC_ARG_ENABLE(pam,
-	[  --enable-pam          Try to include PAM support],
+	[  --enable-pam            Try to include PAM support],
 	[
 		if test "x$enableval" = "xyes"; then
 			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
 			AC_MSG_NOTICE(Enabling PAM)
 			AC_CHECK_FUNCS(pam_fail_delay)
 		else
-			AC_DEFINE(DISABLE_PAM,, Use PAM)
+			AC_DEFINE(DISABLE_PAM,1,Use PAM)
 			AC_MSG_NOTICE(Disabling PAM)
 		fi
 	],
 	[
 		# disable it by default
-		AC_DEFINE(DISABLE_PAM,, Use PAM)
+		AC_DEFINE(DISABLE_PAM,1,Use PAM)
 		AC_MSG_NOTICE(Disabling PAM)
 	]
 )
@@ -167,21 +270,26 @@ AC_ARG_ENABLE(openpty,
 			AC_MSG_NOTICE(Not using openpty)
 		else
 			AC_MSG_NOTICE(Using openpty if available)
-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
 		fi
 	],
 	[
 		AC_MSG_NOTICE(Using openpty if available)
-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
 	]
 )
-		
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+	no_ptc_check=yes
+	no_ptmx_check=yes
+fi
 
 AC_ARG_ENABLE(syslog,
 	[  --disable-syslog        Don't include syslog support],
 	[
 		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_SYSLOG,, Using syslog)
+			AC_DEFINE(DISABLE_SYSLOG,1,Using syslog)
 			AC_MSG_NOTICE(Disabling syslog)
 		else
 			AC_MSG_NOTICE(Enabling syslog)
@@ -212,7 +320,11 @@ AC_ARG_ENABLE(shadow,
 # Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h sys/uio.h])
+AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \
+	crypt.h \
+	pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
+	utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
+	pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -265,7 +377,7 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage
 #include <sys/types.h>
 #include <sys/socket.h>
 		]],
-		[[ struct sockaddr_storage s; ]])],
+		[[ if (sizeof(struct sockaddr_storage)) return 0 ]])],
 		[ ac_cv_have_struct_sockaddr_storage="yes" ],
 		[ ac_cv_have_struct_sockaddr_storage="no" ]
 	)
@@ -279,13 +391,13 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
 #include <sys/types.h>
 #include <netinet/in.h>
 		]],
-		[[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
+		[[ if (sizeof(struct sockaddr_in6)) return 0 ]])],
 		[ ac_cv_have_struct_sockaddr_in6="yes" ],
 		[ ac_cv_have_struct_sockaddr_in6="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6)
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6)
 fi
 
 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
@@ -293,13 +405,13 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
 #include <sys/types.h>
 #include <netinet/in.h>
 		]],
-		[[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
+		[[ if (sizeof(struct in6_addr)) return 0 ]])],
 		[ ac_cv_have_struct_in6_addr="yes" ],
 		[ ac_cv_have_struct_in6_addr="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr)
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr)
 fi
 
 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
@@ -308,13 +420,13 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
 #include <sys/socket.h>
 #include <netdb.h>
 		]],
-		[[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
+		[[ if (sizeof(struct addrinfo)) return 0 ]])],
 		[ ac_cv_have_struct_addrinfo="yes" ],
 		[ ac_cv_have_struct_addrinfo="no" ]
 	)
 ])
 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo)
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo)
 fi
 
 
@@ -361,6 +473,12 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 AC_CHECK_FUNCS(logout updwtmp logwtmp)
 
+# OS X monotonic time
+AC_CHECK_HEADERS([mach/mach_time.h])
+AC_CHECK_FUNCS(mach_absolute_time)
+
+AC_CHECK_FUNCS(explicit_bzero memset_s)
+
 AC_ARG_ENABLE(bundled-libtom,
 [  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
   --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
@@ -371,21 +489,21 @@ AC_ARG_ENABLE(bundled-libtom,
 			AC_MSG_NOTICE(Forcing bundled libtom*)
 		else
 			BUNDLED_LIBTOM=0
-			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", 
+			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
 				[AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] )
-			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", 
+			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
 				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] )
 		fi
 	],
 	[
 		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", BUNDLED_LIBTOM=1)
-		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
 	]
 )
 
 if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) 
 fi
 
 AC_SUBST(LIBTOM_LIBS)
@@ -396,36 +514,64 @@ dnl Added from OpenSSH 3.6.1p2's configure.ac
 dnl allow user to disable some login recording features
 AC_ARG_ENABLE(lastlog,
 	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
-	[ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog())
+		fi
+	]
 )
 AC_ARG_ENABLE(utmp,
 	[  --disable-utmp          Disable use of utmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp)
+		fi
+	]
 )
 AC_ARG_ENABLE(utmpx,
 	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx)
+		fi
+	]
 )
 AC_ARG_ENABLE(wtmp,
 	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp)
+		fi
+	]
 )
 AC_ARG_ENABLE(wtmpx,
 	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx)
+		fi
+	]
 )
 AC_ARG_ENABLE(loginfunc,
 	[  --disable-loginfunc     Disable use of login() etc. [no]],
 	[ no_loginfunc_check=1
-	AC_MSG_NOTICE(Not using login() etc) ]
+	AC_MSG_NOTICE([Not using login() etc]) ]
 )
 AC_ARG_ENABLE(pututline,
 	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline())
+		fi
+	]
 )
 AC_ARG_ENABLE(pututxline,
 	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ]
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline())
+		fi
+	]
 )
 AC_ARG_WITH(lastlog,
   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
@@ -440,7 +586,7 @@ AC_ARG_WITH(lastlog,
 
 if test -z "$no_loginfunc_check"; then
 	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
-	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)])
+	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])])
 	AC_CHECK_FUNCS(logout updwtmp logwtmp)
 fi
 
@@ -628,7 +774,9 @@ fi
 AC_PROG_GCC_TRADITIONAL
 AC_FUNC_MEMCMP
 AC_FUNC_SELECT_ARGTYPES
-AC_CHECK_FUNCS([dup2 getspnam getusershell memset putenv select socket strdup clearenv strlcpy strlcat daemon basename _getpty getaddrinfo freeaddrinfo getnameinfo fork writev])
+AC_CHECK_FUNCS([getpass getspnam getusershell putenv])
+AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ])
+AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist])
 
 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
 
@@ -636,7 +784,7 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
 if test -z "$no_ptmx_check" ; then
 	if test x"$cross_compiling" = x"no" ; then
 		if test -e /dev/ptmx ; then
-			AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx)
+			AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx)
 		fi
 	else
 		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
@@ -646,7 +794,7 @@ fi
 if test -z "$no_ptc_check" ; then
 	if test x"$cross_compiling" = x"no" ; then
 		if test -e /dev/ptc ; then
-			AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts)
+			AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts)
 		fi
 	else
 		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
@@ -655,67 +803,32 @@ fi
 
 AC_EXEEXT
 
-# XXX there must be a nicer way to do this
-AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
-AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
-AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
-AS_MKDIR_P(libtomcrypt/src/encauth/ccm)
-AS_MKDIR_P(libtomcrypt/src/encauth/eax)
-AS_MKDIR_P(libtomcrypt/src/encauth/gcm)
-AS_MKDIR_P(libtomcrypt/src/encauth/ocb)
-AS_MKDIR_P(libtomcrypt/src/hashes)
-AS_MKDIR_P(libtomcrypt/src/hashes/chc)
-AS_MKDIR_P(libtomcrypt/src/hashes/helper)
-AS_MKDIR_P(libtomcrypt/src/hashes/sha2)
-AS_MKDIR_P(libtomcrypt/src/hashes/whirl)
-AS_MKDIR_P(libtomcrypt/src/mac/hmac)
-AS_MKDIR_P(libtomcrypt/src/mac/omac)
-AS_MKDIR_P(libtomcrypt/src/mac/pelican)
-AS_MKDIR_P(libtomcrypt/src/mac/pmac)
-AS_MKDIR_P(libtomcrypt/src/mac/f9)
-AS_MKDIR_P(libtomcrypt/src/mac/xcbc)
-AS_MKDIR_P(libtomcrypt/src/math/fp)
-AS_MKDIR_P(libtomcrypt/src/misc/base64)
-AS_MKDIR_P(libtomcrypt/src/misc/crypt)
-AS_MKDIR_P(libtomcrypt/src/misc/mpi)
-AS_MKDIR_P(libtomcrypt/src/misc/pkcs5)
-AS_MKDIR_P(libtomcrypt/src/modes/cbc)
-AS_MKDIR_P(libtomcrypt/src/modes/cfb)
-AS_MKDIR_P(libtomcrypt/src/modes/ctr)
-AS_MKDIR_P(libtomcrypt/src/modes/ecb)
-AS_MKDIR_P(libtomcrypt/src/modes/ofb)
-AS_MKDIR_P(libtomcrypt/src/modes/f8)
-AS_MKDIR_P(libtomcrypt/src/modes/lrw)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/ia5)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/object_identifier)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/octet)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/printable_string)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/sequence)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/set)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/short_integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utctime)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utf8)
-AS_MKDIR_P(libtomcrypt/src/pk/dh)
-AS_MKDIR_P(libtomcrypt/src/pk/dsa)
-AS_MKDIR_P(libtomcrypt/src/pk/ecc)
-AS_MKDIR_P(libtomcrypt/src/pk/katja)
-AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
-AS_MKDIR_P(libtomcrypt/src/pk/rsa)
-AS_MKDIR_P(libtomcrypt/src/prngs)
+if test $BUNDLED_LIBTOM = 1 ; then
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv 
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
+
 AC_CONFIG_HEADER(config.h)
-AC_CONFIG_FILES(Makefile libtomcrypt/Makefile libtommath/Makefile)
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
 AC_OUTPUT
 
 AC_MSG_NOTICE()
 if test $BUNDLED_LIBTOM = 1 ; then
-AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
+AC_MSG_NOTICE([Using bundled libtomcrypt and libtommath])
 else
-AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
+AC_MSG_NOTICE([Using system libtomcrypt and libtommath])
+fi
+
+
+if test "x$ac_cv_func_getpass" != xyes; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([getpass() not available, dbclient will only have public-key authentication])
+fi
+
+if test "t$found_crypt_func" != there; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([crypt() not available, dropbear server will not have password authentication])
 fi
 
 AC_MSG_NOTICE()
-AC_MSG_NOTICE(Now edit options.h to choose features.)
+AC_MSG_NOTICE([Now edit options.h to choose features.])

crypto_desc.c

@@ -4,7 +4,7 @@
 #include "ltc_prng.h"
 #include "ecc.h"
 
-#ifdef DROPBEAR_LTC_PRNG
+#if DROPBEAR_LTC_PRNG
 	int dropbear_ltc_prng = -1;
 #endif
 
@@ -14,16 +14,16 @@
 void crypto_init() {
 
 	const struct ltc_cipher_descriptor *regciphers[] = {
-#ifdef DROPBEAR_AES
+#if DROPBEAR_AES
 		&aes_desc,
 #endif
-#ifdef DROPBEAR_BLOWFISH
+#if DROPBEAR_BLOWFISH
 		&blowfish_desc,
 #endif
-#ifdef DROPBEAR_TWOFISH
+#if DROPBEAR_TWOFISH
 		&twofish_desc,
 #endif
-#ifdef DROPBEAR_3DES
+#if DROPBEAR_3DES
 		&des3_desc,
 #endif
 		NULL
@@ -32,16 +32,16 @@ void crypto_init() {
 	const struct ltc_hash_descriptor *reghashes[] = {
 		/* we need sha1 for hostkey stuff regardless */
 		&sha1_desc,
-#ifdef DROPBEAR_MD5_HMAC
+#if DROPBEAR_MD5_HMAC
 		&md5_desc,
 #endif
-#ifdef DROPBEAR_SHA256
+#if DROPBEAR_SHA256
 		&sha256_desc,
 #endif
-#ifdef DROPBEAR_SHA384
+#if DROPBEAR_SHA384
 		&sha384_desc,
 #endif
-#ifdef DROPBEAR_SHA512
+#if DROPBEAR_SHA512
 		&sha512_desc,
 #endif
 		NULL
@@ -60,14 +60,14 @@ void crypto_init() {
 		}
 	}
 
-#ifdef DROPBEAR_LTC_PRNG
+#if DROPBEAR_LTC_PRNG
 	dropbear_ltc_prng = register_prng(&dropbear_prng_desc);
 	if (dropbear_ltc_prng == -1) {
 		dropbear_exit("Error registering crypto");
 	}
 #endif
 
-#ifdef DROPBEAR_ECC
+#if DROPBEAR_ECC
 	ltc_mp = ltm_desc;
 	dropbear_ecc_fill_dp();
 #endif

crypto_desc.h

@@ -1,9 +1,9 @@
-#ifndef _CRYPTO_DESC_H
-#define _CRYPTO_DESC_H
+#ifndef DROPBEAR_CRYPTO_DESC_H
+#define DROPBEAR_CRYPTO_DESC_H
 
-void crypto_init();
+void crypto_init(void);
 
 extern int dropbear_ltc_prng;
 
-#endif /* _CRYPTO_DESC_H */
+#endif /* DROPBEAR_CRYPTO_DESC_H */
 

curve25519-donna.c

@@ -43,8 +43,7 @@
  *
  * This is, almost, a clean room reimplementation from the curve25519 paper. It
  * uses many of the tricks described therein. Only the crecip function is taken
- * from the sample implementation.
- */
+ * from the sample implementation. */
 
 #include <string.h>
 #include <stdint.h>
@@ -63,25 +62,23 @@ typedef int64_t limb;
  * significant first. The value of the field element is:
  *   x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ...
  *
- * i.e. the limbs are 26, 25, 26, 25, ... bits wide.
- */
+ * i.e. the limbs are 26, 25, 26, 25, ... bits wide. */
 
 /* Sum two numbers: output += in */
 static void fsum(limb *output, const limb *in) {
   unsigned i;
   for (i = 0; i < 10; i += 2) {
-    output[0+i] = (output[0+i] + in[0+i]);
-    output[1+i] = (output[1+i] + in[1+i]);
+    output[0+i] = output[0+i] + in[0+i];
+    output[1+i] = output[1+i] + in[1+i];
   }
 }
 
 /* Find the difference of two numbers: output = in - output
- * (note the order of the arguments!)
- */
+ * (note the order of the arguments!). */
 static void fdifference(limb *output, const limb *in) {
   unsigned i;
   for (i = 0; i < 10; ++i) {
-    output[i] = (in[i] - output[i]);
+    output[i] = in[i] - output[i];
   }
 }
 
@@ -97,7 +94,8 @@ static void fscalar_product(limb *output, const limb *in, const limb scalar) {
  *
  * output must be distinct to both inputs. The inputs are reduced coefficient
  * form, the output is not.
- */
+ *
+ * output[x] <= 14 * the largest product of the input limbs. */
 static void fproduct(limb *output, const limb *in2, const limb *in) {
   output[0] =       ((limb) ((s32) in2[0])) * ((s32) in[0]);
   output[1] =       ((limb) ((s32) in2[0])) * ((s32) in[1]) +
@@ -201,9 +199,15 @@ static void fproduct(limb *output, const limb *in2, const limb *in) {
   output[18] = 2 *  ((limb) ((s32) in2[9])) * ((s32) in[9]);
 }
 
-/* Reduce a long form to a short form by taking the input mod 2^255 - 19. */
+/* Reduce a long form to a short form by taking the input mod 2^255 - 19.
+ *
+ * On entry: |output[i]| < 14*2^54
+ * On exit: |output[0..8]| < 280*2^54 */
 static void freduce_degree(limb *output) {
-  /* Each of these shifts and adds ends up multiplying the value by 19. */
+  /* Each of these shifts and adds ends up multiplying the value by 19.
+   *
+   * For output[0..8], the absolute entry value is < 14*2^54 and we add, at
+   * most, 19*14*2^54 thus, on exit, |output[0..8]| < 280*2^54. */
   output[8] += output[18] << 4;
   output[8] += output[18] << 1;
   output[8] += output[18];
@@ -237,11 +241,13 @@ static void freduce_degree(limb *output) {
 #error "This code only works on a two's complement system"
 #endif
 
-/* return v / 2^26, using only shifts and adds. */
+/* return v / 2^26, using only shifts and adds.
+ *
+ * On entry: v can take any value. */
 static inline limb
 div_by_2_26(const limb v)
 {
-  /* High word of v; no shift needed*/
+  /* High word of v; no shift needed. */
   const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
   /* Set to all 1s if v was negative; else set to 0s. */
   const int32_t sign = ((int32_t) highword) >> 31;
@@ -251,7 +257,9 @@ div_by_2_26(const limb v)
   return (v + roundoff) >> 26;
 }
 
-/* return v / (2^25), using only shifts and adds. */
+/* return v / (2^25), using only shifts and adds.
+ *
+ * On entry: v can take any value. */
 static inline limb
 div_by_2_25(const limb v)
 {
@@ -265,17 +273,9 @@ div_by_2_25(const limb v)
   return (v + roundoff) >> 25;
 }
 
-static inline s32
-div_s32_by_2_25(const s32 v)
-{
-   const s32 roundoff = ((uint32_t)(v >> 31)) >> 7;
-   return (v + roundoff) >> 25;
-}
-
 /* Reduce all coefficients of the short form input so that |x| < 2^26.
  *
- * On entry: |output[i]| < 2^62
- */
+ * On entry: |output[i]| < 280*2^54 */
 static void freduce_coefficients(limb *output) {
   unsigned i;
 
@@ -283,56 +283,65 @@ static void freduce_coefficients(limb *output) {
 
   for (i = 0; i < 10; i += 2) {
     limb over = div_by_2_26(output[i]);
+    /* The entry condition (that |output[i]| < 280*2^54) means that over is, at
+     * most, 280*2^28 in the first iteration of this loop. This is added to the
+     * next limb and we can approximate the resulting bound of that limb by
+     * 281*2^54. */
     output[i] -= over << 26;
     output[i+1] += over;
 
+    /* For the first iteration, |output[i+1]| < 281*2^54, thus |over| <
+     * 281*2^29. When this is added to the next limb, the resulting bound can
+     * be approximated as 281*2^54.
+     *
+     * For subsequent iterations of the loop, 281*2^54 remains a conservative
+     * bound and no overflow occurs. */
     over = div_by_2_25(output[i+1]);
     output[i+1] -= over << 25;
     output[i+2] += over;
   }
-  /* Now |output[10]| < 2 ^ 38 and all other coefficients are reduced. */
+  /* Now |output[10]| < 281*2^29 and all other coefficients are reduced. */
   output[0] += output[10] << 4;
   output[0] += output[10] << 1;
   output[0] += output[10];
 
   output[10] = 0;
 
-  /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19 * 2^38
-   * So |over| will be no more than 77825  */
+  /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19*281*2^29
+   * So |over| will be no more than 2^16. */
   {
     limb over = div_by_2_26(output[0]);
     output[0] -= over << 26;
     output[1] += over;
   }
 
-  /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 77825
-   * So |over| will be no more than 1. */
-  {
-    /* output[1] fits in 32 bits, so we can use div_s32_by_2_25 here. */
-    s32 over32 = div_s32_by_2_25((s32) output[1]);
-    output[1] -= over32 << 25;
-    output[2] += over32;
-  }
-
-  /* Finally, output[0,1,3..9] are reduced, and output[2] is "nearly reduced":
-   * we have |output[2]| <= 2^26.  This is good enough for all of our math,
-   * but it will require an extra freduce_coefficients before fcontract. */
+  /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 2^16 < 2^26. The
+   * bound on |output[1]| is sufficient to meet our needs. */
 }
 
 /* A helpful wrapper around fproduct: output = in * in2.
  *
- * output must be distinct to both inputs. The output is reduced degree and
- * reduced coefficient.
- */
+ * On entry: |in[i]| < 2^27 and |in2[i]| < 2^27.
+ *
+ * output must be distinct to both inputs. The output is reduced degree
+ * (indeed, one need only provide storage for 10 limbs) and |output[i]| < 2^26. */
 static void
 fmul(limb *output, const limb *in, const limb *in2) {
   limb t[19];
   fproduct(t, in, in2);
+  /* |t[i]| < 14*2^54 */
   freduce_degree(t);
   freduce_coefficients(t);
+  /* |t[i]| < 2^26 */
   memcpy(output, t, sizeof(limb) * 10);
 }
 
+/* Square a number: output = in**2
+ *
+ * output must be distinct from the input. The inputs are reduced coefficient
+ * form, the output is not.
+ *
+ * output[x] <= 14 * the largest product of the input limbs. */
 static void fsquare_inner(limb *output, const limb *in) {
   output[0] =       ((limb) ((s32) in[0])) * ((s32) in[0]);
   output[1] =  2 *  ((limb) ((s32) in[0])) * ((s32) in[1]);
@@ -391,12 +400,23 @@ static void fsquare_inner(limb *output, const limb *in) {
   output[18] = 2 *  ((limb) ((s32) in[9])) * ((s32) in[9]);
 }
 
+/* fsquare sets output = in^2.
+ *
+ * On entry: The |in| argument is in reduced coefficients form and |in[i]| <
+ * 2^27.
+ *
+ * On exit: The |output| argument is in reduced coefficients form (indeed, one
+ * need only provide storage for 10 limbs) and |out[i]| < 2^26. */
 static void
 fsquare(limb *output, const limb *in) {
   limb t[19];
   fsquare_inner(t, in);
+  /* |t[i]| < 14*2^54 because the largest product of two limbs will be <
+   * 2^(27+27) and fsquare_inner adds together, at most, 14 of those
+   * products. */
   freduce_degree(t);
   freduce_coefficients(t);
+  /* |t[i]| < 2^26 */
   memcpy(output, t, sizeof(limb) * 10);
 }
 
@@ -417,7 +437,7 @@ fexpand(limb *output, const u8 *input) {
   F(6, 19, 1, 0x3ffffff);
   F(7, 22, 3, 0x1ffffff);
   F(8, 25, 4, 0x3ffffff);
-  F(9, 28, 6, 0x3ffffff);
+  F(9, 28, 6, 0x1ffffff);
 #undef F
 }
 
@@ -425,60 +445,143 @@ fexpand(limb *output, const u8 *input) {
 #error "This code only works when >> does sign-extension on negative numbers"
 #endif
 
+/* s32_eq returns 0xffffffff iff a == b and zero otherwise. */
+static s32 s32_eq(s32 a, s32 b) {
+  a = ~(a ^ b);
+  a &= a << 16;
+  a &= a << 8;
+  a &= a << 4;
+  a &= a << 2;
+  a &= a << 1;
+  return a >> 31;
+}
+
+/* s32_gte returns 0xffffffff if a >= b and zero otherwise, where a and b are
+ * both non-negative. */
+static s32 s32_gte(s32 a, s32 b) {
+  a -= b;
+  /* a >= 0 iff a >= b. */
+  return ~(a >> 31);
+}
+
 /* Take a fully reduced polynomial form number and contract it into a
- * little-endian, 32-byte array
- */
+ * little-endian, 32-byte array.
+ *
+ * On entry: |input_limbs[i]| < 2^26 */
 static void
-fcontract(u8 *output, limb *input) {
+fcontract(u8 *output, limb *input_limbs) {
   int i;
   int j;
+  s32 input[10];
+  s32 mask;
+
+  /* |input_limbs[i]| < 2^26, so it's valid to convert to an s32. */
+  for (i = 0; i < 10; i++) {
+    input[i] = input_limbs[i];
+  }
 
   for (j = 0; j < 2; ++j) {
     for (i = 0; i < 9; ++i) {
       if ((i & 1) == 1) {
-        /* This calculation is a time-invariant way to make input[i] positive
-           by borrowing from the next-larger limb.
-        */
-        const s32 mask = (s32)(input[i]) >> 31;
-        const s32 carry = -(((s32)(input[i]) & mask) >> 25);
-        input[i] = (s32)(input[i]) + (carry << 25);
-        input[i+1] = (s32)(input[i+1]) - carry;
+        /* This calculation is a time-invariant way to make input[i]
+         * non-negative by borrowing from the next-larger limb. */
+        const s32 mask = input[i] >> 31;
+        const s32 carry = -((input[i] & mask) >> 25);
+        input[i] = input[i] + (carry << 25);
+        input[i+1] = input[i+1] - carry;
       } else {
-        const s32 mask = (s32)(input[i]) >> 31;
-        const s32 carry = -(((s32)(input[i]) & mask) >> 26);
-        input[i] = (s32)(input[i]) + (carry << 26);
-        input[i+1] = (s32)(input[i+1]) - carry;
+        const s32 mask = input[i] >> 31;
+        const s32 carry = -((input[i] & mask) >> 26);
+        input[i] = input[i] + (carry << 26);
+        input[i+1] = input[i+1] - carry;
       }
     }
+
+    /* There's no greater limb for input[9] to borrow from, but we can multiply
+     * by 19 and borrow from input[0], which is valid mod 2^255-19. */
     {
-      const s32 mask = (s32)(input[9]) >> 31;
-      const s32 carry = -(((s32)(input[9]) & mask) >> 25);
-      input[9] = (s32)(input[9]) + (carry << 25);
-      input[0] = (s32)(input[0]) - (carry * 19);
+      const s32 mask = input[9] >> 31;
+      const s32 carry = -((input[9] & mask) >> 25);
+      input[9] = input[9] + (carry << 25);
+      input[0] = input[0] - (carry * 19);
     }
+
+    /* After the first iteration, input[1..9] are non-negative and fit within
+     * 25 or 26 bits, depending on position. However, input[0] may be
+     * negative. */
   }
 
   /* The first borrow-propagation pass above ended with every limb
      except (possibly) input[0] non-negative.
 
-     Since each input limb except input[0] is decreased by at most 1
-     by a borrow-propagation pass, the second borrow-propagation pass
-     could only have wrapped around to decrease input[0] again if the
-     first pass left input[0] negative *and* input[1] through input[9]
-     were all zero.  In that case, input[1] is now 2^25 - 1, and this
-     last borrow-propagation step will leave input[1] non-negative.
-  */
+     If input[0] was negative after the first pass, then it was because of a
+     carry from input[9]. On entry, input[9] < 2^26 so the carry was, at most,
+     one, since (2**26-1) >> 25 = 1. Thus input[0] >= -19.
+
+     In the second pass, each limb is decreased by at most one. Thus the second
+     borrow-propagation pass could only have wrapped around to decrease
+     input[0] again if the first pass left input[0] negative *and* input[1]
+     through input[9] were all zero.  In that case, input[1] is now 2^25 - 1,
+     and this last borrow-propagation step will leave input[1] non-negative. */
   {
-    const s32 mask = (s32)(input[0]) >> 31;
-    const s32 carry = -(((s32)(input[0]) & mask) >> 26);
-    input[0] = (s32)(input[0]) + (carry << 26);
-    input[1] = (s32)(input[1]) - carry;
+    const s32 mask = input[0] >> 31;
+    const s32 carry = -((input[0] & mask) >> 26);
+    input[0] = input[0] + (carry << 26);
+    input[1] = input[1] - carry;
   }
 
-  /* Both passes through the above loop, plus the last 0-to-1 step, are
-     necessary: if input[9] is -1 and input[0] through input[8] are 0,
-     negative values will remain in the array until the end.
-   */
+  /* All input[i] are now non-negative. However, there might be values between
+   * 2^25 and 2^26 in a limb which is, nominally, 25 bits wide. */
+  for (j = 0; j < 2; j++) {
+    for (i = 0; i < 9; i++) {
+      if ((i & 1) == 1) {
+        const s32 carry = input[i] >> 25;
+        input[i] &= 0x1ffffff;
+        input[i+1] += carry;
+      } else {
+        const s32 carry = input[i] >> 26;
+        input[i] &= 0x3ffffff;
+        input[i+1] += carry;
+      }
+    }
+
+    {
+      const s32 carry = input[9] >> 25;
+      input[9] &= 0x1ffffff;
+      input[0] += 19*carry;
+    }
+  }
+
+  /* If the first carry-chain pass, just above, ended up with a carry from
+   * input[9], and that caused input[0] to be out-of-bounds, then input[0] was
+   * < 2^26 + 2*19, because the carry was, at most, two.
+   *
+   * If the second pass carried from input[9] again then input[0] is < 2*19 and
+   * the input[9] -> input[0] carry didn't push input[0] out of bounds. */
+
+  /* It still remains the case that input might be between 2^255-19 and 2^255.
+   * In this case, input[1..9] must take their maximum value and input[0] must
+   * be >= (2^255-19) & 0x3ffffff, which is 0x3ffffed. */
+  mask = s32_gte(input[0], 0x3ffffed);
+  for (i = 1; i < 10; i++) {
+    if ((i & 1) == 1) {
+      mask &= s32_eq(input[i], 0x1ffffff);
+    } else {
+      mask &= s32_eq(input[i], 0x3ffffff);
+    }
+  }
+
+  /* mask is either 0xffffffff (if input >= 2^255-19) and zero otherwise. Thus
+   * this conditionally subtracts 2^255-19. */
+  input[0] -= mask & 0x3ffffed;
+
+  for (i = 1; i < 10; i++) {
+    if ((i & 1) == 1) {
+      input[i] -= mask & 0x1ffffff;
+    } else {
+      input[i] -= mask & 0x3ffffff;
+    }
+  }
 
   input[1] <<= 2;
   input[2] <<= 3;
@@ -516,7 +619,9 @@ fcontract(u8 *output, limb *input) {
  *   x z: short form, destroyed
  *   xprime zprime: short form, destroyed
  *   qmqp: short form, preserved
- */
+ *
+ * On entry and exit, the absolute value of the limbs of all inputs and outputs
+ * are < 2^26. */
 static void fmonty(limb *x2, limb *z2,  /* output 2Q */
                    limb *x3, limb *z3,  /* output Q + Q' */
                    limb *x, limb *z,    /* input Q */
@@ -527,43 +632,69 @@ static void fmonty(limb *x2, limb *z2,  /* output 2Q */
 
   memcpy(origx, x, 10 * sizeof(limb));
   fsum(x, z);
-  fdifference(z, origx);  // does x - z
+  /* |x[i]| < 2^27 */
+  fdifference(z, origx);  /* does x - z */
+  /* |z[i]| < 2^27 */
 
   memcpy(origxprime, xprime, sizeof(limb) * 10);
   fsum(xprime, zprime);
+  /* |xprime[i]| < 2^27 */
   fdifference(zprime, origxprime);
+  /* |zprime[i]| < 2^27 */
   fproduct(xxprime, xprime, z);
+  /* |xxprime[i]| < 14*2^54: the largest product of two limbs will be <
+   * 2^(27+27) and fproduct adds together, at most, 14 of those products.
+   * (Approximating that to 2^58 doesn't work out.) */
   fproduct(zzprime, x, zprime);
+  /* |zzprime[i]| < 14*2^54 */
   freduce_degree(xxprime);
   freduce_coefficients(xxprime);
+  /* |xxprime[i]| < 2^26 */
   freduce_degree(zzprime);
   freduce_coefficients(zzprime);
+  /* |zzprime[i]| < 2^26 */
   memcpy(origxprime, xxprime, sizeof(limb) * 10);
   fsum(xxprime, zzprime);
+  /* |xxprime[i]| < 2^27 */
   fdifference(zzprime, origxprime);
+  /* |zzprime[i]| < 2^27 */
   fsquare(xxxprime, xxprime);
+  /* |xxxprime[i]| < 2^26 */
   fsquare(zzzprime, zzprime);
+  /* |zzzprime[i]| < 2^26 */
   fproduct(zzprime, zzzprime, qmqp);
+  /* |zzprime[i]| < 14*2^52 */
   freduce_degree(zzprime);
   freduce_coefficients(zzprime);
+  /* |zzprime[i]| < 2^26 */
   memcpy(x3, xxxprime, sizeof(limb) * 10);
   memcpy(z3, zzprime, sizeof(limb) * 10);
 
   fsquare(xx, x);
+  /* |xx[i]| < 2^26 */
   fsquare(zz, z);
+  /* |zz[i]| < 2^26 */
   fproduct(x2, xx, zz);
+  /* |x2[i]| < 14*2^52 */
   freduce_degree(x2);
   freduce_coefficients(x2);
-  fdifference(zz, xx);  // does zz = xx - zz
+  /* |x2[i]| < 2^26 */
+  fdifference(zz, xx);  /* does zz = xx - zz */
+  /* |zz[i]| < 2^27 */
   memset(zzz + 10, 0, sizeof(limb) * 9);
   fscalar_product(zzz, zz, 121665);
+  /* |zzz[i]| < 2^(27+17) */
   /* No need to call freduce_degree here:
      fscalar_product doesn't increase the degree of its input. */
   freduce_coefficients(zzz);
+  /* |zzz[i]| < 2^26 */
   fsum(zzz, xx);
+  /* |zzz[i]| < 2^27 */
   fproduct(z2, zz, zzz);
+  /* |z2[i]| < 14*2^(26+27) */
   freduce_degree(z2);
   freduce_coefficients(z2);
+  /* |z2|i| < 2^26 */
 }
 
 /* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave
@@ -574,8 +705,7 @@ static void fmonty(limb *x2, limb *z2,  /* output 2Q */
  * wrong results.  Also, the two limb arrays must be in reduced-coefficient,
  * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped,
  * and all all values in a[0..9],b[0..9] must have magnitude less than
- * INT32_MAX.
- */
+ * INT32_MAX. */
 static void
 swap_conditional(limb a[19], limb b[19], limb iswap) {
   unsigned i;
@@ -592,8 +722,7 @@ swap_conditional(limb a[19], limb b[19], limb iswap) {
  *
  *   resultx/resultz: the x coordinate of the resulting curve point (short form)
  *   n: a little endian, 32-byte number
- *   q: a point of the curve (short form)
- */
+ *   q: a point of the curve (short form) */
 static void
 cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
   limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0};
@@ -641,9 +770,9 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
   memcpy(resultz, nqz, sizeof(limb) * 10);
 }
 
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code
-// -----------------------------------------------------------------------------
+/* -----------------------------------------------------------------------------
+ * Shamelessly copied from djb's code
+ * ----------------------------------------------------------------------------- */
 static void
 crecip(limb *out, const limb *z) {
   limb z2[10];
@@ -711,8 +840,6 @@ crecip(limb *out, const limb *z) {
   /* 2^255 - 21 */ fmul(out,t1,z11);
 }
 
-int curve25519_donna(u8 *, const u8 *, const u8 *);
-
 int
 curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
   limb bp[10], x[10], z[11], zmone[10];
@@ -728,7 +855,6 @@ curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
   cmult(x, z, e, bp);
   crecip(zmone, z);
   fmul(z, x, zmone);
-  freduce_coefficients(z);
   fcontract(mypublic, z);
   return 0;
 }

dbclient.1

@@ -3,26 +3,32 @@
 dbclient \- lightweight SSH client
 .SH SYNOPSIS
 .B dbclient
-[\-Tt] [\-p
+[\fIflag arguments\fR] [\-p
 .I port\fR] [\-i
 .I id\fR] [\-L
-.I l\fR:\fIh\fR:\fIr\fR] [\-R
-.I l\fR:\fIh\fR:\fIr\fR] [\-l
+.I l\fR:\fIh\fR:\fIp\fR] [\-R
+.I l\fR:\fIh\fR:\fIp\fR] [\-l
 .IR user ]
 .I host
+.RI [ \fImore\ flags\fR ]
 .RI [ command ]
 
 .B dbclient
-[
-.I args ]
-.I [user1]@host1[^port1],[user2]@host2[^port2],...
+[\fIargs\fR]
+[\fIuser1\fR]@\fIhost1\fR[^\fIport1\fR],[\fIuser2\fR]@\fIhost2\fR[^\fIport2\fR],...
 
 .SH DESCRIPTION
 .B dbclient
-is a SSH client designed to be small enough to be used in small memory
-environments, while still being functional and secure enough for general use.
+is a small SSH client 
 .SH OPTIONS
 .TP
+.TP
+.B command
+A command to run on the remote host. This will normally be run by the remote host
+using the user's shell. The command begins at the first hyphen argument after the 
+host argument. If no command is specified an interactive terminal will be opened
+(see -t and -T).
+.TP
 .B \-p \fIport
 Connect to 
 .I port
@@ -34,9 +40,9 @@ Identity file.
 Read the identity key from file
 .I idfile
 (multiple allowed). This file is created with dropbearkey(1) or converted
-from OpenSSH with dropbearconvert(1).
+from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
 .TP
-.B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
+.B \-L\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
 Local port forwarding.
 Forward the port
 .I listenport
@@ -45,7 +51,7 @@ on the local host through the SSH connection to port
 on the host
 .IR host .
 .TP
-.B \-R [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
+.B \-R\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
 Remote port forwarding.
 Forward the port
 .I listenport
@@ -61,10 +67,12 @@ Login as
 on the remote host.
 .TP
 .B \-t
-Allocate a PTY.
+Allocate a PTY. This is the default when no command is given, it gives a full
+interactive remote session. The main effect is that keystrokes are sent remotely 
+immediately as opposed to local line-based editing.
 .TP
 .B \-T
-Don't allocate a PTY.
+Don't allocate a PTY. This is the default a command is given. See -t.
 .TP
 .B \-N
 Don't request a remote shell or run any commands. Any command arguments are ignored.
@@ -98,15 +106,27 @@ Ensure that traffic is transmitted at a certain interval in seconds. This is
 useful for working around firewalls or routers that drop connections after
 a certain period of inactivity. The trade-off is that a session may be
 closed if there is a temporary lapse of network connectivity. A setting
-if 0 disables keepalives.
+if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
 .TP
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+
+.\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
+.TP
+.B \-J \fI&fd
+.br
 Use the standard input/output of the program \fIproxy_command\fR rather than using
 a normal TCP connection. A hostname should be still be provided, as this is used for
-comparing saved hostkeys.
+comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
+default shell.
+
+The second form &fd will make dbclient use the numeric file descriptor as a socket. This
+can be used for more complex tunnelling scenarios. Example usage with socat is
+
+socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22
+
 .TP
 .B \-B \fIendhost:endport
 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a
@@ -119,15 +139,38 @@ Specify a comma separated list of ciphers to enable. Use \fI-c help\fR to list p
 .B \-m \fIMAClist
 Specify a comma separated list of authentication MACs to enable. Use \fI-m help\fR to list possibilities.
 .TP
+.B \-o \fIoption
+Can be used to give options in the format used by OpenSSH config file. This is
+useful for specifying options for which there is no separate command-line flag.
+For full details of the options listed below, and their possible values, see
+ssh_config(5).
+The following options have currently been implemented:
+
+.RS
+.TP
+.B ExitOnForwardFailure
+Specifies whether dbclient should terminate the connection if it cannot set up all requested local and remote port forwardings. The argument must be “yes” or “no”.  The default is “no”.
+.TP
+.B UseSyslog
+Send dbclient log messages to syslog in addition to stderr.
+.RE
+.TP
 .B \-s 
 The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR
+.TP
+.B \-b \fI[address][:port]
+Bind to a specific local address when connecting to the remote host. This can be used to choose from
+multiple outgoing interfaces. Either address or port (or both) can be given.
+.TP
+.B \-V
+Print the version
 
 .SH MULTI-HOP
 Dropbear will also allow multiple "hops" to be specified, separated by commas. In
 this case a connection will be made to the first host, then a TCP forwarded 
 connection will be made through that to the second host, and so on. Hosts other than
 the final destination will not see anything other than the encrypted SSH stream. 
-A port for a host can be specified with a hash (eg matt@martello^44 ).
+A port for a host can be specified with a caret (eg matt@martello^44 ).
 This syntax can also be used with scp or rsync (specifying dbclient as the 
 ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
 
@@ -155,6 +198,10 @@ SSH_ASKPASS should be set to the path of a program that will return a password
 on standard output. This program will only be used if either DISPLAY is set and
 standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is
 set.
+.SH NOTES
+If compiled with zlib support and if the server supports it, dbclient will
+always use compression.
+
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br

dbhelpers.c

@@ -0,0 +1,25 @@
+#include "dbhelpers.h"
+#include "includes.h"
+
+/* Erase data */
+void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
+/* Based on the method in David Wheeler's
+ * "Secure Programming for Linux and Unix HOWTO". May not be safe
+ * against link-time optimisation. */
+	volatile char *p = data;
+
+	if (data == NULL)
+		return;
+	while (len--) {
+		*p++ = 0x0;
+	}
+#endif
+}
+
+

dbhelpers.h

@@ -0,0 +1,21 @@
+#ifndef DROPBEAR_DBHELPERS_H_
+#define DROPBEAR_DBHELPERS_H_
+
+/* This header defines some things that are also used by libtomcrypt/math. 
+   We avoid including normal include.h since that can result in conflicting 
+   definitions - only include config.h */
+#include "config.h"
+
+#ifdef __GNUC__
+#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#define ATTRIB_SENTINEL __attribute__((sentinel))
+#else
+#define ATTRIB_PRINTF(fmt,args)
+#define ATTRIB_NORETURN
+#define ATTRIB_SENTINEL
+#endif
+
+void m_burn(void* data, unsigned int len);
+
+#endif /* DROPBEAR_DBHELPERS_H_ */

dbmulti.c

@@ -26,17 +26,13 @@
 
 /* definitions are cleanest if we just put them here */
 int dropbear_main(int argc, char ** argv);
+int cli_main(int argc, char ** argv);
 int dropbearkey_main(int argc, char ** argv);
 int dropbearconvert_main(int argc, char ** argv);
 int scp_main(int argc, char ** argv);
 
-int main(int argc, char ** argv) {
-
-	char * progname;
-
-	if (argc > 0) {
-		/* figure which form we're being called as */
-		progname = basename(argv[0]);
+static int runprog(const char *progname, int argc, char ** argv, int *match) {
+	*match = DROPBEAR_SUCCESS;
 
 #ifdef DBMULTI_dropbear
 		if (strcmp(progname, "dropbear") == 0) {
@@ -64,10 +60,28 @@ int main(int argc, char ** argv) {
 			return scp_main(argc, argv);
 		}
 #endif
+	*match = DROPBEAR_FAILURE;
+	return 1;
+}
+
+int main(int argc, char ** argv) {
+	int i;
+	for (i = 0; i < 2; i++) {
+		/* Try symlink first, then try as an argument eg "dropbearmulti dbclient host ..." */
+		if (argc > i) {
+			int match, res;
+			/* figure which form we're being called as */
+			const char* progname = basename(argv[i]);
+			res = runprog(progname, argc-i, &argv[i], &match);
+			if (match == DROPBEAR_SUCCESS) {
+				return res;
+			}
+		}
 	}
 
 	fprintf(stderr, "Dropbear SSH multi-purpose v%s\n"
-			"Make a symlink pointing at this binary with one of the following names:\n"
+			"Make a symlink pointing at this binary with one of the\n"
+			"following names or run 'dropbearmulti <command>'.\n"
 #ifdef DBMULTI_dropbear
 			"'dropbear' - the Dropbear server\n"
 #endif

dbrandom.c

@@ -32,7 +32,7 @@
 /* this is used to generate unique output from the same hashpool */
 static uint32_t counter = 0;
 /* the max value for the counter, so it won't integer overflow */
-#define MAX_COUNTER 1<<30 
+#define MAX_COUNTER (1<<30)
 
 static unsigned char hashpool[SHA1_HASH_SIZE] = {0};
 static int donerandinit = 0;
@@ -59,7 +59,7 @@ process_file(hash_state *hs, const char *filename,
 	unsigned int readcount;
 	int ret = DROPBEAR_FAILURE;
 
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
 	if (prngd)
 	{
 		readfd = connect_unix(filename);
@@ -107,7 +107,7 @@ process_file(hash_state *hs, const char *filename,
 			wantread = MIN(sizeof(readbuf), len-readcount);
 		}
 
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
 		if (prngd)
 		{
 			char egdcmd[2];
@@ -141,7 +141,7 @@ out:
 	return ret;
 }
 
-void addrandom(char * buf, unsigned int len)
+void addrandom(const unsigned char * buf, unsigned int len)
 {
 	hash_state hs;
 
@@ -157,7 +157,7 @@ void addrandom(char * buf, unsigned int len)
 
 static void write_urandom()
 {
-#ifndef DROPBEAR_PRNGD_SOCKET
+#if !DROPBEAR_USE_PRNGD
 	/* This is opportunistic, don't worry about failure */
 	unsigned char buf[INIT_SEED_SIZE];
 	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
@@ -185,7 +185,7 @@ void seedrandom() {
 	/* existing state */
 	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
 
-#ifdef DROPBEAR_PRNGD_SOCKET
+#if DROPBEAR_USE_PRNGD
 	if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) 
 			!= DROPBEAR_SUCCESS) {
 		dropbear_exit("Failure reading random device %s", 
@@ -306,7 +306,7 @@ void gen_random_mpint(mp_int *max, mp_int *rand) {
 
 		/* keep regenerating until we get one satisfying
 		 * 0 < rand < max    */
-	} while (mp_cmp(rand, max) != MP_LT);
+	} while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT));
 	m_burn(randbuf, len);
 	m_free(randbuf);
 }

dbrandom.h

@@ -22,14 +22,14 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _RANDOM_H_
-#define _RANDOM_H_
+#ifndef DROPBEAR_RANDOM_H_
+#define DROPBEAR_RANDOM_H_
 
 #include "includes.h"
 
-void seedrandom();
+void seedrandom(void);
 void genrandom(unsigned char* buf, unsigned int len);
-void addrandom(char * buf, unsigned int len);
+void addrandom(const unsigned char * buf, unsigned int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
-#endif /* _RANDOM_H_ */
+#endif /* DROPBEAR_RANDOM_H_ */

dbutil.c

@@ -48,6 +48,19 @@
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
 
+#include "config.h"
+
+#ifdef __linux__
+#define _GNU_SOURCE
+/* To call clock_gettime() directly */
+#include <sys/syscall.h>
+#endif /* __linux */
+
+#ifdef HAVE_MACH_MACH_TIME_H
+#include <mach/mach_time.h>
+#include <mach/mach.h>
+#endif
+
 #include "includes.h"
 #include "dbutil.h"
 #include "buffer.h"
@@ -66,14 +79,14 @@ void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_N
 void (*_dropbear_log)(int priority, const char* format, va_list param)
 						= generic_dropbear_log;
 
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 int debug_trace = 0;
 #endif
 
 #ifndef DISABLE_SYSLOG
-void startsyslog() {
+void startsyslog(const char *ident) {
 
-	openlog(PROGNAME, LOG_PID, LOG_AUTHPRIV);
+	openlog(ident, LOG_PID, LOG_AUTHPRIV);
 
 }
 #endif /* DISABLE_SYSLOG */
@@ -136,19 +149,45 @@ void dropbear_log(int priority, const char* format, ...) {
 }
 
 
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
+
+static double debug_start_time = -1;
+
+void debug_start_net()
+{
+	if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP"))
+	{
+		/* Timestamps start from first network activity */
+		struct timeval tv;
+		gettimeofday(&tv, NULL);
+		debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0);
+		TRACE(("Resetting Dropbear TRACE timestamps"))
+	}
+}
+
+static double time_since_start()
+{
+	double nowf;
+	struct timeval tv;
+	gettimeofday(&tv, NULL);
+	nowf = tv.tv_sec + (tv.tv_usec / 1000000.0);
+	if (debug_start_time < 0)
+	{
+		debug_start_time = nowf;
+		return 0;
+	}
+	return nowf - debug_start_time;
+}
+
 void dropbear_trace(const char* format, ...) {
 	va_list param;
-	struct timeval tv;
 
 	if (!debug_trace) {
 		return;
 	}
 
-	gettimeofday(&tv, NULL);
-
 	va_start(param, format);
-	fprintf(stderr, "TRACE  (%d) %d.%d: ", getpid(), tv.tv_sec, tv.tv_usec);
+	fprintf(stderr, "TRACE  (%d) %f: ", getpid(), time_since_start());
 	vfprintf(stderr, format, param);
 	fprintf(stderr, "\n");
 	va_end(param);
@@ -157,7 +196,6 @@ void dropbear_trace(const char* format, ...) {
 void dropbear_trace2(const char* format, ...) {
 	static int trace_env = -1;
 	va_list param;
-	struct timeval tv;
 
 	if (trace_env == -1) {
 		trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0;
@@ -167,192 +205,16 @@ void dropbear_trace2(const char* format, ...) {
 		return;
 	}
 
-	gettimeofday(&tv, NULL);
-
 	va_start(param, format);
-	fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), tv.tv_sec, tv.tv_usec);
+	fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start());
 	vfprintf(stderr, format, param);
 	fprintf(stderr, "\n");
 	va_end(param);
 }
 #endif /* DEBUG_TRACE */
 
-void set_sock_nodelay(int sock) {
-	int val;
-
-	/* disable nagle */
-	val = 1;
-	setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
-}
-
-void set_sock_priority(int sock, enum dropbear_prio prio) {
-
-	int iptos_val = 0, so_prio_val = 0, rc;
-
-	/* set the TOS bit for either ipv4 or ipv6 */
-#ifdef IPTOS_LOWDELAY
-	if (prio == DROPBEAR_PRIO_LOWDELAY) {
-		iptos_val = IPTOS_LOWDELAY;
-	} else if (prio == DROPBEAR_PRIO_BULK) {
-		iptos_val = IPTOS_THROUGHPUT;
-	}
-#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
-	rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val));
-	if (rc < 0) {
-		TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno)));
-	}
-#endif
-	rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val));
-	if (rc < 0) {
-		TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
-	}
-#endif
-
-#ifdef SO_PRIORITY
-	if (prio == DROPBEAR_PRIO_LOWDELAY) {
-		so_prio_val = TC_PRIO_INTERACTIVE;
-	} else if (prio == DROPBEAR_PRIO_BULK) {
-		so_prio_val = TC_PRIO_BULK;
-	}
-	/* linux specific, sets QoS class. see tc-prio(8) */
-	rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val));
-	if (rc < 0)
-		dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)",
-				strerror(errno));
-#endif
-
-}
-
-/* Listen on address:port. 
- * Special cases are address of "" listening on everything,
- * and address of NULL listening on localhost only.
- * Returns the number of sockets bound on success, or -1 on failure. On
- * failure, if errstring wasn't NULL, it'll be a newly malloced error
- * string.*/
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
-
-	struct addrinfo hints, *res = NULL, *res0 = NULL;
-	int err;
-	unsigned int nsock;
-	struct linger linger;
-	int val;
-	int sock;
-
-	TRACE(("enter dropbear_listen"))
-	
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
-	hints.ai_socktype = SOCK_STREAM;
-
-	/* for calling getaddrinfo:
-	 address == NULL and !AI_PASSIVE: local loopback
-	 address == NULL and AI_PASSIVE: all interfaces
-	 address != NULL: whatever the address says */
-	if (!address) {
-		TRACE(("dropbear_listen: local loopback"))
-	} else {
-		if (address[0] == '\0') {
-			TRACE(("dropbear_listen: all interfaces"))
-			address = NULL;
-		}
-		hints.ai_flags = AI_PASSIVE;
-	}
-	err = getaddrinfo(address, port, &hints, &res0);
-
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
-		}
-		if (res0) {
-			freeaddrinfo(res0);
-			res0 = NULL;
-		}
-		TRACE(("leave dropbear_listen: failed resolving"))
-		return -1;
-	}
-
-
-	nsock = 0;
-	for (res = res0; res != NULL && nsock < sockcount;
-			res = res->ai_next) {
-
-		/* Get a socket */
-		socks[nsock] = socket(res->ai_family, res->ai_socktype,
-				res->ai_protocol);
-
-		sock = socks[nsock]; /* For clarity */
-
-		if (sock < 0) {
-			err = errno;
-			TRACE(("socket() failed"))
-			continue;
-		}
-
-		/* Various useful socket options */
-		val = 1;
-		/* set to reuse, quick timeout */
-		setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
-		linger.l_onoff = 1;
-		linger.l_linger = 5;
-		setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
-
-#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
-		if (res->ai_family == AF_INET6) {
-			int on = 1;
-			if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, 
-						&on, sizeof(on)) == -1) {
-				dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY");
-			}
-		}
-#endif
-
-		set_sock_nodelay(sock);
-
-		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("bind(%s) failed", port))
-			continue;
-		}
-
-		if (listen(sock, 20) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("listen() failed"))
-			continue;
-		}
-
-		*maxfd = MAX(*maxfd, sock);
-
-		nsock++;
-	}
-
-	if (res0) {
-		freeaddrinfo(res0);
-		res0 = NULL;
-	}
-
-	if (nsock == 0) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error listening: %s", strerror(err));
-		}
-		TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
-		return -1;
-	}
-
-	TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
-	return nsock;
-}
-
 /* Connect to a given unix socket. The socket is blocking */
-#ifdef ENABLE_CONNECT_UNIX
+#if ENABLE_CONNECT_UNIX
 int connect_unix(const char* path) {
 	struct sockaddr_un addr;
 	int fd = -1;
@@ -374,99 +236,12 @@ int connect_unix(const char* path) {
 }
 #endif
 
-/* Connect via TCP to a host. Connection will try ipv4 or ipv6, will
- * return immediately if nonblocking is set. On failure, if errstring
- * wasn't null, it will be a newly malloced error message */
-
-/* TODO: maxfd */
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring) {
-
-	struct addrinfo *res0 = NULL, *res = NULL, hints;
-	int sock;
-	int err;
-
-	TRACE(("enter connect_remote"))
-
-	if (errstring != NULL) {
-		*errstring = NULL;
-	}
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-
-	err = getaddrinfo(remotehost, remoteport, &hints, &res0);
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 100 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving '%s' port '%s'. %s", 
-					remotehost, remoteport, gai_strerror(err));
-		}
-		TRACE(("Error resolving: %s", gai_strerror(err)))
-		return -1;
-	}
-
-	sock = -1;
-	err = EADDRNOTAVAIL;
-	for (res = res0; res; res = res->ai_next) {
-
-		sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-		if (sock < 0) {
-			err = errno;
-			continue;
-		}
-
-		if (nonblocking) {
-			setnonblocking(sock);
-		}
-
-		if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			if (errno == EINPROGRESS && nonblocking) {
-				TRACE(("Connect in progress"))
-				break;
-			} else {
-				err = errno;
-				close(sock);
-				sock = -1;
-				continue;
-			}
-		}
-
-		break; /* Success */
-	}
-
-	if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) {
-		/* Failed */
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error connecting: %s", strerror(err));
-		}
-		TRACE(("Error connecting: %s", strerror(err)))
-	} else {
-		/* Success */
-		set_sock_nodelay(sock);
-	}
-
-	freeaddrinfo(res0);
-	if (sock > 0 && errstring != NULL && *errstring != NULL) {
-		m_free(*errstring);
-	}
-
-	TRACE(("leave connect_remote: sock %d\n", sock))
-	return sock;
-}
-
 /* Sets up a pipe for a, returning three non-blocking file descriptors
  * and the pid. exec_fn is the function that will actually execute the child process,
  * it will be run after the child has fork()ed, and is passed exec_data.
  * If ret_errfd == NULL then stderr will not be captured.
  * ret_pid can be passed as  NULL to discard the pid. */
-int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
+int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
 		int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
 	int infds[2];
 	int outfds[2];
@@ -487,7 +262,7 @@ int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
 		return DROPBEAR_FAILURE;
 	}
 
-#ifdef USE_VFORK
+#if DROPBEAR_VFORK
 	pid = vfork();
 #else
 	pid = fork();
@@ -596,89 +371,7 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
 	execv(usershell, argv);
 }
 
-void get_socket_address(int fd, char **local_host, char **local_port,
-						char **remote_host, char **remote_port, int host_lookup)
-{
-	struct sockaddr_storage addr;
-	socklen_t addrlen;
-	
-	if (local_host || local_port) {
-		addrlen = sizeof(addr);
-		if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			dropbear_exit("Failed socket address: %s", strerror(errno));
-		}
-		getaddrstring(&addr, local_host, local_port, host_lookup);		
-	}
-	if (remote_host || remote_port) {
-		addrlen = sizeof(addr);
-		if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			dropbear_exit("Failed socket address: %s", strerror(errno));
-		}
-		getaddrstring(&addr, remote_host, remote_port, host_lookup);		
-	}
-}
-
-/* Return a string representation of the socket address passed. The return
- * value is allocated with malloc() */
-void getaddrstring(struct sockaddr_storage* addr, 
-			char **ret_host, char **ret_port,
-			int host_lookup) {
-
-	char host[NI_MAXHOST+1], serv[NI_MAXSERV+1];
-	unsigned int len;
-	int ret;
-	
-	int flags = NI_NUMERICSERV | NI_NUMERICHOST;
-
-#ifndef DO_HOST_LOOKUP
-	host_lookup = 0;
-#endif
-	
-	if (host_lookup) {
-		flags = NI_NUMERICSERV;
-	}
-
-	len = sizeof(struct sockaddr_storage);
-	/* Some platforms such as Solaris 8 require that len is the length
-	 * of the specific structure. Some older linux systems (glibc 2.1.3
-	 * such as debian potato) have sockaddr_storage.__ss_family instead
-	 * but we'll ignore them */
-#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY
-	if (addr->ss_family == AF_INET) {
-		len = sizeof(struct sockaddr_in);
-	}
-#ifdef AF_INET6
-	if (addr->ss_family == AF_INET6) {
-		len = sizeof(struct sockaddr_in6);
-	}
-#endif
-#endif
-
-	ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, 
-			serv, sizeof(serv)-1, flags);
-
-	if (ret != 0) {
-		if (host_lookup) {
-			/* On some systems (Darwin does it) we get EINTR from getnameinfo
-			 * somehow. Eew. So we'll just return the IP, since that doesn't seem
-			 * to exhibit that behaviour. */
-			getaddrstring(addr, ret_host, ret_port, 0);
-			return;
-		} else {
-			/* if we can't do a numeric lookup, something's gone terribly wrong */
-			dropbear_exit("Failed lookup: %s", gai_strerror(ret));
-		}
-	}
-
-	if (ret_host) {
-		*ret_host = m_strdup(host);
-	}
-	if (ret_port) {
-		*ret_port = m_strdup(serv);
-	}
-}
-
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 void printhex(const char * label, const unsigned char * buf, int len) {
 
 	int i;
@@ -772,7 +465,7 @@ out:
  * authkeys file.
  * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
 /* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
-#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
+#if DROPBEAR_CLIENT || DROPBEAR_SVR_PUBKEY_AUTH
 int buf_getline(buffer * line, FILE * authfile) {
 
 	int c = EOF;
@@ -811,12 +504,12 @@ out:
 
 /* make sure that the socket closes */
 void m_close(int fd) {
+	int val;
 
-	if (fd == -1) {
+	if (fd < 0) {
 		return;
 	}
 
-	int val;
 	do {
 		val = close(fd);
 	} while (val < 0 && errno == EINTR);
@@ -866,21 +559,6 @@ void * m_realloc(void* ptr, size_t size) {
 	return ret;
 }
 
-/* Clear the data, based on the method in David Wheeler's
- * "Secure Programming for Linux and Unix HOWTO" */
-/* Beware of calling this from within dbutil.c - things might get
- * optimised away */
-void m_burn(void *data, unsigned int len) {
-	volatile char *p = data;
-
-	if (data == NULL)
-		return;
-	while (len--) {
-		*p++ = 0x0;
-	}
-}
-
-
 void setnonblocking(int fd) {
 
 	TRACE(("setnonblocking: %d", fd))
@@ -920,6 +598,24 @@ int m_str_to_uint(const char* str, unsigned int *val) {
 	}
 }
 
+/* Returns malloced path. inpath beginning with '/' is returned as-is,
+otherwise home directory is prepended */
+char * expand_homedir_path(const char *inpath) {
+	struct passwd *pw = NULL;
+	if (inpath[0] != '/') {
+		pw = getpwuid(getuid());
+		if (pw && pw->pw_dir) {
+			int len = strlen(inpath) + strlen(pw->pw_dir) + 2;
+			char *buf = m_malloc(len);
+			snprintf(buf, len, "%s/%s", pw->pw_dir, inpath);
+			return buf;
+		}
+	}
+
+	/* Fallback */
+	return m_strdup(inpath);
+}
+
 int constant_time_memcmp(const void* a, const void *b, size_t n)
 {
 	const char *xa = a, *xb = b;
@@ -932,3 +628,78 @@ int constant_time_memcmp(const void* a, const void *b, size_t n)
 	return c;
 }
 
+#if defined(__linux__) && defined(SYS_clock_gettime)
+/* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32 but took a while to
+reach userspace include headers */
+#ifndef CLOCK_MONOTONIC_COARSE
+#define CLOCK_MONOTONIC_COARSE 6
+#endif
+/* Some old toolchains know SYS_clock_gettime but not CLOCK_MONOTONIC */
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC 1
+#endif
+static clockid_t get_linux_clock_source() {
+	struct timespec ts;
+	if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) {
+		return CLOCK_MONOTONIC_COARSE;
+	}
+
+	if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) {
+		return CLOCK_MONOTONIC;
+	}
+	return -1;
+}
+#endif 
+
+time_t monotonic_now() {
+#if defined(__linux__) && defined(SYS_clock_gettime)
+	static clockid_t clock_source = -2;
+
+	if (clock_source == -2) {
+		/* First run, find out which one works. 
+		-1 will fall back to time() */
+		clock_source = get_linux_clock_source();
+	}
+
+	if (clock_source >= 0) {
+		struct timespec ts;
+		if (syscall(SYS_clock_gettime, clock_source, &ts) != 0) {
+			/* Intermittent clock failures should not happen */
+			dropbear_exit("Clock broke");
+		}
+		return ts.tv_sec;
+	}
+#endif /* linux clock_gettime */
+
+#if defined(HAVE_MACH_ABSOLUTE_TIME)
+	/* OS X, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */
+	static mach_timebase_info_data_t timebase_info;
+	if (timebase_info.denom == 0) {
+		mach_timebase_info(&timebase_info);
+	}
+	return mach_absolute_time() * timebase_info.numer / timebase_info.denom
+		/ 1e9;
+#endif /* osx mach_absolute_time */
+
+	/* Fallback for everything else - this will sometimes go backwards */
+	return time(NULL);
+}
+
+void fsync_parent_dir(const char* fn) {
+#ifdef HAVE_LIBGEN_H
+	char *fn_dir = m_strdup(fn);
+	char *dir = dirname(fn_dir);
+	int dirfd = open(dir, O_RDONLY);
+
+	if (dirfd != -1) {
+		if (fsync(dirfd) != 0) {
+			TRACE(("fsync of directory %s failed: %s", dir, strerror(errno)))
+		}
+		m_close(dirfd);
+	} else {
+		TRACE(("error opening directory %s for fsync: %s", dir, strerror(errno)))
+	}
+
+	free(fn_dir);
+#endif
+}

dbutil.h

@@ -22,25 +22,17 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DBUTIL_H_
+#ifndef DROPBEAR_DBUTIL_H_
 
-#define _DBUTIL_H_
+#define DROPBEAR_DBUTIL_H_
 
 #include "includes.h"
 #include "buffer.h"
+#include "queue.h"
+#include "dbhelpers.h"
 
 #ifndef DISABLE_SYSLOG
-void startsyslog();
-#endif
-
-#ifdef __GNUC__
-#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
-#define ATTRIB_NORETURN __attribute__((noreturn))
-#define ATTRIB_SENTINEL __attribute__((sentinel))
-#else
-#define ATTRIB_PRINTF(fmt,args)
-#define ATTRIB_NORETURN
-#define ATTRIB_SENTINEL
+void startsyslog(const char *ident);
 #endif
 
 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
@@ -53,37 +45,23 @@ void dropbear_log(int priority, const char* format, ...) ATTRIB_PRINTF(2,3) ;
 
 void fail_assert(const char* expr, const char* file, int line) ATTRIB_NORETURN;
 
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 void dropbear_trace(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2);
 void printhex(const char * label, const unsigned char * buf, int len);
 void printmpint(const char *label, mp_int *mp);
+void debug_start_net(void);
 extern int debug_trace;
 #endif
 
-enum dropbear_prio {
-	DROPBEAR_PRIO_DEFAULT,
-	DROPBEAR_PRIO_LOWDELAY,
-	DROPBEAR_PRIO_BULK,
-};
-
 char * stripcontrol(const char * text);
-void get_socket_address(int fd, char **local_host, char **local_port,
-		char **remote_host, char **remote_port, int host_lookup);
-void getaddrstring(struct sockaddr_storage* addr, 
-		char **ret_host, char **ret_port, int host_lookup);
-void set_sock_nodelay(int sock);
-void set_sock_priority(int sock, enum dropbear_prio prio);
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd);
-int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
+
+int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
 		int *writefd, int *readfd, int *errfd, pid_t *pid);
 void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
-#ifdef ENABLE_CONNECT_UNIX
+#if ENABLE_CONNECT_UNIX
 int connect_unix(const char* addr);
 #endif
-int connect_remote(const char* remotehost, const char* remoteport,
-		int nonblocking, char ** errstring);
 int buf_readfile(buffer* buf, const char* filename);
 int buf_getline(buffer * line, FILE * authfile);
 
@@ -91,10 +69,9 @@ void m_close(int fd);
 void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
-#define m_free(X) free(X); (X) = NULL;
-void m_burn(void* data, unsigned int len);
+#define m_free(X) do {free(X); (X) = NULL;} while (0)
 void setnonblocking(int fd);
-void disallow_core();
+void disallow_core(void);
 int m_str_to_uint(const char* str, unsigned int *val);
 
 /* Used to force mp_ints to be initialised */
@@ -106,4 +83,12 @@ int m_str_to_uint(const char* str, unsigned int *val);
 /* Returns 0 if a and b have the same contents */
 int constant_time_memcmp(const void* a, const void *b, size_t n);
 
-#endif /* _DBUTIL_H_ */
+/* Returns a time in seconds that doesn't go backwards - does not correspond to
+a real-world clock */
+time_t monotonic_now(void);
+
+char * expand_homedir_path(const char *inpath);
+
+void fsync_parent_dir(const char* fn);
+
+#endif /* DROPBEAR_DBUTIL_H_ */

debian/changelog

@@ -1,3 +1,75 @@
+dropbear (2018.76-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 27 Feb 2018 22:51:57 +0800
+
+dropbear (2017.75-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 May 2017 22:51:57 +0800
+
+dropbear (2016.74-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Jul 2016 22:51:57 +0800
+
+dropbear (2016.73-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 18 Mar 2016 22:52:58 +0800
+
+dropbear (2016.72-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 10 Mar 2016 22:52:58 +0800
+
+dropbear (2015.70-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 26 Nov 2015 22:52:58 +0800
+
+dropbear (2015.69-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 25 Nov 2015 22:52:58 +0800
+
+dropbear (2015.68-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 8 Aug 2015 22:52:58 +0800
+
+dropbear (2015.67-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 28 Jan 2015 22:53:59 +0800
+
+dropbear (2014.66-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 23 Oct 2014 22:54:00 +0800
+
+dropbear (2014.65-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 Aug 2014 22:54:00 +0800
+
+dropbear (2014.64-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 27 Jul 2014 22:54:00 +0800
+
 dropbear (2014.63-0.1) unstable; urgency=low
 
   * New upstream release.

debian/dropbear.docs

@@ -1,4 +1,3 @@
 README
-TODO
 debian/README.runit
 debian/README.Debian.diet

debian/dropbear.init

@@ -5,6 +5,7 @@
 # Required-Stop:     $remote_fs $syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
+# Short-Description: Dropbear SSH server
 ### END INIT INFO
 #
 # Do not configure this file. Edit /etc/default/dropbear instead!

debug.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DEBUG_H_
-#define _DEBUG_H_
+#ifndef DROPBEAR_DEBUG_H_
+#define DROPBEAR_DEBUG_H_
 
 #include "includes.h"
 
@@ -33,14 +33,6 @@
  * etc. Don't use this normally, it might cause problems */
 /* #define DEBUG_VALGRIND */
 
-/* Define this to compile in trace debugging printf()s. 
- * You'll need to run programs with "-v" to turn this on.
- *
- * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
- * since the printing may not sanitise strings etc. This will add a reasonable
- * amount to your executable size. */
-/* #define DEBUG_TRACE */
-
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
  * attempting to track down a problem */
@@ -61,7 +53,7 @@
 /*#define DEBUG_RSA*/
 
 /* you don't need to touch this block */
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 #define TRACE(X) dropbear_trace X;
 #define TRACE2(X) dropbear_trace2 X;
 #else /*DEBUG_TRACE*/

default_options.h

@@ -0,0 +1,295 @@
+#ifndef DROPBEAR_DEFAULT_OPTIONS_H_
+#define DROPBEAR_DEFAULT_OPTIONS_H_
+/*
+                     > > > Read This < < <
+
+default_options.h  documents compile-time options, and provides default values.
+
+Local customisation should be added to localoptions.h which is
+used if it exists. Options defined there will override any options in this
+file.
+
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
+
+IMPORTANT: Some options will require "make clean" after changes */
+
+#define DROPBEAR_DEFPORT "22"
+
+/* Listen on all interfaces */
+#define DROPBEAR_DEFADDRESS ""
+
+/* Default hostkey paths - these can be specified on the command line */
+#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
+
+/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
+ * on chosen ports and keeps accepting connections. This is the default.
+ *
+ * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
+ * similar), where it will use stdin/stdout for connections, and each process
+ * lasts for a single connection. Dropbear should be invoked with the -i flag
+ * for inetd, and can only accept IPv4 connections.
+ *
+ * Both of these flags can be defined at once, don't compile without at least
+ * one of them. */
+#define NON_INETD_MODE 1
+#define INETD_MODE 1
+
+/* Include verbose debug output, enabled with -v at runtime. 
+ * This will add a reasonable amount to your executable size. */
+#define DEBUG_TRACE 0
+
+/* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
+#define DROPBEAR_SMALL_CODE 1
+
+/* Enable X11 Forwarding - server only */
+#define DROPBEAR_X11FWD 1
+
+/* Enable TCP Fowarding */
+/* 'Local' is "-L" style (client listening port forwarded via server)
+ * 'Remote' is "-R" style (server listening port forwarded via client) */
+#define DROPBEAR_CLI_LOCALTCPFWD 1
+#define DROPBEAR_CLI_REMOTETCPFWD 1
+
+#define DROPBEAR_SVR_LOCALTCPFWD 1
+#define DROPBEAR_SVR_REMOTETCPFWD 1
+
+/* Enable Authentication Agent Forwarding */
+#define DROPBEAR_SVR_AGENTFWD 1
+#define DROPBEAR_CLI_AGENTFWD 1
+
+/* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
+ * allow multihop dbclient connections */
+
+/* Allow using -J <proxycommand> to run the connection through a 
+   pipe to a program, rather the normal TCP connection */
+#define DROPBEAR_CLI_PROXYCMD 1
+
+/* Enable "Netcat mode" option. This will forward standard input/output
+ * to a remote TCP-forwarded connection */
+#define DROPBEAR_CLI_NETCAT 1
+
+/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
+#define DROPBEAR_USER_ALGO_LIST 1
+
+/* Encryption - at least one required.
+ * AES128 should be enabled, some very old implementations might only
+ * support 3DES.
+ * Including both AES keysize variants (128 and 256) will result in 
+ * a minimal size increase */
+#define DROPBEAR_AES128 1
+#define DROPBEAR_3DES 1
+#define DROPBEAR_AES256 1
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
+/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+#define DROPBEAR_BLOWFISH 0
+
+/* Enable CBC mode for ciphers. This has security issues though
+ * is the most compatible with older SSH implementations */
+#define DROPBEAR_ENABLE_CBC_MODE 1
+
+/* Enable "Counter Mode" for ciphers. This is more secure than
+ * CBC mode against certain attacks. It is recommended for security
+ * and forwards compatibility */
+#define DROPBEAR_ENABLE_CTR_MODE 1
+
+/* Message integrity. sha2-256 is recommended as a default, 
+   sha1 for compatibility */
+#define DROPBEAR_SHA1_HMAC 1
+#define DROPBEAR_SHA1_96_HMAC 1
+#define DROPBEAR_SHA2_256_HMAC 1
+
+/* Hostkey/public key algorithms - at least one required, these are used
+ * for hostkey as well as for verifying signatures with pubkey auth.
+ * Removing either of these won't save very much space.
+ * RSA is recommended
+ * DSS may be necessary to connect to some systems though
+   is not recommended for new keys */
+#define DROPBEAR_RSA 1
+#define DROPBEAR_DSS 1
+/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+ * code (either ECDSA or ECDH) increases binary size - around 30kB
+ * on x86-64 */
+#define DROPBEAR_ECDSA 1
+
+/* RSA must be >=1024 */
+#define DROPBEAR_DEFAULT_RSA_SIZE 2048
+/* DSS is always 1024 */
+/* ECDSA defaults to largest size configured, usually 521 */
+
+/* Add runtime flag "-R" to generate hostkeys as-needed when the first 
+   connection using that key type occurs.
+   This avoids the need to otherwise run "dropbearkey" and avoids some problems
+   with badly seeded /dev/urandom when systems first boot. */
+#define DROPBEAR_DELAY_HOSTKEY 1
+
+
+/* Key exchange algorithm.
+
+ * group14_sha1 - 2048 bit, sha1
+ * group14_sha256 - 2048 bit, sha2-256
+ * group16 - 4096 bit, sha2-512
+ * group1 - 1024 bit, sha1
+ * curve25519 - elliptic curve DH
+ * ecdh - NIST elliptic curve DH (256, 384, 521)
+ *
+ * group1 is too small for security though is necessary if you need 
+     compatibility with some implementations such as Dropbear versions < 0.53
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
+ * curve25519 increases binary size by ~8kB on x86-64
+ * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
+
+ * Small systems should generally include either curve25519 or ecdh for performance.
+ * curve25519 is less widely supported but is faster
+ */ 
+#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA256 1
+#define DROPBEAR_DH_GROUP16 0
+#define DROPBEAR_CURVE25519 1
+#define DROPBEAR_ECDH 1
+#define DROPBEAR_DH_GROUP1 1
+
+/* When group1 is enabled it will only be allowed by Dropbear client
+not as a server, due to concerns over its strength. Set to 0 to allow
+group1 in Dropbear server too */
+#define DROPBEAR_DH_GROUP1_CLIENTONLY 1
+
+/* Control the memory/performance/compression tradeoff for zlib.
+ * Set windowBits=8 for least memory usage, see your system's
+ * zlib.h for full details.
+ * Default settings (windowBits=15) will use 256kB for compression
+ * windowBits=8 will use 129kB for compression.
+ * Both modes will use ~35kB for decompression (using windowBits=15 for
+ * interoperability) */
+#define DROPBEAR_ZLIB_WINDOW_BITS 15 
+
+/* Whether to do reverse DNS lookups. */
+#define DO_HOST_LOOKUP 0
+
+/* Whether to print the message of the day (MOTD). */
+#define DO_MOTD 0
+#define MOTD_FILENAME "/etc/motd"
+
+/* Authentication Types - at least one required.
+   RFC Draft requires pubkey auth, and recommends password */
+#define DROPBEAR_SVR_PASSWORD_AUTH 1
+
+/* Note: PAM auth is quite simple and only works for PAM modules which just do
+ * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+ * It's useful for systems like OS X where standard password crypts don't work
+ * but there's an interface via a PAM module. It won't work for more complex
+ * PAM challenge/response.
+ * You can't enable both PASSWORD and PAM. */
+#define DROPBEAR_SVR_PAM_AUTH 0
+
+/* ~/.ssh/authorized_keys authentication */
+#define DROPBEAR_SVR_PUBKEY_AUTH 1
+
+/* Whether to take public key options in 
+ * authorized_keys file into account */
+#define DROPBEAR_SVR_PUBKEY_OPTIONS 1
+
+/* Client authentication options */
+#define DROPBEAR_CLI_PASSWORD_AUTH 1
+#define DROPBEAR_CLI_PUBKEY_AUTH 1
+
+/* A default argument for dbclient -i <privatekey>. 
+Homedir is prepended unless path begins with / */
+#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
+
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
+ * environment variable. */
+#define DROPBEAR_USE_PASSWORD_ENV 1
+
+/* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
+ * a helper program for the ssh client. The helper program should be
+ * specified in the SSH_ASKPASS environment variable, and dbclient
+ * should be run with DISPLAY set and no tty. The program should
+ * return the password on standard output */
+#define DROPBEAR_CLI_ASKPASS_HELPER 0
+
+/* Save a network roundtrip by sendng a real auth request immediately after
+ * sending a query for the available methods. This is not yet enabled by default 
+ since it could cause problems with non-compliant servers */ 
+#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+
+/* Set this to use PRNGD or EGD instead of /dev/urandom */
+#define DROPBEAR_USE_PRNGD 0
+#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
+
+/* Specify the number of clients we will allow to be connected but
+ * not yet authenticated. After this limit, connections are rejected */
+/* The first setting is per-IP, to avoid denial of service */
+#define MAX_UNAUTH_PER_IP 5
+
+/* And then a global limit to avoid chewing memory if connections 
+ * come from many IPs */
+#define MAX_UNAUTH_CLIENTS 30
+
+/* Default maximum number of failed authentication tries (server option) */
+/* -T server option overrides */
+#define MAX_AUTH_TRIES 10
+
+/* The default file to store the daemon's process ID, for shutdown
+   scripts etc. This can be overridden with the -P flag */
+#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
+
+/* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+#define XAUTH_COMMAND "/usr/bin/xauth -q"
+
+
+/* if you want to enable running an sftp server (such as the one included with
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+ * The sftp-server program is not provided by Dropbear itself */
+#define DROPBEAR_SFTPSERVER 1
+#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
+
+/* This is used by the scp binary when used as a client binary. If you're
+ * not using the Dropbear client, you'll need to change it */
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
+
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+#define LOG_COMMANDS 0
+
+/* Window size limits. These tend to be a trade-off between memory
+   usage and network performance: */
+/* Size of the network receive window. This amount of memory is allocated
+   as a per-channel receive buffer. Increasing this value can make a
+   significant difference to network performance. 24kB was empirically
+   chosen for a 100mbit ethernet network. The value can be altered at
+   runtime with the -W argument. */
+#define DEFAULT_RECV_WINDOW 24576
+/* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
+   in order to interoperate with other implementations */
+#define RECV_MAX_PAYLOAD_LEN 32768
+/* Maximum size of a transmitted data packet - this can be any value,
+   though increasing it may not make a significant difference. */
+#define TRANS_MAX_PAYLOAD_LEN 16384
+
+/* Ensure that data is transmitted every KEEPALIVE seconds. This can
+be overridden at runtime with -K. 0 disables keepalives */
+#define DEFAULT_KEEPALIVE 0
+
+/* If this many KEEPALIVES are sent with no packets received from the
+other side, exit. Not run-time configurable - if you have a need
+for runtime configuration please mail the Dropbear list */
+#define DEFAULT_KEEPALIVE_LIMIT 3
+
+/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
+be overridden at runtime with -I. 0 disables idle timeouts */
+#define DEFAULT_IDLE_TIMEOUT 0
+
+/* The default path. This will often get replaced by the shell */
+#define DEFAULT_PATH "/usr/bin:/bin"
+
+#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */

dh_groups.c

@@ -0,0 +1,94 @@
+#include "options.h"
+#include "dh_groups.h"
+
+#if DROPBEAR_DH_GROUP1
+/* diffie-hellman-group1-sha1 value for p */
+const unsigned char dh_p_1[DH_P_1_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP1 */
+
+#if DROPBEAR_DH_GROUP14
+/* diffie-hellman-group14-sha1 value for p */
+const unsigned char dh_p_14[DH_P_14_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP14 */
+
+#if DROPBEAR_DH_GROUP16
+/* diffie-hellman-group16-256 value for p */
+const unsigned char dh_p_16[DH_P_16_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21,
+	0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02,
+	0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B,
+	0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3,
+	0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F,
+	0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E,
+	0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C,
+	0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
+	0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA,
+	0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+	0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67,
+	0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18,
+	0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77,
+	0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95,
+	0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
+	0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4,
+	0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB,
+	0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A,
+	0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1,
+	0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94,
+	0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E,
+	0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1,
+	0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
+	0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC,
+	0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A,
+	0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA,
+	0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68,
+	0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+	0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F,
+	0xBE, 0xCA, 0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2,
+	0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
+	0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+	0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, 0x93,
+	0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6,
+	0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP16 */
+
+/* Same for all groups */
+const int DH_G_VAL = 2;
+

dh_groups.h

@@ -0,0 +1,24 @@
+#ifndef DROPBEAR_DH_GROUPS_H
+#define DROPBEAR_DH_GROUPS_H
+#include "options.h"
+
+#if DROPBEAR_DH_GROUP1
+#define DH_P_1_LEN 128
+extern const unsigned char dh_p_1[DH_P_1_LEN];
+#endif
+
+#if DROPBEAR_DH_GROUP14
+#define DH_P_14_LEN 256
+extern const unsigned char dh_p_14[DH_P_14_LEN];
+#endif
+
+#if DROPBEAR_DH_GROUP16
+#define DH_P_16_LEN 512
+extern const unsigned char dh_p_16[DH_P_16_LEN];
+#endif
+
+
+extern const int DH_G_VAL;
+
+
+#endif

dropbear.8

@@ -3,15 +3,13 @@
 dropbear \- lightweight SSH server
 .SH SYNOPSIS
 .B dropbear
-[\-RFEmwsgjki] [\-b
+[\fIflag arguments\fR] [\-b
 .I banner\fR] 
 [\-r
-.I hostkeyfile\fR] [\-p
-.IR [address:]port ]
+.I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
 .SH DESCRIPTION
 .B dropbear
-is a SSH server designed to be small enough to be used in small memory
-environments, while still being functional and secure enough for general use.
+is a small SSH server 
 .SH OPTIONS
 .TP
 .B \-b \fIbanner
@@ -55,7 +53,7 @@ Disable local port forwarding.
 .B \-k
 Disable remote port forwarding.
 .TP
-.B \-p \fI[address:]port
+.B \-p\fR [\fIaddress\fR:]\fIport
 Listen on specified 
 .I address
 and TCP
@@ -88,16 +86,28 @@ Ensure that traffic is transmitted at a certain interval in seconds. This is
 useful for working around firewalls or routers that drop connections after
 a certain period of inactivity. The trade-off is that a session may be
 closed if there is a temporary lapse of network connectivity. A setting
-if 0 disables keepalives.
+if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
 .TP
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
+.TP
+.B \-T \fImax_authentication_attempts
+Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
+.TP
+.B \-c \fIforced_command
+Disregard the command provided by the user and always run \fIforced_command\fR. This also
+overrides any authorized_keys command= option.
+.TP
+.B \-V
+Print the version
+
 .SH FILES
 
 .TP
 Authorized Keys
 
-~/.ssh/authorized_keys can be set up to allow remote login with a RSA or DSS
+~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
+ECDSA, or DSS
 key. Each line is of the form
 .TP
 [restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
@@ -124,8 +134,9 @@ Disable PTY allocation. Note that a user can still obtain most of the
 same functionality with other means even if no-pty is set.
 
 .TP
-.B command="\fIforced_command\fR"
+.B command=\fR"\fIforced_command\fR"
 Disregard the command provided by the user and always run \fIforced_command\fR.
+The -c command line option overrides this.
 
 The authorized_keys file and its containing ~/.ssh directory must only be
 writable by the user, otherwise Dropbear will not allow a login using public
@@ -136,9 +147,11 @@ Host Key Files
 
 Host key files are read at startup from a standard location, by default
 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
-/etc/dropbear/dropbear-ecdsa_host_key
-or specified on the commandline with -r. These are of the form generated
-by dropbearkey. The -R option can be used to automatically generate keys
+/etc/dropbear/dropbear_ecdsa_host_key
+
+If the -r command line option is specified the default files are not loaded.
+Host key files are of the form generated by dropbearkey. 
+The -R option can be used to automatically generate keys
 in the default location - keys will be generated after startup when the first
 connection is established. This had the benefit that the system /dev/urandom
 random number source has a better chance of being securely seeded.

dropbearconvert.1

@@ -21,27 +21,27 @@ from a private key by using
 .P
 Encrypted private keys are not supported, use ssh-keygen(1) to decrypt them
 first.
-.SH OPTIONS
+.SH ARGUMENTS
 .TP
-.B input type
+.I input_type
 Either 
 .I dropbear
 or 
 .I openssh
 .TP
-.B output type
+.I output_type
 Either 
 .I dropbear
 or 
 .I openssh
 .TP
-.B input file
+.I input_file
 An existing Dropbear or OpenSSH private key file
 .TP
-.B output file
-The path to write the converted private key file
+.I output_file
+The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default
 .SH EXAMPLE
- # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv
+ # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .SH SEE ALSO

dropbearconvert.c

@@ -53,8 +53,8 @@ static void printhelp(char * progname) {
 					progname);
 }
 
-#if defined(DBMULTI_dropbearconvert) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dropbearconvert) && defined(DROPBEAR_MULTI)
+#if defined(DBMULTI_dropbearconvert) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dropbearconvert) && DROPBEAR_MULTI
 int dropbearconvert_main(int argc, char ** argv) {
 #else 
 int main(int argc, char ** argv) {
@@ -67,7 +67,7 @@ int main(int argc, char ** argv) {
 	crypto_init();
 	seedrandom();
 
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 	/* It's hard for it to get in the way _too_ much */
 	debug_trace = 1;
 #endif

dropbearkey.1

@@ -9,13 +9,11 @@ dropbearkey \- create private keys for the use with dropbear(8) or dbclient(1)
 .I file
 [\-s
 .IR bits ]
+[\-y]
 .SH DESCRIPTION
 .B dropbearkey
 generates a
-.I RSA 
-.I DSS,
-or
-.I ECDSA
+\fIRSA\fR, \fIDSS\fR, or \fIECDSA\fR
 format SSH private key, and saves it to a file for the use with the
 Dropbear client or server.
 Note that 
@@ -33,18 +31,25 @@ or
 .TP
 .B \-f \fIfile
 Write the secret key to the file
-.IR file .
+\fIfile\fR. For client authentication ~/.ssh/id_dropbear is loaded by default
 .TP
 .B \-s \fIbits
 Set the key size to
 .I bits
 bits, should be multiple of 8 (optional). 
+.TP
+.B \-y
+Just print the publickey and fingerprint for the private key in \fIfile\fR.
 .SH NOTES
 The program dropbearconvert(1) can be used to convert between Dropbear and OpenSSH key formats.
 .P
 Dropbear does not support encrypted keys. 
 .SH EXAMPLE
+generate a host-key:
  # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+
+extract a public key suitable for authorized_keys from private key:
+ # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br

dropbearkey.c

@@ -67,35 +67,36 @@ static void printhelp(char * progname) {
 
 	fprintf(stderr, "Usage: %s -t <type> -f <filename> [-s bits]\n"
 					"-t type	Type of key to generate. One of:\n"
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 					"		rsa\n"
 #endif
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 					"		dss\n"
 #endif
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 					"		ecdsa\n"
 #endif
-					"-f filename	Use filename for the secret key\n"
+					"-f filename    Use filename for the secret key.\n"
+					"               ~/.ssh/id_dropbear is recommended for client keys.\n"
 					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 					"           DSS has a fixed size of 1024 bits\n"
 #endif
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 					"           ECDSA has sizes "
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 					"256 "
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 					"384 "
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 					"521 "
 #endif
 					"\n"
 #endif
 					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 					"-v		verbose\n"
 #endif
 					,progname);
@@ -104,41 +105,41 @@ static void printhelp(char * progname) {
 /* fails fatally */
 static void check_signkey_bits(enum signkey_type type, int bits)
 {
-        switch (type) {
-#ifdef DROPBEAR_RSA
-            case DROPBEAR_SIGNKEY_RSA:
-                if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
-                	dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
-                            " multiple of 8\n");
-                }
-                break;
+	switch (type) {
+#if DROPBEAR_RSA
+		case DROPBEAR_SIGNKEY_RSA:
+			if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
+				dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
+				              " multiple of 8\n");
+			}
+			break;
 #endif
 #ifdef DROPEAR_DSS
-            case DROPBEAR_SIGNKEY_DSS:
-                if (bits != 1024) {
-                    dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
-                    exit(EXIT_FAILURE);
-                }
+		case DROPBEAR_SIGNKEY_DSS:
+			if (bits != 1024) {
+				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
+				exit(EXIT_FAILURE);
+			}
 #endif
-			default:
-				(void)0; /* quiet, compiler. ecdsa handles checks itself */
-        }
+		default:
+			(void)0; /* quiet, compiler. ecdsa handles checks itself */
+	}
 }
 
-#if defined(DBMULTI_dropbearkey) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dropbearkey) && defined(DROPBEAR_MULTI)
+#if defined(DBMULTI_dropbearkey) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dropbearkey) && DROPBEAR_MULTI
 int dropbearkey_main(int argc, char ** argv) {
 #else
 int main(int argc, char ** argv) {
 #endif
 
 	int i;
-	char ** next = 0;
+	char ** next = NULL;
 	char * filename = NULL;
 	enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
 	char * typetext = NULL;
 	char * sizetext = NULL;
-	unsigned int bits = 0;
+	unsigned int bits = 0, genbits;
 	int printpub = 0;
 
 	crypto_init();
@@ -173,7 +174,7 @@ int main(int argc, char ** argv) {
 					printhelp(argv[0]);
 					exit(EXIT_SUCCESS);
 					break;
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;
 					break;
@@ -205,19 +206,19 @@ int main(int argc, char ** argv) {
 		exit(EXIT_FAILURE);
 	}
 
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 	if (strcmp(typetext, "rsa") == 0)
 	{
 		keytype = DROPBEAR_SIGNKEY_RSA;
 	}
 #endif
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 	if (strcmp(typetext, "dss") == 0)
 	{
 		keytype = DROPBEAR_SIGNKEY_DSS;
 	}
 #endif
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 	if (strcmp(typetext, "ecdsa") == 0)
 	{
 		keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
@@ -237,13 +238,14 @@ int main(int argc, char ** argv) {
 		}
 		
 		check_signkey_bits(keytype, bits);;
-    }
+	}
 
-	fprintf(stderr, "Generating key, this may take a while...\n");
-    if (signkey_generate(keytype, bits, filename) == DROPBEAR_FAILURE)
-    {
-    	dropbear_exit("Failed to generate key.\n");
-    }
+	genbits = signkey_generate_get_bits(keytype, bits);
+	fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext);
+	if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
+	{
+		dropbear_exit("Failed to generate key.\n");
+	}
 
 	printpubfile(filename);
 

dss.c

@@ -37,13 +37,14 @@
  * See FIPS186 or the Handbook of Applied Cryptography for details of the
  * algorithm */
 
-#ifdef DROPBEAR_DSS 
+#if DROPBEAR_DSS 
 
 /* Load a dss key from a buffer, initialising the values.
  * The key will have the same format as buf_put_dss_key.
  * These should be freed with dss_key_free.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
+	int ret = DROPBEAR_FAILURE;
 
 	TRACE(("enter buf_get_dss_pub_key"))
 	dropbear_assert(key != NULL);
@@ -56,17 +57,29 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
 		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"))
-		return DROPBEAR_FAILURE;
+		ret = DROPBEAR_FAILURE;
+		goto out;
 	}
 
-	if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) {
-		dropbear_log(LOG_WARNING, "DSS key too short");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
-		return DROPBEAR_FAILURE;
+	if (mp_count_bits(key->p) != DSS_P_BITS) {
+		dropbear_log(LOG_WARNING, "Bad DSS p");
+		ret = DROPBEAR_FAILURE;
+		goto out;
 	}
 
+	if (mp_count_bits(key->q) != DSS_Q_BITS) {
+		dropbear_log(LOG_WARNING, "Bad DSS q");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	ret = DROPBEAR_SUCCESS;
 	TRACE(("leave buf_get_dss_pub_key: success"))
-	return DROPBEAR_SUCCESS;
+out:
+	if (ret == DROPBEAR_FAILURE) {
+		m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, NULL);
+	}
+	return ret;
 }
 
 /* Same as buf_get_dss_pub_key, but reads a private "x" key at the end.
@@ -86,7 +99,7 @@ int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
 	m_mp_alloc_init_multi(&key->x, NULL);
 	ret = buf_getmpint(buf, key->x);
 	if (ret == DROPBEAR_FAILURE) {
-		m_free(key->x);
+		m_mp_free_multi(&key->x, NULL);
 	}
 
 	return ret;
@@ -101,26 +114,7 @@ void dss_key_free(dropbear_dss_key *key) {
 		TRACE2(("enter dsa_key_free: key == NULL"))
 		return;
 	}
-	if (key->p) {
-		mp_clear(key->p);
-		m_free(key->p);
-	}
-	if (key->q) {
-		mp_clear(key->q);
-		m_free(key->q);
-	}
-	if (key->g) {
-		mp_clear(key->g);
-		m_free(key->g);
-	}
-	if (key->y) {
-		mp_clear(key->y);
-		m_free(key->y);
-	}
-	if (key->x) {
-		mp_clear(key->x);
-		m_free(key->x);
-	}
+	m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL);
 	m_free(key);
 	TRACE2(("leave dsa_key_free"))
 }
@@ -133,7 +127,7 @@ void dss_key_free(dropbear_dss_key *key) {
  * mpint	g
  * mpint	y
  */
-void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
+void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
@@ -145,7 +139,7 @@ void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 }
 
 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
-void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
+void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_put_dss_pub_key(buf, key);
@@ -153,10 +147,10 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
 
 }
 
-#ifdef DROPBEAR_SIGNKEY_VERIFY
+#if DROPBEAR_SIGNKEY_VERIFY
 /* Verify a DSS signature (in buf) made on data by the key given. 
  * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
+int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
 	unsigned char msghash[SHA1_HASH_SIZE];
 	hash_state hs;
 	int ret = DROPBEAR_FAILURE;
@@ -165,7 +159,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 	DEF_MP_INT(val3);
 	DEF_MP_INT(val4);
 	char * string = NULL;
-	int stringlen;
+	unsigned int stringlen;
 
 	TRACE(("enter buf_dss_verify"))
 	dropbear_assert(key != NULL);
@@ -186,12 +180,16 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 	/* create the signature - s' and r' are the received signatures in buf */
 	/* w = (s')-1 mod q */
 	/* let val1 = s' */
-	bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
+	bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
 
 	if (mp_cmp(&val1, key->q) != MP_LT) {
 		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, s' <= 0"))
+		goto out;
+	}
 	/* let val2 = w = (s')^-1 mod q*/
 	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
 		goto out;
@@ -208,11 +206,15 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 
 	/* u2 = ((r')w) mod q */
 	/* let val1 = r' */
-	bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE);
+	bytes_to_mp(&val1, (const unsigned char*) &string[0], SHA1_HASH_SIZE);
 	if (mp_cmp(&val1, key->q) != MP_LT) {
 		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, r' <= 0"))
+		goto out;
+	}
 	/* let val4 = u2 = ((r')w) mod q */
 	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
 		goto out;
@@ -253,7 +255,7 @@ out:
 
 /* Sign the data presented with key, writing the signature contents
  * to the buffer */
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
+void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
 	unsigned char msghash[SHA1_HASH_SIZE];
 	unsigned int writelen;
 	unsigned int i;

dss.h

@@ -22,13 +22,13 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _DSS_H_
-#define _DSS_H_
+#ifndef DROPBEAR_DSS_H_
+#define DROPBEAR_DSS_H_
 
 #include "includes.h"
 #include "buffer.h"
 
-#ifdef DROPBEAR_DSS 
+#if DROPBEAR_DSS 
 
 typedef struct {
 
@@ -41,16 +41,19 @@ typedef struct {
 
 } dropbear_dss_key;
 
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
-#ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
+#define DSS_P_BITS 1024
+#define DSS_Q_BITS 160
+
+void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
+#if DROPBEAR_SIGNKEY_VERIFY
+int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
 #endif
 int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
 int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
-void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key);
-void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key);
+void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key);
+void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key);
 void dss_key_free(dropbear_dss_key *key);
 
 #endif /* DROPBEAR_DSS */
 
-#endif /* _DSS_H_ */
+#endif /* DROPBEAR_DSS_H_ */

ecc.c

@@ -1,13 +1,12 @@
 #include "includes.h"
-#include "options.h"
 #include "ecc.h"
 #include "dbutil.h"
 #include "bignum.h"
 
-#ifdef DROPBEAR_ECC
+#if DROPBEAR_ECC
 
 /* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 struct dropbear_ecc_curve ecc_curve_nistp256 = {
 	32,		/* .ltc_size	*/
 	NULL,		/* .dp		*/
@@ -15,7 +14,7 @@ struct dropbear_ecc_curve ecc_curve_nistp256 = {
 	"nistp256"	/* .name	*/
 };
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 struct dropbear_ecc_curve ecc_curve_nistp384 = {
 	48,		/* .ltc_size	*/
 	NULL,		/* .dp		*/
@@ -23,7 +22,7 @@ struct dropbear_ecc_curve ecc_curve_nistp384 = {
 	"nistp384"	/* .name	*/
 };
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 struct dropbear_ecc_curve ecc_curve_nistp521 = {
 	66,		/* .ltc_size	*/
 	NULL,		/* .dp		*/
@@ -33,13 +32,13 @@ struct dropbear_ecc_curve ecc_curve_nistp521 = {
 #endif
 
 struct dropbear_ecc_curve *dropbear_ecc_curves[] = {
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 	&ecc_curve_nistp256,
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 	&ecc_curve_nistp384,
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 	&ecc_curve_nistp521,
 #endif
 	NULL
@@ -82,15 +81,10 @@ ecc_key * new_ecc_key(void) {
 
 /* Copied from libtomcrypt ecc_import.c (version there is static), modified
    for different mp_int pointer without LTC_SOURCE */
-static int ecc_is_point(ecc_key *key)
+static int ecc_is_point(const ecc_key *key)
 {
 	mp_int *prime, *b, *t1, *t2;
 	int err;
-
-	prime = m_malloc(sizeof(mp_int));
-	b = m_malloc(sizeof(mp_int));
-	t1 = m_malloc(sizeof(mp_int));
-	t2 = m_malloc(sizeof(mp_int));
 	
 	m_mp_alloc_init_multi(&prime, &b, &t1, &t2, NULL);
 	
@@ -218,7 +212,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *c
 
 /* a modified version of libtomcrypt's "ecc_shared_secret" to output
    a mp_int instead. */
-mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
+mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key)
 {
 	ecc_point *result = NULL;
 	mp_int *prime = NULL, *shared_secret = NULL;
@@ -226,46 +220,41 @@ mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
 
    /* type valid? */
 	if (private_key->type != PK_PRIVATE) {
-		goto done;
+		goto out;
 	}
 
 	if (private_key->dp != public_key->dp) {
-		goto done;
+		goto out;
 	}
 
    /* make new point */
 	result = ltc_ecc_new_point();
 	if (result == NULL) {
-		goto done;
+		goto out;
 	}
 
 	prime = m_malloc(sizeof(*prime));
 	m_mp_init(prime);
 
 	if (mp_read_radix(prime, (char *)private_key->dp->prime, 16) != CRYPT_OK) { 
-		goto done; 
+		goto out;
 	}
 	if (ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1) != CRYPT_OK) { 
-		goto done; 
+		goto out;
 	}
 
+	shared_secret = m_malloc(sizeof(*shared_secret));
+	m_mp_init(shared_secret);
+	if (mp_copy(result->x, shared_secret) != CRYPT_OK) {
+		goto out;
+	}
+
+	mp_clear(prime);
+	m_free(prime);
+	ltc_ecc_del_point(result);
+
 	err = DROPBEAR_SUCCESS;
-	done:
-	if (err == DROPBEAR_SUCCESS) {
-		shared_secret = m_malloc(sizeof(*shared_secret));
-		m_mp_init(shared_secret);
-		mp_copy(result->x, shared_secret);
-	}
-
-	if (prime) {
-		mp_clear(prime);
-		m_free(prime);
-	}
-	if (result)
-	{
-		ltc_ecc_del_point(result);
-	}
-
+	out:
 	if (err == DROPBEAR_FAILURE) {
 		dropbear_exit("ECC error");
 	}

ecc.h

@@ -1,18 +1,17 @@
-#ifndef _DROPBEAR_ECC_H
-#define _DROPBEAR_ECC_H
+#ifndef DROPBEAR_DROPBEAR_ECC_H
+#define DROPBEAR_DROPBEAR_ECC_H
 
 #include "includes.h"
-#include "options.h"
 
 #include "buffer.h"
 
-#ifdef DROPBEAR_ECC
+#if DROPBEAR_ECC
 
 struct dropbear_ecc_curve {
 	int ltc_size; /* to match the byte sizes in ltc_ecc_sets[] */
 	const ltc_ecc_set_type *dp; /* curve domain parameters */
 	const struct ltc_hash_descriptor *hash_desc;
-	const unsigned char *name;
+	const char *name;
 };
 
 extern struct dropbear_ecc_curve ecc_curve_nistp256;
@@ -20,7 +19,7 @@ extern struct dropbear_ecc_curve ecc_curve_nistp384;
 extern struct dropbear_ecc_curve ecc_curve_nistp521;
 extern struct dropbear_ecc_curve *dropbear_ecc_curves[];
 
-void dropbear_ecc_fill_dp();
+void dropbear_ecc_fill_dp(void);
 struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp);
 
 /* "pubkey" refers to a point, but LTC uses ecc_key structure for both public
@@ -29,8 +28,8 @@ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
 ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
 int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
 
-mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
+mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key);
 
 #endif
 
-#endif /* _DROPBEAR_ECC_H */
+#endif /* DROPBEAR_DROPBEAR_ECC_H */

ecdsa.c

@@ -1,4 +1,3 @@
-#include "options.h"
 #include "includes.h"
 #include "dbutil.h"
 #include "crypto_desc.h"
@@ -6,7 +5,7 @@
 #include "ecdsa.h"
 #include "signkey.h"
 
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 
 int signkey_is_ecdsa(enum signkey_type type)
 {
@@ -15,18 +14,18 @@ int signkey_is_ecdsa(enum signkey_type type)
 		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
 }
 
-enum signkey_type ecdsa_signkey_type(ecc_key * key) {
-#ifdef DROPBEAR_ECC_256
+enum signkey_type ecdsa_signkey_type(const ecc_key * key) {
+#if DROPBEAR_ECC_256
 	if (key->dp == ecc_curve_nistp256.dp) {
 		return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
 	}
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 	if (key->dp == ecc_curve_nistp384.dp) {
 		return DROPBEAR_SIGNKEY_ECDSA_NISTP384;
 	}
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 	if (key->dp == ecc_curve_nistp521.dp) {
 		return DROPBEAR_SIGNKEY_ECDSA_NISTP521;
 	}
@@ -38,17 +37,17 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
 	const ltc_ecc_set_type *dp = NULL; /* curve domain parameters */
 	ecc_key *new_key = NULL;
 	switch (bit_size) {
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 		case 256:
 			dp = ecc_curve_nistp256.dp;
 			break;
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 		case 384:
 			dp = ecc_curve_nistp384.dp;
 			break;
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 		case 521:
 			dp = ecc_curve_nistp521.dp;
 			break;
@@ -56,13 +55,13 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
 	}
 	if (!dp) {
 		dropbear_exit("Key size %d isn't valid. Try "
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 			"256 "
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 			"384 "
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 			"521 "
 #endif
 			, bit_size);
@@ -83,9 +82,9 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf) {
 	ecc_key *new_key = NULL;
 
 	/* string   "ecdsa-sha2-[identifier]" */
-	key_ident = buf_getstring(buf, &key_ident_len);
+	key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len);
 	/* string   "[identifier]" */
-	identifier = buf_getstring(buf, &identifier_len);
+	identifier = (unsigned char*)buf_getstring(buf, &identifier_len);
 
 	if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) {
 		TRACE(("Bad identifier lengths"))
@@ -131,6 +130,7 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf) {
 
 	if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) {
 		ecc_free(new_key);
+		m_free(new_key);
 		return NULL;
 	}
 
@@ -139,10 +139,10 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf) {
 
 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) {
 	struct dropbear_ecc_curve *curve = NULL;
-	unsigned char key_ident[30];
+	char key_ident[30];
 
 	curve = curve_for_dp(key->dp);
-	snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
+	snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
 	buf_putstring(buf, key_ident, strlen(key_ident));
 	buf_putstring(buf, curve->name, strlen(curve->name));
 	buf_put_ecc_raw_pubkey_string(buf, key);
@@ -153,14 +153,14 @@ void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
 	buf_putmpint(buf, key->k);
 }
 
-void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) {
+void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) {
 	/* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
 	int err = DROPBEAR_FAILURE;
 	struct dropbear_ecc_curve *curve = NULL;
 	hash_state hs;
 	unsigned char hash[64];
 	void *e = NULL, *p = NULL, *s = NULL, *r;
-	unsigned char key_ident[30];
+	char key_ident[30];
 	buffer *sigbuf = NULL;
 
 	TRACE(("buf_put_ecdsa_sign"))
@@ -221,7 +221,7 @@ void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) {
 		}
 	}
 
-	snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
+	snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
 	buf_putstring(buf, key_ident, strlen(key_ident));
 	/* enough for nistp521 */
 	sigbuf = buf_new(200);
@@ -271,7 +271,7 @@ out:
 }
 
 
-int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
+int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) {
 	/* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
 	int ret = DROPBEAR_FAILURE;
 	hash_state hs;
@@ -384,12 +384,12 @@ int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
 			goto out; 
 		}
 
-    	/* reduce */
+		/* reduce */
 		if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) { 
 			goto out; 
 		}
 	} else {
-      /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
+		/* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
 		if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) { 
 			goto out; 
 		}
@@ -408,7 +408,7 @@ int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
 out:
 	ltc_ecc_del_point(mG);
 	ltc_ecc_del_point(mQ);
-	mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL);
+	ltc_deinit_multi(r, s, v, w, u1, u2, p, e, m, NULL);
 	if (mp != NULL) { 
 		ltc_mp.montgomery_deinit(mp);
 	}

ecdsa.h

@@ -1,19 +1,20 @@
-#ifndef _ECDSA_H_
-#define _ECDSA_H_
+#ifndef DROPBEAR_ECDSA_H_
+#define DROPBEAR_ECDSA_H_
 
 #include "includes.h"
 #include "buffer.h"
 #include "signkey.h"
 
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 
-/* Prefer the larger size - it's fast anyway */
-#if defined(DROPBEAR_ECC_521)
-#define ECDSA_DEFAULT_SIZE 521
-#elif defined(DROPBEAR_ECC_384)
-#define ECDSA_DEFAULT_SIZE 384
-#elif defined(DROPBEAR_ECC_256)
+/* prefer 256 or 384 since those are SHOULD for
+   draft-ietf-curdle-ssh-kex-sha2.txt */
+#if DROPBEAR_ECC_256
 #define ECDSA_DEFAULT_SIZE 256
+#elif DROPBEAR_ECC_384
+#define ECDSA_DEFAULT_SIZE 384
+#elif DROPBEAR_ECC_521
+#define ECDSA_DEFAULT_SIZE 521
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif
@@ -23,13 +24,13 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf);
 ecc_key *buf_get_ecdsa_priv_key(buffer *buf);
 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key);
 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key);
-enum signkey_type ecdsa_signkey_type(ecc_key * key);
+enum signkey_type ecdsa_signkey_type(const ecc_key * key);
 
-void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf);
-int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf);
+void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf);
+int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf);
 /* Returns 1 on success */
 int signkey_is_ecdsa(enum signkey_type type);
 
 #endif
 
-#endif /* _ECDSA_H_ */
+#endif /* DROPBEAR_ECDSA_H_ */

fake-rfc2553.h

@@ -39,8 +39,8 @@
  * that ai_family is AF_INET. Don't use it for another purpose.
  */
 
-#ifndef _FAKE_RFC2553_H
-#define _FAKE_RFC2553_H
+#ifndef DROPBEAR_FAKE_RFC2553_H
+#define DROPBEAR_FAKE_RFC2553_H
 
 #include "includes.h"
 #include <sys/types.h>

gendss.c

@@ -35,13 +35,13 @@
 
 /* This is just a test */
 
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 
-static void getq(dropbear_dss_key *key);
-static void getp(dropbear_dss_key *key, unsigned int size);
-static void getg(dropbear_dss_key *key);
-static void getx(dropbear_dss_key *key);
-static void gety(dropbear_dss_key *key);
+static void getq(const dropbear_dss_key *key);
+static void getp(const dropbear_dss_key *key, unsigned int size);
+static void getg(const dropbear_dss_key *key);
+static void getx(const dropbear_dss_key *key);
+static void gety(const dropbear_dss_key *key);
 
 dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
 
@@ -65,9 +65,9 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
 	
 }
 
-static void getq(dropbear_dss_key *key) {
+static void getq(const dropbear_dss_key *key) {
 
-	char buf[QSIZE];
+	unsigned char buf[QSIZE];
 
 	/* 160 bit prime */
 	genrandom(buf, QSIZE);
@@ -83,7 +83,7 @@ static void getq(dropbear_dss_key *key) {
 	}
 }
 
-static void getp(dropbear_dss_key *key, unsigned int size) {
+static void getp(const dropbear_dss_key *key, unsigned int size) {
 
 	DEF_MP_INT(tempX);
 	DEF_MP_INT(tempC);
@@ -142,7 +142,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
 	m_free(buf);
 }
 
-static void getg(dropbear_dss_key * key) {
+static void getg(const dropbear_dss_key * key) {
 
 	DEF_MP_INT(div);
 	DEF_MP_INT(h);
@@ -179,12 +179,12 @@ static void getg(dropbear_dss_key * key) {
 	mp_clear_multi(&div, &h, &val, NULL);
 }
 
-static void getx(dropbear_dss_key *key) {
+static void getx(const dropbear_dss_key *key) {
 
 	gen_random_mpint(key->q, key->x);
 }
 
-static void gety(dropbear_dss_key *key) {
+static void gety(const dropbear_dss_key *key) {
 
 	if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
 		fprintf(stderr, "DSS key generation failed\n");

gendss.h

@@ -22,15 +22,15 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _GENDSS_H_
-#define _GENDSS_H_
+#ifndef DROPBEAR_GENDSS_H_
+#define DROPBEAR_GENDSS_H_
 
 #include "dss.h"
 
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 
 dropbear_dss_key * gen_dss_priv_key(unsigned int size);
 
 #endif /* DROPBEAR_DSS */
 
-#endif /* _GENDSS_H_ */
+#endif /* DROPBEAR_GENDSS_H_ */

genrsa.c

@@ -31,7 +31,7 @@
 
 #define RSA_E 65537
 
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 
 static void getrsaprime(mp_int* prime, mp_int *primeminus, 
 		mp_int* rsa_e, unsigned int size_bytes);

genrsa.h

@@ -22,15 +22,15 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _GENRSA_H_
-#define _GENRSA_H_
+#ifndef DROPBEAR_GENRSA_H_
+#define DROPBEAR_GENRSA_H_
 
 #include "rsa.h"
 
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 
 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size);
 
 #endif /* DROPBEAR_RSA */
 
-#endif /* _GENRSA_H_ */
+#endif /* DROPBEAR_GENRSA_H_ */

gensignkey.c

@@ -7,9 +7,6 @@
 #include "signkey.h"
 #include "dbrandom.h"
 
-#define RSA_DEFAULT_SIZE 2048
-#define DSS_DEFAULT_SIZE 1024
-
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 static int buf_writefile(buffer * buf, const char * filename) {
 	int ret = DROPBEAR_FAILURE;
@@ -41,6 +38,9 @@ static int buf_writefile(buffer * buf, const char * filename) {
 
 out:
 	if (fd >= 0) {
+		if (fsync(fd) != 0) {
+			dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno));
+		}
 		m_close(fd);
 	}
 	return ret;
@@ -49,39 +49,47 @@ out:
 /* returns 0 on failure */
 static int get_default_bits(enum signkey_type keytype)
 {
-        switch (keytype) {
-#ifdef DROPBEAR_RSA
-            case DROPBEAR_SIGNKEY_RSA:
-				return RSA_DEFAULT_SIZE;
+	switch (keytype) {
+#if DROPBEAR_RSA
+		case DROPBEAR_SIGNKEY_RSA:
+			return DROPBEAR_DEFAULT_RSA_SIZE;
 #endif
-#ifdef DROPBEAR_DSS
-            case DROPBEAR_SIGNKEY_DSS:
-                return DSS_DEFAULT_SIZE;
+#if DROPBEAR_DSS
+		case DROPBEAR_SIGNKEY_DSS:
+			/* DSS for SSH only defines 1024 bits */
+			return 1024;
 #endif
-#ifdef DROPBEAR_ECDSA
-            case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
-                return ECDSA_DEFAULT_SIZE;
-            case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
-            	return 521;
-            case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
-            	return 384;
-            case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
-            	return 256;
+#if DROPBEAR_ECDSA
+		case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
+			return ECDSA_DEFAULT_SIZE;
+		case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
+			return 521;
+		case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
+			return 384;
+		case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
+			return 256;
 #endif
-            default:
-                return 0;
-		}
+		default:
+			return 0;
+	}
 }
 
-int signkey_generate(enum signkey_type keytype, int bits, const char* filename)
-{
-	sign_key * key = NULL;
-	buffer *buf = NULL;
-	int ret = DROPBEAR_FAILURE;
+int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
 	if (bits == 0)
 	{
 		bits = get_default_bits(keytype);
 	}
+	return bits;
+}
+
+/* if skip_exist is set it will silently return if the key file exists */
+int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
+{
+	sign_key * key = NULL;
+	buffer *buf = NULL;
+	char *fn_temp = NULL;
+	int ret = DROPBEAR_FAILURE;
+	bits = signkey_generate_get_bits(keytype, bits);
 
 	/* now we can generate the key */
 	key = new_sign_key();
@@ -89,17 +97,17 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename)
 	seedrandom();
 
 	switch(keytype) {
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
 			key->rsakey = gen_rsa_priv_key(bits);
 			break;
 #endif
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
 		case DROPBEAR_SIGNKEY_DSS:
 			key->dsskey = gen_dss_priv_key(bits);
 			break;
 #endif
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 		case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
@@ -123,10 +131,37 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename)
 	sign_key_free(key);
 	key = NULL;
 	buf_setpos(buf, 0);
-	ret = buf_writefile(buf, filename);
 
-	buf_burn(buf);
-	buf_free(buf);
-	buf = NULL;
+	fn_temp = m_malloc(strlen(filename) + 30);
+	snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid());
+	ret = buf_writefile(buf, fn_temp);
+
+	if (ret == DROPBEAR_FAILURE) {
+		goto out;
+	}
+
+	if (link(fn_temp, filename) < 0) {
+		/* If generating keys on connection (skipexist) it's OK to get EEXIST 
+		- we probably just lost a race with another connection to generate the key */
+		if (!(skip_exist && errno == EEXIST)) {
+			dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename,
+				strerror(errno));
+			/* XXX fallback to non-atomic copy for some filesystems? */
+			ret = DROPBEAR_FAILURE;
+			goto out;
+		}
+	}
+
+out:
+	if (buf) {
+		buf_burn(buf);
+		buf_free(buf);
+	}
+	
+	if (fn_temp) {
+		unlink(fn_temp);
+		m_free(fn_temp);
+	}
+
 	return ret;
 }

gensignkey.h

@@ -1,8 +1,9 @@
-#ifndef _GENSIGNKEY_H
-#define _GENSIGNKEY_H
+#ifndef DROPBEAR_GENSIGNKEY_H
+#define DROPBEAR_GENSIGNKEY_H
 
 #include "signkey.h"
 
-int signkey_generate(enum signkey_type type, int bits, const char* filename);
+int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist);
+int signkey_generate_get_bits(enum signkey_type keytype, int bits);
 
 #endif

ifndef_wrapper.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Wrap all "#define X Y" with a #ifndef X...#endif"
+
+sed -E 's/^( *#define ([^ ]+) .*)/#ifndef \2\
+\1\
+#endif/' 

includes.h

@@ -22,11 +22,10 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _INCLUDES_H_
-#define _INCLUDES_H_
+#ifndef DROPBEAR_INCLUDES_H_
+#define DROPBEAR_INCLUDES_H_
 
 
-#include "config.h"
 #include "options.h"
 #include "debug.h"
 
@@ -156,7 +155,7 @@ typedef unsigned int u_int32_t;
 typedef u_int32_t uint32_t;
 #endif /* HAVE_UINT32_T */
 
-#ifdef SO_PRIORITY
+#ifdef HAVE_LINUX_PKT_SCHED_H
 #include <linux/types.h>
 #include <linux/pkt_sched.h>
 #endif
@@ -177,4 +176,4 @@ typedef u_int32_t uint32_t;
 # define UNUSED(x) x 
 #endif
 
-#endif /* _INCLUDES_H_ */
+#endif /* DROPBEAR_INCLUDES_H_ */

kex.h

@@ -22,47 +22,47 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _KEX_H_
-#define _KEX_H_
+#ifndef DROPBEAR_KEX_H_
+#define DROPBEAR_KEX_H_
 
 #include "includes.h"
 #include "algo.h"
 #include "signkey.h"
 
-void send_msg_kexinit();
-void recv_msg_kexinit();
-void send_msg_newkeys();
-void recv_msg_newkeys();
-void kexfirstinitialise();
+void send_msg_kexinit(void);
+void recv_msg_kexinit(void);
+void send_msg_newkeys(void);
+void recv_msg_newkeys(void);
+void kexfirstinitialise(void);
 
-struct kex_dh_param *gen_kexdh_param();
+struct kex_dh_param *gen_kexdh_param(void);
 void free_kexdh_param(struct kex_dh_param *param);
 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
 		sign_key *hostkey);
 
-#ifdef DROPBEAR_ECDH
-struct kex_ecdh_param *gen_kexecdh_param();
+#if DROPBEAR_ECDH
+struct kex_ecdh_param *gen_kexecdh_param(void);
 void free_kexecdh_param(struct kex_ecdh_param *param);
 void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 		sign_key *hostkey);
 #endif
 
-#ifdef DROPBEAR_CURVE25519
-struct kex_curve25519_param *gen_kexcurve25519_param();
+#if DROPBEAR_CURVE25519
+struct kex_curve25519_param *gen_kexcurve25519_param(void);
 void free_kexcurve25519_param(struct kex_curve25519_param *param);
-void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them,
+void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *pub_them,
 		sign_key *hostkey);
 #endif
 
 #ifndef DISABLE_ZLIB
-int is_compress_trans();
-int is_compress_recv();
+int is_compress_trans(void);
+int is_compress_recv(void);
 #endif
 
-void recv_msg_kexdh_init(); /* server */
+void recv_msg_kexdh_init(void); /* server */
 
-void send_msg_kexdh_init(); /* client */
-void recv_msg_kexdh_reply(); /* client */
+void send_msg_kexdh_init(void); /* client */
+void recv_msg_kexdh_reply(void); /* client */
 
 struct KEXState {
 
@@ -83,23 +83,18 @@ struct KEXState {
 
 };
 
-#define DH_P_1_LEN 128
-extern const unsigned char dh_p_1[DH_P_1_LEN];
-#define DH_P_14_LEN 256
-extern const unsigned char dh_p_14[DH_P_14_LEN];
-
 struct kex_dh_param {
 	mp_int pub; /* e */
 	mp_int priv; /* x */
 };
 
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 struct kex_ecdh_param {
 	ecc_key key;
 };
 #endif
 
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
 #define CURVE25519_LEN 32
 struct kex_curve25519_param {
 	unsigned char priv[CURVE25519_LEN];
@@ -113,4 +108,4 @@ int curve25519_donna(unsigned char *out, const unsigned char *secret, const unsi
 
 #define MAX_KEXHASHBUF 2000
 
-#endif /* _KEX_H_ */
+#endif /* DROPBEAR_KEX_H_ */

keyimport.c

@@ -36,9 +36,11 @@
 #include "dbutil.h"
 #include "ecc.h"
 
+#if DROPBEAR_ECDSA
 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
+#endif
 
 #define PUT_32BIT(cp, value) do { \
   (cp)[3] = (unsigned char)(value); \
@@ -53,13 +55,15 @@ static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
 	((unsigned long)(unsigned char)(cp)[3]))
 
 static int openssh_encrypted(const char *filename);
-static sign_key *openssh_read(const char *filename, char *passphrase);
+static sign_key *openssh_read(const char *filename, const char *passphrase);
 static int openssh_write(const char *filename, sign_key *key,
-				  char *passphrase);
+				  const char *passphrase);
 
 static int dropbear_write(const char*filename, sign_key * key);
 static sign_key *dropbear_read(const char* filename);
 
+static int toint(unsigned u);
+
 #if 0
 static int sshcom_encrypted(const char *filename, char **comment);
 static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase);
@@ -79,7 +83,7 @@ int import_encrypted(const char* filename, int filetype) {
 	return 0;
 }
 
-sign_key *import_read(const char *filename, char *passphrase, int filetype) {
+sign_key *import_read(const char *filename, const char *passphrase, int filetype) {
 
 	if (filetype == KEYFILE_OPENSSH) {
 		return openssh_read(filename, passphrase);
@@ -93,7 +97,7 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype) {
 	return NULL;
 }
 
-int import_write(const char *filename, sign_key *key, char *passphrase,
+int import_write(const char *filename, sign_key *key, const char *passphrase,
 		int filetype) {
 
 	if (filetype == KEYFILE_OPENSSH) {
@@ -190,17 +194,17 @@ out:
 						 )
 
 /* cpl has to be less than 100 */
-static void base64_encode_fp(FILE * fp, unsigned char *data,
+static void base64_encode_fp(FILE * fp, const unsigned char *data,
 		int datalen, int cpl)
 {
-    char out[100];
-    int n;
+	unsigned char out[100];
+	int n;
 	unsigned long outlen;
 	int rawcpl;
 	rawcpl = cpl * 3 / 4;
 	dropbear_assert((unsigned int)cpl < sizeof(out));
 
-    while (datalen > 0) {
+	while (datalen > 0) {
 		n = (datalen < rawcpl ? datalen : rawcpl);
 		outlen = sizeof(out);
 		base64_encode(data, n, out, &outlen);
@@ -208,7 +212,7 @@ static void base64_encode_fp(FILE * fp, unsigned char *data,
 		datalen -= n;
 		fwrite(out, 1, outlen, fp);
 		fputc('\n', fp);
-    }
+	}
 }
 /*
  * Read an ASN.1/BER identifier and length pair.
@@ -241,12 +245,11 @@ static int ber_read_id_len(void *source, int sourcelen,
 	if ((*p & 0x1F) == 0x1F) {
 		*id = 0;
 		while (*p & 0x80) {
-			*id = (*id << 7) | (*p & 0x7F);
 			p++, sourcelen--;
 			if (sourcelen == 0)
 				return -1;
+			*id = (*id << 7) | (*p & 0x7F);
 		}
-		*id = (*id << 7) | (*p & 0x7F);
 		p++, sourcelen--;
 	} else {
 		*id = *p & 0x1F;
@@ -257,19 +260,26 @@ static int ber_read_id_len(void *source, int sourcelen,
 		return -1;
 
 	if (*p & 0x80) {
+		unsigned len;
 		int n = *p & 0x7F;
 		p++, sourcelen--;
 		if (sourcelen < n)
 			return -1;
-		*length = 0;
+		len = 0;
 		while (n--)
-			*length = (*length << 8) | (*p++);
+			len = (len << 8) | (*p++);
 		sourcelen -= n;
+		*length = toint(len);
 	} else {
 		*length = *p;
 		p++, sourcelen--;
 	}
 
+	if (*length < 0) {
+		printf("Negative ASN.1 length\n");
+		return -1;
+	}
+
 	return p - (unsigned char *) source;
 }
 
@@ -445,7 +455,7 @@ static struct openssh_key *load_openssh_key(const char *filename)
 						ret->keyblob_size);
 			}
 			outlen = ret->keyblob_size - ret->keyblob_len;
-			if (base64_decode(buffer, len, 
+			if (base64_decode((const unsigned char *)buffer, len,
 						ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){
 				errmsg = "Error decoding base64";
 				goto error;
@@ -464,17 +474,16 @@ static struct openssh_key *load_openssh_key(const char *filename)
 		goto error;
 	}
 
-	memset(buffer, 0, sizeof(buffer));
+	m_burn(buffer, sizeof(buffer));
 	return ret;
 
-	error:
-	memset(buffer, 0, sizeof(buffer));
+error:
+	m_burn(buffer, sizeof(buffer));
 	if (ret) {
 		if (ret->keyblob) {
-			memset(ret->keyblob, 0, ret->keyblob_size);
+			m_burn(ret->keyblob, ret->keyblob_size);
 			m_free(ret->keyblob);
 		}
-		memset(&ret, 0, sizeof(ret));
 		m_free(ret);
 	}
 	if (fp) {
@@ -494,14 +503,13 @@ static int openssh_encrypted(const char *filename)
 	if (!key)
 		return 0;
 	ret = key->encrypted;
-	memset(key->keyblob, 0, key->keyblob_size);
+	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
-	memset(&key, 0, sizeof(key));
 	m_free(key);
 	return ret;
 }
 
-static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
+static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase))
 {
 	struct openssh_key *key;
 	unsigned char *p;
@@ -509,7 +517,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 	int i, num_integers = 0;
 	sign_key *retval = NULL;
 	char *errmsg;
-	char *modptr = NULL;
+	unsigned char *modptr = NULL;
 	int modlen = -9999;
 	enum signkey_type type;
 
@@ -584,8 +592,9 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 	/* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
 	ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
 	p += ret;
-	if (ret < 0 || id != 16) {
-		errmsg = "ASN.1 decoding failure - wrong password?";
+	if (ret < 0 || id != 16 || len < 0 ||
+		key->keyblob+key->keyblob_len-p < len) {
+				errmsg = "ASN.1 decoding failure";
 		goto error;
 	}
 
@@ -602,19 +611,24 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 	 */
 	blobbuf = buf_new(3000);
 
+#if DROPBEAR_DSS
 	if (key->type == OSSH_DSA) {
 		buf_putstring(blobbuf, "ssh-dss", 7);
 		retkey->type = DROPBEAR_SIGNKEY_DSS;
-	} else if (key->type == OSSH_RSA) {
+	} 
+#endif
+#if DROPBEAR_RSA
+	if (key->type == OSSH_RSA) {
 		buf_putstring(blobbuf, "ssh-rsa", 7);
 		retkey->type = DROPBEAR_SIGNKEY_RSA;
 	}
+#endif
 
 	for (i = 0; i < num_integers; i++) {
 		ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
 							  &id, &len, &flags);
 		p += ret;
-		if (ret < 0 || id != 2 ||
+		if (ret < 0 || id != 2 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
@@ -622,7 +636,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 
 		if (i == 0) {
 			/* First integer is a version indicator */
-			int expected;
+			int expected = -1;
 			switch (key->type) {
 				case OSSH_RSA:
 				case OSSH_DSA:
@@ -643,12 +657,12 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 			 */
 			if (i == 1) {
 				/* Save the details for after we deal with number 2. */
-				modptr = (char *)p;
+				modptr = p;
 				modlen = len;
 			} else if (i >= 2 && i <= 5) {
-				buf_putstring(blobbuf, p, len);
+				buf_putstring(blobbuf, (const char*)p, len);
 				if (i == 2) {
-					buf_putstring(blobbuf, modptr, modlen);
+					buf_putstring(blobbuf, (const char*)modptr, modlen);
 				}
 			}
 		} else if (key->type == OSSH_DSA) {
@@ -656,14 +670,14 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 			 * OpenSSH key order is p, q, g, y, x,
 			 * we want the same.
 			 */
-			buf_putstring(blobbuf, p, len);
+			buf_putstring(blobbuf, (const char*)p, len);
 		}
 
 		/* Skip past the number. */
 		p += len;
 	}
 
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 	if (key->type == OSSH_EC) {
 		unsigned char* private_key_bytes = NULL;
 		int private_key_len = 0;
@@ -680,7 +694,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 							  &id, &len, &flags);
 		p += ret;
 		/* id==4 for octet string */
-		if (ret < 0 || id != 4 ||
+		if (ret < 0 || id != 4 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
@@ -694,7 +708,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 							  &id, &len, &flags);
 		p += ret;
 		/* id==0 */
-		if (ret < 0 || id != 0) {
+		if (ret < 0 || id != 0 || len < 0) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
 		}
@@ -703,28 +717,28 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 							  &id, &len, &flags);
 		p += ret;
 		/* id==6 for object */
-		if (ret < 0 || id != 6 ||
+		if (ret < 0 || id != 6 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
 		}
 
 		if (0) {}
-#ifdef DROPBEAR_ECC_256
+#if DROPBEAR_ECC_256
 		else if (len == sizeof(OID_SEC256R1_BLOB) 
 			&& memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
 			retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
 			curve = &ecc_curve_nistp256;
 		} 
 #endif
-#ifdef DROPBEAR_ECC_384
+#if DROPBEAR_ECC_384
 		else if (len == sizeof(OID_SEC384R1_BLOB)
 			&& memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
 			retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
 			curve = &ecc_curve_nistp384;
 		} 
 #endif
-#ifdef DROPBEAR_ECC_521
+#if DROPBEAR_ECC_521
 		else if (len == sizeof(OID_SEC521R1_BLOB)
 			&& memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
 			retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
@@ -742,7 +756,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 							  &id, &len, &flags);
 		p += ret;
 		/* id==1 */
-		if (ret < 0 || id != 1) {
+		if (ret < 0 || id != 1 || len < 0) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
 		}
@@ -751,7 +765,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 							  &id, &len, &flags);
 		p += ret;
 		/* id==3 for bit string */
-		if (ret < 0 || id != 3 ||
+		if (ret < 0 || id != 3 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
@@ -805,7 +819,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 	}
 	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
-	m_burn(key, sizeof(key));
+	m_burn(key, sizeof(*key));
 	m_free(key);
 	if (errmsg) {
 		fprintf(stderr, "Error: %s\n", errmsg);
@@ -814,24 +828,31 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 }
 
 static int openssh_write(const char *filename, sign_key *key,
-				  char *passphrase)
+				  const char *passphrase)
 {
 	buffer * keyblob = NULL;
 	buffer * extrablob = NULL; /* used for calculated values to write */
 	unsigned char *outblob = NULL;
 	int outlen = -9999;
 	struct mpint_pos numbers[9];
-	int nnumbers = -1, pos, len, seqlen, i;
+	int nnumbers = -1, pos = 0, len = 0, seqlen, i;
 	char *header = NULL, *footer = NULL;
 	char zero[1];
 	int ret = 0;
 	FILE *fp;
 
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
 	mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
 #endif
 
-	if (key->type == DROPBEAR_SIGNKEY_RSA || key->type == DROPBEAR_SIGNKEY_DSS)
+	if (
+#if DROPBEAR_RSA
+			key->type == DROPBEAR_SIGNKEY_RSA ||
+#endif
+#if DROPBEAR_DSS
+			key->type == DROPBEAR_SIGNKEY_DSS ||
+#endif
+			0)
 	{
 		/*
 		 * Fetch the key blobs.
@@ -849,7 +870,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		 */
 		numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
 
-	#ifdef DROPBEAR_RSA
+	#if DROPBEAR_RSA
 		if (key->type == DROPBEAR_SIGNKEY_RSA) {
 
 			if (key->rsakey->p == NULL || key->rsakey->q == NULL) {
@@ -945,7 +966,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		}
 	#endif /* DROPBEAR_RSA */
 
-	#ifdef DROPBEAR_DSS
+	#if DROPBEAR_DSS
 		if (key->type == DROPBEAR_SIGNKEY_DSS) {
 
 			/* p */
@@ -1014,7 +1035,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		}
 	} /* end RSA and DSS handling */
 
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
 	if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
 		|| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
 		|| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
@@ -1033,7 +1054,8 @@ static int openssh_write(const char *filename, sign_key *key,
 		int curve_oid_len = 0;
 		const void* curve_oid = NULL;
 		unsigned long pubkey_size = 2*curve_size+1;
-		unsigned int k_size;
+		int k_size;
+		int err = 0;
 
 		/* version. less than 10 bytes */
 		buf_incrwritepos(seq_buf,
@@ -1045,7 +1067,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		dropbear_assert(k_size <= curve_size);
 		buf_incrwritepos(seq_buf,
 			ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
-	    mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
+		mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
 		buf_incrwritepos(seq_buf, k_size);
 
 		/* SECGCurveNames */
@@ -1079,7 +1101,7 @@ static int openssh_write(const char *filename, sign_key *key,
 		buf_incrwritepos(seq_buf,
 			ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
 		buf_putbyte(seq_buf, 0);
-		int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
+		err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
 		if (err != CRYPT_OK) {
 			dropbear_exit("ECC error");
 		}
@@ -1368,7 +1390,7 @@ static struct sshcom_key *load_sshcom_key(const char *filename)
 			memset(ret->keyblob, 0, ret->keyblob_size);
 			m_free(ret->keyblob);
 		}
-		memset(&ret, 0, sizeof(ret));
+		memset(ret, 0, sizeof(*ret));
 		m_free(ret);
 	}
 	return NULL;
@@ -1396,11 +1418,12 @@ int sshcom_encrypted(const char *filename, char **comment)
 	pos = 8;
 	if (key->keyblob_len < pos+4)
 		goto done;					 /* key is far too short */
-	pos += 4 + GET_32BIT(key->keyblob + pos);   /* skip key type */
-	if (key->keyblob_len < pos+4)
+	len = toint(GET_32BIT(key->keyblob + pos));
+	if (len < 0 || len > key->keyblob_len - pos - 4)
 		goto done;					 /* key is far too short */
-	len = GET_32BIT(key->keyblob + pos);   /* find cipher-type length */
-	if (key->keyblob_len < pos+4+len)
+	pos += 4 + len;                    /* skip key type */
+	len = toint(GET_32BIT(key->keyblob + pos)); /* find cipher-type length */
+	if (len < 0 || len > key->keyblob_len - pos - 4)
 		goto done;					 /* cipher type string is incomplete */
 	if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4))
 		answer = 1;
@@ -1409,15 +1432,14 @@ int sshcom_encrypted(const char *filename, char **comment)
 	*comment = dupstr(key->comment);
 	memset(key->keyblob, 0, key->keyblob_size);
 	m_free(key->keyblob);
-	memset(&key, 0, sizeof(key));
+	memset(key, 0, sizeof(*key));
 	m_free(key);
 	return answer;
 }
 
 static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret)
 {
-	int bits;
-	int bytes;
+	unsigned bits, bytes;
 	unsigned char *d = (unsigned char *) data;
 
 	if (len < 4)
@@ -1470,7 +1492,7 @@ sign_key *sshcom_read(const char *filename, char *passphrase)
 	struct ssh2_userkey *ret = NULL, *retkey;
 	const struct ssh_signkey *alg;
 	unsigned char *blob = NULL;
-	int blobsize, publen, privlen;
+	int blobsize = 0, publen, privlen;
 
 	if (!key)
 		return NULL;
@@ -1590,8 +1612,8 @@ sign_key *sshcom_read(const char *filename, char *passphrase)
 	/*
 	 * Strip away the containing string to get to the real meat.
 	 */
-	len = GET_32BIT(ciphertext);
-	if (len > cipherlen-4) {
+	len = toint(GET_32BIT(ciphertext));
+	if (len < 0 || len > cipherlen-4) {
 		errmsg = "containing string was ill-formed";
 		goto error;
 	}
@@ -1658,7 +1680,8 @@ sign_key *sshcom_read(const char *filename, char *passphrase)
 		publen = pos;
 		pos += put_mp(blob+pos, x.start, x.bytes);
 		privlen = pos - publen;
-	}
+	} else
+		return NULL;
 
 	dropbear_assert(privlen > 0);			   /* should have bombed by now if not */
 
@@ -1682,7 +1705,7 @@ sign_key *sshcom_read(const char *filename, char *passphrase)
 	}
 	memset(key->keyblob, 0, key->keyblob_size);
 	m_free(key->keyblob);
-	memset(&key, 0, sizeof(key));
+	memset(key, 0, sizeof(*key));
 	m_free(key);
 	return ret;
 }
@@ -1895,3 +1918,27 @@ int sshcom_write(const char *filename, sign_key *key,
 	return ret;
 }
 #endif /* ssh.com stuff disabled */
+
+/* From PuTTY misc.c */
+static int toint(unsigned u)
+{
+	/*
+	 * Convert an unsigned to an int, without running into the
+	 * undefined behaviour which happens by the strict C standard if
+	 * the value overflows. You'd hope that sensible compilers would
+	 * do the sensible thing in response to a cast, but actually I
+	 * don't trust modern compilers not to do silly things like
+	 * assuming that _obviously_ you wouldn't have caused an overflow
+	 * and so they can elide an 'if (i < 0)' test immediately after
+	 * the cast.
+	 *
+	 * Sensible compilers ought of course to optimise this entire
+	 * function into 'just return the input value'!
+	 */
+	if (u <= (unsigned)INT_MAX)
+		return (int)u;
+	else if (u >= (unsigned)INT_MIN)   /* wrap in cast _to_ unsigned is OK */
+		return INT_MIN + (int)(u - (unsigned)INT_MIN);
+	else
+		return INT_MIN; /* fallback; should never occur on binary machines */
+}

keyimport.h

@@ -22,8 +22,8 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE. */
 
-#ifndef _KEYIMPORT_H_
-#define _KEYIMPORT_H_
+#ifndef DROPBEAR_KEYIMPORT_H_
+#define DROPBEAR_KEYIMPORT_H_
 
 #include "includes.h"
 #include "signkey.h"
@@ -34,9 +34,9 @@ enum {
 	KEYFILE_SSHCOM
 };
 
-int import_write(const char *filename, sign_key *key, char *passphrase,
+int import_write(const char *filename, sign_key *key, const char *passphrase,
 		int filetype);
-sign_key *import_read(const char *filename, char *passphrase, int filetype);
+sign_key *import_read(const char *filename, const char *passphrase, int filetype);
 int import_encrypted(const char* filename, int filetype);
 
-#endif /* _KEYIMPORT_H_ */
+#endif /* DROPBEAR_KEYIMPORT_H_ */

libtomcrypt/.travis.yml

@@ -0,0 +1,135 @@
+dist: trusty
+sudo: required
+
+language: c
+
+addons:
+  apt:
+    sources:
+    - ubuntu-toolchain-r-test
+    - llvm-toolchain-precise-3.8
+    packages:
+    - clang-3.8
+
+install:
+    - sudo apt-get update -qq
+    - sudo apt-get install libtommath-dev
+
+before_script:
+  - gem install coveralls-lcov
+  - curl http://ftp.de.debian.org/debian/pool/main/l/lcov/lcov_1.11.orig.tar.gz | tar xz
+  - export PATH=$PATH:`pwd`/lcov-1.11/bin
+  - curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
+  - sudo apt-get install libtfm-dev=0.13-5
+
+matrix:
+  fast_finish: true
+branches:
+  only:
+    - master
+    - develop
+    - /^release\/.*$/
+
+compiler:
+  - gcc
+  - clang
+script:
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile V=1"        "-DUSE_LTM -DLTM_DESC" "-ltommath"
+  - bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile.shared V=1" "-DUSE_TFM -DTFM_DESC" "-ltfm"
+env:
+  - |
+    BUILDSCRIPT="check_source.sh"
+    BUILDNAME="CHECK_SOURCES"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="scan_build.sh"
+    BUILDNAME="SCAN_BUILD"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="coverage.sh"
+    BUILDNAME="COVERAGE"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="STOCK"
+    BUILDOPTIONS=" "
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="EASY"
+    BUILDOPTIONS="-DLTC_EASY"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="SMALL+NOTABLES"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+SMALL"
+    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL"
+    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC_SMALL_CODE"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST"
+    BUILDOPTIONS="-DLTC_NO_FAST"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_FAST+NOTABLES"
+    BUILDOPTIONS="-DLTC_NO_FAST -DLTC_NO_TABLES"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_ASM"
+    BUILDOPTIONS="-DLTC_NO_ASM"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="PTHREAD"
+    BUILDOPTIONS="-DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="run.sh"
+    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+PTHREAD"
+    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_PTHREAD"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOTEST"
+    BUILDOPTIONS="-DLTC_NO_TEST"
+  - |
+    BUILDSCRIPT="testbuild.sh"
+    BUILDNAME="NOFILE"
+    BUILDOPTIONS="-DLTC_NO_FILE"
+
+after_failure:
+  - cat test_std.txt
+  - cat test_err.txt
+  - cat tv.txt
+
+after_script:
+  - cat gcc_1.txt
+  - cat gcc_2.txt
+
+notifications:
+  irc: "chat.freenode.net#libtom-notifications"

libtomcrypt/Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.16
+PROJECT_NUMBER         = 1.17
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

libtomcrypt/LICENSE

@@ -1,5 +1,29 @@
+LibTomCrypt is licensed under DUAL licensing terms.
+
+Choose and use the license of your needs.
+
+[LICENSE #1]
+
 LibTomCrypt is public domain.  As should all quality software be.
 
 Tom St Denis
 
+[/LICENSE #1]
 
+[LICENSE #2]
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO. 
+
+[/LICENSE #2]

libtomcrypt/Makefile.in

@@ -1,155 +1,134 @@
-# MAKEFILE for linux GCC
+# MAKEFILE that is intended to be compatible with any kind of make (GNU make, BSD make, ...)
+# works on: Linux, *BSD, Cygwin, AIX, HP-UX and hopefully other UNIX systems
 #
-# Tom St Denis
-# Modified by Clay Culver
+# Please do not use here neither any special make syntax nor any unusual tools/utilities!
+#
+# BEWARE: variables OBJECTS, TOBJECTS, HEADERS, VERSION are updated via ./updatemakes.sh
 
-# The version
-VERSION=1.16
+### USAGE:
+#
+# make -f makefile.unix all
+# ./test
+# make -f makefile.unix install
+#
+#Or:
+#
+# make -f makefile.unix CFLAGS="-O3 -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+# ./test
+# make -f makefile.unix PREFIX=/opt/libtom install
+#
+#Or if you are using Intel C compiler you might need something like:
+#
+# make -f makefile.unix CC=icc AR=xiar CFLAGS="-fast -DUSE_LTM -DLTM_DESC -I/path/to/libtommath" EXTRALIBS=/path/to/libtommath/libtommath.a all
+#
 
+# Dropbear can build out of tree
 VPATH=@srcdir@
 srcdir=@srcdir@
 
-# Compiler and Linker Names
-#CC=gcc
-#LD=ld
+#The following can be overridden from command line e.g. "make -f makefile.unix CC=gcc ARFLAGS=rcs"
+DESTDIR   =
+PREFIX    = /usr/local
+LIBPATH   = $(PREFIX)/lib
+INCPATH   = $(PREFIX)/include
+DATAPATH  = $(PREFIX)/share/doc/libtomcrypt/pdf
+BINPATH   = $(PREFIX)/bin
+# Dropbear passes paths from parent makefile
+#CC        = cc
+#AR        = ar
+ARFLAGS   = r
+#RANLIB    = ranlib
+#CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
+EXTRALIBS = ../libtommath/libtommath.a
 
-# Archiver [makes .a files]
-#AR=ar
-#ARFLAGS=r
+#Compilation flags
+LTC_CFLAGS  = -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../ -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/ $(CFLAGS)
+LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
+VERSION=1.18.1
 
-# Compilation flags. Note the += does not write over the user's CFLAGS!
-# The rest of the flags come from the parent Dropbear makefile
-CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ -DLTC_SOURCE -I$(srcdir)/../libtommath/
+#Libraries to be created (this makefile builds only static libraries)
+LIBMAIN_S =libtomcrypt.a
 
-# additional warnings (newer GCC 3.4 and higher)
-ifdef GCC_34
-CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
-		  -Wmissing-declarations -Wpointer-arith 
-endif
-
-ifndef IGNORE_SPEED
-
-# optimize for SPEED
-#CFLAGS += -O3 -funroll-loops
-
-# add -fomit-frame-pointer.  hinders debugging!
-#CFLAGS += -fomit-frame-pointer
-
-# optimize for SIZE
-#CFLAGS += -Os -DLTC_SMALL_CODE
-
-endif
-
-# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
-# define this to help
-#CFLAGS += -DLTC_NO_ROLC
-
-# compile for DEBUGING (required for ccmalloc checking!!!)
-#CFLAGS += -g3 -DLTC_NO_ASM
-
-#Output filenames for various targets.
-ifndef LIBNAME
-   LIBNAME=libtomcrypt.a
-endif
-ifndef LIBTEST
-   LIBTEST=libtomcrypt_prof.a
-endif
-LIBTEST_S=$(LIBTEST)
-
-HASH=hashsum
-CRYPT=encrypt
-SMALL=small
-PROF=x86_prof
-TV=tv_gen
-MULTI=multi
-TIMING=timing
-TEST=test
-
-#LIBPATH-The directory for libtomcrypt to be installed to.
-#INCPATH-The directory to install the header files for libtomcrypt.
-#DATAPATH-The directory to install the pdf docs.
-ifndef DESTDIR
-   DESTDIR=
-endif
-
-ifndef LIBPATH
-   LIBPATH=/usr/lib
-endif
-ifndef INCPATH
-   INCPATH=/usr/include
-endif
-ifndef DATAPATH
-   DATAPATH=/usr/share/doc/libtomcrypt/pdf
-endif
-
-#Who do we install as?
-ifdef INSTALL_USER
-USER=$(INSTALL_USER)
-else
-USER=root
-endif
-
-ifdef INSTALL_GROUP
-GROUP=$(INSTALL_GROUP)
-else
-GROUP=wheel
-endif
-
-#List of objects to compile.
-#START_INS
-OBJECTS=src/ciphers/aes/aes_enc.o src/ciphers/aes/aes.o src/ciphers/anubis.o src/ciphers/blowfish.o \
-src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o src/ciphers/kseed.o \
-src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
-src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
-src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
-src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
-src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
-src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
-src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
-src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+#List of objects to compile (all goes to libtomcrypt.a)
+OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
+src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
+src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
+src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_add_aad.o \
+src/encauth/ccm/ccm_add_nonce.o src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_init.o \
+src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_test.o src/encauth/chachapoly/chacha20poly1305_add_aad.o \
+src/encauth/chachapoly/chacha20poly1305_decrypt.o src/encauth/chachapoly/chacha20poly1305_done.o \
+src/encauth/chachapoly/chacha20poly1305_encrypt.o src/encauth/chachapoly/chacha20poly1305_init.o \
+src/encauth/chachapoly/chacha20poly1305_memory.o src/encauth/chachapoly/chacha20poly1305_setiv.o \
+src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.o \
+src/encauth/chachapoly/chacha20poly1305_test.o src/encauth/eax/eax_addheader.o \
+src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
+src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
+src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
+src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
-src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
-src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o \
-src/hashes/sha1.o src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/f9/f9_done.o src/mac/f9/f9_file.o src/mac/f9/f9_init.o \
-src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o src/mac/f9/f9_process.o src/mac/f9/f9_test.o \
-src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
-src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
-src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
-src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
+src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
+src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
+src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
+src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
+src/hashes/sha2/sha224.o src/hashes/sha2/sha256.o src/hashes/sha2/sha384.o src/hashes/sha2/sha512.o \
+src/hashes/sha2/sha512_224.o src/hashes/sha2/sha512_256.o src/hashes/sha3.o src/hashes/sha3_test.o \
+src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/blake2/blake2bmac.o \
+src/mac/blake2/blake2bmac_file.o src/mac/blake2/blake2bmac_memory.o \
+src/mac/blake2/blake2bmac_memory_multi.o src/mac/blake2/blake2bmac_test.o src/mac/blake2/blake2smac.o \
+src/mac/blake2/blake2smac_file.o src/mac/blake2/blake2smac_memory.o \
+src/mac/blake2/blake2smac_memory_multi.o src/mac/blake2/blake2smac_test.o src/mac/f9/f9_done.o \
+src/mac/f9/f9_file.o src/mac/f9/f9_init.o src/mac/f9/f9_memory.o src/mac/f9/f9_memory_multi.o \
+src/mac/f9/f9_process.o src/mac/f9/f9_test.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
+src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o src/mac/hmac/hmac_memory_multi.o \
+src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
+src/mac/omac/omac_init.o src/mac/omac/omac_memory.o src/mac/omac/omac_memory_multi.o \
+src/mac/omac/omac_process.o src/mac/omac/omac_test.o src/mac/pelican/pelican.o \
+src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o src/mac/pmac/pmac_done.o \
+src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
 src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
-src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/xcbc/xcbc_done.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/mac/poly1305/poly1305.o \
+src/mac/poly1305/poly1305_file.o src/mac/poly1305/poly1305_memory.o \
+src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/mac/xcbc/xcbc_done.o \
 src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \
 src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \
 src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \
-src/math/rand_prime.o src/math/tfm_desc.o src/misc/base64/base64_decode.o \
-src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
-src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
-src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \
+src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \
+src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
+src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
+src/misc/crypt/crypt_constants.o src/misc/crypt/crypt_find_cipher.o \
 src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
 src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
 src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_hash_oid.o \
 src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_fsa.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_ltc_mp_descriptor.o \
-src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
-src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
-src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
-src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
-src/misc/error_to_string.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
-src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
-src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
-src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
-src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
+src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_inits.o \
+src/misc/crypt/crypt_ltc_mp_descriptor.o src/misc/crypt/crypt_prng_descriptor.o \
+src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_prng_rng_descriptor.o \
+src/misc/crypt/crypt_register_all_ciphers.o src/misc/crypt/crypt_register_all_hashes.o \
+src/misc/crypt/crypt_register_all_prngs.o src/misc/crypt/crypt_register_cipher.o \
+src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_sizes.o \
+src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
+src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \
+src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/pk_get_oid.o src/misc/pkcs5/pkcs_5_1.o \
+src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \
+src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
+src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
+src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \
+src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \
+src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \
+src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
 src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \
 src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \
@@ -157,10 +136,16 @@ src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o src/modes/lrw/lrw_encrypt.o
 src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o src/modes/lrw/lrw_setiv.o \
 src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
 src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/modes/ofb/ofb_start.o src/modes/xts/xts_decrypt.o src/modes/xts/xts_done.o \
+src/modes/xts/xts_encrypt.o src/modes/xts/xts_init.o src/modes/xts/xts_mult_x.o \
+src/modes/xts/xts_test.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_decode_raw_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_raw_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
 src/pk/asn1/der/boolean/der_decode_boolean.o src/pk/asn1/der/boolean/der_encode_boolean.o \
 src/pk/asn1/der/boolean/der_length_boolean.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.o \
+src/pk/asn1/der/generalizedtime/der_length_generalizedtime.o \
 src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
 src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
 src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
@@ -175,22 +160,32 @@ src/pk/asn1/der/printable_string/der_length_printable_string.o \
 src/pk/asn1/der/sequence/der_decode_sequence_ex.o \
 src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \
 src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_decode_subject_public_key_info.o \
 src/pk/asn1/der/sequence/der_encode_sequence_ex.o \
-src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \
-src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/set/der_encode_set.o \
+src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_subject_public_key_info.o \
+src/pk/asn1/der/sequence/der_length_sequence.o src/pk/asn1/der/sequence/der_sequence_free.o \
+src/pk/asn1/der/sequence/der_sequence_shrink.o src/pk/asn1/der/set/der_encode_set.o \
 src/pk/asn1/der/set/der_encode_setof.o src/pk/asn1/der/short_integer/der_decode_short_integer.o \
 src/pk/asn1/der/short_integer/der_encode_short_integer.o \
-src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
-src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
-src/pk/asn1/der/utf8/der_decode_utf8_string.o src/pk/asn1/der/utf8/der_encode_utf8_string.o \
-src/pk/asn1/der/utf8/der_length_utf8_string.o src/pk/dsa/dsa_decrypt_key.o \
-src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
-src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \
-src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \
-src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \
-src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \
-src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \
-src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o \
+src/pk/asn1/der/teletex_string/der_decode_teletex_string.o \
+src/pk/asn1/der/teletex_string/der_length_teletex_string.o \
+src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \
+src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
+src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
+src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \
+src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \
+src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \
+src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \
+src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \
+src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \
+src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \
+src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \
+src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \
 src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \
 src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \
 src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \
@@ -200,164 +195,105 @@ src/pk/katja/katja_make_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mg
 src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \
 src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
-src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \
+src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \
+src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \
 src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o 
+src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
+src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
+src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
+src/stream/sober128/sober128_test.o
 
-HEADERS=src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cipher.h \
-src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
-src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
-src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+#List of test objects to compile (all goes to libtomcrypt_prof.a)
+TOBJECTS=tests/base64_test.o tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o \
+tests/dsa_test.o tests/ecc_test.o tests/file_test.o tests/katja_test.o tests/mac_test.o tests/misc_test.o \
+tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_prng.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/store_test.o tests/test.o
 
-#END_INS
+#The following headers will be installed by "make install"
+HEADERS=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h src/headers/tomcrypt_math.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt_pk.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h
 
-TESTOBJECTS=demos/test.o
-HASHOBJECTS=demos/hashsum.o
-CRYPTOBJECTS=demos/encrypt.o
-SMALLOBJECTS=demos/small.o
-TVS=demos/tv_gen.o
-MULTIS=demos/multi.o
-TIMINGS=demos/timing.o
-TESTS=demos/test.o
+#The default rule for make builds the libtomcrypt.a library (static)
+default: $(LIBMAIN_S)
 
-#Files left over from making the crypt.pdf.
-LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
+#SPECIAL: AES comes in two flavours - enc+dec and enc-only
+src/ciphers/aes/aes_enc.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+	$(CC) $(LTC_CFLAGS) -DENCRYPT_ONLY -c $(srcdir)/src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
-#Compressed filenames
-COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
+#SPECIAL: these are the rules to make certain object files
+src/ciphers/aes/aes.o: $(srcdir)/src/ciphers/aes/aes.c $(srcdir)/src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: $(srcdir)/src/ciphers/twofish/twofish.c $(srcdir)/src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: $(srcdir)/src/hashes/whirl/whirl.c $(srcdir)/src/hashes/whirl/whirltab.c
+src/hashes/sha2/sha512.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha384.c
+src/hashes/sha2/sha512_224.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_224.c
+src/hashes/sha2/sha512_256.o: $(srcdir)/src/hashes/sha2/sha512.c $(srcdir)/src/hashes/sha2/sha512_256.c
+src/hashes/sha2/sha256.o: $(srcdir)/src/hashes/sha2/sha256.c $(srcdir)/src/hashes/sha2/sha224.c
 
-#The default rule for make builds the libtomcrypt library.
-default:library
+#Dependencies on *.h
+$(OBJECTS): $(HEADERS)
+$(TOBJECTS): $(HEADERS) tests/tomcrypt_test.h
 
-#ciphers come in two flavours... enc+dec and enc 
-src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c $< -o src/ciphers/aes/aes_enc.o
+#This is necessary for compatibility with BSD make (namely on OpenBSD)
+.SUFFIXES: .o .c
+.c.o:
+	$(CC) $(LTC_CFLAGS) -c $< -o $@
 
-#These are the rules to make certain object files.
-src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
-src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
-src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
-src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
-
-#This rule makes the libtomcrypt library.
-library: $(LIBNAME)
-
-testprof/$(LIBTEST): 
-	cd testprof ; CFLAGS="$(CFLAGS)" LIBTEST_S=$(LIBTEST_S) $(MAKE) 
-
-$(LIBNAME): $(OBJECTS)
-	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
+#Create libtomcrypt.a
+$(LIBMAIN_S): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
 	$(RANLIB) $@
 
-#This rule makes the hash program included with libtomcrypt
-hashsum: library $(HASHOBJECTS)
-	$(CC) $(HASHOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(HASH) $(WARN)
+#Demo tools/utilities
+hashsum: demos/hashsum.o $(LIBMAIN_S)
+	$(CC) demos/hashsum.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+ltcrypt: demos/ltcrypt.o $(LIBMAIN_S)
+	$(CC) demos/ltcrypt.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+small: demos/small.o $(LIBMAIN_S)
+	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+tv_gen: demos/tv_gen.o $(LIBMAIN_S)
+	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+timing: demos/timing.o $(LIBMAIN_S)
+	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 
-#makes the crypt program
-crypt: library $(CRYPTOBJECTS)
-	$(CC) $(CRYPTOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(CRYPT) $(WARN)
+#Tests
+test: $(TOBJECTS) $(LIBMAIN_S)
+	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+	@echo "NOTICE: start the tests by: ./test"
 
-#makes the small program
-small: library $(SMALLOBJECTS)
-	$(CC) $(SMALLOBJECTS) $(LIBNAME) $(EXTRALIBS) -o $(SMALL) $(WARN)
-	
-tv_gen: library $(TVS)
-	$(CC) $(LDFLAGS) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
+all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen sizes constants timing test
 
-multi: library $(MULTIS)
-	$(CC) $(MULTIS) $(LIBNAME) $(EXTRALIBS) -o $(MULTI)
-
-timing: library testprof/$(LIBTEST) $(TIMINGS)
-	$(CC) $(LDFLAGS) $(TIMINGS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TIMING)
-
-test: library testprof/$(LIBTEST) $(TESTS)
-	$(CC) $(LDFLAGS) $(TESTS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TEST)
-
-#This rule installs the library and the header files. This must be run
-#as root in order to have a high enough permission to write to the correct
-#directories and to set the owner and group to root.
-ifndef NODOCS
-install: library docs
-else
-install: library
-endif
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
-	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
-	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
-ifndef NODOCS
-	install -g $(GROUP) -o $(USER) doc/crypt.pdf $(DESTDIR)$(DATAPATH)
-endif
-
-install_test: testprof/$(LIBTEST)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-	install -g $(GROUP) -o $(USER) testprof/$(LIBTEST) $(DESTDIR)$(LIBPATH)
-
-profile:
-	CFLAGS="$(CFLAGS) -fprofile-generate" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
-	./timing
-	rm -f timing `find . -type f | grep [.][ao] | xargs`
-	CFLAGS="$(CFLAGS) -fprofile-use" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
-
-
-#This rule cleans the source tree of all compiled code, not including the pdf
-#documentation.
+#NOTE: this makefile works also on cygwin, thus we need to delete *.exe
 clean:
-	-rm -f $(OBJECTS)
-	-rm -f libtomcrypt.a
+	-@rm -f $(OBJECTS) $(TOBJECTS)
+	-@rm -f $(LIBMAIN_S)
+	-@rm -f demos/*.o *_tv.txt
+	-@rm -f test constants sizes tv_gen hashsum ltcrypt small timing
+	-@rm -f test.exe constants.exe sizes.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
 
-#build the doxy files (requires Doxygen, tetex and patience)
-doxy:
-	doxygen
-	cd doc/doxygen/latex ; ${MAKE} ; mv -f refman.pdf ../../.
-	echo The huge doxygen PDF should be available as doc/refman.pdf
-	
-#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
-#from the clean command! This is because most people would like to keep the
-#nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to
-#delete it if we are rebuilding it.
-docs: crypt.tex
-	rm -f doc/crypt.pdf $(LEFTOVERS)
-	echo "hello" > crypt.ind
-	latex crypt > /dev/null
-	latex crypt > /dev/null
-	makeindex crypt.idx > /dev/null
-	perl fixupind.pl
-	latex crypt > /dev/null
-	dvipdf crypt
-	mv -ivf crypt.pdf doc/crypt.pdf
-	rm -f $(LEFTOVERS)
+#Install the library + headers
+install: $(LIBMAIN_S) $(HEADERS)
+	@mkdir -p $(DESTDIR)$(INCPATH) $(DESTDIR)$(LIBPATH)/pkgconfig
+	@cp $(LIBMAIN_S) $(DESTDIR)$(LIBPATH)/
+	@cp $(HEADERS) $(DESTDIR)$(INCPATH)/
+	@sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION),' libtomcrypt.pc.in > $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
 
-docdvi: crypt.tex
-	echo hello > crypt.ind
-	latex crypt > /dev/null
-	latex crypt > /dev/null
-	makeindex crypt.idx
-	perl fixupind.pl
-	latex crypt > /dev/null
-	latex crypt > /dev/null
+#Install useful tools
+install_bins: hashsum
+	@mkdir -p $(DESTDIR)$(BINPATH)
+	@cp hashsum $(DESTDIR)$(BINPATH)/
 
-#zipup the project (take that!)
-no_oops: clean
-	cd .. ; cvs commit 
-	echo Scanning for scratch/dirty files
-	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
-
-zipup: no_oops docs
-	cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
-	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
-	cd libtomcrypt-$(VERSION) ; rm -rf `find . -type d | grep CVS | xargs` ; cd .. ; \
-	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION) ; \
-	zip -9r crypt-$(VERSION).zip libtomcrypt-$(VERSION) ; \
-	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip ; \
-	mv -fv crypt* ~ ; rm -rf libtomcrypt-$(VERSION)
-
-
-# $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.145 $ 
-# $Date: 2006/12/02 19:23:21 $ 
+#Install documentation
+install_docs: doc/crypt.pdf
+	@mkdir -p $(DESTDIR)$(DATAPATH)
+	@cp doc/crypt.pdf $(DESTDIR)$(DATAPATH)/

libtomcrypt/TODO

@@ -1,11 +1,3 @@
-stopped at ch12
--- needs examples for ecc/dsa!!! (and for asn.1)
-
-must have for v1.16
-- document PK build flags
-- document makefile flags [INSTALL_* for instance]
-- prepare manual for printing (both soft and hard cover)
-
-Nice to have [in order of precedence]
-- add X9.63 IES
-- add CPP macros like OpenSSL has for ASN1 (e.g. encode/decode functions, etc) shameless ripoff :-)
+for 1.18
+- document new ECC functions
+- add test for new functions

libtomcrypt/build.sh

@@ -1,20 +1,59 @@
 #!/bin/bash
 echo "$1 ($2, $3)..."
+
 make clean 1>/dev/null 2>/dev/null
+
 echo -n "building..."
-CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j4 -f $3 test tv_gen 1>gcc_1.txt 2>gcc_2.txt || (echo "build $1 failed see gcc_2.txt for more information" && cat gcc_2.txt && exit 1)
+
+if [ -f /proc/cpuinfo ]
+then
+  MAKE_JOBS=$(( ($(cat /proc/cpuinfo | grep -E '^processor[[:space:]]*:' | tail -n -1 | cut -d':' -f2) + 1) * 2 + 1 ))
+else
+  MAKE_JOBS=8
+fi
+
+CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j$MAKE_JOBS -f $3 all_test 1>gcc_1.txt 2>gcc_2.txt
+mret=$?
+cnt=$(wc -l < gcc_2.txt)
+# ignore 1 line since ar prints to stderr instead of stdout and ar is called for
+# $(LIBNAME)
+if [[ $mret -ne 0 ]] || [[ $cnt -gt 1 ]]; then
+   echo "build $1 failed! printing gcc_2.txt now for convenience"
+   cat gcc_2.txt
+   exit 1
+fi
+
 echo -n "testing..."
+
 if [ -a test ] && [ -f test ] && [ -x test ]; then
-   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed" && cat test_err.txt && exit 1)
+   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
    if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
-      for f in *_tv.txt; do if (diff --ignore-case $f notes/$f) then true; else (echo "tv_gen $f failed" && rm -f testok.txt && exit 1); fi; done
+      for f in *_tv.txt; do
+         # check for lines starting with '<' ($f might be a subset of notes/$f)
+         difftroubles=$(diff -i -w -B $f notes/$f | grep '^<')
+         if [ -n "$difftroubles" ]; then
+            echo "FAILURE: $f"
+            diff -i -w -B $f notes/$f
+            echo "tv_gen $f failed" && rm -f testok.txt && exit 1
+         else
+            true
+         fi
+      done
    fi
 fi
+
+
 if [ -a testok.txt ] && [ -f testok.txt ]; then
+   if [ "$LTC_COVERAGE" != "" ]; then
+      ./coverage_more.sh > test_coverage_more.txt || exit 1
+      lcov_opts="--capture --no-external --directory src -q"
+      lcov_out=$(echo coverage_$1_$2_$3 | tr ' -=+' '_')".info"
+      lcov $lcov_opts --output-file $lcov_out
+   fi
    exit 0
 fi
 exit 1
 
-# $Source: /cvs/libtom/libtomcrypt/build.sh,v $   
-# $Revision: 1.9 $   
-# $Date: 2006/03/18 14:10:55 $ 
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/changes

@@ -1,3 +1,82 @@
+January 22nd, 2018
+v1.18.1
+      -- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
+      -- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
+      -- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
+      -- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
+      -- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
+      -- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
+      -- Fix some DER bugs (PR #339)
+      -- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
+      -- Fix installation procedure (Issue #340)
+
+October 10th, 2017
+v1.18.0
+      -- Bugfix multi2
+      -- Bugfix Noekeon
+      -- Bugfix XTEA
+      -- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
+      -- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
+      -- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
+      -- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
+         thanks to Raphaël Jamet
+      -- Implement hardened RSA operations when CRT is used
+      -- Enabled timing resistant calculations of ECC and RSA operations per default
+      -- Applied some patches from the OLPC project regarding PKCS#1 and preventing
+         the hash algorithms from overflowing
+      -- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
+         from a dynamic language like Python, as shown in his pyTomCrypt
+      -- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
+         in OpenSSL/GnuTLS compatible format
+      -- Patrick Pelletier contributed a smart volley of patches
+      -- Christopher Brown contributed some patches and additions to ASN.1/DER
+      -- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
+         XTS mode and RSA private key operations with keys without CRT parameters
+      -- RC2 now also works with smaller key-sizes
+      -- Improved/extended several tests & demos
+      -- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
+         against Google's "Wycheproof" and Kudelski Security's "CDF"
+      -- Fixed all compiler warnings
+      -- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
+         Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
+      -- Re-worked all makefiles
+      -- Re-worked most PRNG's
+      -- The code is now verified by a linter, thanks to Francois Perrad
+      -- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
+      -- Add Adler32 and CRC32 checksum algorithms
+      -- Add Base64-URL de-/encoding and some strict variants
+      -- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
+      -- Add Camellia block cipher
+      -- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
+      -- Add constant-time mem-compare mem_neq()
+      -- Add DER GeneralizedTime de-/encoding
+      -- Add DSA and ECC key generation FIPS-186-4 compliance
+      -- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
+      -- Add OCBv3
+      -- Add PKCS#1 v1.5 mode of SSL3.0
+      -- Add PKCS#1 testvectors from RSA
+      -- Add PKCS#8 & X.509 import for RSA keys
+      -- Add stream cipher API
+      -- Add SHA3 & SHAKE
+      -- Add SHA512/256 and SHA512/224
+      -- Add Triple-DES 2-key mode, thanks to Paul Howarth
+      -- Brought back Diffie-Hellman
+
+May 12th, 2007
+v1.17 -- Cryptography Research Inc. contributed another small volley of patches, one to fix __WCHAR_DEFINED__ for BSD platforms, 
+         another to silence MSVC warnings.
+      -- Added LTC_XCBC_PURE to XCBC mode which lets you use it in three-key mode. 
+      -- [CRI] Added libtomcrypt.dsp for Visual C++ users.
+      -- [CRI] Added more functions for manipulating the ECC fixed point cache (including saving and loading)
+      -- [CRI] Modified ecc_make_key() to always produce keys smaller than base point order, for standards-compliance
+      -- Elliptic Semiconductor contributed XTS chaining mode to the cipher suite (subsequently optimized it)
+      -- Fixed xcbc_init() keylen when using single key mode.
+      -- Bruce Fortune pointed out a typo in the hmac_process() description in the manual.  Fixed.
+      -- Added variable width counter support to CTR mode
+      -- Fixed CMAC (aka OMAC) when using 64-bit block ciphers and LTC_FAST ... my bad.
+      -- Fixed bug in ecc_is_valid() that would basically always return true
+      -- renamed a lot of macros to add the LTC_ prefix [e.g. RIJNDAEL => LTC_RIJNDAEL]
+
 December 16th, 2006
 v1.16 -- Brian Gladman pointed out that a recent change to GCM broke how the IV was handled.  Currently the code complies against his test vectors
          so the code should be considered frozen now.
@@ -1551,6 +1630,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.274 $ */
-/* $Date: 2006/12/16 19:08:17 $ */
+/* $Revision: 1.288 $ */
+/* $Date: 2007/05/12 14:37:41 $ */
 

libtomcrypt/check_source.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# output version
+bash printinfo.sh
+
+make clean > /dev/null
+
+echo "checking..."
+./helper.pl --check-source --check-makefiles --check-defines|| exit 1
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -e
+
+if [ "$TRAVIS_CI" == "private" ]; then
+    exit 0
+fi
+
+if [ "$#" != "5" ]; then
+    echo "Usage is: ${0} \"coverage\" \"<prepend CFLAGS>\" \"<makefile>\" \"<append CFLAGS>\" <math library to link to>"
+    echo "CC=gcc ${0} \"coverage\" \" \" \"makefile\" \"-DUSE_LTM -DLTM_DESC -I../libtommath\" ../libtommath/libtommath.a"
+    exit -1
+fi
+
+if [ -z "$(echo $CC | grep "gcc")" ]; then
+    echo "no gcc detected, early exit success"
+    exit 0
+fi
+
+if [ "$(echo $3 | grep -v 'makefile[.]')" == "" ]; then
+    echo "only run $0 for the regular makefile, early exit success"
+    exit 0
+fi
+
+# output version
+bash printinfo.sh
+
+bash build.sh " $1" " $2" " $3 COVERAGE=1" "$4" "$5"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+   echo
+   echo "Test failed"
+   exit 1
+fi
+
+./coverage_more.sh > test_coverage_more.txt || { rm -f testok.txt && exit 1 ; }
+
+make lcov-single
+# if this was executed as './coverage.sh ...' create coverage locally
+if [[ "${0%% *}" == "./${0##*/}" ]]; then
+   make lcov-html
+else
+   coveralls-lcov coverage.info
+fi
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverage_more.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+./sizes
+./constants
+
+for i in $(for j in $(echo $(./hashsum -h | awk '/Algorithms/,EOF' | tail -n +2)); do echo $j; done | sort); do echo -n "$i: " && ./hashsum -a $i tests/test.key ; done > hashsum_tv.txt
+difftroubles=$(diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt | grep '^<') || true
+if [ -n "$difftroubles" ]; then
+  echo "FAILURE: hashsum_tv.tx"
+  diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt
+  echo "hashsum failed"
+  exit 1
+else
+  echo "hashsum okay"
+fi
+
+
+exit 0
+
+# ref:         $Format:%D$
+# git commit:  $Format:%H$
+# commit time: $Format:%ai$

libtomcrypt/coverity.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+if [ $# -lt 2 ]
+then
+  echo "usage is: ${0##*/} <path to coverity scan> <extra compiler options>"
+  echo "e.g. \"${0##*/} \"/usr/local/bin/coverity\" \"-DLTM_DESC -I/path/to/libtommath/\"\""
+  exit -1
+fi
+
+PATH=$PATH:$1/bin
+
+make clean
+rm -r cov-int/
+
+myCflags=""
+myCflags="$myCflags -O2 ${2}"
+myCflags="$myCflags -pipe -Werror -Wpointer-arith -Winit-self -Wextra -Wall -Wformat -Wformat-security"
+
+CFLAGS="$myCflags" cov-build --dir cov-int  make -f makefile.unix $MAKE_OPTS IGNORE_SPEED=1 1>gcc_1.txt
+
+if [ $? -ne 0 ]
+then
+  echo "make failed"
+  exit -1
+fi
+
+# zipup everything
+tar caf libtomcrypt.lzma cov-int
+
+mytoken=$(cat .coverity_token)
+mymail=$(cat .coverity_mail)
+myversion=$(git describe --dirty)
+
+curl -k --form project=libtomcrypt \
+  --form token=${mytoken} \
+  --form email=${mymail} \
+  --form file=@libtomcrypt.lzma \
+  --form version=\"${myversion}\" \
+  --form description="\"libtomcrypt version ${myversion}\"" \
+  https://scan.coverity.com/builds?project=libtom%2Flibtomcrypt

libtomcrypt/crypt.lof

@@ -6,19 +6,19 @@
 \contentsline {figure}{\numberline {3.1}{\ignorespaces Built--In Software Ciphers}}{19}{figure.3.1}
 \contentsline {figure}{\numberline {3.2}{\ignorespaces Twofish Build Options}}{21}{figure.3.2}
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {4.1}{\ignorespaces Built--In Software Hashes}}{57}{figure.4.1}
+\contentsline {figure}{\numberline {4.1}{\ignorespaces Built--In Software Hashes}}{59}{figure.4.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {6.1}{\ignorespaces List of Provided PRNGs}}{82}{figure.6.1}
+\contentsline {figure}{\numberline {6.1}{\ignorespaces List of Provided PRNGs}}{84}{figure.6.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {9.1}{\ignorespaces DSA Key Sizes}}{119}{figure.9.1}
+\contentsline {figure}{\numberline {9.1}{\ignorespaces DSA Key Sizes}}{121}{figure.9.1}
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {10.1}{\ignorespaces List of ASN.1 Supported Types}}{127}{figure.10.1}
+\contentsline {figure}{\numberline {10.1}{\ignorespaces List of ASN.1 Supported Types}}{129}{figure.10.1}
 \addvspace {10\p@ }
 \addvspace {10\p@ }
-\contentsline {figure}{\numberline {12.1}{\ignorespaces RSA/DH Key Strength}}{149}{figure.12.1}
-\contentsline {figure}{\numberline {12.2}{\ignorespaces ECC Key Strength}}{149}{figure.12.2}
+\contentsline {figure}{\numberline {12.1}{\ignorespaces RSA/DH Key Strength}}{151}{figure.12.1}
+\contentsline {figure}{\numberline {12.2}{\ignorespaces ECC Key Strength}}{151}{figure.12.2}
 \addvspace {10\p@ }
 \addvspace {10\p@ }

libtomcrypt/demos/constants.c

@@ -0,0 +1,86 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+
+/**
+  @file demo_crypt_constants.c
+
+  Demo how to get various constants to dynamic languages
+  like Python
+
+  Larry Bugbee, February 2013
+*/
+
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific constant name, get and print its value */
+      char name[] = "CTR_COUNTER_BIG_ENDIAN";
+      int value;
+      char *names_list;
+      unsigned int names_list_len;
+
+      if (crypt_get_constant(name, &value) != 0) exit(EXIT_FAILURE);
+      printf("\n  %s is %d \n\n", name, value);
+
+      /* get and print the length of the names (and values) list */
+
+      if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", names_list_len);
+
+      /* get and print the names (and values) list */
+      if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported constants:\n\n%s\n\n", names_list);
+      free(names_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all constants");
+         _print_line("-s name", "List a single constant given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *names_list;
+         unsigned int names_list_len;
+         /* get and print the length of the names (and values) list */
+         if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and values) list */
+         names_list = malloc(names_list_len);
+         if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", names_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         int value;
+         if (crypt_get_constant(argv[2], &value) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], value);
+      }
+   }
+
+   return 0;
+}
+
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/demo_dynamic.py

@@ -0,0 +1,309 @@
+
+
+"""
+    demo_dynamic.py                                    v2b
+
+    This program demonstrates Python's use of the dynamic
+    language support additions to LTC, namely access to LTC
+    constants, struct and union sizes, and the binding of a
+    math package to LTC.  Also provided are simple code
+    fragments to illustrate how one might write a Python
+    wrapper for LTC and how an app might call the wrapper.
+    This or a similar model should work for Ruby and other
+    dynamic languages.
+
+    This instance uses Python's ctypes and requires a single
+    .dylib linking together LTC and a math library.  Building
+    a single .dylib is needed because LTC wants a fairly tight
+    relationship between itself and the mathlib.  (ctypes can
+    load multiple .dylibs, but it does not support this level
+    of tight coupling between otherwise independent libraries.)
+
+    My .dylib was created on OSX/macOS with the following:
+        sudo make -j5 -f makefile.shared                        \
+            CFLAGS="-DUSE_TFM -DTFM_DESC -I/usr/local/include"  \
+            EXTRALIBS=/usr/local/lib/libtfm.a  install
+
+    For python 2.7.12 on Ubuntu Xenial the following worked for
+    me (without MPI support):
+        sudo make -f makefile.shared install PREFIX="/usr"
+
+    Reminder: you don't need to bind in a math library unless
+              you are going to use LTC functions that need a
+              mathlib.  For example, public key crypto requires
+              a mathlib; hashing and symmetric encryption do not.
+
+    ------
+
+    This code was originally written for Python 2.7 with the
+    ctypes standard library.  This version is modified to run
+    under both Python 2.7 and 3.6.
+
+    Arguably the biggest change for Python3 has to do with
+    strings.  Under Python2, native strings are ASCII bytes and
+    passing them to LTC is natural and requires no conversion.
+    Under Python3 all native strings are Unicode which requires
+    they be converted to bytes before use by LTC.
+
+    Note the following for Python3.
+        - ASCII keys, IVs and other string arguments must be
+          'bytes'.  Define them with a 'b' prefix or convert
+          via the 'bytes()' function.
+        - "strings" returned from LTC are bytes and conversion
+          to Unicode might be necessary for proper printing.
+          If so, use <string>.decode('utf-8').
+        - The Python2 'print' statement becomes a function in
+          Python3 which requires parenthesis, eg. 'print()'.
+
+    NB: Unicode is achieved under Python2 by either defining
+        a Unicode string with a 'u' prefix or passing ASCII
+        strings thru the 'unicode()' function.
+
+    Larry Bugbee
+    March 2014      v1
+    August 2017     v2b
+
+"""
+
+
+import sys
+from ctypes import *
+from ctypes.util import find_library
+
+# switches to enable/disable selected output
+SHOW_ALL_CONSTANTS      = True
+SHOW_ALL_SIZES          = True
+SHOW_SELECTED_CONSTANTS = True
+SHOW_SELECTED_SIZES     = True
+SHOW_BUILD_OPTIONS_ALGS = True
+SHOW_SHA256_EXAMPLE     = True
+SHOW_CHACHA_EXAMPLE     = True
+
+print(' ')
+print('  demo_dynamic.py')
+
+def inprint(s, indent=0):
+    "prints strings indented, including multline strings"
+    for line in s.split('\n'):
+        print(' '*indent + line)
+
+#-------------------------------------------------------------------------------
+# load the .dylib
+
+libname = 'tomcrypt'
+libpath = find_library(libname)
+print(' ')
+print('  path to library %s: %s' % (libname, libpath))
+
+LTC = cdll.LoadLibrary(libpath)
+print('  loaded: %s' % LTC)
+print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get list of all supported constants followed by a list of all
+# supported sizes.  One alternative: these lists may be parsed
+# and used as needed.
+
+if SHOW_ALL_CONSTANTS:
+    print('-'*60)
+    print('  all supported constants and their values:')
+
+    # get size to allocate for constants output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_constants(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_constants(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+if SHOW_ALL_SIZES:
+    print('-'*60)
+    print('  all supported sizes:')
+
+    # get size to allocate for sizes output list
+    str_len = c_int(0)
+    ret = LTC.crypt_list_all_sizes(None, byref(str_len))
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
+
+    # allocate that size and get (name, size) pairs, each pair
+    # separated by a newline char.
+    names_sizes = c_buffer(str_len.value)
+    ret = LTC.crypt_list_all_sizes(names_sizes, byref(str_len))
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+# get individually named constants and sizes
+
+if SHOW_SELECTED_CONSTANTS:
+    print('-'*60)
+    print('\n  selected constants:')
+
+    names = [
+        b'ENDIAN_LITTLE',
+        b'ENDIAN_64BITWORD',
+        b'PK_PUBLIC',
+        b'LTC_MILLER_RABIN_REPS',
+        b'CTR_COUNTER_BIG_ENDIAN',
+    ]
+    for name in names:
+        const_value = c_int(0)
+        rc = LTC.crypt_get_constant(name, byref(const_value))
+        value = const_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+if SHOW_SELECTED_SIZES:
+    print('-'*60)
+    print('\n  selected sizes:')
+
+    names = [
+        b'rijndael_key',
+        b'rsa_key',
+        b'symmetric_CTR',
+        b'twofish_key',
+        b'ecc_point',
+        b'gcm_state',
+        b'sha512_state',
+    ]
+    for name in names:
+        size_value = c_int(0)
+        rc = LTC.crypt_get_size(name, byref(size_value))
+        value = size_value.value
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# LibTomCrypt exposes one interesting string that can be accessed
+# via Python's ctypes module, "crypt_build_settings", which
+# provides a list of this build's compiler switches and supported
+# algorithms.  If someday LTC exposes other interesting strings,
+# they can be found with:
+#   nm /usr/local/lib/libtomcrypt.dylib | grep " D "
+
+def get_named_string(lib, name):
+    return c_char_p.in_dll(lib, name).value.decode("utf-8")
+
+if SHOW_BUILD_OPTIONS_ALGS:
+    print('-'*60)
+    print('This is a string compiled into LTC showing compile')
+    print('options and algorithms supported by this build \n')
+#    print(get_named_string(LTC, 'crypt_build_settings'))
+    inprint(get_named_string(LTC, 'crypt_build_settings'), 4)
+
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# here is an example of how Python code can be written to access
+# LTC's implementation of SHA256 and ChaCha,
+
+# - - - - - - - - - - - - -
+# definitions
+
+from binascii import hexlify, unhexlify
+
+def _err2str(err):
+    # define return type
+    errstr = LTC.error_to_string
+    errstr.restype = c_char_p
+    # get and return err string
+    return errstr(err)
+
+def _get_size(name):
+    size = c_int(0)
+    rc = LTC.crypt_get_size(bytes(name), byref(size))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_size(%s) rc = %d' % (name, rc))
+    return size.value
+
+def _get_constant(name):
+    constant = c_int(0)
+    rc = LTC.crypt_get_constant(bytes(name), byref(constant))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_constant(%s) rc = %d' % (name, rc))
+    return constant.value
+
+CRYPT_OK = _get_constant(b'CRYPT_OK')
+
+class SHA256(object):
+    def __init__(self):
+        self.state = c_buffer(_get_size(b'sha256_state'))
+        LTC.sha256_init(byref(self.state))
+    def update(self, data):
+        LTC.sha256_process(byref(self.state), data, len(data))
+    def digest(self):
+        md = c_buffer(32)
+        LTC.sha256_done(byref(self.state), byref(md))
+        return md.raw
+
+class ChaCha(object):
+    def __init__(self, key, rounds):
+        self.state   = c_buffer(_get_size(b'chacha_state'))
+        self.counter = c_int(1)
+        err = LTC.chacha_setup(byref(self.state), key, len(key), rounds)
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_setup(), err = %d, "%s"' % (err, _err2str(err)))
+    def set_iv32(self, iv):
+        err = LTC.chacha_ivctr32(byref(self.state), iv, len(iv), byref(self.counter))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_ivctr32(), err = %d, "%s"' % (err, _err2str(err)))
+    def crypt(self, datain):
+        dataout = c_buffer(len(datain))
+        err = LTC.chacha_crypt(byref(self.state), datain, len(datain), byref(dataout))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_crypt(), err = %d, "%s"' % (err, _err2str(err)))
+        return dataout.raw
+
+# - - - - - - - - - - - - -
+# a SHA256 app fragment
+
+if SHOW_SHA256_EXAMPLE:
+    print('-'*60)
+    data = b'hello world'               # we want bytes, not Unicode
+
+    sha256 = SHA256()
+    sha256.update(data)
+    md = sha256.digest()
+
+    template = '\n  the SHA256 digest for "%s" is %s \n'
+    print(template % (data, hexlify(md)))
+
+# - - - - - - - - - - - - -
+# a ChaCha app fragment
+
+if SHOW_CHACHA_EXAMPLE:
+    print('-'*60)
+    key     = b'hownowbrowncow\x00\x00' # exactly 16 or 32 bytes
+    rounds  = 12                        # common values: 8, 12, 20
+    iv      = b'123456789012'           # exactly 12 bytes
+    plain   = b'Kilroy was here, there, and everywhere!'
+
+    cha = ChaCha(key, rounds)
+    cha.set_iv32(iv)
+    cipher = cha.crypt(plain)
+
+    template = '\n  ChaCha%d ciphertext   for "%s" is "%s"'
+    print(template % (rounds, plain, hexlify(cipher)))
+
+    cha.set_iv32(iv)                    # reset to decrypt
+    decrypted = cha.crypt(cipher)
+
+    template = '  ChaCha%d decoded text for "%s" is "%s" \n'
+    print(template % (rounds, plain, decrypted.decode("utf-8")))
+
+# Footnote: Keys should be erased fm memory as soon as possible after use,
+# and that includes Python.  For a tip on how to do that in Python, see
+# http://buggywhip.blogspot.com/2010/12/erase-keys-and-credit-card-numbers-in.html
+
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------

libtomcrypt/demos/encrypt.c

@@ -26,58 +26,58 @@ void register_algs(void)
 {
    int x;
    
-#ifdef RIJNDAEL
+#ifdef LTC_RIJNDAEL
   register_cipher (&aes_desc);
 #endif
-#ifdef BLOWFISH
+#ifdef LTC_BLOWFISH
   register_cipher (&blowfish_desc);
 #endif
-#ifdef XTEA
+#ifdef LTC_XTEA
   register_cipher (&xtea_desc);
 #endif
-#ifdef RC5
+#ifdef LTC_RC5
   register_cipher (&rc5_desc);
 #endif
-#ifdef RC6
+#ifdef LTC_RC6
   register_cipher (&rc6_desc);
 #endif
-#ifdef SAFERP
+#ifdef LTC_SAFERP
   register_cipher (&saferp_desc);
 #endif
-#ifdef TWOFISH
+#ifdef LTC_TWOFISH
   register_cipher (&twofish_desc);
 #endif
-#ifdef SAFER
+#ifdef LTC_SAFER
   register_cipher (&safer_k64_desc);
   register_cipher (&safer_sk64_desc);
   register_cipher (&safer_k128_desc);
   register_cipher (&safer_sk128_desc);
 #endif
-#ifdef RC2
+#ifdef LTC_RC2
   register_cipher (&rc2_desc);
 #endif
-#ifdef DES
+#ifdef LTC_DES
   register_cipher (&des_desc);
   register_cipher (&des3_desc);
 #endif
-#ifdef CAST5
+#ifdef LTC_CAST5
   register_cipher (&cast5_desc);
 #endif
-#ifdef NOEKEON
+#ifdef LTC_NOEKEON
   register_cipher (&noekeon_desc);
 #endif
-#ifdef SKIPJACK
+#ifdef LTC_SKIPJACK
   register_cipher (&skipjack_desc);
 #endif
-#ifdef KHAZAD
+#ifdef LTC_KHAZAD
   register_cipher (&khazad_desc);
 #endif
-#ifdef ANUBIS
+#ifdef LTC_ANUBIS
   register_cipher (&anubis_desc);
 #endif
 
    if (register_hash(&sha256_desc) == -1) {
-      printf("Error registering SHA256\n");
+      printf("Error registering LTC_SHA256\n");
       exit(-1);
    } 
 
@@ -144,7 +144,7 @@ int main(int argc, char *argv[])
 
    hash_idx = find_hash("sha256");
    if (hash_idx == -1) {
-      printf("SHA256 not found...?\n");
+      printf("LTC_SHA256 not found...?\n");
       exit(-1);
    }
 
@@ -236,6 +236,6 @@ int main(int argc, char *argv[])
    return 0;
 }
 
-/* $Source: /cvs/libtom/libtomcrypt/demos/encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/08/04 20:43:50 $ */
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

libtomcrypt/demos/hashsum.c

@@ -1,3 +1,12 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
 /*
  * Written by Daniel Richards <kyhwana@world-net.co.nz> 6/7/2002
  * hash.c: This app uses libtomcrypt to hash either stdin or a file
@@ -9,111 +18,283 @@
 
 #include <tomcrypt.h>
 
-int errno;
+#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
 
-void register_algs();
+#if !defined(PATH_MAX) && defined(_MSC_VER)
+#include <windows.h>
+#define PATH_MAX MAX_PATH
+#endif
+
+/* thanks http://stackoverflow.com/a/8198009 */
+#define _base(x) ((x >= '0' && x <= '9') ? '0' : \
+         (x >= 'a' && x <= 'f') ? 'a' - 10 : \
+         (x >= 'A' && x <= 'F') ? 'A' - 10 : \
+            '\255')
+#define HEXOF(x) (x - _base(x))
+
+static char* hashsum;
+
+static void cleanup(void)
+{
+   free(hashsum);
+}
+
+static void die(int status)
+{
+   unsigned long w, x;
+   FILE* o = status == EXIT_SUCCESS ? stdout : stderr;
+   fprintf(o, "usage: %s -a algorithm [-c] [file...]\n\n", hashsum);
+   fprintf(o, "\t-c\tCheck the hash(es) of the file(s) written in [file].\n");
+   fprintf(o, "\t\t(-a not required)\n");
+   fprintf(o, "\nAlgorithms:\n\t");
+   w = 0;
+   for (x = 0; hash_descriptor[x].name != NULL; x++) {
+      w += fprintf(o, "%-14s", hash_descriptor[x].name);
+      if (w >= 70) {
+         fprintf(o, "\n\t");
+         w = 0;
+      }
+   }
+   if (w != 0) fprintf(o, "\n");
+   exit(status);
+}
+
+static void printf_hex(unsigned char* hash_buffer, unsigned long w)
+{
+   unsigned long x;
+   for (x = 0; x < w; x++) {
+       printf("%02x",hash_buffer[x]);
+   }
+}
+
+static void check_file(int argn, int argc, char **argv)
+{
+   int err, failed, invalid;
+   unsigned char is_buffer[MAXBLOCKSIZE], should_buffer[MAXBLOCKSIZE];
+   char buf[PATH_MAX + (MAXBLOCKSIZE * 3)];
+   /* iterate through all files */
+   while(argn < argc) {
+      char* s;
+      FILE* f = fopen(argv[argn], "rb");
+      if(f == NULL) {
+         int n = snprintf(buf, sizeof(buf), "%s: %s", hashsum, argv[argn]);
+         if (n > 0 && n < (int)sizeof(buf))
+            perror(buf);
+         else
+            perror(argv[argn]);
+         exit(EXIT_FAILURE);
+      }
+      failed = 0;
+      invalid = 0;
+      /* read the file line by line */
+      while((s = fgets(buf, sizeof(buf), f)) != NULL)
+      {
+         int tries, n;
+         unsigned long hash_len, w, x;
+         char* space = strstr(s, " ");
+
+         /* skip lines with comments */
+         if (buf[0] == '#') continue;
+
+         if (space == NULL) {
+            fprintf(stderr, "%s: no properly formatted checksum lines found\n", hashsum);
+            goto ERR;
+         }
+
+         hash_len = space - s;
+         hash_len /= 2;
+
+         if (hash_len > sizeof(should_buffer)) {
+            fprintf(stderr, "%s: hash too long\n", hashsum);
+            goto ERR;
+         }
+
+         /* convert the hex-string back to binary */
+         for (x = 0; x < hash_len; ++x) {
+            should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]);
+         }
+
+         space++;
+         if (*space != '*') {
+            fprintf(stderr, "%s: unsupported input mode '%c'\n", hashsum, *space);
+            goto ERR;
+         }
+         space++;
+
+         for (n = 0; n < (buf + sizeof(buf)) - space; ++n) {
+            if(iscntrl((int)space[n])) {
+               space[n] = '\0';
+               break;
+            }
+         }
+
+         /* try all hash algorithms that have the appropriate hash size */
+         tries = 0;
+         for (x = 0; hash_descriptor[x].name != NULL; ++x) {
+            if (hash_descriptor[x].hashsize == hash_len) {
+               tries++;
+               w = sizeof(is_buffer);
+               if ((err = hash_file(x, space, is_buffer, &w)) != CRYPT_OK) {
+                  fprintf(stderr, "%s: File hash error: %s: %s\n", hashsum, space, error_to_string(err));
+ERR:
+                  fclose(f);
+                  exit(EXIT_FAILURE);
+               }
+               if(XMEMCMP(should_buffer, is_buffer, w) == 0) {
+                  printf("%s: OK\n", space);
+                  break;
+               }
+            }
+         } /* for */
+         if (hash_descriptor[x].name == NULL) {
+            if(tries > 0) {
+               printf("%s: FAILED\n", space);
+               failed++;
+            }
+            else {
+               invalid++;
+            }
+         }
+      } /* while */
+      fclose(f);
+      if(invalid) {
+         fprintf(stderr, "%s: WARNING: %d %s is improperly formatted\n", hashsum, invalid, invalid > 1?"lines":"line");
+      }
+      if(failed) {
+         fprintf(stderr, "%s: WARNING: %d computed %s did NOT match\n", hashsum, failed, failed > 1?"checksums":"checksum");
+      }
+      argn++;
+   }
+   exit(EXIT_SUCCESS);
+}
 
 int main(int argc, char **argv)
 {
-   int idx, x, z;
-   unsigned long w;
+   int idxs[TAB_SIZE], idx, check, y, z, err, argn;
+   unsigned long w, x;
    unsigned char hash_buffer[MAXBLOCKSIZE];
-   hash_state md;
+
+   hashsum = strdup(basename(argv[0]));
+   atexit(cleanup);
 
    /* You need to register algorithms before using them */
-   register_algs();
-   if (argc < 2) {
-      printf("usage: ./hash algorithm file [file ...]\n");
-      printf("Algorithms:\n");
-      for (x = 0; hash_descriptor[x].name != NULL; x++) {
-         printf(" %s (%d)\n", hash_descriptor[x].name, hash_descriptor[x].ID);
-      }
-      exit(EXIT_SUCCESS);
+   register_all_ciphers();
+   register_all_hashes();
+   if (argc > 1 && (strcmp("-h", argv[1]) == 0 || strcmp("--help", argv[1]) == 0)) {
+      die(EXIT_SUCCESS);
+   }
+   if (argc < 3) {
+      die(EXIT_FAILURE);
    }
 
-   idx = find_hash(argv[1]);
-   if (idx == -1) {
-      fprintf(stderr, "\nInvalid hash specified on command line.\n");
-      return -1;
+   for (x = 0; x < sizeof(idxs)/sizeof(idxs[0]); ++x) {
+      idxs[x] = -2;
+   }
+   argn = 1;
+   check = 0;
+   idx = 0;
+
+   while(argn < argc){
+      if(strcmp("-a", argv[argn]) == 0) {
+         argn++;
+         if(argn < argc) {
+            idxs[idx] = find_hash(argv[argn]);
+            if (idxs[idx] == -1) {
+               struct {
+                  const char* is;
+                  const char* should;
+               } shasum_compat[] =
+                     {
+#ifdef LTC_SHA1
+                           { "1",        sha1_desc.name },
+#endif
+#ifdef LTC_SHA224
+                           { "224",      sha224_desc.name  },
+#endif
+#ifdef LTC_SHA256
+                           { "256",      sha256_desc.name  },
+#endif
+#ifdef LTC_SHA384
+                           { "384",      sha384_desc.name  },
+#endif
+#ifdef LTC_SHA512
+                           { "512",      sha512_desc.name  },
+#endif
+#ifdef LTC_SHA512_224
+                           { "512224",   sha512_224_desc.name  },
+#endif
+#ifdef LTC_SHA512_256
+                           { "512256",   sha512_256_desc.name  },
+#endif
+                           { NULL, NULL }
+                     };
+               for (x = 0; shasum_compat[x].is != NULL; ++x) {
+                  if(XSTRCMP(shasum_compat[x].is, argv[argn]) == 0) {
+                     idxs[idx] = find_hash(shasum_compat[x].should);
+                     break;
+                  }
+               }
+            }
+            if (idxs[idx] == -1) {
+               fprintf(stderr, "%s: Unrecognized algorithm\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            idx++;
+            if ((size_t)idx >= sizeof(idxs)/sizeof(idxs[0])) {
+               fprintf(stderr, "%s: Too many '-a' options chosen\n", hashsum);
+               die(EXIT_FAILURE);
+            }
+            argn++;
+            continue;
+         }
+         else {
+            die(EXIT_FAILURE);
+         }
+      }
+      if(strcmp("-c", argv[argn]) == 0) {
+         check = 1;
+         argn++;
+         continue;
+      }
+      break;
    }
 
-   if (argc == 2) {
-      hash_descriptor[idx].init(&md);
-      do {
-         x = fread(hash_buffer, 1, sizeof(hash_buffer), stdin);
-         hash_descriptor[idx].process(&md, hash_buffer, x);
-      } while (x == sizeof(hash_buffer));
-      hash_descriptor[idx].done(&md, hash_buffer);
-      for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
-          printf("%02x",hash_buffer[x]);
+   if (check == 1) {
+      check_file(argn, argc, argv);
+   }
+
+   if (argc == argn) {
+      w = sizeof(hash_buffer);
+      if ((err = hash_filehandle(idxs[0], stdin, hash_buffer, &w)) != CRYPT_OK) {
+         fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+         return EXIT_FAILURE;
+      } else {
+          for (x = 0; x < w; x++) {
+              printf("%02x",hash_buffer[x]);
+          }
+          printf(" *-\n");
       }
-      printf("  (stdin)\n");
    } else {
-      for (z = 2; z < argc; z++) {
-         w = sizeof(hash_buffer);
-         if ((errno = hash_file(idx,argv[z],hash_buffer,&w)) != CRYPT_OK) {
-            printf("File hash error: %s\n", error_to_string(errno));
-         } else {
-             for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
-                 printf("%02x",hash_buffer[x]);
-             }
-             printf("  %s\n", argv[z]);
+      for (z = argn; z < argc; z++) {
+         for (y = 0; y < idx; ++y) {
+            w = sizeof(hash_buffer);
+            if ((err = hash_file(idxs[y],argv[z],hash_buffer,&w)) != CRYPT_OK) {
+               fprintf(stderr, "%s: File hash error: %s\n", hashsum, error_to_string(err));
+               return EXIT_FAILURE;
+            } else {
+                printf_hex(hash_buffer, w);
+                printf(" *%s\n", argv[z]);
+            }
          }
       }
    }
    return EXIT_SUCCESS;
 }
 
-void register_algs(void)
-{
-  int err;
-
-#ifdef TIGER
-  register_hash (&tiger_desc);
-#endif
-#ifdef MD2
-  register_hash (&md2_desc);
-#endif
-#ifdef MD4
-  register_hash (&md4_desc);
-#endif
-#ifdef MD5
-  register_hash (&md5_desc);
-#endif
-#ifdef SHA1
-  register_hash (&sha1_desc);
-#endif
-#ifdef SHA224
-  register_hash (&sha224_desc);
-#endif
-#ifdef SHA256
-  register_hash (&sha256_desc);
-#endif
-#ifdef SHA384
-  register_hash (&sha384_desc);
-#endif
-#ifdef SHA512
-  register_hash (&sha512_desc);
-#endif
-#ifdef RIPEMD128
-  register_hash (&rmd128_desc);
-#endif
-#ifdef RIPEMD160
-  register_hash (&rmd160_desc);
-#endif
-#ifdef WHIRLPOOL
-  register_hash (&whirlpool_desc);
-#endif
-#ifdef CHC_HASH
-  register_hash(&chc_desc);
-  if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) {
-     printf("chc_register error: %s\n", error_to_string(err));
-     exit(EXIT_FAILURE);
-  }
-#endif
-
-}
-
-/* $Source: /cvs/libtom/libtomcrypt/demos/hashsum.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/05/05 14:35:56 $ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

libtomcrypt/demos/ltcrypt.c

@@ -0,0 +1,205 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* encrypt V1.1 Fri Oct 18 04:28:03 NZDT 2002 */
+/* File de/encryption, using libtomcrypt */
+/* Written by Daniel Richards <kyhwana@world-net.co.nz> */
+/* Help from Tom St Denis with various bits */
+/* This code is public domain, no rights reserved. */
+/* Encrypts by default, -d flag enables decryption */
+/* ie: ./encrypt blowfish story.txt story.ct */
+/* ./encrypt -d blowfish story.ct story.pt */
+
+#include <tomcrypt.h>
+
+int usage(char *name)
+{
+   int x;
+
+   printf("Usage encrypt: %s cipher infile outfile\n", name);
+   printf("Usage decrypt: %s -d cipher infile outfile\n", name);
+   printf("Usage test:    %s -t cipher\nCiphers:\n", name);
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      printf("%s\n",cipher_descriptor[x].name);
+   }
+   exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+   unsigned char plaintext[512],ciphertext[512];
+   unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
+   unsigned char inbuf[512]; /* i/o block size */
+   unsigned long outlen, y, ivsize, x, decrypt;
+   symmetric_CTR ctr;
+   int cipher_idx, hash_idx, ks;
+   char *infile, *outfile, *cipher;
+   prng_state prng;
+   FILE *fdin, *fdout;
+   int err;
+
+   /* register algs, so they can be printed */
+   register_all_ciphers();
+   register_all_hashes();
+   register_all_prngs();
+
+   if (argc < 4) {
+      if ((argc > 2) && (!strcmp(argv[1], "-t"))) {
+        cipher  = argv[2];
+        cipher_idx = find_cipher(cipher);
+        if (cipher_idx == -1) {
+          printf("Invalid cipher %s entered on command line.\n", cipher);
+          exit(-1);
+        } /* if */
+        if (cipher_descriptor[cipher_idx].test)
+        {
+          if (cipher_descriptor[cipher_idx].test() != CRYPT_OK)
+          {
+            printf("Error when testing cipher %s.\n", cipher);
+            exit(-1);
+          }
+          else
+          {
+            printf("Testing cipher %s succeeded.\n", cipher);
+            exit(0);
+          } /* if ... else */
+        } /* if */
+      }
+      return usage(argv[0]);
+   }
+
+   if (!strcmp(argv[1], "-d")) {
+      decrypt = 1;
+      cipher  = argv[2];
+      infile  = argv[3];
+      outfile = argv[4];
+   } else {
+      decrypt = 0;
+      cipher  = argv[1];
+      infile  = argv[2];
+      outfile = argv[3];
+   }
+
+   /* file handles setup */
+   fdin = fopen(infile,"rb");
+   if (fdin == NULL) {
+      perror("Can't open input for reading");
+      exit(-1);
+   }
+
+   fdout = fopen(outfile,"wb");
+   if (fdout == NULL) {
+      perror("Can't open output for writing");
+      exit(-1);
+   }
+
+   cipher_idx = find_cipher(cipher);
+   if (cipher_idx == -1) {
+      printf("Invalid cipher entered on command line.\n");
+      exit(-1);
+   }
+
+   hash_idx = find_hash("sha256");
+   if (hash_idx == -1) {
+      printf("LTC_SHA256 not found...?\n");
+      exit(-1);
+   }
+
+   ivsize = cipher_descriptor[cipher_idx].block_length;
+   ks = hash_descriptor[hash_idx].hashsize;
+   if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
+      printf("Invalid keysize???\n");
+      exit(-1);
+   }
+
+   printf("\nEnter key: ");
+   if(fgets((char *)tmpkey,sizeof(tmpkey), stdin) == NULL)
+      exit(-1);
+   outlen = sizeof(key);
+   if ((err = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+      printf("Error hashing key: %s\n", error_to_string(err));
+      exit(-1);
+   }
+
+   if (decrypt) {
+      /* Need to read in IV */
+      if (fread(IV,1,ivsize,fdin) != ivsize) {
+         printf("Error reading IV from input.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      /* IV done */
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_decrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(plaintext,1,y,fdout) != y) {
+            printf("Error writing to file.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdin);
+      fclose(fdout);
+
+   } else {  /* encrypt */
+      /* Setup yarrow for random bytes for IV */
+
+      if ((err = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
+         printf("Error setting up PRNG, %s\n", error_to_string(err));
+      }
+
+      /* You can use rng_get_bytes on platforms that support it */
+      /* x = rng_get_bytes(IV,ivsize,NULL);*/
+      x = yarrow_read(IV,ivsize,&prng);
+      if (x != ivsize) {
+         printf("Error reading PRNG for IV required.\n");
+         exit(-1);
+      }
+
+      if (fwrite(IV,1,ivsize,fdout) != ivsize) {
+         printf("Error writing IV to output.\n");
+         exit(-1);
+      }
+
+      if ((err = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(err));
+         exit(-1);
+      }
+
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((err = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_encrypt error: %s\n", error_to_string(err));
+            exit(-1);
+         }
+
+         if (fwrite(ciphertext,1,y,fdout) != y) {
+            printf("Error writing to output.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdout);
+      fclose(fdin);
+   }
+   return 0;
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */