Bump to 2019.78

keysizes >= 128 octets will be encoded with a 3 byte header
which must be accounted by the optional-header

Reproduce:

master:~/build/dropbear$ ./dropbearkey -t ecdsa -s 521 -f K
Generating 521 bit ecdsa key, this may take a while...

master:~/build/dropbear$ ./dropbearconvert d o K L
Key is a ecdsa-sha2-nistp521 key
Wrote key to 'L'

master:~/build/dropbear$ openssl ec < L
read EC key
unable to load Key
139769806448384:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:crypto/asn1/asn1_lib.c:91:

.gitignore

@@ -0,0 +1,22 @@
+*~
+*.o
+*.a
+*.da
+*.bb
+*.bbg
+*.prof
+/autom4te.cache
+/config.log
+/config.status
+/dbclient
+/dropbear
+/dropbearconvert
+/dropbearkey
+/dropbearmulti
+/scp
+/scp-progress
+Makefile
+config.h
+config.h.in
+configure
+default_options_guard.h

.hgignore

@@ -0,0 +1,2 @@
+.*\.o
+.*~

.hgsigs

@@ -0,0 +1,27 @@
+aa2f51a6b81d33de5e9898a7f27c792a173d9b26 0 iD8DBQBOuADmjPn4sExkf7wRAv/fAJ9FJFvjDoF+wd1ipDx1wkzdeBQNqgCgykUrSbXv76FBbxKntVbk9oS3GjI=
+3f12086c2ef2b9ffe36a822fdb3ff647fcec1831 0 iD8DBQBOuSlQjPn4sExkf7wRAvkbAKCgE1e8xEMQ16CGeoywhIQ0QR4eNgCfZdYYlzjb/+521Uvh5/7FRYEmrho=
+85f835f2fe0ac2c503c50a414de127222fb0a57c 0 iD8DBQBPRkMUjPn4sExkf7wRAvM4AJ9mw2OAkyjhSbamM1MizlEJUX18HACgoFKQkYf6BnYxN34Nv2HhM0cmzUc=
+9b80981212fe6c01b7c16b3ca7c4e66af56f12f1 0 iEYEABECAAYFAlFLKKcACgkQjPn4sExkf7xK7wCfcioCmJPsysSbQO6+4qZMVe0mmLwAn2/o+wRf4MrUXlohrr7aXEF9vdSB
+095b46180bbc412b029420587736a6185afc17e1 0 iEYEABECAAYFAlFsCnkACgkQjPn4sExkf7xLrwCfeMWjUaSmfU/fvseT5TdrYRqBEVQAoLz5SFLEA40C5f8zE8Ma/vgVJVIC
+f168962bab857ca030829e4cd73d9b32c868c874 0 iEYEABECAAYFAlFwDNwACgkQjPn4sExkf7wJ6QCePVovn/avKXUyNwNBYCcov6JLYqkAnRCPQdkXgv20N3t10r6PRMBBo1/S
+deb211f75ca194e2fcf0d2e5f71c60474e42ec95 0 iEYEABECAAYFAlJO01cACgkQjPn4sExkf7yDqACaA/P+Yl/K2Cv3OC5G0b7ck2Kb75EAoIeW7qpCyclzJLWwk95koED+4lxD
+025237c9f0a1a60a616f984d82fb2a9270d3b0ea 0 iEYEABECAAYFAlJeqDYACgkQjPn4sExkf7y5nQCfW6t+TJySBTTo+gCfDUBPRVxvNe8AoIn/15aWfqH/A2G9uikfoVtWK3pd
+a50a1dc743317fad9b3737bc68fbca640659bb6d 0 iEYEABECAAYFAlJeqL0ACgkQjPn4sExkf7yVqACg6IP0fU29+Feh/TDeemDA+2XAzrIAoIdZfMDvVYlDoWotZD8ACFnf5H1P
+9ec083a21adfcb099f21eb03704b66d14a4ba800 0 iEYEABECAAYFAlKE4JoACgkQjPn4sExkf7wLDgCghkVGwMjI138bEv+ORVzN7zIH7cEAoLckaxZc1k1aXlmlSCRlP8cuKH3o
+3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4
+277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn
+96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m
+caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq
+2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu
+1d2d81b1b7c1b100e9c369e40b9fa5b2d491eea9 0 iEYEABECAAYFAlTKOKUACgkQjPn4sExkf7xWMACfYFozyHiRk5GaocTa5z6Ws1uyB4kAoLubxoxcnM3E7AA9mHAzc3OB5M0Y
+a687f835236c7025b5cb2968fe9c4ebc4a49f0ea 0 iQIcBAABCgAGBQJVxg62AAoJEPSYMBLCC7qsC+EQAKw8YWogrVHhIFct2fx/nqybSPVrhFyKFKHhq7K/lZeVm0MGIWdSyVcQgP+Hs2jWNBWzG4AJ1BtifHWQH6IDh7W5RuwOXu5KobgPW9BsN3EVE9KIR+xe9jCAmFl9rIw0tNpy1q6R0TpYXx/sWlMilxecyEGyr2Ias2Sm19aY2mOEv8PLfh9BLfrJEKtt2NxL7TX8ScPwJXJMmVIQjN9WK4Ptx3tjcGNRivEVR/dftP5sJx2DBJx9avyDqrfloMW7Q7sPgJ88MPruCDxedOkbzH7JdHe3Humr2G4LsI0KPU7pNN6EBDjhJ+SVXuOyAgu5j/C0R+0ggGfjSrjDu8WjHyclFlwwu2MSGuHf111I1qkLtaRY3H1FZO5Y2gbLwBLQ82svA4klcBIxtP5jKAZDTh1jQMYsfKotvZdawOWrPDkNmKoUg2JXLHAtj9Dd0uGIhqfspZY3qlpzxw9uCkljWclUBD097ygotwAb2XdLoAWZ3KdvoPM+k448vIAQ7Q/aqcnm/dLQJr3Le029gpkOKoWKaQTlk0itrRGpgETHAhE2LnmWxYSKp6NYSKMgEONbfDiVNLyDTOlvpPiEb20RsOP64xA4wVDGmPenCURmMYoepQK6oJdtkNtCdth2S49KxPQAC+Dem4YZ7b+5b+cXrK5Nz7elBxZzRQWdjmZ4JDQK
+ef4b26364b0cdda1084751d7de3d76c589e2d9cb 0 iQIcBAABCgAGBQJVxg7BAAoJEESTFJTynGdz9Q4P/A0Kq4H52rQqxq42PoEMFbVQIUfkFzyWjAz8eEGLmP5x5/sdpyxZDEyBSUG55uyNvOPTHE+Sd3t2h2Iieq749qwYgqggXC0P+C0zGzW3hB5Rv6dTUrKN1yCyaWE2tY488RsyVlcAs4vrp1Cum5Gv8/BUVKjzZmkZ1iq/3RyrvbLEiLoMrcLnQ+sUdaYHvfEwxDbzpOEvepg8iDJBitTrfG9xHp9otX6ucahwn1EumFvC5mvUxbiQ9jv76t4FJztjMoB24hPCH9T1FjB8uNsoM+j2Z67r81eJrGgNpJzjX0S3lY/AADZGhfGnfybTM9gFuQayIJuCJqduQibVwYkAAnPi17NmbdwPu0Rdz55oU+ft09XLVm/qkQcD1EP5bxYWnLIEMkkZQnFx7WdMpjKK9oGxZHeFYAKEgPgePCkk4TQ4PxNa+3854H19AUssQlaueGcbDLyPIRiSyqhleXawGfaJi+1jBt0DM7CNbAHAUWUE07VhQzNGWjabdEk4eXKTmDL+mZJFdHGBhyCve8sPmZBYJvM2PRgcXe8fwFh+R7gVj6kFbZJvgM9kG7EeF+4ZMEXG4yKpV/SKfMMeEPBCZjFxZhlJJ0fsZbB1Y/iLw8LXnJ0fa/5xFYv6k+iytfom/rqS4iUD7NWTjcEYHjd4EO4QlPD2Ef/AWOO8YBUBv8kA
+af074dbcb68ff8670b3818e0d66d5dc6f1bd5877 0 iQIcBAABCgAGBQJWVdQfAAoJEPSYMBLCC7qs+n4P/RgZU3GsLFJN7v7Cn6NOdKdfjJBmlbCtK9KwlZZaj8fW4noqnLDcDd6a2xT4mDV3rCE6+QYialGXjNkkNCBwD9Z+gFc8spOtThrpQ54dgWzbgDlYB1y7Hp7DoWoJQIlU6Od9nWBemcSrAviOFNAX8+S6poRdEhrHgMcv2xJoqHjvT7X8gob0RnJcYxW5nLWzDaJV58QnX6QlXg4ClSB6IoCeEawdW6WzXlZ9MGsRycTtx1ool7Uo6Vo2xg48n9TaJqM/lbSsMAjHxO/fdTJMWzTId1fuZxJGFVeJbkhjSwlf7fkVXxrgDxjvIAmFDR8TSTfJo50CD82j5rPcd7KSEpQ12ImBUsntPDgOtt/mJZ3HcFds86OZ7NkPpqoJGVFFQ8yUpe//DNSB2Ovg1FrwhSKOq/9N61BBwk1INVFDp1hMq45PIa9gI9zW/99inGDeSSQlxa4iafEUEjXZTRYuX7mFjnWm5q7r134J7kyWQtN/jNUZ71F0mvhnemufgpNY/I/D7K6qkONpbDZ2nuzkhfoqugzhHYp467UePM0qmLTLdXGPPMukoGorpWeiSb2T25AEKm7N4A9NwPmdAnoFjAibjF9FAuU03sl+pu9MqFb+1ldsqjNfxhcJmoAUR5vy3pED9ailCb/OCBVTHkDPfTEhGU3waO9tPM+5x2rGB5fe
+5bb5976e6902a0c9fba974a880c68c9487ee1e77 0 iQIcBAABCgAGBQJWVyIKAAoJEESTFJTynGdzQosP/0k5bVTerpUKZLjyNuMU8o0eyc7njkX8EyMOyGbtcArKpzO2opSBTRsuCT9Zsk1iiQ1GMTY1quKD7aNr86Hipqo4th/+ZXmLe9mmaCDukKjD0ZYC4dBVUy6RSUAMvdkDP9sZs7CMTO/22a9SqOsKTv3s2NN6XnsBGnmNbvVx5hkAk5hMVNFrjKIaexzI/7bWQIDRo2HQCaWaL06JvWEDSEQd2mynGSXxT/+m4hBnuGg6qxn2pd4XfG0g10tDAFx64HQkWgZqSB+F8z71Cvfjondy1zjJYgtABqNlwCKQJZhRUW2+PblqQnz08TUy83XN2vtisOju4avGcHSaBgBbMvg8Wx4ZtM7sPP9pLrhhOTd5ceERHeTceTJy+iI1SQFvccjrRfs5aJ0zAQX5q6f4bV0zp5SmxkvnZUEkZIoetkM8VrPOYugqx31LtHAWfVT9NM+VkV/rrxLhk6J0giIQvC9MPWxRDileFVDszPiOgTLcxWjOziOLT+xijcj7dtx1b/f2bNCduN5G7i+icjjTlCNtyRPRqhBqn705W7F+xESP2gsscM/1BjQ7TGidU5m1njdkUjbrqm3+Qic6iqkG7SfETHmQB9mHqpJ0hACRPvZlhwB7oimNHllkrlw8UJw9f0SiuLjfERIgVS2EOp+mAia0RU7MlTt19o017M1ffEYL
+926e7275cef4f4f2a4251597ee4814748394824c 0 iQIcBAABCgAGBQJWYES4AAoJEESTFJTynGdzdT0P/0O/1frevtr698DwMe6kmJx35P6Bqq8szntMxYucv0HROTfr85JRcCCSvl/2SflDS215QmOxdvYLGLUWPJNz/gURCLpzsT88KLF68Y1tC72nl4Fj+LGIOlsWsvwEqQqw0v4iQkHIfcxI6q7g1r9Hfldf/ju4bzQ4HnKLxm6KNcLLoAsuehVpQ+njHpLmlLAGHU5a84B7xeXHFR+U/EBPxSdm637rNhmpLpkuK2Mym/Mzv7BThKDstpB8lhFHIwAVNqi3Cy4nGYxFZOJpooUN9pDornqAwuzHmOAMs9+49L8GZ1de5PBRGyFKibzjBIUWPEU9EIkfJVaVwTlqYK8Q/IRi9HjITPx6GpE8cZhdSvAibrQdb6BbIDrZ8eCvD9vnod6Uk0Jb9/ui6nCF9x+CN/3Qez4epV5+JCMYsqCiXFkVPm9Lab6L2eGZis7Q2TXImA/sSV+E4BGfH2urpkKlnuXTTtDp4XRG+lOISkIBXgjVY+uy8soVKNdx1gv+LeY8hu/oQ2NyOlaOeL47aSQ3who4Pk6pVRUOl6zfcKo9Vs6xDWm35A3Z6x/mrAENaXasB0JrfY5nIbefJUpbeSmi76fYldU98HdQNHPHCSeiKVYl7v/B6gi2JXp5xngLZz/5VVAurago7sRmpIp7G/AqU6LNE85IUzG8aQz8AfR0d1dW
+fd1981f41c626a969f07b4823848deaefef3c8aa 0 iQIcBAABCgAGBQJW4W2TAAoJEESTFJTynGdzuOcP/j6tvB2WRwSj39KoJuRcRebFWWv4ZHiQXYMXWa3X0Ppzz52r9W0cXDjjlp5FyGdovCQsK+IXmjPo5cCvWBrZJYA6usFr9ssnUtTC+45lvPxPYwj47ZGPngCXDt7LD+v08XhqCu4LsctXIP/zejd30KVS1eR2RHI+tnEyaIKC0Xaa0igcv74MZX7Q8/U+B730QMX5adfYAHoeyRhoctRWaxVV3To7Vadd9jNXP45MRY5auhRcK7XyQcS85vJeCRoysfDUas4ERRQWYkX+68GyzO9GrkYFle931Akw2K6ZZfUuiC2TrF5xv1eRP1Zm2GX481U4ZGFTI8IzZL8sVQ6tvzq2Mxsecu589JNui9aB2d8Gp2Su/E2zn0h0ShIRmviGzf2HiBt+Bnji5X2h/fJKWbLaWge0MdOU5Jidfyh9k0YT7xo4piJLJYSaZ3nv+j4jTYnTfL7uYvuWbYkJ1T32aQVCan7Eup3BFAgQjzbWYi1XQVg6fvu8uHPpS3tNNA9EAMeeyTyg1l6zI2EIU5gPfd/dKmdyotY2lZBkFZNJqFkKRZuzjWekcw7hAxS+Bd68GKklt/DGrQiVycAgimqwXrfkzzQagawq2fXL2uXB8ghlsyxKLSQPnAtBF2Jcn5FH2z7HOQ+e18ZrFfNy0cYa/4OdH6K5aK1igTzhZZP2Urn0
+70705edee9dd29cd3d410f19fbd15cc3489313e2 0 iQIcBAABCgAGBQJW7CQRAAoJEESTFJTynGdzTj0QAJL38CKSZthBAeI9c6B+IlwIeT6kPZaPqk1pkycCTWOe87NiNU9abrsF+JrjTuRQiO1EpM2IvfQEIXTijUcMxvld3PnzrZDDv6UvBLtOkn3i++HSVRO0MOuTKI8gFDEPUxRtcaCKXEbqYnf1OTK25FT09Vb//qP9mK1thvlLJmbV+D2a9MkMK66rom1d1h+347IsuwsM+ycHjB80VVAQLA7VYLC5YIwmL17dSmcQLvetfikAMwwmUE+KES4qiLSaqOcAWcKcU67RZzgMMv5o0rESlQmv1nj0mHZtHoUR71sd21emPaRXLOr0oT5YogWUphKq2qVthRn2B06+vd3hPdtn92CmJw9j7zT2jl4OeSjNm9qfAajsRzHIANssFxkGAb7w/LxcMoO29JC+01iUUJMdOVm+4Ns6wGI7qxssWPKdB+VbQUDlHrXLR+sopO524uhkYoWB6DVfTj4R6tImaHtj5/VXON0lsYaLGj8cSH60emL6nNQ0lYV/bSlk6l0s+0x3uXGZnp9oKA+vqMzHfG3vJeMm6KUqtFVjUsYx+q8nHm5/SlWxj1EwnkH8s8ELKZAUXjd76nWEwJ7JFRNRSQWvjOUh3/rsOo4JopzZXPsjCjm+Vql9TG0X6hB21noai32oD5RvfhtR/NX6sXNS5TKZz/j/cMsMnAAsSKb6W7Jm
+9030ffdbe5625e35ed7189ab84a41dfc8d413e9c 0 iQIcBAABCgAGBQJXkOg0AAoJEESTFJTynGdzc1kP/3vSKCnhOOvjCjnpTQadYcCUq8vTNnfLHYVu0R4ItPa/jT6RmxoaYP+lZnLnnBx9+aX7kzwHsa9BUX3MbMEyLrOzX2I+bDJbNPhQyupyCuPYlf5Q9KVcO9YlpbsC4q5XBzCn3j2+pT8kSfi9uD8fgY3TgE4w9meINrfQAealfjwMLT8S/I49/ni0r+usSfk/dnSShJYDUO7Ja0VWbJea/GkkZTu30bCnMUZPjRApipU3hPP63WFjkSMT1rp2mAXbWqyr9lf8z32yxzM9nMSjq4ViRFzFlkGtE3EVRJ4PwkO7JuiWAMPJpiQcEr+r52cCsmWhiGyHuINo01MwoMO9/n6uL1WVa3mJcE9se3xBOvfgDu2FRFGCAdm1tef+AGVo9EG1uJXi0sX2yUc6DMeuYaRWrXMMlZh7zp9cuNU9Y/lLui9RFmq66yeXG3Z2B72doju3Ig5QGrNNw2AOsSzeHdAtOp6ychqPcl9QfIeJQG18KyPSefZKM3G8YRKBRIwXFEH6iZJe5ZIP4iXrHDMn2JqtTRtDqKR8VNDAgb9z4Ffx8QRxFyj5JzTTMM1GddHb9udLvTQlO0ULYG7hCSMRNzvUBE2aTw8frjLRyfyyg3QpDu/hz8op8s1ecE8rTCD8RuX9DiiylNozypPtGNS+UDbAmkc1PCWaRpPVl+9K6787
+5c9207ceedaea794f958224c19214d66af6e2d56 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlkdtooACgkQRJMUlPKcZ3P6ZxAAmLy/buZB/d96DJF/pViRWt/fWdjQFC4MqWfeSLW02OZ8Qkm1vPL3ln6WPHC2thy3xZWVg2uan3pLk/XXnsIFu8Q7r1EAfFFpvlMUmdl7asE8V6ilaeqmiI7bIvGMFbf4cZkQliLjiFkJX56tFHRCNi+rb7WgRuru3/GzPXUq2AvXZvFpFJgik0B72TxVlmCKeBRZq1FvP0UhAH48RJWYJksdEyzh2paMfjX9ZO5Q2SFFrmPw6k2ArdJFC1AYcgceZC84y06RKJ0WiSntUPlEUXgQbQVVWbtQDhjfJXMr/beuroNdT/vsRraLVkAzvhaDXNnHlAJNLQxci+AcLpnzZhxMW+ax7RRtrpXGxRN4cs0lBGUcSkaDybFqMYXwEjXAE8w6fdJRWCIlxctkAW/iNEO4kAG97hI2Qwcw5oU2Ymnv09zyGR+XJE35pJqPulJHExdwanJHvmjH0QF7TNFS82yxS5dKnP954cj3Lu9SWGYWjxQJRmLtOwb+lqqol4VTxG7Ois4uef9/Tpp9skeMZXVeNlpn2wrp6iFcX3uiiVDg9VKkl3ig6UqCiqQSuiIN87RXwUOeHXlCnW3adz3Xei0ziBrwLSql7lBIHGEAlUUNmJ3CrR8IwQtcynGEMKfNIeZ/XK+uNlm9cJIqZf1fzqc8KexlyS9AS0i/kiYZTr4=
+2f0c3f3361d3ea4eb9129ed8810699fda7e7a8ee 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlqVb+IACgkQRJMUlPKcZ3OENA//R9HsOUJQB2QZjRgAvqgLn2AMLUvmWb2etTZEc3Nps957Fw1F4kjh6VGfIpWuytfsDx1W8qRx09ikTdb3YteMWCuX8/aFreSPrioYmzrAEcxkZdA7B/jciqU0iXuHiJ9saKk5TR70aNp+iRy0hjAgiYEsVMF9YKHzULOJcHr70x9XVKquubQkwNqJA+/b2JbK2j46wM5nVK/alGSI2kMmEzXmAHQxsvf1OLMvgH8ou/l0xsg/CuFEK299XKfZAbsFEXrjuoWZ1aSa6rTeOWsWli5T+czyyJHI4Eu0Sz/gaR8+MPhJSYes8YjvzEdv32rRMDVOdBq4e+HoTgFt/THYABP6/R1H5fX3Lm4K8u9F9SwJbb/YKRAIrfWDob8ApnGFHk2dyYO20Fskbbg6b1pC7ulDWsufu8lYkQyMlTc3dR6P4eTB6mKO4x+gMG6tIYZ60fiULoEnMJCgegPtevmz+TG1rzdjh3ljiw9Dxz5lNtL+W7sBKKHwhyG0u+bavgmvBMKNL/rdHEM+0yCIz1U6Lb8sVaST1E4zbdm7cWHbSozBij3G0GBSkLFEq7ZLlh8wco9rELRh0Y9fFsWY9j6H/PTOu0GfHrYluFb9WGywHAquQY8j2croRx+MrvTbR1wZrbevPNm9gqk3vgOiDWu7KwxLLqcj+dEQ7tccptVYtbM=
+07b0d56d186d7eeef4106137a3eba554959ba0e3 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlyWOo8ACgkQRJMUlPKcZ3O+MQ//c5oeDUvZuFiI4FHZqfIK/59YAciTP+9TQmoWDVSuOdkd9ZYJA7b7DCusqP2TWFEIl9M7i5hTLTMD21xuEQQtfOSP6EXpUw6JNdh/lsJs7EDlFANtwkdEozAQozFKnXbJEV3y9WldEWUlmPFjt4fJQIuG10SU7MTJHcSaQddJCh3I1//F4EvgRe+OqyrFwKekGiFdvfjcIFN3lQmk6K1Sc0MgyIO/VVZm/AQpBi0Dlg0yOl+EDcxxlmeSInbvLceWSP6op35I4dE5YWH1UetjzIsr5AIM15/k3viAKDDefY1EMAzK9b7YAF4BLw0a6XoQu0apvcWaALE/bJzWNSg/QbCm2JAZzk21WLLvR+AELzPfKXrHX3o0h51lpQ4rs7EWKUm43dJPoWkcFNOU+BDsNzffcJgChbRs48ut89DYLiGmSxhRxE77VPbA+klgTGdctOTLd8psseRlGYCuGe8zeota80bV9fUZ9WJZHwNgEWGowKUoTjy6l5k9OH3iQuQX3OXoy78ufRgWDulE7noVTMhXurQ8a0Jf2k/MW9dcnqGVkWitCFKPEvZwVmWyW2AWsdMcBJnFFGzDsNSxWTtCF9XcxieDO1IB8vGwYcb1TwEVuVzvR/wwvc3PgVikF+4Qv2NqdoQc1yn2PkocY2hwXyIZUAwz7erNumlTbeC/JK8=

.hgtags

@@ -0,0 +1,59 @@
+03f65e461915a940939e4cc689fc89721ffc40de DROPBEAR_0.48.1
+0f967bfef5cd0056b7ec60e2305d917e51cbf30d DROPBEAR_0.44
+170329dc8ce5dfcf6298e1ad6699f109bf78e73d DROPBEAR_0.51
+1dbd2473482f320ea59f76ce961385cb3a0150a9 DROPBEAR_0.46
+2098857ab826dd42ae05a9a22c3ce2cc835b9844 DROPBEAR_0.45
+36160290a1b27451178be36752ed038840f59cdd LTC_DB_0.46
+39d5d58461d6e93337636e69d4cdf184a09c8d24 LTC_1.05
+55a99934db873be2e63b5968fb6532e5d9bd02e4 DROPBEAR_0.48
+59400faa4b44708c5d0b595e81193bc621e752d3 libtomcrypt-1.05
+66087d87c3555c78b47cf01f32bb5a32054c3ceb DROPBEAR_0.44test4
+677843bfa734238a67636b461a02c110c462ffaf DROPBEAR_0.44test1
+7faae8f46238e23975430876547b8950b4e75481 t:ltc-0.95-orig
+8220862baae829ebc762587b99c662480d57bb23 DROPBEAR_0.53
+86e0b50a9b588239c3fc9cc9cfe255ef586df17b ltm-0.30-orig
+88e0a1ad951add46b795511dc2698e36b4aee922 DROPBEAR_0.44test3
+8e94663164c6e106ccc5c9e997dedf6e04d77dd2 LTM_DB_0.44
+91fbc376f01084037cd5f6a5bf2e2db4903e8e99 libtommath-0.35
+97db060d0ef5f8cf8e67eb602ef037055a185ca9 libtommath-0.40
+aa2f51a6b81d33de5e9898a7f27c792a173d9b26 DROPBEAR_0.53.1
+ab370c629d363f8c9a3eca512bfa86e362034654 DROPBEAR_0.49
+c2ac796b130eeb6fa840873d8c230544c8ec7e4b DROPBEAR_0.44test2
+cd1143579f00b0248c79f63ca70efee4a35a57e8 LTC_DB_0.44
+ce104c8b0be1ff3f2c2590b7cdc3fd6870c865cd DROPBEAR_0.52
+d5faf4814ddbc5abd9e209409bb9e7a4686c8cd7 libtomcrypt-1.16
+d7da3b1e15401eb234ec866d5eac992fc4cd5878 t:ltc-0.95-db-merge1
+d8254fc979e99560c93ca2cece77a6df31927ea5 LTM_0.35
+e109027b9edfb02f0bdf96ec45bb1cd9ad41e7da LTM_DB_0.46
+e109027b9edfb02f0bdf96ec45bb1cd9ad41e7da LTM_DB_0.47
+e37b160c414cab6466622f63b0c4dcbf6ebc47a9 DROPBEAR_0.47
+e430a26064ee86ab79aef372118d6d03b2441996 DROPBEAR_0.50
+e5d119ea4c63656bc54ecfd865d04591ac2ed225 LTC_DB_0.47
+3f12086c2ef2b9ffe36a822fdb3ff647fcec1831 DROPBEAR_2011.54
+d354464b2aa6f6ba0bf44d43bcae5aa798435393 DROPBEAR_2012.55
+7faae8f46238e23975430876547b8950b4e75481 t:ltc-0.95-orig
+0000000000000000000000000000000000000000 t:ltc-0.95-orig
+d7da3b1e15401eb234ec866d5eac992fc4cd5878 t:ltc-0.95-db-merge1
+0000000000000000000000000000000000000000 t:ltc-0.95-db-merge1
+1b8b2b9d6e94bc3cc5e61b620476ea36cc466e1b DROPBEAR_2013.56
+96b8bcb88017815040949a417caa55686271e8a9 DROPBEAR_2013.57
+e76614145aea67f66e4a4257685c771efba21aa1 DROPBEAR_2013.58
+7b68e581985fd4ea50869f8608ab95cda5d17876 DROPBEAR_2013.59
+a50a1dc743317fad9b3737bc68fbca640659bb6d DROPBEAR_2013.60
+e894dbc015ba7ff4c3bf897ee20e28ca90c55a16 DROPBEAR_2013.61test
+3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62
+2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63
+0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64
+e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65
+735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66
+cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67
+809feaa9408f036734129c77f2b3c7e779d4f099 DROPBEAR_2015.68
+1637dbd262124d113e52967df46afd6c715e4fad DROPBEAR_2015.69
+79a6ef02307d05cb9dda10465cb5b807baa8f62e DROPBEAR_2015.70
+9a944a243f08be6b22d32f166a0690eb4872462b DROPBEAR_2015.71
+78b12b6549be08b0bea3da329b2578060a76ca31 DROPBEAR_2016.72
+309e1c4a87682b6ca7d80b8555a1db416c3cb7ac DROPBEAR_2016.73
+0ed3d2bbf956cb8a9bf0f4b5a86b7dd9688205cb DROPBEAR_2016.74
+c31276613181c5cff7854e7ef586ace03424e55e DROPBEAR_2017.75
+1c66ca4f3791c82501c88e7637312182c7294978 DROPBEAR_2018.76
+6d1bbe7d5fa5827c7eae28bca044d691f7efa785 DROPBEAR_2019.77

.travis.yml

@@ -0,0 +1,66 @@
+language: c
+
+git:
+  depth: 3
+
+matrix:
+  include:
+    # subsequent matrix options use these first settings
+    - os: linux
+      compiler: gcc
+      env: WEXTRAFLAGS=-Werror
+      sudo: false
+    - env: MULTI=1 WEXTRAFLAGS=-Werror
+    # libtom has some warnings, so no WEXTRAFLAGS
+    - env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=""
+    - env: NOWRITEV=1 WEXTRAFLAGS=-Werror
+    # libtomcrypt 1.18.1 fixes clang problems, distro doesn't have that yet
+    - os: linux
+      compiler: clang
+      env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=""
+    - os: osx
+      compiler: clang
+      env: WEXTRAFLAGS=""
+
+    # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled.
+    - env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS="" LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++
+      compiler: clang
+      # sanitizers need ptrace which is privileged https://github.com/travis-ci/travis-ci/issues/9033
+      sudo: required
+
+# container-based builds
+addons:
+  apt:
+    packages:
+    # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise
+    - zlib1g-dev
+    - libtomcrypt-dev
+    - libtommath-dev
+    - mercurial
+
+before_install:
+  - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi  # workaround
+
+install:
+  - autoconf 
+  - autoheader 
+  - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
+  - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi
+  - make -j3 
+  - test -z $DO_FUZZ || make fuzzstandalone
+  # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+  - make install 
+
+script:
+  - ~/inst/bin/dropbearkey -t rsa -f testrsa
+  - ~/inst/bin/dropbearkey -t dss -f testdss
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
+  - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
+  - test -z $DO_FUZZ || ./fuzzers_test.sh
+
+branches:
+  only:
+    - master
+    - coverity
+

FUZZER-NOTES.md

@@ -0,0 +1,74 @@
+# Fuzzing Dropbear
+
+Dropbear is process-per-session so it assumes calling `dropbear_exit()`
+is fine at any point to clean up. This makes fuzzing a bit trickier. 
+A few pieces of wrapping infrastructure are used to work around this.
+
+The [libfuzzer](http://llvm.org/docs/LibFuzzer.html#fuzz-target) harness
+expects a long running process to continually run a test function with 
+a string of crafted input. That process should not leak resources or exit.
+
+## longjmp
+
+When dropbear runs in fuzz mode it sets up a 
+[`setjmp()`](http://man7.org/linux/man-pages/man3/setjmp.3.html) target prior 
+to launching the code to be fuzzed, and then [`dropbear_exit()`](dbutil.c#L125)
+calls `longjmp()` back there. This avoids exiting though it doesn't free 
+memory or other resources.
+
+## malloc Wrapper
+
+Dropbear normally uses a [`m_malloc()`](dbmalloc.c) function that is the same as `malloc()` but
+exits if allocation fails. In fuzzing mode this is replaced with a tracking allocator
+that stores all allocations in a linked list. After the `longjmp()` occurs the fuzzer target
+calls [`m_malloc_free_epoch(1, 1)`](dbmalloc.c) to clean up any unreleased memory.
+
+If the fuzz target runs to completion it calls `m_malloc_free_epoch(1, 0)` which will reset 
+the tracked allocations but will not free memory - that allows libfuzzer's leak checking
+to detect leaks in normal operation.
+
+## File Descriptor Input
+
+As a network process Dropbear reads and writes from a socket. The wrappers for
+`read()`/`write()`/`select()` in [fuzz-wrapfd.c](fuzz-wrapfd.c) will read from the
+fuzzer input that has been set up with `wrapfd_add()`. `write()` output is
+currently discarded.
+These also test error paths such as EINTR and short reads with certain probabilities.
+
+This allows running the entire dropbear server process with network input provided by the
+fuzzer, without many modifications to the main code. At the time of writing this 
+only runs the pre-authentication stages, though post-authentication could be run similarly.
+
+## Encryption and Randomness
+
+When running in fuzzing mode Dropbear uses a [fixed seed](dbrandom.c#L185)
+every time so that failures can be reproduced. 
+
+Since the fuzzer cannot generate valid encrypted input the packet decryption and
+message authentication calls are disabled, see [packet.c](packet.c). 
+MAC failures are set to occur with a low probability to test that error path.
+
+## Fuzzers
+
+Current fuzzers are
+
+- [fuzzer-preauth](fuzzer-preauth.c) - the fuzzer input is treated as a stream of session input. This will
+  test key exchange, packet ordering, authentication attempts etc.
+
+- [fuzzer-preauth_nomaths](fuzzer-preauth_nomaths.c) - the same as fuzzer-preauth but with asymmetric crypto
+  routines replaced with dummies for faster runtime. corpora are shared 
+  between fuzzers by [oss-fuzz](https://github.com/google/oss-fuzz) so this 
+  will help fuzzer-preauth too.
+
+- [fuzzer-verify](fuzzer-verify.c) - read a key and signature from fuzzer input and verify that signature. 
+  It would not be expected to pass, though some keys with bad parameters are 
+  able to validate with a trivial signature - extra checks are added for that.
+
+- [fuzzer-pubkey](fuzzer-pubkey.c) - test parsing of an `authorized_keys` line.
+
+- [fuzzer-kexdh](fuzzer-kexdh.c) - test Diffie-Hellman key exchange where the fuzz input is the 
+  ephemeral public key that would be received over the network. This is testing `mp_expt_mod()`
+  and and other libtommath routines.
+
+- [fuzzer-kexecdh](fuzzer-kexecdh.c) - test Elliptic Curve Diffie-Hellman key exchange like fuzzer-kexdh.
+  This is testing libtommath ECC routines.

INSTALL

@@ -0,0 +1,91 @@
+Basic Dropbear build instructions:
+
+- Edit localoptions.h to set which features you want. Available options
+  are described in default_options.h, these will be overridden by
+  anything set in localoptions.h
+  localoptions.h should be located in the build directory if you are
+  building out of tree.
+
+- If using a Mercurial or Git checkout, "autoconf; autoheader"
+
+- Configure for your system:
+  ./configure     (optionally with --disable-zlib or --disable-syslog,
+                  or --help for other options)
+
+- Compile:
+
+  make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
+
+- Optionally install, or copy the binaries another way
+
+  make install (/usr/local/bin is usual default):
+
+  or
+
+  make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
+
+(you can leave items out of the PROGRAMS list to avoid compiling them. If you
+recompile after changing the PROGRAMS list, you *MUST* "make clean" before
+recompiling - bad things will happen otherwise)
+
+See MULTI for instructions on making all-in-one binaries.
+
+If you want to compile statically use ./configure --enable-static
+
+By default Dropbear adds various build flags that improve robustness 
+against programming bugs (good for security). If these cause problems
+they can be disabled with ./configure --disable-harden
+
+Binaries can be stripped with "make strip"
+
+============================================================================
+
+If you're compiling for a 386-class CPU, you will probably need to add
+CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
+
+============================================================================
+
+Compiling with uClibc:
+
+Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior
+versions is broken. Also note that you may get strange issues if your uClibc
+headers don't match the library you are running with, ie the headers might
+say that shadow password support exists, but the libraries don't have it.
+
+Compiling for uClibc should be the same as normal, just set CC to the magic
+uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
+You can use "make STATIC=1" to make statically linked binaries, and it is
+advisable to strip the binaries too. If you're looking to make a small binary,
+you should remove unneeded ciphers and MD5, by editing options.h
+
+It is possible to compile zlib in, by copying zlib.h and zconf.h into a
+subdirectory (ie zlibincludes), and 
+
+export CFLAGS="-Izlibincludes -I../zlibincludes"
+export LDFLAGS=/usr/lib/libz.a
+
+before ./configure and make.
+
+If you disable zlib, you must explicitly disable compression for the client -
+OpenSSH is possibly buggy in this regard, it seems you need to disable it
+globally in ~/.ssh/config, not just in the host entry in that file.
+
+You may want to manually disable lastlog recording when using uClibc, configure
+with --disable-lastlog.
+
+One common problem is pty allocation. There are a number of types of pty
+allocation which can be used -- if they work properly, the end result is the
+same for each type. Running configure should detect the best type to use
+automatically, however for some systems, this may be incorrect. Some
+things to note:
+
+    If your system expects /dev/pts to be mounted (this is a uClibc option),
+	make sure that it is.
+
+	Make sure that your libc headers match the library version you are using.
+
+	If openpty() is being used (HAVE_OPENPTY defined in config.h) and it fails,
+	you can try compiling with --disable-openpty. You will probably then need
+	to create all the /dev/pty?? and /dev/tty?? devices, which can be
+	problematic for devfs. In general, openpty() is the best way to allocate
+	PTYs, so it's best to try and get it working.

LICENSE

@@ -1,4 +1,141 @@
-LibTomMath is hereby released into the Public Domain.  
+Dropbear contains a number of components from different sources, hence there
+are a few licenses and authors involved. All licenses are fairly 
+non-restrictive.
 
--- Tom St Denis
 
+The majority of code is written by Matt Johnston, under the license below.
+
+Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
+same license:
+
+Copyright (c) 2002-2015 Matt Johnston
+Portions copyright (c) 2004 Mihnea Stoenescu
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+=====
+
+LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+
+=====
+
+sshpty.c is taken from OpenSSH 3.5p1, 
+  Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+                     All rights reserved
+ "As far as I am concerned, the code I have written for this software
+  can be used freely for any purpose.  Any derived versions of this
+  software must be clearly marked as such, and if the derived work is
+  incompatible with the protocol description in the RFC file, it must be
+  called by a name other than "ssh" or "Secure Shell". "
+
+=====
+
+loginrec.c
+loginrec.h
+atomicio.h
+atomicio.c
+and strlcat() (included in util.c) are from OpenSSH 3.6.1p2, and are licensed
+under the 2 point BSD license.
+
+loginrec is written primarily by Andre Lucas, atomicio.c by Theo de Raadt.
+
+strlcat() is (c) Todd C. Miller
+
+=====
+
+Import code in keyimport.c is modified from PuTTY's import.c, licensed as
+follows:
+
+PuTTY is copyright 1997-2003 Simon Tatham.
+
+Portions copyright Robert de Bath, Joris van Rantwijk, Delian
+Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
+Justin Bradford, and CORE SDI S.A.
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation files
+(the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of the Software,
+and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
+FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+=====
+
+curve25519-donna:
+
+/* Copyright 2008, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * curve25519-donna: Curve25519 elliptic curve, public key function
+ *
+ * http://code.google.com/p/curve25519-donna/
+ *
+ * Adam Langley <agl@imperialviolet.org>
+ *
+ * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * More information about curve25519 can be found here
+ *   http://cr.yp.to/ecdh.html
+ *
+ * djb's sample implementation of curve25519 is written in a special assembly
+ * language called qhasm and uses the floating point registers.
+ *
+ * This is, almost, a clean room reimplementation from the curve25519 paper. It
+ * uses many of the tricks described therein. Only the crecip function is taken
+ * from the sample implementation.
+ */

MULTI

@@ -0,0 +1,22 @@
+Multi-binary compilation
+========================
+
+To compile for systems without much space (floppy distributions etc), you
+can create a single binary. This will save disk space by avoiding repeated
+code between the various parts.
+If you are familiar with "busybox", it's the same principle.
+
+To compile the multi-binary, first "make clean" (if you've compiled
+previously), then
+
+make PROGRAMS="programs you want here" MULTI=1
+
+To use the binary, symlink it from the desired executable:
+
+ln -s dropbearmulti dropbear
+ln -s dropbearmulti dbclient
+etc
+
+then execute as normal:
+
+./dropbear <options here>

Makefile.in

@@ -0,0 +1,308 @@
+# This Makefile is for Dropbear SSH Server and Client
+# @configure_input@
+
+# invocation:
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
+#
+# to make a multiple-program binary "dropbearmulti".
+# This example will include dropbear, scp, dropbearkey, dropbearconvert, and
+# dbclient functionality, and includes the progress-bar functionality in scp.
+
+ifndef PROGRAMS
+	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
+endif
+
+STATIC_LTC=libtomcrypt/libtomcrypt.a
+STATIC_LTM=libtommath/libtommath.a
+
+LIBTOM_LIBS=@LIBTOM_LIBS@
+
+ifeq (@BUNDLED_LIBTOM@, 1)
+LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) 
+LIBTOM_CLEAN=ltc-clean ltm-clean
+CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
+LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
+endif
+
+OPTION_HEADERS = default_options_guard.h sysoptions.h
+ifneq ($(wildcard localoptions.h),)
+CFLAGS+=-DLOCALOPTIONS_H_EXISTS
+OPTION_HEADERS += localoptions.h
+endif
+
+COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
+		dss.o bignum.o \
+		signkey.o rsa.o dbrandom.o \
+		queue.o \
+		atomicio.o compat.o fake-rfc2553.o \
+		ltc_prng.o ecc.o ecdsa.o crypto_desc.o \
+		dbmalloc.o \
+		gensignkey.o gendss.o genrsa.o
+
+SVROBJS=svr-kex.o svr-auth.o sshpty.o \
+		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
+		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
+		svr-tcpfwd.o svr-authpam.o
+
+CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
+		cli-session.o cli-runopts.o cli-chansession.o \
+		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
+		cli-agentfwd.o 
+
+CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
+			common-channel.o common-chansession.o termcodes.o loginrec.o \
+			tcp-accept.o listener.o process-packet.o dh_groups.o \
+			common-runopts.o circbuffer.o curve25519-donna.o list.o netio.o
+
+KEYOBJS=dropbearkey.o
+
+CONVERTOBJS=dropbearconvert.o keyimport.o
+
+SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
+
+ifeq (@DROPBEAR_FUZZ@, 1)
+	allobjs = $(COMMONOBJS) fuzz-common.o  fuzz-wrapfd.o $(CLISVROBJS) $(CLIOBJS) $(SVROBJS) @CRYPTLIB@
+	allobjs:=$(subst svr-main.o, ,$(allobjs))
+	allobjs:=$(subst cli-main.o, ,$(allobjs))
+	allobjs:=$(sort $(allobjs))
+
+	dropbearobjs=$(allobjs) svr-main.o
+	dbclientobjs=$(allobjs) cli-main.o
+	dropbearkeyobjs=$(allobjs) $(KEYOBJS)
+	dropbearconvertobjs=$(allobjs) $(CONVERTOBJS)
+	# CXX only set when fuzzing
+	CXX=@CXX@
+else
+	dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+	dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+	dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+	dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+	scpobjs=$(SCPOBJS)
+endif
+
+VPATH=@srcdir@
+srcdir=@srcdir@
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+datarootdir = @datarootdir@
+bindir=@bindir@
+sbindir=@sbindir@
+mandir=@mandir@
+
+.DELETE_ON_ERROR:
+
+CC=@CC@
+AR=@AR@
+RANLIB=@RANLIB@
+STRIP=@STRIP@
+INSTALL=@INSTALL@
+CPPFLAGS=@CPPFLAGS@
+CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
+LIBS+=@LIBS@
+LDFLAGS=@LDFLAGS@
+
+EXEEXT=@EXEEXT@
+
+STATIC=@STATIC@
+
+# whether we're building client, server, or both for the common objects.
+# evilness so we detect 'dropbear' by itself as a word
+ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z))))
+	CFLAGS+= -DDROPBEAR_SERVER
+endif
+ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z))))
+	CFLAGS+= -DDROPBEAR_CLIENT
+endif
+
+# these are exported so that libtomcrypt's makefile will use them
+export CC
+export CFLAGS
+export RANLIB AR STRIP
+
+ifeq ($(STATIC), 1)
+	LDFLAGS+=-static
+endif
+
+ifeq ($(MULTI), 1)
+	TARGETS=dropbearmulti$(EXEEXT)
+else
+	TARGETS=$(PROGRAMS)
+endif
+
+# for the scp progress meter. The -D doesn't affect anything else.
+ifeq ($(SCPPROGRESS), 1)
+	CFLAGS+=-DPROGRESS_METER
+endif
+
+all: $(TARGETS)
+
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
+%.o : %.c $(HEADERS)
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+default_options_guard.h: default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	@mv $@.tmp $@
+
+strip: $(TARGETS)
+	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
+
+install: $(addprefix inst_, $(TARGETS))
+
+insmultidropbear: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
+	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(srcdir)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
+
+insmulti%: dropbearmulti$(EXEEXT)
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
+	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
+
+# dropbear should go in sbin, so it needs a separate rule
+inst_dropbear: dropbear
+	$(INSTALL) -d $(DESTDIR)$(sbindir)
+	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
+
+inst_%: %
+	$(INSTALL) -d $(DESTDIR)$(bindir)
+	$(INSTALL) $*$(EXEEXT) $(DESTDIR)$(bindir)
+	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
+	if test -e $*.1; then $(INSTALL) -m 644 $*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi
+
+inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS)) 
+
+# for some reason the rule further down doesn't like $($@objs) as a prereq.
+dropbear: $(dropbearobjs)
+dbclient: $(dbclientobjs)
+dropbearkey: $(dropbearkeyobjs)
+dropbearconvert: $(dropbearconvertobjs)
+
+dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
+
+dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+
+dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
+
+# scp doesn't use the libs so is special.
+scp: $(SCPOBJS)  $(HEADERS) Makefile
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)
+
+
+# multi-binary compilation.
+MULTIOBJS=
+ifeq ($(MULTI),1)
+	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+endif
+
+dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
+	$(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@
+
+multibinary: dropbearmulti$(EXEEXT)
+
+multilink: multibinary $(addprefix link, $(PROGRAMS))
+
+link%:
+	-rm -f $*$(EXEEXT)
+	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
+
+$(STATIC_LTC): $(OPTION_HEADERS)
+	$(MAKE) -C libtomcrypt
+
+$(STATIC_LTM): $(OPTION_HEADERS)
+	$(MAKE) -C libtommath
+
+.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
+
+ltc-clean:
+	$(MAKE) -C libtomcrypt clean
+
+ltm-clean:
+	$(MAKE) -C libtommath clean
+
+sizes: dropbear
+	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
+
+clean: $(LIBTOM_CLEAN) thisclean
+
+thisclean:
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
+			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof
+
+distclean: clean tidy
+	-rm -f config.h
+	-rm -f Makefile
+	-rm -f default_options_guard.h
+
+tidy:
+	-rm -f *~ *.gcov */*~
+
+## Fuzzing targets
+
+# list of fuzz targets
+FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths fuzzer-kexdh fuzzer-kexecdh
+
+FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
+
+list-fuzz-targets:
+	@echo $(FUZZ_TARGETS)
+
+# fuzzers that don't use libfuzzer, just a standalone harness that feeds inputs
+fuzzstandalone: FUZZLIB=fuzz-harness.o
+fuzzstandalone: fuzz-harness.o fuzz-targets
+
+# exclude svr-main.o to avoid duplicate main
+svrfuzzobjs=$(subst svr-main.o, ,$(dropbearobjs))
+
+# build all the fuzzers. This will require fail to link unless built with
+# make fuzz-targets FUZZLIB=-lFuzzer.a 
+# or similar - the library provides main().
+fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)
+
+fuzzer-preauth: fuzzer-preauth.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-preauth_nomaths: fuzzer-preauth_nomaths.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-pubkey: fuzzer-pubkey.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-verify: fuzzer-verify.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-kexdh: fuzzer-kexdh.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-kexecdh: fuzzer-kexecdh.o $(HEADERS) $(LIBTOM_DEPS) Makefile $(svrfuzzobjs)
+	$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(svrfuzzobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
+
+fuzzer-%.options: Makefile
+	echo "[libfuzzer]"               > $@
+	echo "max_len = 50000"          >> $@
+
+# run this to update hardcoded hostkeys for for fuzzing. 
+# hostkeys.c is checked in to hg.
+fuzz-hostkeys:
+	dropbearkey -t rsa -f keyr
+	dropbearkey -t dss -f keyd
+	dropbearkey -t ecdsa -size 256 -f keye
+	echo > hostkeys.c
+	/usr/bin/xxd -i -a keyr >> hostkeys.c
+	/usr/bin/xxd -i -a keye >> hostkeys.c
+	/usr/bin/xxd -i -a keyd >> hostkeys.c

README

@@ -0,0 +1,78 @@
+This is Dropbear, a smallish SSH server and client.
+https://matt.ucc.asn.au/dropbear/dropbear.html
+
+INSTALL has compilation instructions.
+
+MULTI has instructions on making a multi-purpose binary (ie a single binary
+which performs multiple tasks, to save disk space)
+
+SMALL has some tips on creating small binaries.
+
+Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
+There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear
+
+Matt Johnston
+matt@ucc.asn.au
+
+
+In the absence of detailed documentation, some notes follow:
+============================================================================
+
+Server public key auth:
+
+You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
+the key entries in that file. They should be of the form:
+
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
+
+You must make sure that ~/.ssh, and the key file, are only writable by the
+user. Beware of editors that split the key into multiple lines.
+
+Dropbear supports some options for authorized_keys entries, see the manpage.
+
+============================================================================
+
+Client public key auth:
+
+Dropbear can do public key auth as a client, but you will have to convert
+OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
+
+If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:
+
+dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
+dbclient -i ~/.ssh/id_rsa.db <hostname>
+
+Dropbear does not support encrypted hostkeys though can connect to ssh-agent.
+
+============================================================================
+
+If you want to get the public-key portion of a Dropbear private key, look at
+dropbearkey's '-y' option.
+
+============================================================================
+
+To run the server, you need to generate server keys, this is one-off:
+./dropbearkey -t rsa -f dropbear_rsa_host_key
+./dropbearkey -t dss -f dropbear_dss_host_key
+./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
+
+or alternatively convert OpenSSH keys to Dropbear:
+./dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key dropbear_dss_host_key
+
+You can also get Dropbear to create keys when the first connection is made -
+this is preferable to generating keys when the system boots. Make sure 
+/etc/dropbear/ exists and then pass '-R' to the dropbear server.
+
+============================================================================
+
+If the server is run as non-root, you most likely won't be able to allocate a
+pty, and you cannot login as any user other than that running the daemon
+(obviously). Shadow passwords will also be unusable as non-root.
+
+============================================================================
+
+The Dropbear distribution includes a standalone version of OpenSSH's scp
+program. You can compile it with "make scp", you may want to change the path
+of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
+the progress meter isn't compiled in to save space, you can enable it by 
+adding 'SCPPROGRESS=1' to the make commandline.

SMALL

@@ -0,0 +1,53 @@
+Tips for a small system:
+
+If you only want server functionality (for example), compile with
+	make PROGRAMS=dropbear
+rather than just
+	make dropbear
+so that client functionality in shared portions of Dropbear won't be included.
+The same applies if you are compiling just a client.
+
+---
+
+The following are set in options.h:
+
+	- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
+	  affecting interoperability
+
+	- If you're compiling statically, you can turn off host lookups
+
+	- You can disable either password or public-key authentication, though note
+	  that the IETF draft states that pubkey authentication is required.
+
+	- Similarly with DSS and RSA, you can disable one of these if you know that
+	  all clients will be able to support a particular one. The IETF draft
+	  states that DSS is required, however you may prefer to use RSA. 
+	  DON'T disable either of these on systems where you aren't 100% sure about
+	  who will be connecting and what clients they will be using.
+
+	- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
+
+	- You can disable x11, tcp and agent forwarding as desired. None of these are
+	  essential, although agent-forwarding is often useful even on firewall boxes.
+
+---
+
+If you are compiling statically, you may want to disable zlib, as it will use
+a few tens of kB of binary-size (./configure --disable-zlib).
+
+You can create a combined binary, see the file MULTI, which will put all
+the functions into one binary, avoiding repeated code.
+
+If you're compiling with gcc, you might want to look at gcc's options for
+stripping unused code. The relevant vars to set before configure are:
+
+LDFLAGS=-Wl,--gc-sections
+CFLAGS="-ffunction-sections -fdata-sections"
+
+You can also experiment with optimisation flags such as -Os, note that in some
+cases these flags actually seem to increase size, so experiment before
+deciding.
+
+Of course using small C libraries such as uClibc and dietlibc can also help.
+
+If you have any queries, mail me and I'll see if I can help.

TODO

@@ -1,16 +0,0 @@
-things for book in order of importance...
-
-- Fix up pseudo-code [only] for combas that are not consistent with source
-- Start in chapter 3 [basics] and work up...
-   - re-write to prose [less abrupt]
-   - clean up pseudo code [spacing]
-   - more examples where appropriate and figures
-
-Goal:
-   - Get sync done by mid January [roughly 8-12 hours work]
-   - Finish ch3-6 by end of January [roughly 12-16 hours of work]
-   - Finish ch7-end by mid Feb [roughly 20-24 hours of work].
-
-Goal isn't "first edition" but merely cleaner to read.
-
-

agentfwd.h

@@ -0,0 +1,63 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+#ifndef DROPBEAR_AGENTFWD_H_
+#define DROPBEAR_AGENTFWD_H_
+
+#include "includes.h"
+#include "chansession.h"
+#include "channel.h"
+#include "auth.h"
+#include "list.h"
+
+#if DROPBEAR_CLI_AGENTFWD
+
+/* An agent reply can be reasonably large, as it can
+ * contain a list of all public keys held by the agent.
+ * 10000 is arbitrary */
+#define MAX_AGENT_REPLY  10000
+
+/* client functions */
+void cli_load_agent_keys(m_list * ret_list);
+void agent_buf_sign(buffer *sigblob, sign_key *key, 
+	const buffer *data_buf);
+void cli_setup_agent(const struct Channel *channel);
+
+#ifdef __hpux
+#define seteuid(a)       setresuid(-1, (a), -1)
+#define setegid(a)       setresgid(-1, (a), -1)
+#endif
+
+extern const struct ChanType cli_chan_agent;
+
+#endif /* DROPBEAR_CLI_AGENTFWD */
+
+#if DROPBEAR_SVR_AGENTFWD
+
+int svr_agentreq(struct ChanSess * chansess);
+void svr_agentcleanup(struct ChanSess * chansess);
+void svr_agentset(const struct ChanSess *chansess);
+
+#endif /* DROPBEAR_SVR_AGENTFWD */
+
+#endif /* DROPBEAR_AGENTFWD_H_ */

algo.h

@@ -0,0 +1,143 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_ALGO_H_
+
+#define DROPBEAR_ALGO_H_
+
+#include "includes.h"
+#include "buffer.h"
+
+#define DROPBEAR_MODE_UNUSED 0
+#define DROPBEAR_MODE_CBC 1
+#define DROPBEAR_MODE_CTR 2
+
+struct Algo_Type {
+
+	const char *name; /* identifying name */
+	char val; /* a value for this cipher, or -1 for invalid */
+	const void *data; /* algorithm specific data */
+	char usable; /* whether we can use this algorithm */
+	const void *mode; /* the mode, currently only used for ciphers,
+						 points to a 'struct dropbear_cipher_mode' */
+};
+
+typedef struct Algo_Type algo_type;
+
+/* lists mapping ssh types of algorithms to internal values */
+extern algo_type sshkex[];
+extern algo_type sshhostkey[];
+extern algo_type sshciphers[];
+extern algo_type sshhashes[];
+extern algo_type ssh_compress[];
+extern algo_type ssh_delaycompress[];
+extern algo_type ssh_nocompress[];
+
+extern const struct dropbear_cipher dropbear_nocipher;
+extern const struct dropbear_cipher_mode dropbear_mode_none;
+extern const struct dropbear_hash dropbear_nohash;
+
+struct dropbear_cipher {
+	const struct ltc_cipher_descriptor *cipherdesc;
+	const unsigned long keysize;
+	const unsigned char blocksize;
+};
+
+struct dropbear_cipher_mode {
+	int (*start)(int cipher, const unsigned char *IV, 
+			const unsigned char *key, 
+			int keylen, int num_rounds, void *cipher_state);
+	int (*encrypt)(const unsigned char *pt, unsigned char *ct, 
+			unsigned long len, void *cipher_state);
+	int (*decrypt)(const unsigned char *ct, unsigned char *pt, 
+			unsigned long len, void *cipher_state);
+};
+
+struct dropbear_hash {
+	const struct ltc_hash_descriptor *hash_desc;
+	const unsigned long keysize;
+	/* hashsize may be truncated from the size returned by hash_desc,
+	   eg sha1-96 */
+	const unsigned char hashsize;
+};
+
+enum dropbear_kex_mode {
+#if DROPBEAR_NORMAL_DH
+	DROPBEAR_KEX_NORMAL_DH,
+#endif
+#if DROPBEAR_ECDH
+	DROPBEAR_KEX_ECDH,
+#endif
+#if DROPBEAR_CURVE25519
+	DROPBEAR_KEX_CURVE25519,
+#endif
+};
+
+struct dropbear_kex {
+	enum dropbear_kex_mode mode;
+	
+	/* "normal" DH KEX */
+	const unsigned char *dh_p_bytes;
+	const int dh_p_len;
+
+	/* elliptic curve DH KEX */
+#if DROPBEAR_ECDH
+	const struct dropbear_ecc_curve *ecc_curve;
+#else
+	const void* dummy;
+#endif
+
+	/* both */
+	const struct ltc_hash_descriptor *hash_desc;
+};
+
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]);
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]);
+
+enum kexguess2_used {
+	KEXGUESS2_LOOK,
+	KEXGUESS2_NO,
+	KEXGUESS2_YES,
+};
+
+#define KEXGUESS2_ALGO_NAME "kexguess2@matt.ucc.asn.au"
+#define KEXGUESS2_ALGO_ID 99
+
+
+algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
+		enum kexguess2_used *kexguess2, int *goodguess);
+
+#if DROPBEAR_USER_ALGO_LIST
+int check_user_algos(const char* user_algo_list, algo_type * algos, 
+		const char *algo_desc);
+char * algolist_string(const algo_type algos[]);
+#endif
+
+enum {
+	DROPBEAR_COMP_NONE,
+	DROPBEAR_COMP_ZLIB,
+	DROPBEAR_COMP_ZLIB_DELAY,
+};
+
+#endif /* DROPBEAR_ALGO_H_ */

atomicio.c

@@ -0,0 +1,59 @@
+/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */
+/*
+ * Copied from OpenSSH/OpenBSD.
+ * 
+ * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
+ * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include "atomicio.h"
+
+/*
+ * ensure all of data on socket comes through. f==read || f==vwrite
+ */
+size_t
+atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
+{
+	char *s = _s;
+	size_t pos = 0;
+	ssize_t res;
+
+	while (n > pos) {
+		res = (f) (fd, s + pos, n - pos);
+		switch (res) {
+		case -1:
+			if (errno == EINTR || errno == EAGAIN)
+				continue;
+			return 0;
+		case 0:
+			errno = EPIPE;
+			return pos;
+		default:
+			pos += (size_t)res;
+		}
+	}
+	return (pos);
+}

atomicio.h

@@ -0,0 +1,35 @@
+/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */
+
+/*
+ * Copied from OpenSSH/OpenBSD, required for loginrec.c
+ *
+ * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==vwrite
+ */
+size_t	atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
+
+#define vwrite (ssize_t (*)(int, void *, size_t))write

auth.h

@@ -0,0 +1,145 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_AUTH_H_
+#define DROPBEAR_AUTH_H_
+
+#include "includes.h"
+#include "signkey.h"
+#include "chansession.h"
+
+void svr_authinitialise(void);
+void cli_authinitialise(void);
+
+/* Server functions */
+void recv_msg_userauth_request(void);
+void send_msg_userauth_failure(int partial, int incrfail);
+void send_msg_userauth_success(void);
+void send_msg_userauth_banner(const buffer *msg);
+void svr_auth_password(int valid_user);
+void svr_auth_pubkey(int valid_user);
+void svr_auth_pam(int valid_user);
+
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+int svr_pubkey_allows_agentfwd(void);
+int svr_pubkey_allows_tcpfwd(void);
+int svr_pubkey_allows_x11fwd(void);
+int svr_pubkey_allows_pty(void);
+void svr_pubkey_set_forced_command(struct ChanSess *chansess);
+void svr_pubkey_options_cleanup(void);
+int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
+#else
+/* no option : success */
+#define svr_pubkey_allows_agentfwd() 1
+#define svr_pubkey_allows_tcpfwd() 1
+#define svr_pubkey_allows_x11fwd() 1
+#define svr_pubkey_allows_pty() 1
+static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
+static inline void svr_pubkey_options_cleanup(void) { }
+#define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
+#endif
+
+/* Client functions */
+void recv_msg_userauth_failure(void);
+void recv_msg_userauth_success(void);
+void recv_msg_userauth_specific_60(void);
+void recv_msg_userauth_pk_ok(void);
+void recv_msg_userauth_info_request(void);
+void cli_get_user(void);
+void cli_auth_getmethods(void);
+int cli_auth_try(void);
+void recv_msg_userauth_banner(void);
+void cli_pubkeyfail(void);
+void cli_auth_password(void);
+int cli_auth_pubkey(void);
+void cli_auth_interactive(void);
+char* getpass_or_cancel(const char* prompt);
+void cli_auth_pubkey_cleanup(void);
+
+
+#define MAX_USERNAME_LEN 100 /* arbitrary for the moment */
+
+#define AUTH_TYPE_NONE      1
+#define AUTH_TYPE_PUBKEY    (1 << 1)
+#define AUTH_TYPE_PASSWORD  (1 << 2)
+#define AUTH_TYPE_INTERACT  (1 << 3)
+
+#define AUTH_METHOD_NONE "none"
+#define AUTH_METHOD_NONE_LEN 4
+#define AUTH_METHOD_PUBKEY "publickey"
+#define AUTH_METHOD_PUBKEY_LEN 9
+#define AUTH_METHOD_PASSWORD "password"
+#define AUTH_METHOD_PASSWORD_LEN 8
+#define AUTH_METHOD_INTERACT "keyboard-interactive"
+#define AUTH_METHOD_INTERACT_LEN 20
+
+
+
+/* This structure is shared between server and client - it contains
+ * relatively little extraneous bits when used for the client rather than the
+ * server */
+struct AuthState {
+	char *username; /* This is the username the client presents to check. It
+					   is updated each run through, used for auth checking */
+	unsigned char authtypes; /* Flags indicating which auth types are still 
+								valid */
+	unsigned int failcount; /* Number of (failed) authentication attempts.*/
+	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
+							  client and server (though has differing 
+							  meanings). */
+
+	unsigned int perm_warn; /* Server only, set if bad permissions on 
+							   ~/.ssh/authorized_keys have already been
+							   logged. */
+	unsigned int checkusername_failed;  /* Server only, set if checkusername
+	                                has already failed */
+	struct timespec auth_starttime; /* Server only, time of receiving current 
+									SSH_MSG_USERAUTH_REQUEST */
+
+	/* These are only used for the server */
+	uid_t pw_uid;
+	gid_t pw_gid;
+	char *pw_dir;
+	char *pw_shell;
+	char *pw_name;
+	char *pw_passwd;
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+	struct PubKeyOptions* pubkey_options;
+#endif
+};
+
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+struct PubKeyOptions;
+struct PubKeyOptions {
+	/* Flags */
+	int no_port_forwarding_flag;
+	int no_agent_forwarding_flag;
+	int no_x11_forwarding_flag;
+	int no_pty_flag;
+	/* "command=" option. */
+	char * forced_command;
+};
+#endif
+
+#endif /* DROPBEAR_AUTH_H_ */

bignum.c

@@ -0,0 +1,104 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* Contains helper functions for mp_int handling */
+
+#include "includes.h"
+#include "dbutil.h"
+
+/* wrapper for mp_init, failing fatally on errors (memory allocation) */
+void m_mp_init(mp_int *mp) {
+
+	if (mp_init(mp) != MP_OKAY) {
+		dropbear_exit("Mem alloc error");
+	}
+}
+
+/* simplified duplication of bn_mp_multi's mp_init_multi, but die fatally
+ * on error */
+void m_mp_init_multi(mp_int *mp, ...) 
+{
+	mp_int* cur_arg = mp;
+	va_list args;
+
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		if (mp_init(cur_arg) != MP_OKAY) {
+			dropbear_exit("Mem alloc error");
+		}
+		cur_arg = va_arg(args, mp_int*);
+	}
+	va_end(args);
+}
+
+void m_mp_alloc_init_multi(mp_int **mp, ...) 
+{
+	mp_int** cur_arg = mp;
+	va_list args;
+
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		*cur_arg = m_malloc(sizeof(mp_int));
+		if (mp_init(*cur_arg) != MP_OKAY) {
+			dropbear_exit("Mem alloc error");
+		}
+		cur_arg = va_arg(args, mp_int**);
+	}
+	va_end(args);
+}
+
+void m_mp_free_multi(mp_int **mp, ...) 
+{
+	mp_int** cur_arg = mp;
+	va_list args;
+
+	va_start(args, mp);        /* init args to next argument from caller */
+	while (cur_arg != NULL) {
+		if (*cur_arg) {
+			mp_clear(*cur_arg);
+		}
+		m_free(*cur_arg);
+		cur_arg = va_arg(args, mp_int**);
+	}
+	va_end(args);
+}
+
+void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
+
+	if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
+		dropbear_exit("Mem alloc error");
+	}
+}
+
+/* hash the ssh representation of the mp_int mp */
+void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
+				hash_state *hs, mp_int *mp) {
+	buffer * buf;
+
+	buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, 
+								plus header + some leeway*/
+	buf_putmpint(buf, mp);
+	hash_desc->process(hs, buf->data, buf->len);
+	buf_free(buf);
+}

bignum.h

@@ -0,0 +1,38 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_BIGNUM_H_
+#define DROPBEAR_BIGNUM_H_
+
+#include "dbhelpers.h"
+
+void m_mp_init(mp_int *mp);
+void m_mp_init_multi(mp_int *mp, ...) ATTRIB_SENTINEL;
+void m_mp_alloc_init_multi(mp_int **mp, ...) ATTRIB_SENTINEL;
+void m_mp_free_multi(mp_int **mp, ...)  ATTRIB_SENTINEL;
+void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
+void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
+				hash_state *hs, mp_int *mp);
+
+#endif /* DROPBEAR_BIGNUM_H_ */

bn.ilg

@@ -1,6 +0,0 @@
-This is makeindex, version 2.14 [02-Oct-2002] (kpathsea + Thai support).
-Scanning input file bn.idx....done (79 entries accepted, 0 rejected).
-Sorting entries....done (511 comparisons).
-Generating output file bn.ind....done (82 lines written, 0 warnings).
-Output written in bn.ind.
-Transcript written in bn.ilg.

bn.ind

@@ -1,82 +0,0 @@
-\begin{theindex}
-
-  \item mp\_add, \hyperpage{29}
-  \item mp\_add\_d, \hyperpage{52}
-  \item mp\_and, \hyperpage{29}
-  \item mp\_clear, \hyperpage{11}
-  \item mp\_clear\_multi, \hyperpage{12}
-  \item mp\_cmp, \hyperpage{24}
-  \item mp\_cmp\_d, \hyperpage{25}
-  \item mp\_cmp\_mag, \hyperpage{23}
-  \item mp\_div, \hyperpage{30}
-  \item mp\_div\_2, \hyperpage{26}
-  \item mp\_div\_2d, \hyperpage{28}
-  \item mp\_div\_d, \hyperpage{52}
-  \item mp\_dr\_reduce, \hyperpage{40}
-  \item mp\_dr\_setup, \hyperpage{40}
-  \item MP\_EQ, \hyperpage{22}
-  \item mp\_error\_to\_string, \hyperpage{10}
-  \item mp\_expt\_d, \hyperpage{43}
-  \item mp\_exptmod, \hyperpage{43}
-  \item mp\_exteuclid, \hyperpage{51}
-  \item mp\_gcd, \hyperpage{51}
-  \item mp\_get\_int, \hyperpage{20}
-  \item mp\_grow, \hyperpage{16}
-  \item MP\_GT, \hyperpage{22}
-  \item mp\_init, \hyperpage{11}
-  \item mp\_init\_copy, \hyperpage{13}
-  \item mp\_init\_multi, \hyperpage{12}
-  \item mp\_init\_set, \hyperpage{21}
-  \item mp\_init\_set\_int, \hyperpage{21}
-  \item mp\_init\_size, \hyperpage{14}
-  \item mp\_int, \hyperpage{10}
-  \item mp\_invmod, \hyperpage{52}
-  \item mp\_jacobi, \hyperpage{52}
-  \item mp\_lcm, \hyperpage{51}
-  \item mp\_lshd, \hyperpage{28}
-  \item MP\_LT, \hyperpage{22}
-  \item MP\_MEM, \hyperpage{9}
-  \item mp\_mod, \hyperpage{35}
-  \item mp\_mod\_d, \hyperpage{52}
-  \item mp\_montgomery\_calc\_normalization, \hyperpage{38}
-  \item mp\_montgomery\_reduce, \hyperpage{37}
-  \item mp\_montgomery\_setup, \hyperpage{37}
-  \item mp\_mul, \hyperpage{31}
-  \item mp\_mul\_2, \hyperpage{26}
-  \item mp\_mul\_2d, \hyperpage{28}
-  \item mp\_mul\_d, \hyperpage{52}
-  \item mp\_n\_root, \hyperpage{44}
-  \item mp\_neg, \hyperpage{29}
-  \item MP\_NO, \hyperpage{9}
-  \item MP\_OKAY, \hyperpage{9}
-  \item mp\_or, \hyperpage{29}
-  \item mp\_prime\_fermat, \hyperpage{45}
-  \item mp\_prime\_is\_divisible, \hyperpage{45}
-  \item mp\_prime\_is\_prime, \hyperpage{46}
-  \item mp\_prime\_miller\_rabin, \hyperpage{45}
-  \item mp\_prime\_next\_prime, \hyperpage{46}
-  \item mp\_prime\_rabin\_miller\_trials, \hyperpage{46}
-  \item mp\_prime\_random, \hyperpage{47}
-  \item mp\_prime\_random\_ex, \hyperpage{47}
-  \item mp\_radix\_size, \hyperpage{49}
-  \item mp\_read\_radix, \hyperpage{49}
-  \item mp\_read\_unsigned\_bin, \hyperpage{50}
-  \item mp\_reduce, \hyperpage{36}
-  \item mp\_reduce\_2k, \hyperpage{41}
-  \item mp\_reduce\_2k\_setup, \hyperpage{41}
-  \item mp\_reduce\_setup, \hyperpage{36}
-  \item mp\_rshd, \hyperpage{28}
-  \item mp\_set, \hyperpage{19}
-  \item mp\_set\_int, \hyperpage{20}
-  \item mp\_shrink, \hyperpage{15}
-  \item mp\_sqr, \hyperpage{33}
-  \item mp\_sub, \hyperpage{29}
-  \item mp\_sub\_d, \hyperpage{52}
-  \item mp\_to\_unsigned\_bin, \hyperpage{50}
-  \item mp\_toradix, \hyperpage{49}
-  \item mp\_unsigned\_bin\_size, \hyperpage{50}
-  \item MP\_VAL, \hyperpage{9}
-  \item mp\_xor, \hyperpage{29}
-  \item MP\_YES, \hyperpage{9}
-
-\end{theindex}

bn_mp_expt_d.c

@@ -1,53 +0,0 @@
-#include <tommath.h>
-#ifdef BN_MP_EXPT_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
- */
-
-/* calculate c = a**b  using a square-multiply algorithm */
-int mp_expt_d (mp_int * a, mp_digit b, mp_int * c)
-{
-  int     res, x;
-  mp_int  g;
-
-  if ((res = mp_init_copy (&g, a)) != MP_OKAY) {
-    return res;
-  }
-
-  /* set initial result */
-  mp_set (c, 1);
-
-  for (x = 0; x < (int) DIGIT_BIT; x++) {
-    /* square */
-    if ((res = mp_sqr (c, c)) != MP_OKAY) {
-      mp_clear (&g);
-      return res;
-    }
-
-    /* if the bit is set multiply */
-    if ((b & (mp_digit) (((mp_digit)1) << (DIGIT_BIT - 1))) != 0) {
-      if ((res = mp_mul (c, &g, c)) != MP_OKAY) {
-         mp_clear (&g);
-         return res;
-      }
-    }
-
-    /* shift to next bit */
-    b <<= 1;
-  }
-
-  mp_clear (&g);
-  return MP_OKAY;
-}
-#endif

buffer.c

@@ -0,0 +1,361 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* Buffer handling routines, designed to avoid overflows/using invalid data */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "buffer.h"
+
+/* Prevent integer overflows when incrementing buffer position/length.
+ * Calling functions should check arguments first, but this provides a
+ * backstop */
+#define BUF_MAX_INCR 1000000000
+#define BUF_MAX_SIZE 1000000000
+
+/* avoid excessively large numbers, > ~8192 bits */
+#define BUF_MAX_MPINT (8240 / 8)
+
+/* Create (malloc) a new buffer of size */
+buffer* buf_new(unsigned int size) {
+
+	buffer* buf;
+	
+	if (size > BUF_MAX_SIZE) {
+		dropbear_exit("buf->size too big");
+	}
+
+	buf = (buffer*)m_malloc(sizeof(buffer)+size);
+
+	if (size > 0) {
+		buf->data = (unsigned char*)buf + sizeof(buffer);
+	} else {
+		buf->data = NULL;
+	}
+
+	buf->size = size;
+
+	return buf;
+
+}
+
+/* free the buffer's data and the buffer itself */
+void buf_free(buffer* buf) {
+
+	m_free(buf);
+}
+
+/* overwrite the contents of the buffer to clear it */
+void buf_burn(const buffer* buf) {
+	
+	m_burn(buf->data, buf->size);
+
+}
+
+/* resize a buffer, pos and len will be repositioned if required when
+ * downsizing */
+buffer* buf_resize(buffer *buf, unsigned int newsize) {
+
+	if (newsize > BUF_MAX_SIZE) {
+		dropbear_exit("buf->size too big");
+	}
+
+	buf = m_realloc(buf, sizeof(buffer)+newsize);
+	buf->data = (unsigned char*)buf + sizeof(buffer);
+	buf->size = newsize;
+	buf->len = MIN(newsize, buf->len);
+	buf->pos = MIN(newsize, buf->pos);
+	return buf;
+}
+
+/* Create a copy of buf, allocating required memory etc. */
+/* The new buffer is sized the same as the length of the source buffer. */
+buffer* buf_newcopy(const buffer* buf) {
+	
+	buffer* ret;
+
+	ret = buf_new(buf->len);
+	ret->len = buf->len;
+	if (buf->len > 0) {
+		memcpy(ret->data, buf->data, buf->len);
+	}
+	return ret;
+}
+
+/* Set the length of the buffer */
+void buf_setlen(buffer* buf, unsigned int len) {
+	if (len > buf->size) {
+		dropbear_exit("Bad buf_setlen");
+	}
+	buf->len = len;
+	buf->pos = MIN(buf->pos, buf->len);
+}
+
+/* Increment the length of the buffer */
+void buf_incrlen(buffer* buf, unsigned int incr) {
+	if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) {
+		dropbear_exit("Bad buf_incrlen");
+	}
+	buf->len += incr;
+}
+/* Set the position of the buffer */
+void buf_setpos(buffer* buf, unsigned int pos) {
+
+	if (pos > buf->len) {
+		dropbear_exit("Bad buf_setpos");
+	}
+	buf->pos = pos;
+}
+
+/* increment the position by incr, increasing the buffer length if required */
+void buf_incrwritepos(buffer* buf, unsigned int incr) {
+	if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
+		dropbear_exit("Bad buf_incrwritepos");
+	}
+	buf->pos += incr;
+	if (buf->pos > buf->len) {
+		buf->len = buf->pos;
+	}
+}
+
+/* increment the position by incr, negative values are allowed, to
+ * decrement the pos*/
+void buf_incrpos(buffer* buf,  int incr) {
+	if (incr > BUF_MAX_INCR 
+		|| incr < -BUF_MAX_INCR 
+		|| (unsigned int)((int)buf->pos + incr) > buf->len
+		|| ((int)buf->pos + incr) < 0) {
+		dropbear_exit("Bad buf_incrpos");
+	}
+	buf->pos += incr;
+}
+
+/* Get a byte from the buffer and increment the pos */
+unsigned char buf_getbyte(buffer* buf) {
+
+	/* This check is really just ==, but the >= allows us to check for the
+	 * bad case of pos > len, which should _never_ happen. */
+	if (buf->pos >= buf->len) {
+		dropbear_exit("Bad buf_getbyte");
+	}
+	return buf->data[buf->pos++];
+}
+
+/* Get a bool from the buffer and increment the pos */
+unsigned char buf_getbool(buffer* buf) {
+
+	unsigned char b;
+	b = buf_getbyte(buf);
+	if (b != 0)
+		b = 1;
+	return b;
+}
+
+/* put a byte, incrementing the length if required */
+void buf_putbyte(buffer* buf, unsigned char val) {
+
+	if (buf->pos >= buf->len) {
+		buf_incrlen(buf, 1);
+	}
+	buf->data[buf->pos] = val;
+	buf->pos++;
+}
+
+/* returns an in-place pointer to the buffer, checking that
+ * the next len bytes from that position can be used */
+unsigned char* buf_getptr(const buffer* buf, unsigned int len) {
+
+	if (len > BUF_MAX_INCR || buf->pos + len > buf->len) {
+		dropbear_exit("Bad buf_getptr");
+	}
+	return &buf->data[buf->pos];
+}
+
+/* like buf_getptr, but checks against total size, not used length.
+ * This allows writing past the used length, but not past the size */
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) {
+
+	if (len > BUF_MAX_INCR || buf->pos + len > buf->size) {
+		dropbear_exit("Bad buf_getwriteptr");
+	}
+	return &buf->data[buf->pos];
+}
+
+/* Return a null-terminated string, it is malloced, so must be free()ed
+ * Note that the string isn't checked for null bytes, hence the retlen
+ * may be longer than what is returned by strlen */
+char* buf_getstring(buffer* buf, unsigned int *retlen) {
+
+	unsigned int len;
+	char* ret;
+	void* src = NULL;
+	len = buf_getint(buf);
+	if (len > MAX_STRING_LEN) {
+		dropbear_exit("String too long");
+	}
+
+	if (retlen != NULL) {
+		*retlen = len;
+	}
+	src = buf_getptr(buf, len);
+	ret = m_malloc(len+1);
+	memcpy(ret, src, len);
+	buf_incrpos(buf, len);
+	ret[len] = '\0';
+
+	return ret;
+}
+
+/* Return a string as a newly allocated buffer */
+buffer * buf_getstringbuf(buffer *buf) {
+	buffer *ret = NULL;
+	unsigned int len = buf_getint(buf);
+	if (len > MAX_STRING_LEN) {
+		dropbear_exit("String too long");
+	}
+	ret = buf_new(len);
+	memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len);
+	buf_incrpos(buf, len);
+	buf_incrlen(ret, len);
+	return ret;
+}
+
+/* Just increment the buffer position the same as if we'd used buf_getstring,
+ * but don't bother copying/malloc()ing for it */
+void buf_eatstring(buffer *buf) {
+
+	buf_incrpos( buf, buf_getint(buf) );
+}
+
+/* Get an uint32 from the buffer and increment the pos */
+unsigned int buf_getint(buffer* buf) {
+	unsigned int ret;
+
+	LOAD32H(ret, buf_getptr(buf, 4));
+	buf_incrpos(buf, 4);
+	return ret;
+}
+
+/* put a 32bit uint into the buffer, incr bufferlen & pos if required */
+void buf_putint(buffer* buf, int unsigned val) {
+
+	STORE32H(val, buf_getwriteptr(buf, 4));
+	buf_incrwritepos(buf, 4);
+
+}
+
+/* put a SSH style string into the buffer, increasing buffer len if required */
+void buf_putstring(buffer* buf, const char* str, unsigned int len) {
+	
+	buf_putint(buf, len);
+	buf_putbytes(buf, (const unsigned char*)str, len);
+
+}
+
+/* puts an entire buffer as a SSH string. ignore pos of buf_str. */
+void buf_putbufstring(buffer *buf, const buffer* buf_str) {
+	buf_putstring(buf, (const char*)buf_str->data, buf_str->len);
+}
+
+/* put the set of len bytes into the buffer, incrementing the pos, increasing
+ * len if required */
+void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
+	memcpy(buf_getwriteptr(buf, len), bytes, len);
+	buf_incrwritepos(buf, len);
+}
+	
+
+/* for our purposes we only need positive (or 0) numbers, so will
+ * fail if we get negative numbers */
+void buf_putmpint(buffer* buf, mp_int * mp) {
+
+	unsigned int len, pad = 0;
+	TRACE2(("enter buf_putmpint"))
+
+	dropbear_assert(mp != NULL);
+
+	if (SIGN(mp) == MP_NEG) {
+		dropbear_exit("negative bignum");
+	}
+
+	/* zero check */
+	if (USED(mp) == 1 && DIGIT(mp, 0) == 0) {
+		len = 0;
+	} else {
+		/* SSH spec requires padding for mpints with the MSB set, this code
+		 * implements it */
+		len = mp_count_bits(mp);
+		/* if the top bit of MSB is set, we need to pad */
+		pad = (len%8 == 0) ? 1 : 0;
+		len = len / 8 + 1; /* don't worry about rounding, we need it for
+							  padding anyway when len%8 == 0 */
+
+	}
+
+	/* store the length */
+	buf_putint(buf, len);
+	
+	/* store the actual value */
+	if (len > 0) {
+		if (pad) {
+			buf_putbyte(buf, 0x00);
+		}
+		if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) {
+			dropbear_exit("mpint error");
+		}
+		buf_incrwritepos(buf, len-pad);
+	}
+
+	TRACE2(("leave buf_putmpint"))
+}
+
+/* Retrieve an mp_int from the buffer.
+ * Will fail for -ve since they shouldn't be required here.
+ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+int buf_getmpint(buffer* buf, mp_int* mp) {
+
+	unsigned int len;
+	len = buf_getint(buf);
+	
+	if (len == 0) {
+		mp_zero(mp);
+		return DROPBEAR_SUCCESS;
+	}
+
+	if (len > BUF_MAX_MPINT) {
+		return DROPBEAR_FAILURE;
+	}
+
+	/* check for negative */
+	if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) {
+		return DROPBEAR_FAILURE;
+	}
+
+	if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
+		return DROPBEAR_FAILURE;
+	}
+
+	buf_incrpos(buf, len);
+	return DROPBEAR_SUCCESS;
+}

buffer.h

@@ -0,0 +1,70 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_BUFFER_H_
+
+#define DROPBEAR_BUFFER_H_
+
+#include "includes.h"
+
+struct buf {
+	/* don't manipulate data member outside of buffer.c - it
+	is a pointer into the malloc holding buffer itself */
+	unsigned char * data;
+	unsigned int len; /* the used size */
+	unsigned int pos;
+	unsigned int size; /* the memory size */
+
+};
+
+typedef struct buf buffer;
+
+buffer * buf_new(unsigned int size);
+/* Possibly returns a new buffer*, like realloc() */
+buffer * buf_resize(buffer *buf, unsigned int newsize);
+void buf_free(buffer* buf);
+void buf_burn(const buffer* buf);
+buffer* buf_newcopy(const buffer* buf);
+void buf_setlen(buffer* buf, unsigned int len);
+void buf_incrlen(buffer* buf, unsigned int incr);
+void buf_setpos(buffer* buf, unsigned int pos);
+void buf_incrpos(buffer* buf, int incr); /* -ve is ok, to go backwards */
+void buf_incrwritepos(buffer* buf, unsigned int incr);
+unsigned char buf_getbyte(buffer* buf);
+unsigned char buf_getbool(buffer* buf);
+void buf_putbyte(buffer* buf, unsigned char val);
+unsigned char* buf_getptr(const buffer* buf, unsigned int len);
+unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len);
+char* buf_getstring(buffer* buf, unsigned int *retlen);
+buffer * buf_getstringbuf(buffer *buf);
+void buf_eatstring(buffer *buf);
+void buf_putint(buffer* buf, unsigned int val);
+void buf_putstring(buffer* buf, const char* str, unsigned int len);
+void buf_putbufstring(buffer *buf, const buffer* buf_str);
+void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
+void buf_putmpint(buffer* buf, mp_int * mp);
+int buf_getmpint(buffer* buf, mp_int* mp);
+unsigned int buf_getint(buffer* buf);
+
+#endif /* DROPBEAR_BUFFER_H_ */

channel.h

@@ -0,0 +1,147 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_CHANNEL_H_
+#define DROPBEAR_CHANNEL_H_
+
+#include "includes.h"
+#include "buffer.h"
+#include "circbuffer.h"
+
+#define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED    1
+#define SSH_OPEN_CONNECT_FAILED                 2
+#define SSH_OPEN_UNKNOWN_CHANNEL_TYPE           3
+#define SSH_OPEN_RESOURCE_SHORTAGE              4
+
+/* Not a real type */
+#define SSH_OPEN_IN_PROGRESS					99
+
+#define CHAN_EXTEND_SIZE 3 /* how many extra slots to add when we need more */
+
+struct ChanType;
+
+enum dropbear_channel_prio {
+	DROPBEAR_CHANNEL_PRIO_INTERACTIVE, /* pty shell, x11 */
+	DROPBEAR_CHANNEL_PRIO_UNKNOWABLE, /* tcp - can't know what's being forwarded */
+	DROPBEAR_CHANNEL_PRIO_BULK, /* the rest - probably scp or something */
+	DROPBEAR_CHANNEL_PRIO_EARLY, /* channel is still being set up */
+};
+
+struct Channel {
+
+	unsigned int index; /* the local channel index */
+	unsigned int remotechan;
+	unsigned int recvwindow, transwindow;
+	unsigned int recvdonelen;
+	unsigned int recvmaxpacket, transmaxpacket;
+	void* typedata; /* a pointer to type specific data */
+	int writefd; /* read from wire, written to insecure side */
+	int readfd; /* read from insecure side, written to wire */
+	int errfd; /* used like writefd or readfd, depending if it's client or server.
+				  Doesn't exactly belong here, but is cleaner here */
+	circbuffer *writebuf; /* data from the wire, for local consumption. Can be
+							 initially NULL */
+	circbuffer *extrabuf; /* extended-data for the program - used like writebuf
+					     but for stderr */
+
+	/* whether close/eof messages have been exchanged */
+	int sent_close, recv_close;
+	int recv_eof, sent_eof;
+
+	struct dropbear_progress_connection *conn_pending;
+	int initconn; /* used for TCP forwarding, whether the channel has been
+					 fully initialised */
+
+	int await_open; /* flag indicating whether we've sent an open request
+					   for this channel (and are awaiting a confirmation
+					   or failure). */
+
+	int flushing;
+
+	/* Used by client chansession to handle ~ escaping, NULL ignored otherwise */
+	void (*read_mangler)(const struct Channel*, const unsigned char* bytes, int *len);
+
+	const struct ChanType* type;
+
+	enum dropbear_channel_prio prio;
+};
+
+struct ChanType {
+
+	int sepfds; /* Whether this channel has separate pipes for in/out or not */
+	const char *name;
+	/* Sets up the channel */
+	int (*inithandler)(struct Channel*);
+	/* Called to check whether a channel should close, separately from the FD being closed.
+	Used for noticing process exiting */
+	int (*check_close)(const struct Channel*);
+	/* Handler for ssh_msg_channel_request */
+	void (*reqhandler)(struct Channel*);
+	/* Called prior to sending ssh_msg_channel_close, used for sending exit status */
+	void (*closehandler)(const struct Channel*);
+	/* Frees resources, called just prior to channel being removed */
+	void (*cleanup)(const struct Channel*);
+};
+
+/* Callback for connect_remote */
+void channel_connect_done(int result, int sock, void* user_data, const char* errstring);
+
+void chaninitialise(const struct ChanType *chantypes[]);
+void chancleanup(void);
+void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads);
+void channelio(const fd_set *readfd, const fd_set *writefd);
+struct Channel* getchannel(void);
+/* Returns an arbitrary channel that is in a ready state - not
+being initialised and no EOF in either direction. NULL if none. */
+struct Channel* get_any_ready_channel(void);
+
+void recv_msg_channel_open(void);
+void recv_msg_channel_request(void);
+void send_msg_channel_failure(const struct Channel *channel);
+void send_msg_channel_success(const struct Channel *channel);
+void recv_msg_channel_data(void);
+void recv_msg_channel_extended_data(void);
+void recv_msg_channel_window_adjust(void);
+void recv_msg_channel_close(void);
+void recv_msg_channel_eof(void);
+
+void common_recv_msg_channel_data(struct Channel *channel, int fd, 
+		circbuffer * buf);
+
+#if DROPBEAR_CLIENT
+extern const struct ChanType clichansess;
+#endif
+
+#if DROPBEAR_LISTENERS || DROPBEAR_CLIENT
+int send_msg_channel_open_init(int fd, const struct ChanType *type);
+void recv_msg_channel_open_confirmation(void);
+void recv_msg_channel_open_failure(void);
+#endif
+void start_send_channel_request(const struct Channel *channel, const char *type);
+
+void send_msg_request_success(void);
+void send_msg_request_failure(void);
+
+
+#endif /* DROPBEAR_CHANNEL_H_ */

chansession.h

@@ -0,0 +1,107 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_CHANSESSION_H_
+#define DROPBEAR_CHANSESSION_H_
+
+#include "loginrec.h"
+#include "channel.h"
+#include "listener.h"
+
+struct exitinfo {
+
+	int exitpid; /* -1 if not exited */
+	int exitstatus;
+	int exitsignal;
+	int exitcore;
+};
+
+struct ChanSess {
+
+	char * cmd; /* command to exec */
+	pid_t pid; /* child process pid */
+
+	/* pty details */
+	int master; /* the master terminal fd*/
+	int slave;
+	char * tty;
+	char * term;
+
+	/* exit details */
+	struct exitinfo exit;
+
+
+	/* These are only set temporarily before forking */
+	/* Used to set $SSH_CONNECTION in the child session.  */
+	char *connection_string;
+	/* Used to set $SSH_CLIENT in the child session. */
+	char *client_string;
+	
+#if DROPBEAR_X11FWD
+	struct Listener * x11listener;
+	int x11port;
+	char * x11authprot;
+	char * x11authcookie;
+	unsigned int x11screennum;
+	unsigned char x11singleconn;
+#endif
+
+#if DROPBEAR_SVR_AGENTFWD
+	struct Listener * agentlistener;
+	char * agentfile;
+	char * agentdir;
+#endif
+
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+	char *original_command;
+#endif
+};
+
+struct ChildPid {
+	pid_t pid;
+	struct ChanSess * chansess;
+};
+
+
+void addnewvar(const char* param, const char* var);
+
+void cli_send_chansess_request(void);
+void cli_tty_cleanup(void);
+void cli_chansess_winchange(void);
+#if DROPBEAR_CLI_NETCAT
+void cli_send_netcat_request(void);
+#endif
+
+void svr_chansessinitialise(void);
+void svr_chansess_checksignal(void);
+extern const struct ChanType svrchansess;
+
+struct SigMap {
+	int signal;
+	char* name;
+};
+
+extern const struct SigMap signames[];
+
+#endif /* DROPBEAR_CHANSESSION_H_ */

circbuffer.c

@@ -0,0 +1,133 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "circbuffer.h"
+
+#define MAX_CBUF_SIZE 100000000
+
+circbuffer * cbuf_new(unsigned int size) {
+
+	circbuffer *cbuf = NULL;
+
+	if (size > MAX_CBUF_SIZE) {
+		dropbear_exit("Bad cbuf size");
+	}
+
+	cbuf = (circbuffer*)m_malloc(sizeof(circbuffer));
+	/* data is malloced on first write */
+	cbuf->data = NULL;
+	cbuf->used = 0;
+	cbuf->readpos = 0;
+	cbuf->writepos = 0;
+	cbuf->size = size;
+
+	return cbuf;
+}
+
+void cbuf_free(circbuffer * cbuf) {
+
+	if (cbuf->data) {
+		m_burn(cbuf->data, cbuf->size);
+		m_free(cbuf->data);
+	}
+	m_free(cbuf);
+}
+
+unsigned int cbuf_getused(const circbuffer * cbuf) {
+
+	return cbuf->used;
+
+}
+
+unsigned int cbuf_getavail(const circbuffer * cbuf) {
+
+	return cbuf->size - cbuf->used;
+
+}
+
+unsigned int cbuf_writelen(const circbuffer *cbuf) {
+
+	dropbear_assert(cbuf->used <= cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
+
+	if (cbuf->used == cbuf->size) {
+		TRACE(("cbuf_writelen: full buffer"))
+		return 0; /* full */
+	}
+	
+	if (cbuf->writepos < cbuf->readpos) {
+		return cbuf->readpos - cbuf->writepos;
+	}
+
+	return cbuf->size - cbuf->writepos;
+}
+
+void cbuf_readptrs(const circbuffer *cbuf,
+	unsigned char **p1, unsigned int *len1, 
+	unsigned char **p2, unsigned int *len2) {
+	*p1 = &cbuf->data[cbuf->readpos];
+	*len1 = MIN(cbuf->used, cbuf->size - cbuf->readpos);
+
+	if (*len1 < cbuf->used) {
+		*p2 = cbuf->data;
+		*len2 = cbuf->used - *len1;
+	} else {
+		*p2 = NULL;
+		*len2 = 0;
+	}
+}
+
+unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
+
+	if (len > cbuf_writelen(cbuf)) {
+		dropbear_exit("Bad cbuf write");
+	}
+
+	if (!cbuf->data) {
+		/* lazy allocation */
+		cbuf->data = (unsigned char*)m_malloc(cbuf->size);
+	}
+
+	return &cbuf->data[cbuf->writepos];
+}
+
+void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
+	if (len > cbuf_writelen(cbuf)) {
+		dropbear_exit("Bad cbuf write");
+	}
+
+	cbuf->used += len;
+	dropbear_assert(cbuf->used <= cbuf->size);
+	cbuf->writepos = (cbuf->writepos + len) % cbuf->size;
+}
+
+
+void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
+	dropbear_assert(cbuf->used >= len);
+	cbuf->used -= len;
+	cbuf->readpos = (cbuf->readpos + len) % cbuf->size;
+}

circbuffer.h

@@ -0,0 +1,52 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_CIRCBUFFER_H_
+#define DROPBEAR_CIRCBUFFER_H_
+struct circbuf {
+
+	unsigned int size;
+	unsigned int readpos;
+	unsigned int writepos;
+	unsigned int used;
+	unsigned char* data;
+};
+
+typedef struct circbuf circbuffer;
+
+circbuffer * cbuf_new(unsigned int size);
+void cbuf_free(circbuffer * cbuf);
+
+unsigned int cbuf_getused(const circbuffer * cbuf); /* how much data stored */
+unsigned int cbuf_getavail(const circbuffer * cbuf); /* how much we can write */
+unsigned int cbuf_writelen(const circbuffer *cbuf); /* max linear write len */
+
+/* returns pointers to the two portions of the circular buffer that can be read */
+void cbuf_readptrs(const circbuffer *cbuf,
+	unsigned char **p1, unsigned int *len1, 
+	unsigned char **p2, unsigned int *len2);
+unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len);
+void cbuf_incrwrite(circbuffer *cbuf, unsigned int len);
+void cbuf_incrread(circbuffer *cbuf, unsigned int len);
+#endif

cli-agentfwd.c

@@ -0,0 +1,310 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2005 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+
+#if DROPBEAR_CLI_AGENTFWD
+
+#include "agentfwd.h"
+#include "session.h"
+#include "ssh.h"
+#include "dbutil.h"
+#include "chansession.h"
+#include "channel.h"
+#include "packet.h"
+#include "buffer.h"
+#include "dbrandom.h"
+#include "listener.h"
+#include "runopts.h"
+#include "atomicio.h"
+#include "signkey.h"
+#include "auth.h"
+
+/* The protocol implemented to talk to OpenSSH's SSH2 agent is documented in
+   PROTOCOL.agent in recent OpenSSH source distributions (5.1p1 has it). */
+
+static int new_agent_chan(struct Channel * channel);
+
+const struct ChanType cli_chan_agent = {
+	0, /* sepfds */
+	"auth-agent@openssh.com",
+	new_agent_chan,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+static int connect_agent() {
+
+	int fd = -1;
+	char* agent_sock = NULL;
+
+	agent_sock = getenv("SSH_AUTH_SOCK");
+	if (agent_sock == NULL)
+		return -1;
+
+	fd = connect_unix(agent_sock);
+
+	if (fd < 0) {
+		dropbear_log(LOG_INFO, "Failed to connect to agent");
+	}
+
+	return fd;
+}
+
+/* handle a request for a connection to the locally running ssh-agent
+   or forward. */
+static int new_agent_chan(struct Channel * channel) {
+
+	int fd = -1;
+
+	if (!cli_opts.agent_fwd)
+		return SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
+
+	fd = connect_agent();
+	if (fd < 0) {
+		return SSH_OPEN_CONNECT_FAILED;
+	}
+
+	setnonblocking(fd);
+
+	ses.maxfd = MAX(ses.maxfd, fd);
+
+	channel->readfd = fd;
+	channel->writefd = fd;
+
+	return 0;
+}
+
+/* Sends a request to the agent, returning a newly allocated buffer
+ * with the response */
+/* This function will block waiting for a response - it will
+ * only be used by client authentication (not for forwarded requests)
+ * won't cause problems for interactivity. */
+/* Packet format (from draft-ylonen)
+   4 bytes     Length, msb first.  Does not include length itself.
+   1 byte      Packet type.  The value 255 is reserved for future extensions.
+   data        Any data, depending on packet type.  Encoding as in the ssh packet
+               protocol.
+*/
+static buffer * agent_request(unsigned char type, const buffer *data) {
+
+	buffer * payload = NULL;
+	buffer * inbuf = NULL;
+	size_t readlen = 0;
+	ssize_t ret;
+	const int fd = cli_opts.agent_fd;
+	unsigned int data_len = 0;
+	if (data)
+	{
+		data_len = data->len;
+	}
+
+	payload = buf_new(4 + 1 + data_len);
+
+	buf_putint(payload, 1 + data_len);
+	buf_putbyte(payload, type);
+	if (data) {
+		buf_putbytes(payload, data->data, data->len);
+	}
+	buf_setpos(payload, 0);
+
+	ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len);
+	if ((size_t)ret != payload->len) {
+		TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno)))
+		goto out;
+	}
+
+	buf_free(payload);
+	payload = NULL;
+	TRACE(("Wrote out bytes for agent_request"))
+	/* Now we read the response */
+	inbuf = buf_new(4);
+	ret = atomicio(read, fd, buf_getwriteptr(inbuf, 4), 4);
+	if (ret != 4) {
+		TRACE(("read of length failed for agent_request"))
+		goto out;
+	}
+	buf_setpos(inbuf, 0);
+	buf_setlen(inbuf, ret);
+
+	readlen = buf_getint(inbuf);
+	if (readlen > MAX_AGENT_REPLY) {
+		TRACE(("agent reply is too big"));
+		goto out;
+	}
+	
+	inbuf = buf_resize(inbuf, readlen);
+	buf_setpos(inbuf, 0);
+	ret = atomicio(read, fd, buf_getwriteptr(inbuf, readlen), readlen);
+	if ((size_t)ret != readlen) {
+		TRACE(("read of data failed for agent_request"))
+		goto out;
+	}
+	buf_incrwritepos(inbuf, readlen);
+	buf_setpos(inbuf, 0);
+
+out:
+	if (payload)
+		buf_free(payload);
+
+	return inbuf;
+}
+
+static void agent_get_key_list(m_list * ret_list)
+{
+	buffer * inbuf = NULL;
+	unsigned int num = 0;
+	unsigned char packet_type;
+	unsigned int i;
+	int ret;
+
+	inbuf = agent_request(SSH2_AGENTC_REQUEST_IDENTITIES, NULL);
+	if (!inbuf) {
+		TRACE(("agent_request failed returning identities"))
+		goto out;
+	}
+
+	/* The reply has a format of:
+		byte			SSH2_AGENT_IDENTITIES_ANSWER
+		uint32			num_keys
+  	   Followed by zero or more consecutive keys, encoded as:
+       	 string			key_blob
+    	 string			key_comment
+	 */
+	packet_type = buf_getbyte(inbuf);
+	if (packet_type != SSH2_AGENT_IDENTITIES_ANSWER) {
+		goto out;
+	}
+
+	num = buf_getint(inbuf);
+	for (i = 0; i < num; i++) {
+		sign_key * pubkey = NULL;
+		enum signkey_type key_type = DROPBEAR_SIGNKEY_ANY;
+		buffer * key_buf;
+
+		/* each public key is encoded as a string */
+		key_buf = buf_getstringbuf(inbuf);
+		pubkey = new_sign_key();
+		ret = buf_get_pub_key(key_buf, pubkey, &key_type);
+		buf_free(key_buf);
+		if (ret != DROPBEAR_SUCCESS) {
+			TRACE(("Skipping bad/unknown type pubkey from agent"));
+			sign_key_free(pubkey);
+		} else {
+			pubkey->type = key_type;
+			pubkey->source = SIGNKEY_SOURCE_AGENT;
+
+			list_append(ret_list, pubkey);
+		}
+
+		/* We'll ignore the comment for now. might want it later.*/
+		buf_eatstring(inbuf);
+	}
+
+out:
+	if (inbuf) {
+		buf_free(inbuf);
+		inbuf = NULL;
+	}
+}
+
+void cli_setup_agent(const struct Channel *channel) {
+	if (!getenv("SSH_AUTH_SOCK")) {
+		return;
+	}
+	
+	start_send_channel_request(channel, "auth-agent-req@openssh.com");
+	/* Don't want replies */
+	buf_putbyte(ses.writepayload, 0);
+	encrypt_packet();
+}
+
+/* Returned keys are prepended to ret_list, which will
+   be updated. */
+void cli_load_agent_keys(m_list *ret_list) {
+	/* agent_fd will be closed after successful auth */
+	cli_opts.agent_fd = connect_agent();
+	if (cli_opts.agent_fd < 0) {
+		return;
+	}
+
+	agent_get_key_list(ret_list);
+}
+
+void agent_buf_sign(buffer *sigblob, sign_key *key, 
+		const buffer *data_buf) {
+	buffer *request_data = NULL;
+	buffer *response = NULL;
+	unsigned int siglen;
+	int packet_type;
+	
+	/* Request format
+	byte			SSH2_AGENTC_SIGN_REQUEST
+	string			key_blob
+	string			data
+	uint32			flags
+	*/
+	request_data = buf_new(MAX_PUBKEY_SIZE + data_buf->len + 12);
+	buf_put_pub_key(request_data, key, key->type);
+	
+	buf_putbufstring(request_data, data_buf);
+	buf_putint(request_data, 0);
+	
+	response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data);
+	
+	if (!response) {
+		goto fail;
+	}
+	
+	packet_type = buf_getbyte(response);
+	if (packet_type != SSH2_AGENT_SIGN_RESPONSE) {
+		goto fail;
+	}
+	
+	/* Response format
+	byte			SSH2_AGENT_SIGN_RESPONSE
+	string			signature_blob
+	*/
+	siglen = buf_getint(response);
+	buf_putbytes(sigblob, buf_getptr(response, siglen), siglen);
+	goto cleanup;
+	
+fail:
+	/* XXX don't fail badly here. instead propagate a failure code back up to
+	   the cli auth pubkey code, and just remove this key from the list of 
+	   ones to try. */
+	dropbear_exit("Agent failed signing key");
+
+cleanup:
+	if (request_data) {
+		buf_free(request_data);
+	}
+	if (response) {
+		buf_free(response);
+	}
+}
+
+#endif

cli-auth.c

@@ -0,0 +1,357 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "session.h"
+#include "auth.h"
+#include "dbutil.h"
+#include "buffer.h"
+#include "ssh.h"
+#include "packet.h"
+#include "runopts.h"
+
+void cli_authinitialise() {
+
+	memset(&ses.authstate, 0, sizeof(ses.authstate));
+}
+
+
+/* Send a "none" auth request to get available methods */
+void cli_auth_getmethods() {
+	TRACE(("enter cli_auth_getmethods"))
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
+			SSH_SERVICE_CONNECTION_LEN);
+	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
+
+	encrypt_packet();
+
+#if DROPBEAR_CLI_IMMEDIATE_AUTH
+	/* We can't haven't two auth requests in-flight with delayed zlib mode
+	since if the first one succeeds then the remote side will 
+	expect the second one to be compressed. 
+	Race described at
+	http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html
+	*/
+	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
+		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
+#if DROPBEAR_USE_PASSWORD_ENV
+		if (getenv(DROPBEAR_PASSWORD_ENV)) {
+			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
+		}
+#endif
+		if (cli_auth_try() == DROPBEAR_SUCCESS) {
+			TRACE(("skipped initial none auth query"))
+			/* Note that there will be two auth responses in-flight */
+			cli_ses.ignore_next_auth_response = 1;
+		}
+	}
+#endif
+	TRACE(("leave cli_auth_getmethods"))
+}
+
+void recv_msg_userauth_banner() {
+
+	char* banner = NULL;
+	unsigned int bannerlen;
+	unsigned int i, linecount;
+	int truncated = 0;
+
+	TRACE(("enter recv_msg_userauth_banner"))
+	if (ses.authstate.authdone) {
+		TRACE(("leave recv_msg_userauth_banner: banner after auth done"))
+		return;
+	}
+
+	banner = buf_getstring(ses.payload, &bannerlen);
+	buf_eatstring(ses.payload); /* The language string */
+
+	if (bannerlen > MAX_BANNER_SIZE) {
+		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
+		truncated = 1;
+	} else {
+		cleantext(banner);
+
+		/* Limit to 24 lines */
+		linecount = 1;
+		for (i = 0; i < bannerlen; i++) {
+			if (banner[i] == '\n') {
+				if (linecount >= MAX_BANNER_LINES) {
+					banner[i] = '\0';
+					truncated = 1;
+					break;
+				}
+				linecount++;
+			}
+		}
+		fprintf(stderr, "%s\n", banner);
+	}
+
+	if (truncated) {
+		fprintf(stderr, "[Banner from the server is too long]\n");
+	}
+
+	m_free(banner);
+	TRACE(("leave recv_msg_userauth_banner"))
+}
+
+/* This handles the message-specific types which
+ * all have a value of 60. These are
+ * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
+ * SSH_MSG_USERAUTH_PK_OK, &
+ * SSH_MSG_USERAUTH_INFO_REQUEST. */
+void recv_msg_userauth_specific_60() {
+
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
+		recv_msg_userauth_pk_ok();
+		return;
+	}
+#endif
+
+#if DROPBEAR_CLI_INTERACT_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
+		recv_msg_userauth_info_request();
+		return;
+	}
+#endif
+
+#if DROPBEAR_CLI_PASSWORD_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
+		/* Eventually there could be proper password-changing
+		 * support. However currently few servers seem to
+		 * implement it, and password auth is last-resort
+		 * regardless - keyboard-interactive is more likely
+		 * to be used anyway. */
+		dropbear_close("Your password has expired.");
+	}
+#endif
+
+	dropbear_exit("Unexpected userauth packet");
+}
+
+void recv_msg_userauth_failure() {
+
+	char * methods = NULL;
+	char * tok = NULL;
+	unsigned int methlen = 0;
+	unsigned int partial = 0;
+	unsigned int i = 0;
+
+	TRACE(("<- MSG_USERAUTH_FAILURE"))
+	TRACE(("enter recv_msg_userauth_failure"))
+
+	if (ses.authstate.authdone) {
+		TRACE(("leave recv_msg_userauth_failure, already authdone."))
+		return;
+	}
+
+	if (cli_ses.state != USERAUTH_REQ_SENT) {
+		/* Perhaps we should be more fatal? */
+		dropbear_exit("Unexpected userauth failure");
+	}
+
+	/* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for 
+	the "none" auth request, and then a response to the immediate auth request. 
+	We need to be careful handling them. */
+	if (cli_ses.ignore_next_auth_response) {
+		cli_ses.state = USERAUTH_REQ_SENT;
+		cli_ses.ignore_next_auth_response = 0;
+		TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT"));
+		return;
+	} else  {
+#if DROPBEAR_CLI_PUBKEY_AUTH
+		/* If it was a pubkey auth request, we should cross that key 
+		 * off the list. */
+		if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
+			cli_pubkeyfail();
+		}
+#endif
+
+#if DROPBEAR_CLI_INTERACT_AUTH
+		/* If we get a failure message for keyboard interactive without
+		 * receiving any request info packet, then we don't bother trying
+		 * keyboard interactive again */
+		if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT
+				&& !cli_ses.interact_request_received) {
+			TRACE(("setting auth_interact_failed = 1"))
+			cli_ses.auth_interact_failed = 1;
+		}
+#endif
+		cli_ses.state = USERAUTH_FAIL_RCVD;
+		cli_ses.lastauthtype = AUTH_TYPE_NONE;
+	}
+
+	methods = buf_getstring(ses.payload, &methlen);
+
+	partial = buf_getbool(ses.payload);
+
+	if (partial) {
+		dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
+	} else {
+		ses.authstate.failcount++;
+	}
+
+	TRACE(("Methods (len %d): '%s'", methlen, methods))
+
+	ses.authstate.authdone=0;
+	ses.authstate.authtypes=0;
+
+	/* Split with nulls rather than commas */
+	for (i = 0; i < methlen; i++) {
+		if (methods[i] == ',') {
+			methods[i] = '\0';
+		}
+	}
+
+	tok = methods; /* tok stores the next method we'll compare */
+	for (i = 0; i <= methlen; i++) {
+		if (methods[i] == '\0') {
+			TRACE(("auth method '%s'", tok))
+#if DROPBEAR_CLI_PUBKEY_AUTH
+			if (strncmp(AUTH_METHOD_PUBKEY, tok,
+				AUTH_METHOD_PUBKEY_LEN) == 0) {
+				ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
+			}
+#endif
+#if DROPBEAR_CLI_INTERACT_AUTH
+			if (strncmp(AUTH_METHOD_INTERACT, tok,
+				AUTH_METHOD_INTERACT_LEN) == 0) {
+				ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
+			}
+#endif
+#if DROPBEAR_CLI_PASSWORD_AUTH
+			if (strncmp(AUTH_METHOD_PASSWORD, tok,
+				AUTH_METHOD_PASSWORD_LEN) == 0) {
+				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
+			}
+#endif
+			tok = &methods[i+1]; /* Must make sure we don't use it after the
+									last loop, since it'll point to something
+									undefined */
+		}
+	}
+
+	m_free(methods);
+		
+	TRACE(("leave recv_msg_userauth_failure"))
+}
+
+void recv_msg_userauth_success() {
+	/* This function can validly get called multiple times
+	if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
+
+	TRACE(("received msg_userauth_success"))
+	/* Note: in delayed-zlib mode, setting authdone here 
+	 * will enable compression in the transport layer */
+	ses.authstate.authdone = 1;
+	cli_ses.state = USERAUTH_SUCCESS_RCVD;
+	cli_ses.lastauthtype = AUTH_TYPE_NONE;
+
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	cli_auth_pubkey_cleanup();
+#endif
+}
+
+int cli_auth_try() {
+
+	int finished = 0;
+	TRACE(("enter cli_auth_try"))
+
+	CHECKCLEARTOWRITE();
+	
+	/* Order to try is pubkey, interactive, password.
+	 * As soon as "finished" is set for one, we don't do any more. */
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
+		finished = cli_auth_pubkey();
+		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
+	}
+#endif
+
+#if DROPBEAR_CLI_PASSWORD_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
+		} else {
+			cli_auth_password();
+			finished = 1;
+			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
+		}
+	}
+#endif
+
+#if DROPBEAR_CLI_INTERACT_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
+		} else {
+			if (!cli_ses.auth_interact_failed) {
+				cli_auth_interactive();
+				cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+				finished = 1;
+			}
+		}
+	}
+#endif
+
+	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
+
+	if (finished) {
+		TRACE(("leave cli_auth_try success"))
+		return DROPBEAR_SUCCESS;
+	}
+	TRACE(("leave cli_auth_try failure"))
+	return DROPBEAR_FAILURE;
+}
+
+#if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH
+/* A helper for getpass() that exits if the user cancels. The returned
+ * password is statically allocated by getpass() */
+char* getpass_or_cancel(const char* prompt)
+{
+	char* password = NULL;
+	
+#if DROPBEAR_USE_PASSWORD_ENV
+	/* Password provided in an environment var */
+	password = getenv(DROPBEAR_PASSWORD_ENV);
+	if (password)
+	{
+		return password;
+	}
+#endif
+
+	password = getpass(prompt);
+
+	/* 0x03 is a ctrl-c character in the buffer. */
+	if (password == NULL || strchr(password, '\3') != NULL) {
+		dropbear_close("Interrupted.");
+	}
+	return password;
+}
+#endif

cli-authinteract.c

@@ -0,0 +1,175 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2005 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+#include "runopts.h"
+
+#if DROPBEAR_CLI_INTERACT_AUTH
+
+static char* get_response(char* prompt)
+{
+	FILE* tty = NULL;
+	char* response = NULL;
+	/* not a password, but a reasonable limit */
+	char buf[DROPBEAR_MAX_CLI_PASS];
+	char* ret = NULL;
+
+	fprintf(stderr, "%s", prompt);
+
+	tty = fopen(_PATH_TTY, "r");
+	if (tty) {
+		ret = fgets(buf, sizeof(buf), tty);
+		fclose(tty);
+	} else {
+		ret = fgets(buf, sizeof(buf), stdin);
+	}
+
+	if (ret == NULL) {
+		response = m_strdup("");
+	} else {
+		unsigned int buflen = strlen(buf);
+		/* fgets includes newlines */
+		if (buflen > 0 && buf[buflen-1] == '\n')
+			buf[buflen-1] = '\0';
+		response = m_strdup(buf);
+	}
+
+	m_burn(buf, sizeof(buf));
+
+	return response;
+}
+
+void recv_msg_userauth_info_request() {
+
+	char *name = NULL;
+	char *instruction = NULL;
+	unsigned int num_prompts = 0;
+	unsigned int i;
+
+	char *prompt = NULL;
+	unsigned int echo = 0;
+	char *response = NULL;
+
+	TRACE(("enter recv_msg_recv_userauth_info_request"))
+
+	/* Let the user know what password/host they are authing for */
+	if (!cli_ses.interact_request_received) {
+		fprintf(stderr, "Login for %s@%s\n", cli_opts.username,
+				cli_opts.remotehost);
+	}
+	cli_ses.interact_request_received = 1;
+
+	name = buf_getstring(ses.payload, NULL);
+	instruction = buf_getstring(ses.payload, NULL);
+
+	/* language tag */
+	buf_eatstring(ses.payload);
+
+	num_prompts = buf_getint(ses.payload);
+	
+	if (num_prompts >= DROPBEAR_MAX_CLI_INTERACT_PROMPTS) {
+		dropbear_exit("Too many prompts received for keyboard-interactive");
+	}
+
+	/* we'll build the response as we go */
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_INFO_RESPONSE);
+	buf_putint(ses.writepayload, num_prompts);
+
+	if (strlen(name) > 0) {
+		cleantext(name);
+		fprintf(stderr, "%s", name);
+	}
+	m_free(name);
+
+	if (strlen(instruction) > 0) {
+		cleantext(instruction);
+		fprintf(stderr, "%s", instruction);
+	}
+	m_free(instruction);
+
+	for (i = 0; i < num_prompts; i++) {
+		unsigned int response_len = 0;
+		prompt = buf_getstring(ses.payload, NULL);
+		cleantext(prompt);
+
+		echo = buf_getbool(ses.payload);
+
+		if (!echo) {
+			char* p = getpass_or_cancel(prompt);
+			response = m_strdup(p);
+			m_burn(p, strlen(p));
+		} else {
+			response = get_response(prompt);
+		}
+
+		response_len = strlen(response);
+		buf_putstring(ses.writepayload, response, response_len);
+		m_burn(response, response_len);
+		m_free(prompt);
+		m_free(response);
+	}
+
+	encrypt_packet();
+
+
+	TRACE(("leave recv_msg_recv_userauth_info_request"))
+}
+
+void cli_auth_interactive() {
+
+	TRACE(("enter cli_auth_interactive"))
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
+
+	/* username */
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
+
+	/* service name */
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
+			SSH_SERVICE_CONNECTION_LEN);
+
+	/* method */
+	buf_putstring(ses.writepayload, AUTH_METHOD_INTERACT,
+			AUTH_METHOD_INTERACT_LEN);
+
+	/* empty language tag */
+	buf_putstring(ses.writepayload, "", 0);
+
+	/* empty submethods */
+	buf_putstring(ses.writepayload, "", 0);
+
+	encrypt_packet();
+	cli_ses.interact_request_received = 0;
+
+	TRACE(("leave cli_auth_interactive"))
+
+}
+#endif	/* DROPBEAR_CLI_INTERACT_AUTH */

cli-authpasswd.c

@@ -0,0 +1,161 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+#include "runopts.h"
+
+#if DROPBEAR_CLI_PASSWORD_AUTH
+
+#if DROPBEAR_CLI_ASKPASS_HELPER
+/* Returns 1 if we want to use the askpass program, 0 otherwise */
+static int want_askpass()
+{
+	char* askpass_prog = NULL;
+
+	askpass_prog = getenv("SSH_ASKPASS");
+	return askpass_prog && 
+		((!isatty(STDIN_FILENO) && getenv("DISPLAY") )
+		 	|| getenv("SSH_ASKPASS_ALWAYS"));
+}
+
+/* returns a statically allocated password from a helper app, or NULL
+ * on failure */
+static char *gui_getpass(const char *prompt) {
+
+	pid_t pid;
+	int p[2], maxlen, len, status;
+	static char buf[DROPBEAR_MAX_CLI_PASS + 1];
+	char* helper = NULL;
+
+	TRACE(("enter gui_getpass"))
+
+	helper = getenv("SSH_ASKPASS");
+	if (!helper)
+	{
+		TRACE(("leave gui_getpass: no askpass program"))
+		return NULL;
+	}
+
+	if (pipe(p) < 0) {
+		TRACE(("error creating child pipe"))
+		return NULL;
+	}
+
+	pid = fork();
+
+	if (pid < 0) {
+		TRACE(("fork error"))
+		return NULL;
+	}
+
+	if (!pid) {
+		/* child */
+		close(p[0]);
+		if (dup2(p[1], STDOUT_FILENO) < 0) {
+			TRACE(("error redirecting stdout"))
+			exit(1);
+		}
+		close(p[1]);
+		execlp(helper, helper, prompt, (char *)0);
+		TRACE(("execlp error"))
+		exit(1);
+	}
+
+	close(p[1]);
+	maxlen = sizeof(buf);
+	while (maxlen > 0) {
+		len = read(p[0], buf + sizeof(buf) - maxlen, maxlen);
+		if (len > 0) {
+			maxlen -= len;
+		} else {
+			if (errno != EINTR)
+				break;
+		}
+	}
+
+	close(p[0]);
+
+	while (waitpid(pid, &status, 0) < 0 && errno == EINTR)
+		;
+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+		return(NULL);
+
+	len = sizeof(buf) - maxlen;
+	buf[len] = '\0';
+	if (len > 0 && buf[len - 1] == '\n')
+		buf[len - 1] = '\0';
+
+	TRACE(("leave gui_getpass"))
+	return(buf);
+}
+#endif /* DROPBEAR_CLI_ASKPASS_HELPER */
+
+void cli_auth_password() {
+
+	char* password = NULL;
+	char prompt[80];
+
+	TRACE(("enter cli_auth_password"))
+	CHECKCLEARTOWRITE();
+
+	snprintf(prompt, sizeof(prompt), "%s@%s's password: ", 
+				cli_opts.username, cli_opts.remotehost);
+#if DROPBEAR_CLI_ASKPASS_HELPER
+	if (want_askpass())
+	{
+		password = gui_getpass(prompt);
+		if (!password) {
+			dropbear_exit("No password");
+		}
+	} else
+#endif
+	{
+		password = getpass_or_cancel(prompt);
+	}
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
+
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
+
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
+			SSH_SERVICE_CONNECTION_LEN);
+
+	buf_putstring(ses.writepayload, AUTH_METHOD_PASSWORD,
+			AUTH_METHOD_PASSWORD_LEN);
+
+	buf_putbyte(ses.writepayload, 0); /* FALSE - so says the spec */
+
+	buf_putstring(ses.writepayload, password, strlen(password));
+
+	encrypt_packet();
+	m_burn(password, strlen(password));
+
+	TRACE(("leave cli_auth_password"))
+}
+#endif	/* DROPBEAR_CLI_PASSWORD_AUTH */

cli-authpubkey.c

@@ -0,0 +1,222 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+#include "runopts.h"
+#include "auth.h"
+#include "agentfwd.h"
+
+#if DROPBEAR_CLI_PUBKEY_AUTH
+static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
+
+/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
+ * We use it to remove the key we tried from the list */
+void cli_pubkeyfail() {
+	m_list_elem *iter;
+	for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
+		sign_key *iter_key = (sign_key*)iter->item;
+		
+		if (iter_key == cli_ses.lastprivkey)
+		{
+			/* found the failing key */
+			list_remove(iter);
+			sign_key_free(iter_key);
+			cli_ses.lastprivkey = NULL;
+			return;
+		}
+	}
+}
+
+void recv_msg_userauth_pk_ok() {
+	m_list_elem *iter;
+	buffer* keybuf = NULL;
+	char* algotype = NULL;
+	unsigned int algolen;
+	enum signkey_type keytype;
+	unsigned int remotelen;
+
+	TRACE(("enter recv_msg_userauth_pk_ok"))
+
+	algotype = buf_getstring(ses.payload, &algolen);
+	keytype = signkey_type_from_name(algotype, algolen);
+	TRACE(("recv_msg_userauth_pk_ok: type %d", keytype))
+	m_free(algotype);
+
+	keybuf = buf_new(MAX_PUBKEY_SIZE);
+
+	remotelen = buf_getint(ses.payload);
+
+	/* Iterate through our keys, find which one it was that matched, and
+	 * send a real request with that key */
+	for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
+		sign_key *key = (sign_key*)iter->item;
+		if (key->type != keytype) {
+			/* Types differed */
+			TRACE(("types differed"))
+			continue;
+		}
+
+		/* Now we compare the contents of the key */
+		keybuf->pos = keybuf->len = 0;
+		buf_put_pub_key(keybuf, key, keytype);
+		buf_setpos(keybuf, 0);
+		buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
+								   remotelen) which has already been taken from
+								   the remote buffer */
+
+
+		if (keybuf->len-4 != remotelen) {
+			TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen))
+			/* Lengths differed */
+			continue;
+		}
+		if (memcmp(buf_getptr(keybuf, remotelen),
+					buf_getptr(ses.payload, remotelen), remotelen) != 0) {
+			/* Data didn't match this key */
+			TRACE(("data differed"))
+			continue;
+		}
+
+		/* Success */
+		break;
+	}
+	buf_free(keybuf);
+
+	if (iter != NULL) {
+		TRACE(("matching key"))
+		/* XXX TODO: if it's an encrypted key, here we ask for their
+		 * password */
+		send_msg_userauth_pubkey((sign_key*)iter->item, keytype, 1);
+	} else {
+		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
+	}
+	
+	TRACE(("leave recv_msg_userauth_pk_ok"))
+}
+
+void cli_buf_put_sign(buffer* buf, sign_key *key, int type, 
+			const buffer *data_buf) {
+#if DROPBEAR_CLI_AGENTFWD
+	if (key->source == SIGNKEY_SOURCE_AGENT) {
+		/* Format the agent signature ourselves, as buf_put_sign would. */
+		buffer *sigblob;
+		sigblob = buf_new(MAX_PUBKEY_SIZE);
+		agent_buf_sign(sigblob, key, data_buf);
+		buf_putbufstring(buf, sigblob);
+		buf_free(sigblob);
+	} else 
+#endif /* DROPBEAR_CLI_AGENTFWD */
+	{
+		buf_put_sign(buf, key, type, data_buf);
+	}
+}
+
+/* TODO: make it take an agent reference to use as well */
+static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
+
+	const char *algoname = NULL;
+	unsigned int algolen;
+	buffer* sigbuf = NULL;
+
+	TRACE(("enter send_msg_userauth_pubkey"))
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
+
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
+
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
+			SSH_SERVICE_CONNECTION_LEN);
+
+	buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY,
+			AUTH_METHOD_PUBKEY_LEN);
+
+	buf_putbyte(ses.writepayload, realsign);
+
+	algoname = signkey_name_from_type(type, &algolen);
+
+	buf_putstring(ses.writepayload, algoname, algolen);
+	buf_put_pub_key(ses.writepayload, key, type);
+
+	if (realsign) {
+		TRACE(("realsign"))
+		/* We put the signature as well - this contains string(session id), then
+		 * the contents of the write payload to this point */
+		sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len);
+		buf_putbufstring(sigbuf, ses.session_id);
+		buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
+		cli_buf_put_sign(ses.writepayload, key, type, sigbuf);
+		buf_free(sigbuf); /* Nothing confidential in the buffer */
+	}
+
+	encrypt_packet();
+	TRACE(("leave send_msg_userauth_pubkey"))
+}
+
+/* Returns 1 if a key was tried */
+int cli_auth_pubkey() {
+
+	TRACE(("enter cli_auth_pubkey"))
+
+#if DROPBEAR_CLI_AGENTFWD
+	if (!cli_opts.agent_keys_loaded) {
+		/* get the list of available keys from the agent */
+		cli_load_agent_keys(cli_opts.privkeys);
+		cli_opts.agent_keys_loaded = 1;
+	}
+#endif
+
+	if (cli_opts.privkeys->first) {
+		sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
+		/* Send a trial request */
+		send_msg_userauth_pubkey(key, key->type, 0);
+		cli_ses.lastprivkey = key;
+		TRACE(("leave cli_auth_pubkey-success"))
+		return 1;
+	} else {
+		/* no more keys left */
+		TRACE(("leave cli_auth_pubkey-failure"))
+		return 0;
+	}
+}
+
+void cli_auth_pubkey_cleanup() {
+
+#if DROPBEAR_CLI_AGENTFWD
+	m_close(cli_opts.agent_fd);
+	cli_opts.agent_fd = -1;
+#endif
+
+	while (cli_opts.privkeys->first) {
+		sign_key * key = list_remove(cli_opts.privkeys->first);
+		sign_key_free(key);
+	}
+}
+#endif /* Pubkey auth */

cli-channel.c

@@ -0,0 +1,59 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "channel.h"
+#include "buffer.h"
+#include "circbuffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+
+/* We receive channel data - only used by the client chansession code*/
+void recv_msg_channel_extended_data() {
+
+	struct Channel *channel;
+	unsigned int datatype;
+
+	TRACE(("enter recv_msg_channel_extended_data"))
+
+	channel = getchannel();
+
+	if (channel->type != &clichansess) {
+		TRACE(("leave recv_msg_channel_extended_data: chantype is wrong"))
+		return; /* we just ignore it */
+	}
+
+	datatype = buf_getint(ses.payload);
+	
+	if (datatype != SSH_EXTENDED_DATA_STDERR) {
+		TRACE(("leave recv_msg_channel_extended_data: wrong datatype: %d",
+					datatype))
+		return;	
+	}
+
+	common_recv_msg_channel_data(channel, channel->errfd, channel->extrabuf);
+
+	TRACE(("leave recv_msg_channel_extended_data"))
+}

cli-chansession.c

@@ -0,0 +1,489 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "packet.h"
+#include "buffer.h"
+#include "session.h"
+#include "dbutil.h"
+#include "channel.h"
+#include "ssh.h"
+#include "runopts.h"
+#include "termcodes.h"
+#include "chansession.h"
+#include "agentfwd.h"
+
+static void cli_closechansess(const struct Channel *channel);
+static int cli_initchansess(struct Channel *channel);
+static void cli_chansessreq(struct Channel *channel);
+static void send_chansess_pty_req(const struct Channel *channel);
+static void send_chansess_shell_req(const struct Channel *channel);
+static void cli_escape_handler(const struct Channel *channel, const unsigned char* buf, int *len);
+static int cli_init_netcat(struct Channel *channel);
+
+static void cli_tty_setup(void);
+
+const struct ChanType clichansess = {
+	0, /* sepfds */
+	"session", /* name */
+	cli_initchansess, /* inithandler */
+	NULL, /* checkclosehandler */
+	cli_chansessreq, /* reqhandler */
+	cli_closechansess, /* closehandler */
+	NULL, /* cleanup */
+};
+
+static void cli_chansessreq(struct Channel *channel) {
+
+	char* type = NULL;
+	int wantreply;
+
+	TRACE(("enter cli_chansessreq"))
+
+	type = buf_getstring(ses.payload, NULL);
+	wantreply = buf_getbool(ses.payload);
+
+	if (strcmp(type, "exit-status") == 0) {
+		cli_ses.retval = buf_getint(ses.payload);
+		TRACE(("got exit-status of '%d'", cli_ses.retval))
+	} else if (strcmp(type, "exit-signal") == 0) {
+		TRACE(("got exit-signal, ignoring it"))
+	} else {
+		TRACE(("unknown request '%s'", type))
+		if (wantreply) {
+			send_msg_channel_failure(channel);
+		}
+		goto out;
+	}
+		
+out:
+	m_free(type);
+}
+	
+
+/* If the main session goes, we close it up */
+static void cli_closechansess(const struct Channel *UNUSED(channel)) {
+	cli_tty_cleanup(); /* Restore tty modes etc */
+
+	/* This channel hasn't gone yet, so we have > 1 */
+	if (ses.chancount > 1) {
+		dropbear_log(LOG_INFO, "Waiting for other channels to close...");
+	}
+}
+
+/* Taken from OpenSSH's sshtty.c:
+ * RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
+static void cli_tty_setup() {
+
+	struct termios tio;
+
+	TRACE(("enter cli_pty_setup"))
+
+	if (cli_ses.tty_raw_mode == 1) {
+		TRACE(("leave cli_tty_setup: already in raw mode!"))
+		return;
+	}
+
+	if (tcgetattr(STDIN_FILENO, &tio) == -1) {
+		dropbear_exit("Failed to set raw TTY mode");
+	}
+
+	/* make a copy */
+	cli_ses.saved_tio = tio;
+
+	tio.c_iflag |= IGNPAR;
+	tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
+#ifdef IUCLC
+	tio.c_iflag &= ~IUCLC;
+#endif
+	tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
+#ifdef IEXTEN
+	tio.c_lflag &= ~IEXTEN;
+#endif
+	tio.c_oflag &= ~OPOST;
+	tio.c_cc[VMIN] = 1;
+	tio.c_cc[VTIME] = 0;
+	if (tcsetattr(STDIN_FILENO, TCSADRAIN, &tio) == -1) {
+		dropbear_exit("Failed to set raw TTY mode");
+	}
+
+	cli_ses.tty_raw_mode = 1;
+	TRACE(("leave cli_tty_setup"))
+}
+
+void cli_tty_cleanup() {
+
+	TRACE(("enter cli_tty_cleanup"))
+
+	if (cli_ses.tty_raw_mode == 0) {
+		TRACE(("leave cli_tty_cleanup: not in raw mode"))
+		return;
+	}
+
+	if (tcsetattr(STDIN_FILENO, TCSADRAIN, &cli_ses.saved_tio) == -1) {
+		dropbear_log(LOG_WARNING, "Failed restoring TTY");
+	} else {
+		cli_ses.tty_raw_mode = 0; 
+	}
+
+	TRACE(("leave cli_tty_cleanup"))
+}
+
+static void put_termcodes() {
+
+	struct termios tio;
+	unsigned int sshcode;
+	const struct TermCode *termcode;
+	unsigned int value;
+	unsigned int mapcode;
+
+	unsigned int bufpos1, bufpos2;
+
+	TRACE(("enter put_termcodes"))
+
+	if (tcgetattr(STDIN_FILENO, &tio) == -1) {
+		dropbear_log(LOG_WARNING, "Failed reading termmodes");
+		buf_putint(ses.writepayload, 1); /* Just the terminator */
+		buf_putbyte(ses.writepayload, 0); /* TTY_OP_END */
+		return;
+	}
+
+	bufpos1 = ses.writepayload->pos;
+	buf_putint(ses.writepayload, 0); /* A placeholder for the final length */
+
+	/* As with Dropbear server, we ignore baud rates for now */
+	for (sshcode = 1; sshcode < MAX_TERMCODE; sshcode++) {
+
+		termcode = &termcodes[sshcode];
+		mapcode = termcode->mapcode;
+
+		switch (termcode->type) {
+
+			case TERMCODE_NONE:
+				continue;
+
+			case TERMCODE_CONTROLCHAR:
+				value = tio.c_cc[mapcode];
+				break;
+
+			case TERMCODE_INPUT:
+				value = tio.c_iflag & mapcode;
+				break;
+
+			case TERMCODE_OUTPUT:
+				value = tio.c_oflag & mapcode;
+				break;
+
+			case TERMCODE_LOCAL:
+				value = tio.c_lflag & mapcode;
+				break;
+
+			case TERMCODE_CONTROL:
+				value = tio.c_cflag & mapcode;
+				break;
+
+			default:
+				continue;
+
+		}
+
+		/* If we reach here, we have something to say */
+		buf_putbyte(ses.writepayload, sshcode);
+		buf_putint(ses.writepayload, value);
+	}
+
+	buf_putbyte(ses.writepayload, 0); /* THE END, aka TTY_OP_END */
+
+	/* Put the string length at the start of the buffer */
+	bufpos2 = ses.writepayload->pos;
+
+	buf_setpos(ses.writepayload, bufpos1); /* Jump back */
+	buf_putint(ses.writepayload, bufpos2 - bufpos1 - 4); /* len(termcodes) */
+	buf_setpos(ses.writepayload, bufpos2); /* Back where we were */
+
+	TRACE(("leave put_termcodes"))
+}
+
+static void put_winsize() {
+
+	struct winsize ws;
+
+	if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0) {
+		/* Some sane defaults */
+		ws.ws_row = 25;
+		ws.ws_col = 80;
+		ws.ws_xpixel = 0;
+		ws.ws_ypixel = 0;
+	}
+
+	buf_putint(ses.writepayload, ws.ws_col); /* Cols */
+	buf_putint(ses.writepayload, ws.ws_row); /* Rows */
+	buf_putint(ses.writepayload, ws.ws_xpixel); /* Width */
+	buf_putint(ses.writepayload, ws.ws_ypixel); /* Height */
+
+}
+
+static void sigwinch_handler(int UNUSED(unused)) {
+
+	cli_ses.winchange = 1;
+
+}
+
+void cli_chansess_winchange() {
+
+	unsigned int i;
+	struct Channel *channel = NULL;
+
+	for (i = 0; i < ses.chansize; i++) {
+		channel = ses.channels[i];
+		if (channel != NULL && channel->type == &clichansess) {
+			CHECKCLEARTOWRITE();
+			buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
+			buf_putint(ses.writepayload, channel->remotechan);
+			buf_putstring(ses.writepayload, "window-change", 13);
+			buf_putbyte(ses.writepayload, 0); /* FALSE says the spec */
+			put_winsize();
+			encrypt_packet();
+		}
+	}
+	cli_ses.winchange = 0;
+}
+
+static void send_chansess_pty_req(const struct Channel *channel) {
+
+	char* term = NULL;
+
+	TRACE(("enter send_chansess_pty_req"))
+
+	start_send_channel_request(channel, "pty-req");
+
+	/* Don't want replies */
+	buf_putbyte(ses.writepayload, 0);
+
+	/* Get the terminal */
+	term = getenv("TERM");
+	if (term == NULL) {
+		term = "vt100"; /* Seems a safe default */
+	}
+	buf_putstring(ses.writepayload, term, strlen(term));
+
+	/* Window size */
+	put_winsize();
+
+	/* Terminal mode encoding */
+	put_termcodes();
+
+	encrypt_packet();
+
+	/* Set up a window-change handler */
+	if (signal(SIGWINCH, sigwinch_handler) == SIG_ERR) {
+		dropbear_exit("Signal error");
+	}
+	TRACE(("leave send_chansess_pty_req"))
+}
+
+static void send_chansess_shell_req(const struct Channel *channel) {
+
+	char* reqtype = NULL;
+
+	TRACE(("enter send_chansess_shell_req"))
+
+	if (cli_opts.cmd) {
+		if (cli_opts.is_subsystem) {
+			reqtype = "subsystem";
+		} else {
+			reqtype = "exec";
+		}
+	} else {
+		reqtype = "shell";
+	}
+
+	start_send_channel_request(channel, reqtype);
+
+	/* XXX TODO */
+	buf_putbyte(ses.writepayload, 0); /* Don't want replies */
+	if (cli_opts.cmd) {
+		buf_putstring(ses.writepayload, cli_opts.cmd, strlen(cli_opts.cmd));
+	}
+
+	encrypt_packet();
+	TRACE(("leave send_chansess_shell_req"))
+}
+
+/* Shared for normal client channel and netcat-alike */
+static int cli_init_stdpipe_sess(struct Channel *channel) {
+	channel->writefd = STDOUT_FILENO;
+	setnonblocking(STDOUT_FILENO);
+
+	channel->readfd = STDIN_FILENO;
+	setnonblocking(STDIN_FILENO);
+
+	channel->errfd = STDERR_FILENO;
+	setnonblocking(STDERR_FILENO);
+
+	channel->extrabuf = cbuf_new(opts.recv_window);
+	return 0;
+}
+
+static int cli_init_netcat(struct Channel *channel) {
+	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
+	return cli_init_stdpipe_sess(channel);
+}
+
+static int cli_initchansess(struct Channel *channel) {
+
+	cli_init_stdpipe_sess(channel);
+
+#if DROPBEAR_CLI_AGENTFWD
+	if (cli_opts.agent_fwd) {
+		cli_setup_agent(channel);
+	}
+#endif
+
+	if (cli_opts.wantpty) {
+		send_chansess_pty_req(channel);
+		channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
+	} else {
+		channel->prio = DROPBEAR_CHANNEL_PRIO_BULK;
+	}
+
+	send_chansess_shell_req(channel);
+
+	if (cli_opts.wantpty) {
+		cli_tty_setup();
+		channel->read_mangler = cli_escape_handler;
+		cli_ses.last_char = '\r';
+	}	
+
+	return 0; /* Success */
+}
+
+#if DROPBEAR_CLI_NETCAT
+
+static const struct ChanType cli_chan_netcat = {
+	0, /* sepfds */
+	"direct-tcpip",
+	cli_init_netcat, /* inithandler */
+	NULL,
+	NULL,
+	cli_closechansess,
+	NULL,
+};
+
+void cli_send_netcat_request() {
+
+	const char* source_host = "127.0.0.1";
+	const int source_port = 22;
+
+	TRACE(("enter cli_send_netcat_request"))
+	cli_opts.wantpty = 0;
+
+	if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_netcat) 
+			== DROPBEAR_FAILURE) {
+		dropbear_exit("Couldn't open initial channel");
+	}
+
+	buf_putstring(ses.writepayload, cli_opts.netcat_host,
+			strlen(cli_opts.netcat_host));
+	buf_putint(ses.writepayload, cli_opts.netcat_port);
+
+	/* originator ip - localhost is accurate enough */
+	buf_putstring(ses.writepayload, source_host, strlen(source_host));
+	buf_putint(ses.writepayload, source_port);
+
+	encrypt_packet();
+	TRACE(("leave cli_send_netcat_request"))
+}
+#endif
+
+void cli_send_chansess_request() {
+
+	TRACE(("enter cli_send_chansess_request"))
+
+	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
+			== DROPBEAR_FAILURE) {
+		dropbear_exit("Couldn't open initial channel");
+	}
+
+	/* No special channel request data */
+	encrypt_packet();
+	TRACE(("leave cli_send_chansess_request"))
+
+}
+
+/* returns 1 if the character should be consumed, 0 to pass through */
+static int
+do_escape(unsigned char c) {
+	switch (c) {
+		case '.':
+			dropbear_exit("Terminated");
+			return 1;
+		case 0x1a:
+			/* ctrl-z */
+			cli_tty_cleanup();
+			kill(getpid(), SIGTSTP);
+			/* after continuation */
+			cli_tty_setup();
+			cli_ses.winchange = 1;
+			return 1;
+		default:
+			return 0;
+	}
+}
+
+static
+void cli_escape_handler(const struct Channel* UNUSED(channel), const unsigned char* buf, int *len) {
+	char c;
+	int skip_char = 0;
+
+	/* only handle escape characters if they are read one at a time. simplifies 
+	   the code and avoids nasty people putting ~. at the start of a line to paste  */
+	if (*len != 1) {
+		cli_ses.last_char = 0x0;
+		return;
+	}
+
+	c = buf[0];
+
+	if (cli_ses.last_char == DROPBEAR_ESCAPE_CHAR) {
+		skip_char = do_escape(c);
+		cli_ses.last_char = 0x0;
+	} else {
+		if (c == DROPBEAR_ESCAPE_CHAR) {
+			if (cli_ses.last_char == '\r') {
+				cli_ses.last_char = DROPBEAR_ESCAPE_CHAR;
+				skip_char = 1;
+			} else {
+				cli_ses.last_char = 0x0;
+			}
+		} else {
+			cli_ses.last_char = c;
+		}
+	}
+
+	if (skip_char) {
+		*len = 0;
+	}
+}

cli-kex.c

@@ -0,0 +1,412 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "session.h"
+#include "dbutil.h"
+#include "algo.h"
+#include "buffer.h"
+#include "session.h"
+#include "kex.h"
+#include "ssh.h"
+#include "packet.h"
+#include "bignum.h"
+#include "dbrandom.h"
+#include "runopts.h"
+#include "signkey.h"
+#include "ecc.h"
+
+
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen);
+#define MAX_KNOWNHOSTS_LINE 4500
+
+void send_msg_kexdh_init() {
+	TRACE(("send_msg_kexdh_init()"))	
+
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
+	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
+		case DROPBEAR_KEX_NORMAL_DH:
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.dh_param) {
+				if (cli_ses.dh_param) {
+					free_kexdh_param(cli_ses.dh_param);
+				}
+				cli_ses.dh_param = gen_kexdh_param();
+			}
+			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
+			break;
+#endif
+#if DROPBEAR_ECDH
+		case DROPBEAR_KEX_ECDH:
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.ecdh_param) {
+				if (cli_ses.ecdh_param) {
+					free_kexecdh_param(cli_ses.ecdh_param);
+				}
+				cli_ses.ecdh_param = gen_kexecdh_param();
+			}
+			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
+			break;
+#endif
+#if DROPBEAR_CURVE25519
+		case DROPBEAR_KEX_CURVE25519:
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.curve25519_param) {
+				if (cli_ses.curve25519_param) {
+					free_kexcurve25519_param(cli_ses.curve25519_param);
+				}
+				cli_ses.curve25519_param = gen_kexcurve25519_param();
+			}
+			buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
+			break;
+#endif
+	}
+
+	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
+	encrypt_packet();
+}
+
+/* Handle a diffie-hellman key exchange reply. */
+void recv_msg_kexdh_reply() {
+
+	sign_key *hostkey = NULL;
+	unsigned int type, keybloblen;
+	unsigned char* keyblob = NULL;
+
+	TRACE(("enter recv_msg_kexdh_reply"))
+
+	if (cli_ses.kex_state != KEXDH_INIT_SENT) {
+		dropbear_exit("Received out-of-order kexdhreply");
+	}
+	type = ses.newkeys->algo_hostkey;
+	TRACE(("type is %d", type))
+
+	hostkey = new_sign_key();
+	keybloblen = buf_getint(ses.payload);
+
+	keyblob = buf_getptr(ses.payload, keybloblen);
+	if (!ses.kexstate.donefirstkex) {
+		/* Only makes sense the first time */
+		checkhostkey(keyblob, keybloblen);
+	}
+
+	if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
+		TRACE(("failed getting pubkey"))
+		dropbear_exit("Bad KEX packet");
+	}
+
+	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
+		case DROPBEAR_KEX_NORMAL_DH:
+			{
+			DEF_MP_INT(dh_f);
+			m_mp_init(&dh_f);
+			if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
+				TRACE(("failed getting mpint"))
+				dropbear_exit("Bad KEX packet");
+			}
+
+			kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
+			mp_clear(&dh_f);
+			}
+			break;
+#endif
+#if DROPBEAR_ECDH
+		case DROPBEAR_KEX_ECDH:
+			{
+			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
+			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
+			buf_free(ecdh_qs);
+			}
+			break;
+#endif
+#if DROPBEAR_CURVE25519
+		case DROPBEAR_KEX_CURVE25519:
+			{
+			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
+			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
+			buf_free(ecdh_qs);
+			}
+			break;
+#endif
+	}
+
+	if (cli_ses.dh_param) {
+		free_kexdh_param(cli_ses.dh_param);
+		cli_ses.dh_param = NULL;
+	}
+#if DROPBEAR_ECDH
+	if (cli_ses.ecdh_param) {
+		free_kexecdh_param(cli_ses.ecdh_param);
+		cli_ses.ecdh_param = NULL;
+	}
+#endif
+#if DROPBEAR_CURVE25519
+	if (cli_ses.curve25519_param) {
+		free_kexcurve25519_param(cli_ses.curve25519_param);
+		cli_ses.curve25519_param = NULL;
+	}
+#endif
+
+	cli_ses.param_kex_algo = NULL;
+	if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) {
+		dropbear_exit("Bad hostkey signature");
+	}
+
+	sign_key_free(hostkey);
+	hostkey = NULL;
+
+	send_msg_newkeys();
+	ses.requirenext = SSH_MSG_NEWKEYS;
+	TRACE(("leave recv_msg_kexdh_init"))
+}
+
+static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen,
+	const char* algoname) {
+
+	char* fp = NULL;
+	FILE *tty = NULL;
+	int response = 'z';
+
+	fp = sign_key_fingerprint(keyblob, keybloblen);
+	if (cli_opts.always_accept_key) {
+		dropbear_log(LOG_INFO, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n",
+				cli_opts.remotehost,
+				algoname,
+				fp);
+		m_free(fp);
+		return;
+	}
+	fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\nDo you want to continue connecting? (y/n) ", 
+			cli_opts.remotehost, 
+			algoname,
+			fp);
+	m_free(fp);
+
+	tty = fopen(_PATH_TTY, "r");
+	if (tty) {
+		response = getc(tty);
+		fclose(tty);
+	} else {
+		response = getc(stdin);
+	}
+
+	if (response == 'y') {
+		return;
+	}
+
+	dropbear_exit("Didn't validate host key");
+}
+
+static FILE* open_known_hosts_file(int * readonly)
+{
+	FILE * hostsfile = NULL;
+	char * filename = NULL;
+	char * homedir = NULL;
+	
+	homedir = getenv("HOME");
+
+	if (!homedir) {
+		struct passwd * pw = NULL;
+		pw = getpwuid(getuid());
+		if (pw) {
+			homedir = pw->pw_dir;
+		}
+	}
+
+	if (homedir) {
+		unsigned int len;
+		len = strlen(homedir);
+		filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/
+
+		snprintf(filename, len+18, "%s/.ssh", homedir);
+		/* Check that ~/.ssh exists - easiest way is just to mkdir */
+		if (mkdir(filename, S_IRWXU) != 0) {
+			if (errno != EEXIST) {
+				dropbear_log(LOG_INFO, "Warning: failed creating %s/.ssh: %s",
+						homedir, strerror(errno));
+				TRACE(("mkdir didn't work: %s", strerror(errno)))
+				goto out;
+			}
+		}
+
+		snprintf(filename, len+18, "%s/.ssh/known_hosts", homedir);
+		hostsfile = fopen(filename, "a+");
+		
+		if (hostsfile != NULL) {
+			*readonly = 0;
+			fseek(hostsfile, 0, SEEK_SET);
+		} else {
+			/* We mightn't have been able to open it if it was read-only */
+			if (errno == EACCES || errno == EROFS) {
+					TRACE(("trying readonly: %s", strerror(errno)))
+					*readonly = 1;
+					hostsfile = fopen(filename, "r");
+			}
+		}
+	}
+
+	if (hostsfile == NULL) {
+		TRACE(("hostsfile didn't open: %s", strerror(errno)))
+		dropbear_log(LOG_WARNING, "Failed to open %s/.ssh/known_hosts",
+				homedir);
+		goto out;
+	}	
+
+out:
+	m_free(filename);
+	return hostsfile;
+}
+
+static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen) {
+
+	FILE *hostsfile = NULL;
+	int readonly = 0;
+	unsigned int hostlen, algolen;
+	unsigned long len;
+	const char *algoname = NULL;
+	char * fingerprint = NULL;
+	buffer * line = NULL;
+	int ret;
+
+	if (cli_opts.no_hostkey_check) {
+		dropbear_log(LOG_INFO, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost);
+		return;
+	}
+
+	algoname = signkey_name_from_type(ses.newkeys->algo_hostkey, &algolen);
+
+	hostsfile = open_known_hosts_file(&readonly);
+	if (!hostsfile)	{
+		ask_to_confirm(keyblob, keybloblen, algoname);
+		/* ask_to_confirm will exit upon failure */
+		return;
+	}
+	
+	line = buf_new(MAX_KNOWNHOSTS_LINE);
+	hostlen = strlen(cli_opts.remotehost);
+
+	do {
+		if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) {
+			TRACE(("failed reading line: prob EOF"))
+			break;
+		}
+
+		/* The line is too short to be sensible */
+		/* "30" is 'enough to hold ssh-dss plus the spaces, ie so we don't
+		 * buf_getfoo() past the end and die horribly - the base64 parsing
+		 * code is what tiptoes up to the end nicely */
+		if (line->len < (hostlen+30) ) {
+			TRACE(("line is too short to be sensible"))
+			continue;
+		}
+
+		/* Compare hostnames */
+		if (strncmp(cli_opts.remotehost, (const char *) buf_getptr(line, hostlen),
+					hostlen) != 0) {
+			continue;
+		}
+
+		buf_incrpos(line, hostlen);
+		if (buf_getbyte(line) != ' ') {
+			/* there wasn't a space after the hostname, something dodgy */
+			TRACE(("missing space afte matching hostname"))
+			continue;
+		}
+
+		if (strncmp((const char *) buf_getptr(line, algolen), algoname, algolen) != 0) {
+			TRACE(("algo doesn't match"))
+			continue;
+		}
+
+		buf_incrpos(line, algolen);
+		if (buf_getbyte(line) != ' ') {
+			TRACE(("missing space after algo"))
+			continue;
+		}
+
+		/* Now we're at the interesting hostkey */
+		ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algoname, algolen,
+						line, &fingerprint);
+
+		if (ret == DROPBEAR_SUCCESS) {
+			/* Good matching key */
+			TRACE(("good matching key"))
+			goto out;
+		}
+
+		/* The keys didn't match. eep. Note that we're "leaking"
+		   the fingerprint strings here, but we're exiting anyway */
+		dropbear_exit("\n\n%s host key mismatch for %s !\n"
+					"Fingerprint is %s\n"
+					"Expected %s\n"
+					"If you know that the host key is correct you can\nremove the bad entry from ~/.ssh/known_hosts", 
+					algoname,
+					cli_opts.remotehost,
+					sign_key_fingerprint(keyblob, keybloblen),
+					fingerprint ? fingerprint : "UNKNOWN");
+	} while (1); /* keep going 'til something happens */
+
+	/* Key doesn't exist yet */
+	ask_to_confirm(keyblob, keybloblen, algoname);
+
+	/* If we get here, they said yes */
+
+	if (readonly) {
+		TRACE(("readonly"))
+		goto out;
+	}
+
+	if (!cli_opts.always_accept_key) {
+		/* put the new entry in the file */
+		fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
+		buf_setpos(line, 0);
+		buf_setlen(line, 0);
+		buf_putbytes(line, (const unsigned char *) cli_opts.remotehost, hostlen);
+		buf_putbyte(line, ' ');
+		buf_putbytes(line, (const unsigned char *) algoname, algolen);
+		buf_putbyte(line, ' ');
+		len = line->size - line->pos;
+		/* The only failure with base64 is buffer_overflow, but buf_getwriteptr
+		 * will die horribly in the case anyway */
+		base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len);
+		buf_incrwritepos(line, len);
+		buf_putbyte(line, '\n');
+		buf_setpos(line, 0);
+		fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile);
+		/* We ignore errors, since there's not much we can do about them */
+	}
+
+out:
+	if (hostsfile != NULL) {
+		fclose(hostsfile);
+	}
+	if (line != NULL) {
+		buf_free(line);
+	}
+	m_free(fingerprint);
+}

cli-main.c

@@ -0,0 +1,195 @@
+/*
+ * Dropbear - a SSH2 server
+ * SSH client implementation
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "runopts.h"
+#include "session.h"
+#include "dbrandom.h"
+#include "crypto_desc.h"
+#include "netio.h"
+
+static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
+static void cli_dropbear_log(int priority, const char* format, va_list param);
+
+#if DROPBEAR_CLI_PROXYCMD
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out);
+static void kill_proxy_sighandler(int signo);
+#endif
+
+#if defined(DBMULTI_dbclient) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dbclient) && DROPBEAR_MULTI
+int cli_main(int argc, char ** argv) {
+#else
+int main(int argc, char ** argv) {
+#endif
+
+	int sock_in, sock_out;
+	struct dropbear_progress_connection *progress = NULL;
+
+	_dropbear_exit = cli_dropbear_exit;
+	_dropbear_log = cli_dropbear_log;
+
+	disallow_core();
+
+	seedrandom();
+	crypto_init();
+
+	cli_getopts(argc, argv);
+
+#ifndef DISABLE_SYSLOG
+	if (opts.usingsyslog) {
+		startsyslog("dbclient");
+	}
+#endif
+
+	TRACE(("user='%s' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username,
+				cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port))
+
+	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
+		dropbear_exit("signal() error");
+	}
+
+	pid_t proxy_cmd_pid = 0;
+#if DROPBEAR_CLI_PROXYCMD
+	if (cli_opts.proxycmd) {
+		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
+		m_free(cli_opts.proxycmd);
+		if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
+			signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
+			signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) {
+			dropbear_exit("signal() error");
+		}
+	} else
+#endif
+	{
+		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
+			cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port);
+		sock_in = sock_out = -1;
+	}
+
+	cli_session(sock_in, sock_out, progress, proxy_cmd_pid);
+
+	/* not reached */
+	return -1;
+}
+#endif /* DBMULTI stuff */
+
+static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
+	char exitmsg[150];
+	char fullmsg[300];
+
+	/* Note that exit message must be rendered before session cleanup */
+
+	/* Render the formatted exit message */
+	vsnprintf(exitmsg, sizeof(exitmsg), format, param);
+
+	/* Add the prefix depending on session/auth state */
+	if (!ses.init_done) {
+		snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg);
+	} else {
+		snprintf(fullmsg, sizeof(fullmsg), 
+				"Connection to %s@%s:%s exited: %s", 
+				cli_opts.username, cli_opts.remotehost, 
+				cli_opts.remoteport, exitmsg);
+	}
+
+	/* Do the cleanup first, since then the terminal will be reset */
+	session_cleanup();
+	/* Avoid printing onwards from terminal cruft */
+	fprintf(stderr, "\n");
+
+	dropbear_log(LOG_INFO, "%s", fullmsg);
+	exit(exitcode);
+}
+
+static void cli_dropbear_log(int priority,
+		const char* format, va_list param) {
+
+	char printbuf[1024];
+
+	vsnprintf(printbuf, sizeof(printbuf), format, param);
+
+#ifndef DISABLE_SYSLOG
+	if (opts.usingsyslog) {
+		syslog(priority, "%s", printbuf);
+	}
+#endif
+
+	fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf);
+	fflush(stderr);
+}
+
+static void exec_proxy_cmd(const void *user_data_cmd) {
+	const char *cmd = user_data_cmd;
+	char *usershell;
+
+	usershell = m_strdup(get_user_shell());
+	run_shell_command(cmd, ses.maxfd, usershell);
+	dropbear_exit("Failed to run '%s'\n", cmd);
+}
+
+#if DROPBEAR_CLI_PROXYCMD
+static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
+	char * ex_cmd = NULL;
+	size_t ex_cmdlen;
+	int ret;
+
+	/* File descriptor "-j &3" */
+	if (*cli_opts.proxycmd == '&') {
+		char *p = cli_opts.proxycmd + 1;
+		int sock = strtoul(p, &p, 10);
+		/* must be a single number, and not stdin/stdout/stderr */
+		if (sock > 2 && sock < 1024 && *p == '\0') {
+			*sock_in = sock;
+			*sock_out = sock;
+			return;
+		}
+	}
+
+	/* Normal proxycommand */
+
+	/* So that spawn_command knows which shell to run */
+	fill_passwd(cli_opts.own_user);
+
+	ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
+	ex_cmd = m_malloc(ex_cmdlen);
+	snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd);
+
+	ret = spawn_command(exec_proxy_cmd, ex_cmd,
+			sock_out, sock_in, NULL, pid_out);
+	m_free(ex_cmd);
+	if (ret == DROPBEAR_FAILURE) {
+		dropbear_exit("Failed running proxy command");
+		*sock_in = *sock_out = -1;
+	}
+}
+
+static void kill_proxy_sighandler(int UNUSED(signo)) {
+	kill_proxy_command();
+	_exit(1);
+}
+#endif /* DROPBEAR_CLI_PROXYCMD */

cli-runopts.c

@@ -0,0 +1,919 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "runopts.h"
+#include "signkey.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "algo.h"
+#include "tcpfwd.h"
+#include "list.h"
+
+cli_runopts cli_opts; /* GLOBAL */
+
+static void printhelp(void);
+static void parse_hostname(const char* orighostarg);
+static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
+static void fill_own_user(void);
+#if DROPBEAR_CLI_PUBKEY_AUTH
+static void loadidentityfile(const char* filename, int warnfail);
+#endif
+#if DROPBEAR_CLI_ANYTCPFWD
+static void addforward(const char* str, m_list *fwdlist);
+#endif
+#if DROPBEAR_CLI_NETCAT
+static void add_netcat(const char *str);
+#endif
+static void add_extendedopt(const char *str);
+
+static void printhelp() {
+
+	fprintf(stderr, "Dropbear SSH client v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
+#if DROPBEAR_CLI_MULTIHOP
+					"Usage: %s [options] [user@]host[/port][,[user@]host/port],...] [command]\n"
+#else
+					"Usage: %s [options] [user@]host[/port] [command]\n"
+#endif
+					"-p <remoteport>\n"
+					"-l <username>\n"
+					"-t    Allocate a pty\n"
+					"-T    Don't allocate a pty\n"
+					"-N    Don't run a remote command\n"
+					"-f    Run in background after auth\n"
+					"-y    Always accept remote host key if unknown\n"
+					"-y -y Don't perform any remote host key checking (caution)\n"
+					"-s    Request a subsystem (use by external sftp)\n"
+					"-o option     Set option in OpenSSH-like format ('-o help' to list options)\n"
+#if DROPBEAR_CLI_PUBKEY_AUTH
+					"-i <identityfile>   (multiple allowed, default %s)\n"
+#endif
+#if DROPBEAR_CLI_AGENTFWD
+					"-A    Enable agent auth forwarding\n"
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+					"-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding\n"
+					"-g    Allow remote hosts to connect to forwarded ports\n"
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+					"-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n"
+#endif
+					"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
+					"-K <keepalive>  (0 is never, default %d)\n"
+					"-I <idle_timeout>  (0 is never, default %d)\n"
+#if DROPBEAR_CLI_NETCAT
+					"-B <endhost:endport> Netcat-alike forwarding\n"
+#endif				
+#if DROPBEAR_CLI_PROXYCMD
+					"-J <proxy_program> Use program pipe rather than TCP connection\n"
+#endif
+#if DROPBEAR_USER_ALGO_LIST
+					"-c <cipher list> Specify preferred ciphers ('-c help' to list options)\n"
+					"-m <MAC list> Specify preferred MACs for packet verification (or '-m help')\n"
+#endif
+					"-b    [bind_address][:bind_port]\n"
+					"-V    Version\n"
+#if DEBUG_TRACE
+					"-v    verbose (compiled with DEBUG_TRACE)\n"
+#endif
+					,DROPBEAR_VERSION, cli_opts.progname,
+#if DROPBEAR_CLI_PUBKEY_AUTH
+					DROPBEAR_DEFAULT_CLI_AUTHKEY,
+#endif
+					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
+					
+}
+
+void cli_getopts(int argc, char ** argv) {
+	unsigned int i, j;
+	char ** next = NULL;
+	enum {
+		OPT_EXTENDED_OPTIONS,
+#if DROPBEAR_CLI_PUBKEY_AUTH
+		OPT_AUTHKEY,
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+		OPT_LOCALTCPFWD,
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+		OPT_REMOTETCPFWD,
+#endif
+#if DROPBEAR_CLI_NETCAT
+		OPT_NETCAT,
+#endif
+		/* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */
+		OPT_OTHER
+	} opt;
+	unsigned int cmdlen;
+
+	char* recv_window_arg = NULL;
+	char* keepalive_arg = NULL;
+	char* idle_timeout_arg = NULL;
+	char *host_arg = NULL;
+	char *bind_arg = NULL;
+	char c;
+
+	/* see printhelp() for options */
+	cli_opts.progname = argv[0];
+	cli_opts.remotehost = NULL;
+	cli_opts.remoteport = NULL;
+	cli_opts.username = NULL;
+	cli_opts.cmd = NULL;
+	cli_opts.no_cmd = 0;
+	cli_opts.backgrounded = 0;
+	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
+	cli_opts.always_accept_key = 0;
+	cli_opts.no_hostkey_check = 0;
+	cli_opts.is_subsystem = 0;
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	cli_opts.privkeys = list_new();
+#endif
+#if DROPBEAR_CLI_ANYTCPFWD
+	cli_opts.exit_on_fwd_failure = 0;
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+	cli_opts.localfwds = list_new();
+	opts.listen_fwd_all = 0;
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+	cli_opts.remotefwds = list_new();
+#endif
+#if DROPBEAR_CLI_AGENTFWD
+	cli_opts.agent_fwd = 0;
+	cli_opts.agent_fd = -1;
+	cli_opts.agent_keys_loaded = 0;
+#endif
+#if DROPBEAR_CLI_PROXYCMD
+	cli_opts.proxycmd = NULL;
+#endif
+	cli_opts.bind_address = NULL;
+	cli_opts.bind_port = NULL;
+#ifndef DISABLE_ZLIB
+	opts.compress_mode = DROPBEAR_COMPRESS_ON;
+#endif
+#if DROPBEAR_USER_ALGO_LIST
+	opts.cipher_list = NULL;
+	opts.mac_list = NULL;
+#endif
+#ifndef DISABLE_SYSLOG
+	opts.usingsyslog = 0;
+#endif
+	/* not yet
+	opts.ipv4 = 1;
+	opts.ipv6 = 1;
+	*/
+	opts.recv_window = DEFAULT_RECV_WINDOW;
+	opts.keepalive_secs = DEFAULT_KEEPALIVE;
+	opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
+
+	fill_own_user();
+
+	for (i = 1; i < (unsigned int)argc; i++) {
+		/* Handle non-flag arguments such as hostname or commands for the remote host */
+		if (argv[i][0] != '-')
+		{
+			if (host_arg == NULL) {
+				host_arg = argv[i];
+				continue;
+			}
+			/* Commands to pass to the remote host. No more flag handling,
+			commands are consumed below */
+			break;
+		}
+
+		/* Begins with '-' */
+		opt = OPT_OTHER;
+		for (j = 1; (c = argv[i][j]) != '\0' && !next && opt == OPT_OTHER; j++) {
+			switch (c) {
+				case 'y': /* always accept the remote hostkey */
+					if (cli_opts.always_accept_key) {
+						/* twice means no checking at all */
+						cli_opts.no_hostkey_check = 1;
+					}
+					cli_opts.always_accept_key = 1;
+					break;
+				case 'p': /* remoteport */
+					next = (char**)&cli_opts.remoteport;
+					break;
+#if DROPBEAR_CLI_PUBKEY_AUTH
+				case 'i': /* an identityfile */
+					opt = OPT_AUTHKEY;
+					break;
+#endif
+				case 't': /* we want a pty */
+					cli_opts.wantpty = 1;
+					break;
+				case 'T': /* don't want a pty */
+					cli_opts.wantpty = 0;
+					break;
+				case 'N':
+					cli_opts.no_cmd = 1;
+					break;
+				case 'f':
+					cli_opts.backgrounded = 1;
+					break;
+				case 's':
+					cli_opts.is_subsystem = 1;
+					break;
+				case 'o':
+					opt = OPT_EXTENDED_OPTIONS;
+					break;
+#if DROPBEAR_CLI_LOCALTCPFWD
+				case 'L':
+					opt = OPT_LOCALTCPFWD;
+					break;
+				case 'g':
+					opts.listen_fwd_all = 1;
+					break;
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+				case 'R':
+					opt = OPT_REMOTETCPFWD;
+					break;
+#endif
+#if DROPBEAR_CLI_NETCAT
+				case 'B':
+					opt = OPT_NETCAT;
+					break;
+#endif
+#if DROPBEAR_CLI_PROXYCMD
+				case 'J':
+					next = &cli_opts.proxycmd;
+					break;
+#endif
+				case 'l':
+					next = &cli_opts.username;
+					break;
+				case 'h':
+					printhelp();
+					exit(EXIT_SUCCESS);
+					break;
+				case 'u':
+					/* backwards compatibility with old urandom option */
+					break;
+				case 'W':
+					next = &recv_window_arg;
+					break;
+				case 'K':
+					next = &keepalive_arg;
+					break;
+				case 'I':
+					next = &idle_timeout_arg;
+					break;
+#if DROPBEAR_CLI_AGENTFWD
+				case 'A':
+					cli_opts.agent_fwd = 1;
+					break;
+#endif
+#if DROPBEAR_USER_ALGO_LIST
+				case 'c':
+					next = &opts.cipher_list;
+					break;
+				case 'm':
+					next = &opts.mac_list;
+					break;
+#endif
+#if DEBUG_TRACE
+				case 'v':
+					debug_trace = 1;
+					break;
+#endif
+				case 'F':
+				case 'e':
+#if !DROPBEAR_USER_ALGO_LIST
+				case 'c':
+				case 'm':
+#endif
+				case 'D':
+#if !DROPBEAR_CLI_REMOTETCPFWD
+				case 'R':
+#endif
+#if !DROPBEAR_CLI_LOCALTCPFWD
+				case 'L':
+#endif
+				case 'V':
+					print_version();
+					exit(EXIT_SUCCESS);
+					break;
+				case 'b':
+					next = &bind_arg;
+					break;
+				default:
+					fprintf(stderr,
+						"WARNING: Ignoring unknown option -%c\n", c);
+					break;
+			} /* Switch */
+		}
+
+		if (!next && opt == OPT_OTHER) /* got a flag */
+			continue;
+
+		if (c == '\0') {
+			i++;
+			j = 0;
+			if (!argv[i])
+				dropbear_exit("Missing argument");
+		}
+
+		if (opt == OPT_EXTENDED_OPTIONS) {
+			TRACE(("opt extended"))
+			add_extendedopt(&argv[i][j]);
+		}
+		else
+#if DROPBEAR_CLI_PUBKEY_AUTH
+		if (opt == OPT_AUTHKEY) {
+			TRACE(("opt authkey"))
+			loadidentityfile(&argv[i][j], 1);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+		if (opt == OPT_REMOTETCPFWD) {
+			TRACE(("opt remotetcpfwd"))
+			addforward(&argv[i][j], cli_opts.remotefwds);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_LOCALTCPFWD
+		if (opt == OPT_LOCALTCPFWD) {
+			TRACE(("opt localtcpfwd"))
+			addforward(&argv[i][j], cli_opts.localfwds);
+		}
+		else
+#endif
+#if DROPBEAR_CLI_NETCAT
+		if (opt == OPT_NETCAT) {
+			TRACE(("opt netcat"))
+			add_netcat(&argv[i][j]);
+		}
+		else
+#endif
+		if (next) {
+			/* The previous flag set a value to assign */
+			*next = &argv[i][j];
+			if (*next == NULL)
+				dropbear_exit("Invalid null argument");
+			next = NULL;
+		}
+	}
+
+	/* Done with options/flags; now handle the hostname (which may not
+	 * start with a hyphen) and optional command */
+
+	if (host_arg == NULL) { /* missing hostname */
+		printhelp();
+		exit(EXIT_FAILURE);
+	}
+	TRACE(("host is: %s", host_arg))
+
+	if (i < (unsigned int)argc) {
+		/* Build the command to send */
+		cmdlen = 0;
+		for (j = i; j < (unsigned int)argc; j++)
+			cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */
+
+		/* Allocate the space */
+		cli_opts.cmd = (char*)m_malloc(cmdlen);
+		cli_opts.cmd[0] = '\0';
+
+		/* Append all the bits */
+		for (j = i; j < (unsigned int)argc; j++) {
+			strlcat(cli_opts.cmd, argv[j], cmdlen);
+			strlcat(cli_opts.cmd, " ", cmdlen);
+		}
+		/* It'll be null-terminated here */
+		TRACE(("cmd is: %s", cli_opts.cmd))
+	}
+
+	/* And now a few sanity checks and setup */
+
+#if DROPBEAR_USER_ALGO_LIST
+	parse_ciphers_macs();
+#endif
+
+#if DROPBEAR_CLI_PROXYCMD                                                                                                                                   
+	if (cli_opts.proxycmd) {
+		/* To match the common path of m_freeing it */
+		cli_opts.proxycmd = m_strdup(cli_opts.proxycmd);
+	}
+#endif
+
+	if (cli_opts.remoteport == NULL) {
+		cli_opts.remoteport = "22";
+	}
+
+	if (bind_arg) {
+		/* split [host][:port] */
+		char *port = strrchr(bind_arg, ':');
+		if (port) {
+			cli_opts.bind_port = m_strdup(port+1);
+			*port = '\0';
+		}
+		if (strlen(bind_arg) > 0) {
+			cli_opts.bind_address = m_strdup(bind_arg);
+		}
+	}
+
+	/* If not explicitly specified with -t or -T, we don't want a pty if
+	 * there's a command, but we do otherwise */
+	if (cli_opts.wantpty == 9) {
+		if (cli_opts.cmd == NULL) {
+			cli_opts.wantpty = 1;
+		} else {
+			cli_opts.wantpty = 0;
+		}
+	}
+
+	if (cli_opts.backgrounded && cli_opts.cmd == NULL
+			&& cli_opts.no_cmd == 0) {
+		dropbear_exit("Command required for -f");
+	}
+	
+	if (recv_window_arg) {
+		opts.recv_window = atol(recv_window_arg);
+		if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
+			dropbear_exit("Bad recv window '%s'", recv_window_arg);
+		}
+	}
+	if (keepalive_arg) {
+		unsigned int val;
+		if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
+			dropbear_exit("Bad keepalive '%s'", keepalive_arg);
+		}
+		opts.keepalive_secs = val;
+	}
+
+	if (idle_timeout_arg) {
+		unsigned int val;
+		if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
+			dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
+		}
+		opts.idle_timeout_secs = val;
+	}
+
+#if DROPBEAR_CLI_NETCAT
+	if (cli_opts.cmd && cli_opts.netcat_host) {
+		dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);
+	}
+#endif
+
+#if (DROPBEAR_CLI_PUBKEY_AUTH)
+	{
+		char *expand_path = expand_homedir_path(DROPBEAR_DEFAULT_CLI_AUTHKEY);
+		loadidentityfile(expand_path, 0);
+		m_free(expand_path);
+	}
+#endif
+
+	/* The hostname gets set up last, since
+	 * in multi-hop mode it will require knowledge
+	 * of other flags such as -i */
+#if DROPBEAR_CLI_MULTIHOP
+	parse_multihop_hostname(host_arg, argv[0]);
+#else
+	parse_hostname(host_arg);
+#endif
+}
+
+#if DROPBEAR_CLI_PUBKEY_AUTH
+static void loadidentityfile(const char* filename, int warnfail) {
+	sign_key *key;
+	enum signkey_type keytype;
+
+	TRACE(("loadidentityfile %s", filename))
+
+	key = new_sign_key();
+	keytype = DROPBEAR_SIGNKEY_ANY;
+	if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
+		if (warnfail) {
+			dropbear_log(LOG_WARNING, "Failed loading keyfile '%s'\n", filename);
+		}
+		sign_key_free(key);
+	} else {
+		key->type = keytype;
+		key->source = SIGNKEY_SOURCE_RAW_FILE;
+		key->filename = m_strdup(filename);
+		list_append(cli_opts.privkeys, key);
+	}
+}
+#endif
+
+#if DROPBEAR_CLI_MULTIHOP
+
+static char*
+multihop_passthrough_args() {
+	char *ret;
+	int total;
+	unsigned int len = 0;
+	m_list_elem *iter;
+	/* Fill out -i, -y, -W options that make sense for all
+	 * the intermediate processes */
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
+	{
+		sign_key * key = (sign_key*)iter->item;
+		len += 3 + strlen(key->filename);
+	}
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
+
+	len += 30; /* space for -W <size>, terminator. */
+	ret = m_malloc(len);
+	total = 0;
+
+	if (cli_opts.no_hostkey_check)
+	{
+		int written = snprintf(ret+total, len-total, "-y -y ");
+		total += written;
+	}
+	else if (cli_opts.always_accept_key)
+	{
+		int written = snprintf(ret+total, len-total, "-y ");
+		total += written;
+	}
+
+	if (opts.recv_window != DEFAULT_RECV_WINDOW)
+	{
+		int written = snprintf(ret+total, len-total, "-W %u ", opts.recv_window);
+		total += written;
+	}
+
+#if DROPBEAR_CLI_PUBKEY_AUTH
+	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
+	{
+		sign_key * key = (sign_key*)iter->item;
+		const size_t size = len - total;
+		int written = snprintf(ret+total, size, "-i %s ", key->filename);
+		dropbear_assert((unsigned int)written < size);
+		total += written;
+	}
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
+
+	/* if args were passed, total will be not zero, and it will have a space at the end, so remove that */
+	if (total > 0) 
+	{
+		total--;
+	}
+
+	return ret;
+}
+
+/* Sets up 'onion-forwarding' connections. This will spawn
+ * a separate dbclient process for each hop.
+ * As an example, if the cmdline is
+ *   dbclient wrt,madako,canyons
+ * then we want to run:
+ *   dbclient -J "dbclient -B canyons:22 wrt,madako" canyons
+ * and then the inner dbclient will recursively run:
+ *   dbclient -J "dbclient -B madako:22 wrt" madako
+ * etc for as many hosts as we want.
+ *
+ * Ports for hosts can be specified as host/port.
+ */
+static void parse_multihop_hostname(const char* orighostarg, const char* argv0) {
+	char *userhostarg = NULL;
+	char *hostbuf = NULL;
+	char *last_hop = NULL;
+	char *remainder = NULL;
+
+	/* both scp and rsync parse a user@host argument
+	 * and turn it into "-l user host". This breaks
+	 * for our multihop syntax, so we suture it back together.
+	 * This will break usernames that have both '@' and ',' in them,
+	 * though that should be fairly uncommon. */
+	if (cli_opts.username 
+			&& strchr(cli_opts.username, ',') 
+			&& strchr(cli_opts.username, '@')) {
+		unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2;
+		hostbuf = m_malloc(len);
+		snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg);
+	} else {
+		hostbuf = m_strdup(orighostarg);
+	}
+	userhostarg = hostbuf;
+
+	last_hop = strrchr(userhostarg, ',');
+	if (last_hop) {
+		if (last_hop == userhostarg) {
+			dropbear_exit("Bad multi-hop hostnames");
+		}
+		*last_hop = '\0';
+		last_hop++;
+		remainder = userhostarg;
+		userhostarg = last_hop;
+	}
+
+	parse_hostname(userhostarg);
+
+	if (last_hop) {
+		/* Set up the proxycmd */
+		unsigned int cmd_len = 0;
+		char *passthrough_args = multihop_passthrough_args();
+		if (cli_opts.proxycmd) {
+			dropbear_exit("-J can't be used with multihop mode");
+		}
+		if (cli_opts.remoteport == NULL) {
+			cli_opts.remoteport = "22";
+		}
+		cmd_len = strlen(argv0) + strlen(remainder) 
+			+ strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport)
+			+ strlen(passthrough_args)
+			+ 30;
+		cli_opts.proxycmd = m_malloc(cmd_len);
+		snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", 
+				argv0, cli_opts.remotehost, cli_opts.remoteport, 
+				passthrough_args, remainder);
+#ifndef DISABLE_ZLIB
+		/* The stream will be incompressible since it's encrypted. */
+		opts.compress_mode = DROPBEAR_COMPRESS_OFF;
+#endif
+		m_free(passthrough_args);
+	}
+	m_free(hostbuf);
+}
+#endif /* !DROPBEAR_CLI_MULTIHOP */
+
+/* Parses a [user@]hostname[/port] argument. */
+static void parse_hostname(const char* orighostarg) {
+	char *userhostarg = NULL;
+	char *port = NULL;
+
+	userhostarg = m_strdup(orighostarg);
+
+	cli_opts.remotehost = strchr(userhostarg, '@');
+	if (cli_opts.remotehost == NULL) {
+		/* no username portion, the cli-auth.c code can figure the
+		 * local user's name */
+		cli_opts.remotehost = userhostarg;
+	} else {
+		cli_opts.remotehost[0] = '\0'; /* Split the user/host */
+		cli_opts.remotehost++;
+		cli_opts.username = userhostarg;
+	}
+
+	if (cli_opts.username == NULL) {
+		cli_opts.username = m_strdup(cli_opts.own_user);
+	}
+
+	port = strchr(cli_opts.remotehost, '^');
+	if (!port)  {
+		/* legacy separator */
+		port = strchr(cli_opts.remotehost, '/');
+	}
+	if (port) {
+		*port = '\0';
+		cli_opts.remoteport = port+1;
+	}
+
+	if (cli_opts.remotehost[0] == '\0') {
+		dropbear_exit("Bad hostname");
+	}
+}
+
+#if DROPBEAR_CLI_NETCAT
+static void add_netcat(const char* origstr) {
+	char *portstr = NULL;
+	
+	char * str = m_strdup(origstr);
+	
+	portstr = strchr(str, ':');
+	if (portstr == NULL) {
+		TRACE(("No netcat port"))
+		goto fail;
+	}
+	*portstr = '\0';
+	portstr++;
+	
+	if (strchr(portstr, ':')) {
+		TRACE(("Multiple netcat colons"))
+		goto fail;
+	}
+	
+	if (m_str_to_uint(portstr, &cli_opts.netcat_port) == DROPBEAR_FAILURE) {
+		TRACE(("bad netcat port"))
+		goto fail;
+	}
+	
+	if (cli_opts.netcat_port > 65535) {
+		TRACE(("too large netcat port"))
+		goto fail;
+	}
+	
+	cli_opts.netcat_host = str;
+	return;
+	
+fail:
+	dropbear_exit("Bad netcat endpoint '%s'", origstr);
+}
+#endif
+
+static void fill_own_user() {
+	uid_t uid;
+	struct passwd *pw = NULL; 
+
+	uid = getuid();
+
+	pw = getpwuid(uid);
+	if (pw && pw->pw_name != NULL) {
+		cli_opts.own_user = m_strdup(pw->pw_name);
+	} else {
+		dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway.");
+		cli_opts.own_user = m_strdup("unknown");
+	}
+
+}
+
+#if DROPBEAR_CLI_ANYTCPFWD
+/* Turn a "[listenaddr:]listenport:remoteaddr:remoteport" string into into a forwarding
+ * set, and add it to the forwarding list */
+static void addforward(const char* origstr, m_list *fwdlist) {
+
+	char *part1 = NULL, *part2 = NULL, *part3 = NULL, *part4 = NULL;
+	char * listenaddr = NULL;
+	char * listenport = NULL;
+	char * connectaddr = NULL;
+	char * connectport = NULL;
+	struct TCPFwdEntry* newfwd = NULL;
+	char * str = NULL;
+
+	TRACE(("enter addforward"))
+
+	/* We need to split the original argument up. This var
+	   is never free()d. */ 
+	str = m_strdup(origstr);
+
+	part1 = str;
+
+	part2 = strchr(str, ':');
+	if (part2 == NULL) {
+		TRACE(("part2 == NULL"))
+		goto fail;
+	}
+	*part2 = '\0';
+	part2++;
+
+	part3 = strchr(part2, ':');
+	if (part3 == NULL) {
+		TRACE(("part3 == NULL"))
+		goto fail;
+	}
+	*part3 = '\0';
+	part3++;
+
+	part4 = strchr(part3, ':');
+	if (part4) {
+		*part4 = '\0';
+		part4++;
+	}
+
+	if (part4) {
+		listenaddr = part1;
+		listenport = part2;
+		connectaddr = part3;
+		connectport = part4;
+	} else {
+		listenaddr = NULL;
+		listenport = part1;
+		connectaddr = part2;
+		connectport = part3;
+	}
+
+	newfwd = m_malloc(sizeof(struct TCPFwdEntry));
+
+	/* Now we check the ports - note that the port ints are unsigned,
+	 * the check later only checks for >= MAX_PORT */
+	if (m_str_to_uint(listenport, &newfwd->listenport) == DROPBEAR_FAILURE) {
+		TRACE(("bad listenport strtoul"))
+		goto fail;
+	}
+
+	if (m_str_to_uint(connectport, &newfwd->connectport) == DROPBEAR_FAILURE) {
+		TRACE(("bad connectport strtoul"))
+		goto fail;
+	}
+
+	newfwd->listenaddr = listenaddr;
+	newfwd->connectaddr = connectaddr;
+
+	if (newfwd->listenport > 65535) {
+		TRACE(("listenport > 65535"))
+		goto badport;
+	}
+		
+	if (newfwd->connectport > 65535) {
+		TRACE(("connectport > 65535"))
+		goto badport;
+	}
+
+	newfwd->have_reply = 0;
+	list_append(fwdlist, newfwd);
+
+	TRACE(("leave addforward: done"))
+	return;
+
+fail:
+	dropbear_exit("Bad TCP forward '%s'", origstr);
+
+badport:
+	dropbear_exit("Bad TCP port in '%s'", origstr);
+}
+#endif
+
+static int match_extendedopt(const char** strptr, const char *optname) {
+	int seen_eq = 0;
+	int optlen = strlen(optname);
+	const char *str = *strptr;
+
+	while (isspace(*str)) {
+		++str;
+	}
+
+	if (strncasecmp(str, optname, optlen) != 0) {
+		return DROPBEAR_FAILURE;
+	}
+
+	str += optlen;
+
+	while (isspace(*str) || (!seen_eq && *str == '=')) {
+		if (*str == '=') {
+			seen_eq = 1;
+		}
+		++str;
+	}
+
+	if (str-*strptr == optlen) {
+		/* matched just a prefix of optname */
+		return DROPBEAR_FAILURE;
+	}
+
+	*strptr = str;
+	return DROPBEAR_SUCCESS;
+}
+
+static int parse_flag_value(const char *value) {
+	if (strcmp(value, "yes") == 0 || strcmp(value, "true") == 0) {
+		return 1;
+	} else if (strcmp(value, "no") == 0 || strcmp(value, "false") == 0) {
+		return 0;
+	}
+
+	dropbear_exit("Bad yes/no argument '%s'", value);
+}
+
+static void add_extendedopt(const char* origstr) {
+	const char *optstr = origstr;
+
+	if (strcmp(origstr, "help") == 0) {
+		dropbear_log(LOG_INFO, "Available options:\n"
+#if DROPBEAR_CLI_ANYTCPFWD
+			"\tExitOnForwardFailure\n"
+#endif
+#ifndef DISABLE_SYSLOG
+			"\tUseSyslog\n"
+#endif
+			"\tPort\n"
+		);
+		exit(EXIT_SUCCESS);
+	}
+
+#if DROPBEAR_CLI_ANYTCPFWD
+	if (match_extendedopt(&optstr, "ExitOnForwardFailure") == DROPBEAR_SUCCESS) {
+		cli_opts.exit_on_fwd_failure = parse_flag_value(optstr);
+		return;
+	}
+#endif
+
+#ifndef DISABLE_SYSLOG
+	if (match_extendedopt(&optstr, "UseSyslog") == DROPBEAR_SUCCESS) {
+		opts.usingsyslog = parse_flag_value(optstr);
+		return;
+	}
+#endif
+
+	if (match_extendedopt(&optstr, "Port") == DROPBEAR_SUCCESS) {
+		cli_opts.remoteport = optstr;
+		return;
+	}
+
+	dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
+}

cli-session.c

@@ -0,0 +1,406 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "session.h"
+#include "dbutil.h"
+#include "kex.h"
+#include "ssh.h"
+#include "packet.h"
+#include "tcpfwd.h"
+#include "channel.h"
+#include "dbrandom.h"
+#include "service.h"
+#include "runopts.h"
+#include "chansession.h"
+#include "agentfwd.h"
+#include "crypto_desc.h"
+#include "netio.h"
+
+static void cli_remoteclosed(void) ATTRIB_NORETURN;
+static void cli_sessionloop(void);
+static void cli_session_init(pid_t proxy_cmd_pid);
+static void cli_finished(void) ATTRIB_NORETURN;
+static void recv_msg_service_accept(void);
+static void cli_session_cleanup(void);
+static void recv_msg_global_request_cli(void);
+
+struct clientsession cli_ses; /* GLOBAL */
+
+/* Sorted in decreasing frequency will be more efficient - data and window
+ * should be first */
+static const packettype cli_packettypes[] = {
+	/* TYPE, FUNCTION */
+	{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
+	{SSH_MSG_CHANNEL_EXTENDED_DATA, recv_msg_channel_extended_data},
+	{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
+	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, /* client */
+	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, /* client */
+	{SSH_MSG_KEXINIT, recv_msg_kexinit},
+	{SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, /* client */
+	{SSH_MSG_NEWKEYS, recv_msg_newkeys},
+	{SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, /* client */
+	{SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
+	{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
+	{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
+	{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
+	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
+	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
+	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
+	{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
+	{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli},
+	{SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
+	{SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
+#if DROPBEAR_CLI_REMOTETCPFWD
+	{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
+	{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
+#else
+	/* For keepalive */
+	{SSH_MSG_REQUEST_SUCCESS, ignore_recv_response},
+	{SSH_MSG_REQUEST_FAILURE, ignore_recv_response},
+#endif
+	{0, NULL} /* End */
+};
+
+static const struct ChanType *cli_chantypes[] = {
+#if DROPBEAR_CLI_REMOTETCPFWD
+	&cli_chan_tcpremote,
+#endif
+#if DROPBEAR_CLI_AGENTFWD
+	&cli_chan_agent,
+#endif
+	NULL /* Null termination */
+};
+
+void cli_connected(int result, int sock, void* userdata, const char *errstring)
+{
+	struct sshsession *myses = userdata;
+	if (result == DROPBEAR_FAILURE) {
+		dropbear_exit("Connect failed: %s", errstring);
+	}
+	myses->sock_in = myses->sock_out = sock;
+	update_channel_prio();
+}
+
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) {
+
+	common_session_init(sock_in, sock_out);
+
+	if (progress) {
+		connect_set_writequeue(progress, &ses.writequeue);
+	}
+
+	chaninitialise(cli_chantypes);
+
+	/* Set up cli_ses vars */
+	cli_session_init(proxy_cmd_pid);
+
+	/* Ready to go */
+	ses.init_done = 1;
+
+	/* Exchange identification */
+	send_session_identification();
+
+	kexfirstinitialise(); /* initialise the kex state */
+
+	send_msg_kexinit();
+
+	session_loop(cli_sessionloop);
+
+	/* Not reached */
+
+}
+
+#if DROPBEAR_KEX_FIRST_FOLLOWS
+static void cli_send_kex_first_guess() {
+	send_msg_kexdh_init();
+}
+#endif
+
+static void cli_session_init(pid_t proxy_cmd_pid) {
+
+	cli_ses.state = STATE_NOTHING;
+	cli_ses.kex_state = KEX_NOTHING;
+
+	cli_ses.tty_raw_mode = 0;
+	cli_ses.winchange = 0;
+
+	/* We store std{in,out,err}'s flags, so we can set them back on exit
+	 * (otherwise busybox's ash isn't happy */
+	cli_ses.stdincopy = dup(STDIN_FILENO);
+	cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0);
+	cli_ses.stdoutcopy = dup(STDOUT_FILENO);
+	cli_ses.stdoutflags = fcntl(STDOUT_FILENO, F_GETFL, 0);
+	cli_ses.stderrcopy = dup(STDERR_FILENO);
+	cli_ses.stderrflags = fcntl(STDERR_FILENO, F_GETFL, 0);
+
+	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
+									  specific exit status */
+	cli_ses.proxy_cmd_pid = proxy_cmd_pid;
+	TRACE(("proxy command PID='%d'", proxy_cmd_pid));
+
+	/* Auth */
+	cli_ses.lastprivkey = NULL;
+	cli_ses.lastauthtype = 0;
+
+	/* For printing "remote host closed" for the user */
+	ses.remoteclosed = cli_remoteclosed;
+
+	ses.extra_session_cleanup = cli_session_cleanup;
+
+	/* packet handlers */
+	ses.packettypes = cli_packettypes;
+
+	ses.isserver = 0;
+
+#if DROPBEAR_KEX_FIRST_FOLLOWS
+	ses.send_kex_first_guess = cli_send_kex_first_guess;
+#endif
+
+}
+
+static void send_msg_service_request(const char* servicename) {
+
+	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
+
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST);
+	buf_putstring(ses.writepayload, servicename, strlen(servicename));
+
+	encrypt_packet();
+	TRACE(("leave send_msg_service_request"))
+}
+
+static void recv_msg_service_accept(void) {
+	/* do nothing, if it failed then the server MUST have disconnected */
+}
+
+/* This function drives the progress of the session - it initiates KEX,
+ * service, userauth and channel requests */
+static void cli_sessionloop() {
+
+	TRACE2(("enter cli_sessionloop"))
+
+	if (ses.lastpacket == 0) {
+		TRACE2(("exit cli_sessionloop: no real packets yet"))
+		return;
+	}
+
+	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
+		/* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT
+		 * negotiation would have failed. */
+		if (!ses.kexstate.our_first_follows_matches) {
+			send_msg_kexdh_init();
+		}
+		cli_ses.kex_state = KEXDH_INIT_SENT;			
+		TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD"))
+		return;
+	}
+
+	/* A KEX has finished, so we should go back to our KEX_NOTHING state */
+	if (cli_ses.kex_state != KEX_NOTHING && ses.kexstate.sentnewkeys) {
+		cli_ses.kex_state = KEX_NOTHING;
+	}
+
+	/* We shouldn't do anything else if a KEX is in progress */
+	if (cli_ses.kex_state != KEX_NOTHING) {
+		TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING"))
+		return;
+	}
+
+	if (ses.kexstate.donefirstkex == 0) {
+		/* We might reach here if we have partial packet reads or have
+		 * received SSG_MSG_IGNORE etc. Just skip it */
+		TRACE2(("donefirstkex false\n"))
+		return;
+	}
+
+	switch (cli_ses.state) {
+
+		case STATE_NOTHING:
+			/* We've got the transport layer sorted, we now need to request
+			 * userauth */
+			send_msg_service_request(SSH_SERVICE_USERAUTH);
+			cli_auth_getmethods();
+			cli_ses.state = USERAUTH_REQ_SENT;
+			TRACE(("leave cli_sessionloop: sent userauth methods req"))
+			return;
+
+		case USERAUTH_REQ_SENT:
+			TRACE(("leave cli_sessionloop: waiting, req_sent"))
+			return;
+			
+		case USERAUTH_FAIL_RCVD:
+			if (cli_auth_try() == DROPBEAR_FAILURE) {
+				dropbear_exit("No auth methods could be used.");
+			}
+			cli_ses.state = USERAUTH_REQ_SENT;
+			TRACE(("leave cli_sessionloop: cli_auth_try"))
+			return;
+
+		case USERAUTH_SUCCESS_RCVD:
+#ifndef DISABLE_SYSLOG
+			if (opts.usingsyslog) {
+				dropbear_log(LOG_INFO, "Authentication succeeded.");
+			}
+#endif
+
+			if (cli_opts.backgrounded) {
+				int devnull;
+				/* keeping stdin open steals input from the terminal and
+				   is confusing, though stdout/stderr could be useful. */
+				devnull = open(DROPBEAR_PATH_DEVNULL, O_RDONLY);
+				if (devnull < 0) {
+					dropbear_exit("Opening /dev/null: %d %s",
+							errno, strerror(errno));
+				}
+				dup2(devnull, STDIN_FILENO);
+				if (daemon(0, 1) < 0) {
+					dropbear_exit("Backgrounding failed: %d %s", 
+							errno, strerror(errno));
+				}
+			}
+			
+#if DROPBEAR_CLI_NETCAT
+			if (cli_opts.netcat_host) {
+				cli_send_netcat_request();
+			} else 
+#endif
+			if (!cli_opts.no_cmd) {
+				cli_send_chansess_request();
+			}
+
+#if DROPBEAR_CLI_LOCALTCPFWD
+			setup_localtcp();
+#endif
+#if DROPBEAR_CLI_REMOTETCPFWD
+			setup_remotetcp();
+#endif
+
+			TRACE(("leave cli_sessionloop: running"))
+			cli_ses.state = SESSION_RUNNING;
+			return;
+
+		case SESSION_RUNNING:
+			if (ses.chancount < 1 && !cli_opts.no_cmd) {
+				cli_finished();
+			}
+
+			if (cli_ses.winchange) {
+				cli_chansess_winchange();
+			}
+			return;
+
+		/* XXX more here needed */
+
+
+	default:
+		break;
+	}
+
+	TRACE2(("leave cli_sessionloop: fell out"))
+
+}
+
+void kill_proxy_command(void) {
+	/*
+	 * Send SIGHUP to proxy command if used. We don't wait() in
+	 * case it hangs and instead rely on init to reap the child
+	 */
+	if (cli_ses.proxy_cmd_pid > 1) {
+		TRACE(("killing proxy command with PID='%d'", cli_ses.proxy_cmd_pid));
+		kill(cli_ses.proxy_cmd_pid, SIGHUP);
+	}
+}
+
+static void cli_session_cleanup(void) {
+
+	if (!ses.init_done) {
+		return;
+	}
+
+	kill_proxy_command();
+
+	/* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if
+	 * we don't revert the flags */
+	/* Ignore return value since there's nothing we can do */
+	(void)fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
+	(void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
+	(void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
+
+	cli_tty_cleanup();
+
+}
+
+static void cli_finished() {
+	TRACE(("cli_finised()"))
+
+	session_cleanup();
+	fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username,
+			cli_opts.remotehost, cli_opts.remoteport);
+	exit(cli_ses.retval);
+}
+
+
+/* called when the remote side closes the connection */
+static void cli_remoteclosed() {
+
+	/* XXX TODO perhaps print a friendlier message if we get this but have
+	 * already sent/received disconnect message(s) ??? */
+	m_close(ses.sock_in);
+	m_close(ses.sock_out);
+	ses.sock_in = -1;
+	ses.sock_out = -1;
+	dropbear_exit("Remote closed the connection");
+}
+
+/* Operates in-place turning dirty (untrusted potentially containing control
+ * characters) text into clean text. 
+ * Note: this is safe only with ascii - other charsets could have problems. */
+void cleantext(char* dirtytext) {
+
+	unsigned int i, j;
+	char c;
+
+	j = 0;
+	for (i = 0; dirtytext[i] != '\0'; i++) {
+
+		c = dirtytext[i];
+		/* We can ignore '\r's */
+		if ( (c >= ' ' && c <= '~') || c == '\n' || c == '\t') {
+			dirtytext[j] = c;
+			j++;
+		}
+	}
+	/* Null terminate */
+	dirtytext[j] = '\0';
+}
+
+static void recv_msg_global_request_cli(void) {
+	TRACE(("recv_msg_global_request_cli"))
+	/* Send a proper rejection */
+	send_msg_request_failure();
+}

cli-tcpfwd.c

@@ -0,0 +1,289 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "tcpfwd.h"
+#include "channel.h"
+#include "runopts.h"
+#include "session.h"
+#include "ssh.h"
+#include "netio.h"
+
+#if DROPBEAR_CLI_REMOTETCPFWD
+static int newtcpforwarded(struct Channel * channel);
+
+const struct ChanType cli_chan_tcpremote = {
+	1, /* sepfds */
+	"forwarded-tcpip",
+	newtcpforwarded,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+#endif
+
+#if DROPBEAR_CLI_LOCALTCPFWD
+static int cli_localtcp(const char* listenaddr, 
+		unsigned int listenport, 
+		const char* remoteaddr,
+		unsigned int remoteport);
+static const struct ChanType cli_chan_tcplocal = {
+	1, /* sepfds */
+	"direct-tcpip",
+	tcp_prio_inithandler,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+#endif
+
+#if DROPBEAR_CLI_ANYTCPFWD
+static void fwd_failed(const char* format, ...) ATTRIB_PRINTF(1,2);
+static void fwd_failed(const char* format, ...)
+{
+	va_list param;
+	va_start(param, format);
+
+	if (cli_opts.exit_on_fwd_failure) {
+		_dropbear_exit(EXIT_FAILURE, format, param);
+	} else {
+		_dropbear_log(LOG_WARNING, format, param);
+	}
+
+	va_end(param);
+}
+#endif
+
+#if DROPBEAR_CLI_LOCALTCPFWD
+void setup_localtcp() {
+	m_list_elem *iter;
+	int ret;
+
+	TRACE(("enter setup_localtcp"))
+
+	for (iter = cli_opts.localfwds->first; iter; iter = iter->next) {
+		struct TCPFwdEntry * fwd = (struct TCPFwdEntry*)iter->item;
+		ret = cli_localtcp(
+				fwd->listenaddr,
+				fwd->listenport,
+				fwd->connectaddr,
+				fwd->connectport);
+		if (ret == DROPBEAR_FAILURE) {
+			fwd_failed("Failed local port forward %s:%d:%s:%d",
+					fwd->listenaddr,
+					fwd->listenport,
+					fwd->connectaddr,
+					fwd->connectport);
+		}		
+	}
+	TRACE(("leave setup_localtcp"))
+
+}
+
+static int cli_localtcp(const char* listenaddr, 
+		unsigned int listenport, 
+		const char* remoteaddr,
+		unsigned int remoteport) {
+
+	struct TCPListener* tcpinfo = NULL;
+	int ret;
+
+	TRACE(("enter cli_localtcp: %d %s %d", listenport, remoteaddr,
+				remoteport));
+
+	tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener));
+
+	tcpinfo->sendaddr = m_strdup(remoteaddr);
+	tcpinfo->sendport = remoteport;
+
+	if (listenaddr)
+	{
+		tcpinfo->listenaddr = m_strdup(listenaddr);
+	}
+	else
+	{
+		if (opts.listen_fwd_all) {
+			tcpinfo->listenaddr = m_strdup("");
+		} else {
+			tcpinfo->listenaddr = m_strdup("localhost");
+		}
+	}
+	tcpinfo->listenport = listenport;
+
+	tcpinfo->chantype = &cli_chan_tcplocal;
+	tcpinfo->tcp_type = direct;
+
+	ret = listen_tcpfwd(tcpinfo, NULL);
+
+	if (ret == DROPBEAR_FAILURE) {
+		m_free(tcpinfo);
+	}
+	TRACE(("leave cli_localtcp: %d", ret))
+	return ret;
+}
+#endif /* DROPBEAR_CLI_LOCALTCPFWD */
+
+#if DROPBEAR_CLI_REMOTETCPFWD
+static void send_msg_global_request_remotetcp(const char *addr, int port) {
+
+	TRACE(("enter send_msg_global_request_remotetcp"))
+
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
+	buf_putstring(ses.writepayload, "tcpip-forward", 13);
+	buf_putbyte(ses.writepayload, 1); /* want_reply */
+	buf_putstring(ses.writepayload, addr, strlen(addr));
+	buf_putint(ses.writepayload, port);
+
+	encrypt_packet();
+
+	TRACE(("leave send_msg_global_request_remotetcp"))
+}
+
+/* The only global success/failure messages are for remotetcp.
+ * Since there isn't any identifier in these messages, we have to rely on them
+ * being in the same order as we sent the requests. This is the ordering
+ * of the cli_opts.remotefwds list.
+ * If the requested remote port is 0 the listen port will be
+ * dynamically allocated by the server and the port number will be returned
+ * to client and the port number reported to the user. */
+void cli_recv_msg_request_success() {
+	/* We just mark off that we have received the reply,
+	 * so that we can report failure for later ones. */
+	m_list_elem * iter = NULL;
+	for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) {
+		struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item;
+		if (!fwd->have_reply) {
+			fwd->have_reply = 1;
+			if (fwd->listenport == 0) {
+				/* The server should let us know which port was allocated if we requested port 0 */
+				int allocport = buf_getint(ses.payload);
+				if (allocport > 0) {
+					fwd->listenport = allocport;
+					dropbear_log(LOG_INFO, "Allocated port %d for remote forward to %s:%d", 
+							allocport, fwd->connectaddr, fwd->connectport);
+				}
+			}
+			return;
+		}
+	}
+}
+
+void cli_recv_msg_request_failure() {
+	m_list_elem *iter;
+	for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) {
+		struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item;
+		if (!fwd->have_reply) {
+			fwd->have_reply = 1;
+			fwd_failed("Remote TCP forward request failed (port %d -> %s:%d)",
+					fwd->listenport,
+					fwd->connectaddr,
+					fwd->connectport);
+			return;
+		}
+	}
+}
+
+void setup_remotetcp() {
+	m_list_elem *iter;
+	TRACE(("enter setup_remotetcp"))
+
+	for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) {
+		struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item;
+		if (!fwd->listenaddr)
+		{
+			/* we store the addresses so that we can compare them
+			   when the server sends them back */
+			if (opts.listen_fwd_all) {
+				fwd->listenaddr = m_strdup("");
+			} else {
+				fwd->listenaddr = m_strdup("localhost");
+			}
+		}
+		send_msg_global_request_remotetcp(fwd->listenaddr, fwd->listenport);
+	}
+
+	TRACE(("leave setup_remotetcp"))
+}
+
+static int newtcpforwarded(struct Channel * channel) {
+
+	char *origaddr = NULL;
+	unsigned int origport;
+	m_list_elem * iter = NULL;
+	struct TCPFwdEntry *fwd = NULL;
+	char portstring[NI_MAXSERV];
+	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
+
+	origaddr = buf_getstring(ses.payload, NULL);
+	origport = buf_getint(ses.payload);
+
+	/* Find which port corresponds. First try and match address as well as port,
+	in case they want to forward different ports separately ... */
+	for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) {
+		fwd = (struct TCPFwdEntry*)iter->item;
+		if (origport == fwd->listenport
+				&& strcmp(origaddr, fwd->listenaddr) == 0) {
+			break;
+		}
+	}
+
+	if (!iter)
+	{
+		/* ... otherwise try to generically match the only forwarded port 
+		without address (also handles ::1 vs 127.0.0.1 vs localhost case).
+		rfc4254 is vague about the definition of "address that was connected" */
+		for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) {
+			fwd = (struct TCPFwdEntry*)iter->item;
+			if (origport == fwd->listenport) {
+				break;
+			}
+		}
+	}
+
+
+	if (iter == NULL || fwd == NULL) {
+		/* We didn't request forwarding on that port */
+		cleantext(origaddr);
+		dropbear_log(LOG_INFO, "Server sent unrequested forward from \"%s:%d\"", 
+                origaddr, origport);
+		goto out;
+	}
+	
+	snprintf(portstring, sizeof(portstring), "%u", fwd->connectport);
+	channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel, NULL, NULL);
+
+	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
+	
+	err = SSH_OPEN_IN_PROGRESS;
+
+out:
+	m_free(origaddr);
+	TRACE(("leave newtcpdirect: err %d", err))
+	return err;
+}
+#endif /* DROPBEAR_CLI_REMOTETCPFWD */

common-algo.c

@@ -0,0 +1,544 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "algo.h"
+#include "session.h"
+#include "dbutil.h"
+#include "dh_groups.h"
+#include "ltc_prng.h"
+#include "ecc.h"
+
+/* This file (algo.c) organises the ciphers which can be used, and is used to
+ * decide which ciphers/hashes/compression/signing to use during key exchange*/
+
+static int void_cipher(const unsigned char* in, unsigned char* out,
+		unsigned long len, void* UNUSED(cipher_state)) {
+	if (in != out) {
+		memmove(out, in, len);
+	}
+	return CRYPT_OK;
+}
+
+static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV), 
+			const unsigned char* UNUSED(key), 
+			int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) {
+	return CRYPT_OK;
+}
+
+/* Mappings for ciphers, parameters are
+   {&cipher_desc, keysize, blocksize} */
+
+/* Remember to add new ciphers/hashes to regciphers/reghashes too */
+
+#if DROPBEAR_AES256
+static const struct dropbear_cipher dropbear_aes256 = 
+	{&aes_desc, 32, 16};
+#endif
+#if DROPBEAR_AES128
+static const struct dropbear_cipher dropbear_aes128 = 
+	{&aes_desc, 16, 16};
+#endif
+#if DROPBEAR_BLOWFISH
+static const struct dropbear_cipher dropbear_blowfish = 
+	{&blowfish_desc, 16, 8};
+#endif
+#if DROPBEAR_TWOFISH256
+static const struct dropbear_cipher dropbear_twofish256 = 
+	{&twofish_desc, 32, 16};
+#endif
+#if DROPBEAR_TWOFISH128
+static const struct dropbear_cipher dropbear_twofish128 = 
+	{&twofish_desc, 16, 16};
+#endif
+#if DROPBEAR_3DES
+static const struct dropbear_cipher dropbear_3des = 
+	{&des3_desc, 24, 8};
+#endif
+
+/* used to indicate no encryption, as defined in rfc2410 */
+const struct dropbear_cipher dropbear_nocipher =
+	{NULL, 16, 8}; 
+
+/* A few void* s are required to silence warnings
+ * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
+#if DROPBEAR_ENABLE_CBC_MODE
+const struct dropbear_cipher_mode dropbear_mode_cbc =
+	{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
+
+const struct dropbear_cipher_mode dropbear_mode_none =
+	{void_start, void_cipher, void_cipher};
+
+#if DROPBEAR_ENABLE_CTR_MODE
+/* a wrapper to make ctr_start and cbc_start look the same */
+static int dropbear_big_endian_ctr_start(int cipher, 
+		const unsigned char *IV, 
+		const unsigned char *key, int keylen, 
+		int num_rounds, symmetric_CTR *ctr) {
+	return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr);
+}
+const struct dropbear_cipher_mode dropbear_mode_ctr =
+	{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
+#endif /* DROPBEAR_ENABLE_CTR_MODE */
+
+/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
+   {&hash_desc, keysize, hashsize} */
+
+#if DROPBEAR_SHA1_HMAC
+static const struct dropbear_hash dropbear_sha1 = 
+	{&sha1_desc, 20, 20};
+#endif
+#if DROPBEAR_SHA1_96_HMAC
+static const struct dropbear_hash dropbear_sha1_96 = 
+	{&sha1_desc, 20, 12};
+#endif
+#if DROPBEAR_SHA2_256_HMAC
+static const struct dropbear_hash dropbear_sha2_256 = 
+	{&sha256_desc, 32, 32};
+#endif
+#if DROPBEAR_SHA2_512_HMAC
+static const struct dropbear_hash dropbear_sha2_512 =
+	{&sha512_desc, 64, 64};
+#endif
+#if DROPBEAR_MD5_HMAC
+static const struct dropbear_hash dropbear_md5 = 
+	{&md5_desc, 16, 16};
+#endif
+
+const struct dropbear_hash dropbear_nohash =
+	{NULL, 16, 0}; /* used initially */
+	
+
+/* The following map ssh names to internal values.
+ * The ordering here is important for the client - the first mode
+ * that is also supported by the server will get used. */
+
+algo_type sshciphers[] = {
+#if DROPBEAR_ENABLE_CTR_MODE
+#if DROPBEAR_AES128
+	{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_AES256
+	{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_TWOFISH_CTR
+/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */
+#if DROPBEAR_TWOFISH256
+	{"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_TWOFISH128
+	{"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr},
+#endif
+#endif /* DROPBEAR_TWOFISH_CTR */
+#endif /* DROPBEAR_ENABLE_CTR_MODE */
+
+#if DROPBEAR_ENABLE_CBC_MODE
+#if DROPBEAR_AES128
+	{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_AES256
+	{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_TWOFISH256
+	{"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
+	{"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_TWOFISH128
+	{"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_3DES
+	{"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
+#endif
+#if DROPBEAR_3DES
+	{"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
+#endif
+#if DROPBEAR_BLOWFISH
+	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
+#endif
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
+	{NULL, 0, NULL, 0, NULL}
+};
+
+algo_type sshhashes[] = {
+#if DROPBEAR_SHA1_96_HMAC
+	{"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL},
+#endif
+#if DROPBEAR_SHA1_HMAC
+	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
+#endif
+#if DROPBEAR_SHA2_256_HMAC
+	{"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL},
+#endif
+#if DROPBEAR_SHA2_512_HMAC
+	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
+#endif
+#if DROPBEAR_MD5_HMAC
+	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
+#endif
+	{NULL, 0, NULL, 0, NULL}
+};
+
+#ifndef DISABLE_ZLIB
+algo_type ssh_compress[] = {
+	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
+	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
+
+algo_type ssh_delaycompress[] = {
+	{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
+#endif
+
+algo_type ssh_nocompress[] = {
+	{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+	{NULL, 0, NULL, 0, NULL}
+};
+
+algo_type sshhostkey[] = {
+#if DROPBEAR_ECDSA
+#if DROPBEAR_ECC_256
+	{"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL},
+#endif
+#if DROPBEAR_ECC_384
+	{"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL},
+#endif
+#if DROPBEAR_ECC_521
+	{"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL},
+#endif
+#endif
+#if DROPBEAR_RSA
+	{"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
+#endif
+#if DROPBEAR_DSS
+	{"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL},
+#endif
+	{NULL, 0, NULL, 0, NULL}
+};
+
+#if DROPBEAR_DH_GROUP1
+static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
+#endif
+#if DROPBEAR_DH_GROUP14_SHA1
+static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
+#endif
+#if DROPBEAR_DH_GROUP14_SHA256
+static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
+#endif
+#if DROPBEAR_DH_GROUP16
+static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
+#endif
+
+/* These can't be const since dropbear_ecc_fill_dp() fills out
+ ecc_curve at runtime */
+#if DROPBEAR_ECDH
+#if DROPBEAR_ECC_256
+static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
+#endif
+#if DROPBEAR_ECC_384
+static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
+#endif
+#if DROPBEAR_ECC_521
+static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
+#endif
+#endif /* DROPBEAR_ECDH */
+
+#if DROPBEAR_CURVE25519
+/* Referred to directly */
+static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
+#endif
+
+algo_type sshkex[] = {
+#if DROPBEAR_CURVE25519
+	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
+	{"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
+#endif
+#if DROPBEAR_ECDH
+#if DROPBEAR_ECC_521
+	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
+#endif
+#if DROPBEAR_ECC_384
+	{"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
+#endif
+#if DROPBEAR_ECC_256
+	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
+#endif
+#endif
+#if DROPBEAR_DH_GROUP14_SHA256
+	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP14_SHA1
+	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP1
+	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP16
+	{"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL},
+#endif
+#if DROPBEAR_KEXGUESS2
+	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
+#endif
+	{NULL, 0, NULL, 0, NULL}
+};
+
+/* algolen specifies the length of algo, algos is our local list to match
+ * against.
+ * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
+ * otherwise */
+int have_algo(const char* algo, size_t algolen, const algo_type algos[]) {
+
+	int i;
+
+	for (i = 0; algos[i].name != NULL; i++) {
+		if (strlen(algos[i].name) == algolen
+				&& (strncmp(algos[i].name, algo, algolen) == 0)) {
+			return DROPBEAR_SUCCESS;
+		}
+	}
+
+	return DROPBEAR_FAILURE;
+}
+
+/* Output a comma separated list of algorithms to a buffer */
+void buf_put_algolist(buffer * buf, const algo_type localalgos[]) {
+
+	unsigned int i, len;
+	unsigned int donefirst = 0;
+	buffer *algolist = NULL;
+
+	algolist = buf_new(300);
+	for (i = 0; localalgos[i].name != NULL; i++) {
+		if (localalgos[i].usable) {
+			if (donefirst)
+				buf_putbyte(algolist, ',');
+			donefirst = 1;
+			len = strlen(localalgos[i].name);
+			buf_putbytes(algolist, (const unsigned char *) localalgos[i].name, len);
+		}
+	}
+	buf_putstring(buf, (const char*)algolist->data, algolist->len);
+	TRACE(("algolist add '%*s'", algolist->len, algolist->data))
+	buf_free(algolist);
+}
+
+/* match the first algorithm in the comma-separated list in buf which is
+ * also in localalgos[], or return NULL on failure.
+ * (*goodguess) is set to 1 if the preferred client/server algos match,
+ * 0 otherwise. This is used for checking if the kexalgo/hostkeyalgos are
+ * guessed correctly */
+algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
+		enum kexguess2_used *kexguess2, int *goodguess)
+{
+
+	char * algolist = NULL;
+	const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO];
+	unsigned int len;
+	unsigned int remotecount, localcount, clicount, servcount, i, j;
+	algo_type * ret = NULL;
+	const char **clinames, **servnames;
+
+	if (goodguess) {
+		*goodguess = 0;
+	}
+
+	/* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */
+	algolist = buf_getstring(buf, &len);
+	TRACE(("buf_match_algo: %s", algolist))
+	if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) {
+		goto out;
+	}
+
+	/* remotenames will contain a list of the strings parsed out */
+	/* We will have at least one string (even if it's just "") */
+	remotenames[0] = algolist;
+	remotecount = 1;
+	for (i = 0; i < len; i++) {
+		if (algolist[i] == '\0') {
+			/* someone is trying something strange */
+			goto out;
+		}
+		if (algolist[i] == ',') {
+			algolist[i] = '\0';
+			remotenames[remotecount] = &algolist[i+1];
+			remotecount++;
+		}
+		if (remotecount >= MAX_PROPOSED_ALGO) {
+			break;
+		}
+	}
+	if (kexguess2 && *kexguess2 == KEXGUESS2_LOOK) {
+		for (i = 0; i < remotecount; i++)
+		{
+			if (strcmp(remotenames[i], KEXGUESS2_ALGO_NAME) == 0) {
+				*kexguess2 = KEXGUESS2_YES;
+				break;
+			}
+		}
+		if (*kexguess2 == KEXGUESS2_LOOK) {
+			*kexguess2 = KEXGUESS2_NO;
+		}
+	}
+
+	for (i = 0; localalgos[i].name != NULL; i++) {
+		if (localalgos[i].usable) {
+			localnames[i] = localalgos[i].name;
+		} else {
+			localnames[i] = NULL;
+		}
+	}
+	localcount = i;
+
+	if (IS_DROPBEAR_SERVER) {
+		clinames = remotenames;
+		clicount = remotecount;
+		servnames = localnames;
+		servcount = localcount;
+	} else {
+		clinames = localnames;
+		clicount = localcount;
+		servnames = remotenames;
+		servcount = remotecount;
+	}
+
+	/* iterate and find the first match */
+	for (i = 0; i < clicount; i++) {
+		for (j = 0; j < servcount; j++) {
+			if (!(servnames[j] && clinames[i])) {
+				/* unusable algos are NULL */
+				continue;
+			}
+			if (strcmp(servnames[j], clinames[i]) == 0) {
+				/* set if it was a good guess */
+				if (goodguess && kexguess2) {
+					if (*kexguess2 == KEXGUESS2_YES) {
+						if (i == 0) {
+							*goodguess = 1;
+						}
+
+					} else {
+						if (i == 0 && j == 0) {
+							*goodguess = 1;
+						}
+					}
+				}
+				/* set the algo to return */
+				if (IS_DROPBEAR_SERVER) {
+					ret = &localalgos[j];
+				} else {
+					ret = &localalgos[i];
+				}
+				goto out;
+			}
+		}
+	}
+
+out:
+	m_free(algolist);
+	return ret;
+}
+
+#if DROPBEAR_USER_ALGO_LIST
+
+char *
+algolist_string(const algo_type algos[])
+{
+	char *ret_list;
+	buffer *b = buf_new(200);
+	buf_put_algolist(b, algos);
+	buf_setpos(b, b->len);
+	buf_putbyte(b, '\0');
+	buf_setpos(b, 4);
+	ret_list = m_strdup((const char *) buf_getptr(b, b->len - b->pos));
+	buf_free(b);
+	return ret_list;
+}
+
+static algo_type*
+check_algo(const char* algo_name, algo_type *algos)
+{
+	algo_type *a;
+	for (a = algos; a->name != NULL; a++)
+	{
+		if (strcmp(a->name, algo_name) == 0)
+		{
+			return a;
+		}
+	}
+
+	return NULL;
+}
+
+/* Checks a user provided comma-separated algorithm list for available
+ * options. Any that are not acceptable are removed in-place. Returns the
+ * number of valid algorithms. */
+int
+check_user_algos(const char* user_algo_list, algo_type * algos, 
+		const char *algo_desc)
+{
+	algo_type new_algos[MAX_PROPOSED_ALGO+1];
+	char *work_list = m_strdup(user_algo_list);
+	char *start = work_list;
+	char *c;
+	int n;
+	/* So we can iterate and look for null terminator */
+	memset(new_algos, 0x0, sizeof(new_algos));
+	for (c = work_list, n = 0; ; c++)
+	{
+		char oc = *c;
+		if (n >= MAX_PROPOSED_ALGO) {
+			dropbear_exit("Too many algorithms '%s'", user_algo_list);
+		}
+		if (*c == ',' || *c == '\0') {
+			algo_type *match_algo = NULL;
+			*c = '\0';
+			match_algo = check_algo(start, algos);
+			if (match_algo) {
+				if (check_algo(start, new_algos)) {
+					TRACE(("Skip repeated algorithm '%s'", start))
+				} else {
+					new_algos[n] = *match_algo;
+					n++;
+				}
+			} else {
+				dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc);
+			}
+			c++;
+			start = c;
+		}
+		if (oc == '\0') {
+			break;
+		}
+	}
+	m_free(work_list);
+	/* n+1 to include a null terminator */
+	memcpy(algos, new_algos, sizeof(*new_algos) * (n+1));
+	return n;
+}
+#endif /* DROPBEAR_USER_ALGO_LIST */

common-chansession.c

@@ -0,0 +1,43 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "chansession.h"
+
+/* Mapping of signal values to ssh signal strings */
+const struct SigMap signames[] = {
+	{SIGABRT, "ABRT"},
+	{SIGALRM, "ALRM"},
+	{SIGFPE, "FPE"},
+	{SIGHUP, "HUP"},
+	{SIGILL, "ILL"},
+	{SIGINT, "INT"},
+	{SIGKILL, "KILL"},
+	{SIGPIPE, "PIPE"},
+	{SIGQUIT, "QUIT"},
+	{SIGSEGV, "SEGV"},
+	{SIGTERM, "TERM"},
+	{SIGUSR1, "USR1"},
+	{SIGUSR2, "USR2"},
+	{0, NULL}
+};

common-kex.c

@@ -0,0 +1,972 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * Portions Copyright (c) 2004 by Mihnea Stoenescu
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "algo.h"
+#include "buffer.h"
+#include "session.h"
+#include "kex.h"
+#include "dh_groups.h"
+#include "ssh.h"
+#include "packet.h"
+#include "bignum.h"
+#include "dbrandom.h"
+#include "runopts.h"
+#include "ecc.h"
+#include "crypto_desc.h"
+
+static void kexinitialise(void);
+static void gen_new_keys(void);
+#ifndef DISABLE_ZLIB
+static void gen_new_zstream_recv(void);
+static void gen_new_zstream_trans(void);
+#endif
+static void read_kex_algos(void);
+/* helper function for gen_new_keys */
+static void hashkeys(unsigned char *out, unsigned int outlen, 
+		const hash_state * hs, const unsigned char X);
+
+
+/* Send our list of algorithms we can use */
+void send_msg_kexinit() {
+
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT);
+
+	/* cookie */
+	genrandom(buf_getwriteptr(ses.writepayload, 16), 16);
+	buf_incrwritepos(ses.writepayload, 16);
+
+	/* kex algos */
+	buf_put_algolist(ses.writepayload, sshkex);
+
+	/* server_host_key_algorithms */
+	buf_put_algolist(ses.writepayload, sshhostkey);
+
+	/* encryption_algorithms_client_to_server */
+	buf_put_algolist(ses.writepayload, sshciphers);
+
+	/* encryption_algorithms_server_to_client */
+	buf_put_algolist(ses.writepayload, sshciphers);
+
+	/* mac_algorithms_client_to_server */
+	buf_put_algolist(ses.writepayload, sshhashes);
+
+	/* mac_algorithms_server_to_client */
+	buf_put_algolist(ses.writepayload, sshhashes);
+
+
+	/* compression_algorithms_client_to_server */
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
+
+	/* compression_algorithms_server_to_client */
+	buf_put_algolist(ses.writepayload, ses.compress_algos);
+
+	/* languages_client_to_server */
+	buf_putstring(ses.writepayload, "", 0);
+
+	/* languages_server_to_client */
+	buf_putstring(ses.writepayload, "", 0);
+
+	/* first_kex_packet_follows */
+	buf_putbyte(ses.writepayload, (ses.send_kex_first_guess != NULL));
+
+	/* reserved unit32 */
+	buf_putint(ses.writepayload, 0);
+
+	/* set up transmitted kex packet buffer for hashing. 
+	 * This is freed after the end of the kex */
+	ses.transkexinit = buf_newcopy(ses.writepayload);
+
+	encrypt_packet();
+	ses.dataallowed = 0; /* don't send other packets during kex */
+
+	ses.kexstate.sentkexinit = 1;
+
+	ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context));
+
+	if (ses.send_kex_first_guess) {
+		ses.newkeys->algo_kex = sshkex[0].data;
+		ses.newkeys->algo_hostkey = sshhostkey[0].val;
+		ses.send_kex_first_guess();
+	}
+
+	TRACE(("DATAALLOWED=0"))
+	TRACE(("-> KEXINIT"))
+
+}
+
+static void switch_keys() {
+	TRACE2(("enter switch_keys"))
+	if (!(ses.kexstate.sentkexinit && ses.kexstate.recvkexinit)) {
+		dropbear_exit("Unexpected newkeys message");
+	}
+
+	if (!ses.keys) {
+		ses.keys = m_malloc(sizeof(*ses.newkeys));
+	}
+	if (ses.kexstate.recvnewkeys && ses.newkeys->recv.valid) {
+		TRACE(("switch_keys recv"))
+#ifndef DISABLE_ZLIB
+		gen_new_zstream_recv();
+#endif
+		ses.keys->recv = ses.newkeys->recv;
+		m_burn(&ses.newkeys->recv, sizeof(ses.newkeys->recv));
+		ses.newkeys->recv.valid = 0;
+	}
+	if (ses.kexstate.sentnewkeys && ses.newkeys->trans.valid) {
+		TRACE(("switch_keys trans"))
+#ifndef DISABLE_ZLIB
+		gen_new_zstream_trans();
+#endif
+		ses.keys->trans = ses.newkeys->trans;
+		m_burn(&ses.newkeys->trans, sizeof(ses.newkeys->trans));
+		ses.newkeys->trans.valid = 0;
+	}
+	if (ses.kexstate.sentnewkeys && ses.kexstate.recvnewkeys)
+	{
+		TRACE(("switch_keys done"))
+		ses.keys->algo_kex = ses.newkeys->algo_kex;
+		ses.keys->algo_hostkey = ses.newkeys->algo_hostkey;
+		ses.keys->allow_compress = 0;
+		m_free(ses.newkeys);
+		ses.newkeys = NULL;
+		kexinitialise();
+	}
+	TRACE2(("leave switch_keys"))
+}
+
+/* Bring new keys into use after a key exchange, and let the client know*/
+void send_msg_newkeys() {
+
+	TRACE(("enter send_msg_newkeys"))
+
+	/* generate the kexinit request */
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS);
+	encrypt_packet();
+
+	
+	/* set up our state */
+	ses.kexstate.sentnewkeys = 1;
+	ses.kexstate.donefirstkex = 1;
+	ses.dataallowed = 1; /* we can send other packets again now */
+	gen_new_keys();
+	switch_keys();
+
+	TRACE(("leave send_msg_newkeys"))
+}
+
+/* Bring the new keys into use after a key exchange */
+void recv_msg_newkeys() {
+
+	TRACE(("enter recv_msg_newkeys"))
+
+	ses.kexstate.recvnewkeys = 1;
+	switch_keys();
+	
+	TRACE(("leave recv_msg_newkeys"))
+}
+
+
+/* Set up the kex for the first time */
+void kexfirstinitialise() {
+	ses.kexstate.donefirstkex = 0;
+
+#ifdef DISABLE_ZLIB
+	ses.compress_algos = ssh_nocompress;
+#else
+	switch (opts.compress_mode)
+	{
+		case DROPBEAR_COMPRESS_DELAYED:
+			ses.compress_algos = ssh_delaycompress;
+			break;
+
+		case DROPBEAR_COMPRESS_ON:
+			ses.compress_algos = ssh_compress;
+			break;
+
+		case DROPBEAR_COMPRESS_OFF:
+			ses.compress_algos = ssh_nocompress;
+			break;
+	}
+#endif
+	kexinitialise();
+}
+
+/* Reset the kex state, ready for a new negotiation */
+static void kexinitialise() {
+
+	TRACE(("kexinitialise()"))
+
+	/* sent/recv'd MSG_KEXINIT */
+	ses.kexstate.sentkexinit = 0;
+	ses.kexstate.recvkexinit = 0;
+
+	/* sent/recv'd MSG_NEWKEYS */
+	ses.kexstate.recvnewkeys = 0;
+	ses.kexstate.sentnewkeys = 0;
+
+	/* first_packet_follows */
+	ses.kexstate.them_firstfollows = 0;
+
+	ses.kexstate.datatrans = 0;
+	ses.kexstate.datarecv = 0;
+
+	ses.kexstate.our_first_follows_matches = 0;
+
+	ses.kexstate.lastkextime = monotonic_now();
+
+}
+
+/* Helper function for gen_new_keys, creates a hash. It makes a copy of the
+ * already initialised hash_state hs, which should already have processed
+ * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc.
+ * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
+ *
+ * See Section 7.2 of rfc4253 (ssh transport) for details */
+static void hashkeys(unsigned char *out, unsigned int outlen, 
+		const hash_state * hs, const unsigned char X) {
+
+	const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
+	hash_state hs2;
+	unsigned int offset;
+	unsigned char tmpout[MAX_HASH_SIZE];
+
+	memcpy(&hs2, hs, sizeof(hash_state));
+	hash_desc->process(&hs2, &X, 1);
+	hash_desc->process(&hs2, ses.session_id->data, ses.session_id->len);
+	hash_desc->done(&hs2, tmpout);
+	memcpy(out, tmpout, MIN(hash_desc->hashsize, outlen));
+	for (offset = hash_desc->hashsize; 
+			offset < outlen; 
+			offset += hash_desc->hashsize)
+	{
+		/* need to extend */
+		memcpy(&hs2, hs, sizeof(hash_state));
+		hash_desc->process(&hs2, out, offset);
+		hash_desc->done(&hs2, tmpout);
+		memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
+	}
+	m_burn(&hs2, sizeof(hash_state));
+}
+
+/* Generate the actual encryption/integrity keys, using the results of the
+ * key exchange, as specified in section 7.2 of the transport rfc 4253.
+ * This occurs after the DH key-exchange.
+ *
+ * ses.newkeys is the new set of keys which are generated, these are only
+ * taken into use after both sides have sent a newkeys message */
+
+static void gen_new_keys() {
+
+	unsigned char C2S_IV[MAX_IV_LEN];
+	unsigned char C2S_key[MAX_KEY_LEN];
+	unsigned char S2C_IV[MAX_IV_LEN];
+	unsigned char S2C_key[MAX_KEY_LEN];
+	/* unsigned char key[MAX_KEY_LEN]; */
+	unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key;
+
+	hash_state hs;
+	const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
+	char mactransletter, macrecvletter; /* Client or server specific */
+
+	TRACE(("enter gen_new_keys"))
+	/* the dh_K and hash are the start of all hashes, we make use of that */
+
+	hash_desc->init(&hs);
+	hash_process_mp(hash_desc, &hs, ses.dh_K);
+	mp_clear(ses.dh_K);
+	m_free(ses.dh_K);
+	hash_desc->process(&hs, ses.hash->data, ses.hash->len);
+	buf_burn(ses.hash);
+	buf_free(ses.hash);
+	ses.hash = NULL;
+
+	if (IS_DROPBEAR_CLIENT) {
+		trans_IV	= C2S_IV;
+		recv_IV		= S2C_IV;
+		trans_key	= C2S_key;
+		recv_key	= S2C_key;
+		mactransletter = 'E';
+		macrecvletter = 'F';
+	} else {
+		trans_IV	= S2C_IV;
+		recv_IV		= C2S_IV;
+		trans_key	= S2C_key;
+		recv_key	= C2S_key;
+		mactransletter = 'F';
+		macrecvletter = 'E';
+	}
+
+	hashkeys(C2S_IV, sizeof(C2S_IV), &hs, 'A');
+	hashkeys(S2C_IV, sizeof(S2C_IV), &hs, 'B');
+	hashkeys(C2S_key, sizeof(C2S_key), &hs, 'C');
+	hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D');
+
+	if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) {
+		int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
+		if (recv_cipher < 0)
+			dropbear_exit("Crypto error");
+		if (ses.newkeys->recv.crypt_mode->start(recv_cipher, 
+				recv_IV, recv_key, 
+				ses.newkeys->recv.algo_crypt->keysize, 0, 
+				&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
+			dropbear_exit("Crypto error");
+		}
+	}
+
+	if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) {
+		int trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
+		if (trans_cipher < 0)
+			dropbear_exit("Crypto error");
+		if (ses.newkeys->trans.crypt_mode->start(trans_cipher, 
+				trans_IV, trans_key, 
+				ses.newkeys->trans.algo_crypt->keysize, 0, 
+				&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
+			dropbear_exit("Crypto error");
+		}
+	}
+
+	if (ses.newkeys->trans.algo_mac->hash_desc != NULL) {
+		hashkeys(ses.newkeys->trans.mackey, 
+				ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
+		ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hash_desc->name);
+	}
+
+	if (ses.newkeys->recv.algo_mac->hash_desc != NULL) {
+		hashkeys(ses.newkeys->recv.mackey, 
+				ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
+		ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hash_desc->name);
+	}
+
+	/* Ready to switch over */
+	ses.newkeys->trans.valid = 1;
+	ses.newkeys->recv.valid = 1;
+
+	m_burn(C2S_IV, sizeof(C2S_IV));
+	m_burn(C2S_key, sizeof(C2S_key));
+	m_burn(S2C_IV, sizeof(S2C_IV));
+	m_burn(S2C_key, sizeof(S2C_key));
+	m_burn(&hs, sizeof(hash_state));
+
+	TRACE(("leave gen_new_keys"))
+}
+
+#ifndef DISABLE_ZLIB
+
+int is_compress_trans() {
+	return ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB
+		|| (ses.authstate.authdone
+			&& ses.keys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
+}
+
+int is_compress_recv() {
+	return ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB
+		|| (ses.authstate.authdone
+			&& ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY);
+}
+
+static void* dropbear_zalloc(void* UNUSED(opaque), uInt items, uInt size) {
+	return m_calloc(items, size);
+}
+
+static void dropbear_zfree(void* UNUSED(opaque), void* ptr) {
+	m_free(ptr);
+}
+
+/* Set up new zlib compression streams, close the old ones. Only
+ * called from gen_new_keys() */
+static void gen_new_zstream_recv() {
+
+	/* create new zstreams */
+	if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB
+			|| ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
+		ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream));
+		ses.newkeys->recv.zstream->zalloc = dropbear_zalloc;
+		ses.newkeys->recv.zstream->zfree = dropbear_zfree;
+		
+		if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) {
+			dropbear_exit("zlib error");
+		}
+	} else {
+		ses.newkeys->recv.zstream = NULL;
+	}
+	/* clean up old keys */
+	if (ses.keys->recv.zstream != NULL) {
+		if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
+			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
+			dropbear_exit("Crypto error");
+		}
+		m_free(ses.keys->recv.zstream);
+	}
+}
+
+static void gen_new_zstream_trans() {
+
+	if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB
+			|| ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) {
+		ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream));
+		ses.newkeys->trans.zstream->zalloc = dropbear_zalloc;
+		ses.newkeys->trans.zstream->zfree = dropbear_zfree;
+	
+		if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION,
+					Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS, 
+					DROPBEAR_ZLIB_MEM_LEVEL, Z_DEFAULT_STRATEGY)
+				!= Z_OK) {
+			dropbear_exit("zlib error");
+		}
+	} else {
+		ses.newkeys->trans.zstream = NULL;
+	}
+
+	if (ses.keys->trans.zstream != NULL) {
+		if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
+			/* Z_DATA_ERROR is ok, just means that stream isn't ended */
+			dropbear_exit("Crypto error");
+		}
+		m_free(ses.keys->trans.zstream);
+	}
+}
+#endif /* DISABLE_ZLIB */
+
+
+/* Executed upon receiving a kexinit message from the client to initiate
+ * key exchange. If we haven't already done so, we send the list of our
+ * preferred algorithms. The client's requested algorithms are processed,
+ * and we calculate the first portion of the key-exchange-hash for used
+ * later in the key exchange. No response is sent, as the client should
+ * initiate the diffie-hellman key exchange */
+void recv_msg_kexinit() {
+	
+	unsigned int kexhashbuf_len = 0;
+	unsigned int remote_ident_len = 0;
+	unsigned int local_ident_len = 0;
+
+	TRACE(("<- KEXINIT"))
+	TRACE(("enter recv_msg_kexinit"))
+	
+	if (!ses.kexstate.sentkexinit) {
+		/* we need to send a kex packet */
+		send_msg_kexinit();
+		TRACE(("continue recv_msg_kexinit: sent kexinit"))
+	}
+
+	/* start the kex hash */
+	local_ident_len = strlen(LOCAL_IDENT);
+	remote_ident_len = strlen(ses.remoteident);
+
+	kexhashbuf_len = local_ident_len + remote_ident_len
+		+ ses.transkexinit->len + ses.payload->len
+		+ KEXHASHBUF_MAX_INTS;
+
+	ses.kexhashbuf = buf_new(kexhashbuf_len);
+
+	if (IS_DROPBEAR_CLIENT) {
+
+		/* read the peer's choice of algos */
+		read_kex_algos();
+
+		/* V_C, the client's version string (CR and NL excluded) */
+		buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
+		/* V_S, the server's version string (CR and NL excluded) */
+		buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
+
+		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
+		buf_putstring(ses.kexhashbuf,
+			(const char*)ses.transkexinit->data, ses.transkexinit->len);
+		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
+		buf_setpos(ses.payload, ses.payload_beginning);
+		buf_putstring(ses.kexhashbuf,
+			(const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
+			ses.payload->len-ses.payload->pos);
+		ses.requirenext = SSH_MSG_KEXDH_REPLY;
+	} else {
+		/* SERVER */
+
+		/* read the peer's choice of algos */
+		read_kex_algos();
+		/* V_C, the client's version string (CR and NL excluded) */
+		buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
+		/* V_S, the server's version string (CR and NL excluded) */
+		buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len);
+
+		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
+		buf_setpos(ses.payload, ses.payload_beginning);
+		buf_putstring(ses.kexhashbuf, 
+			(const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos),
+			ses.payload->len-ses.payload->pos);
+
+		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
+		buf_putstring(ses.kexhashbuf,
+			(const char*)ses.transkexinit->data, ses.transkexinit->len);
+
+		ses.requirenext = SSH_MSG_KEXDH_INIT;
+	}
+
+	buf_free(ses.transkexinit);
+	ses.transkexinit = NULL;
+	/* the rest of ses.kexhashbuf will be done after DH exchange */
+
+	ses.kexstate.recvkexinit = 1;
+
+	TRACE(("leave recv_msg_kexinit"))
+}
+
+static void load_dh_p(mp_int * dh_p)
+{
+	bytes_to_mp(dh_p, ses.newkeys->algo_kex->dh_p_bytes, 
+		ses.newkeys->algo_kex->dh_p_len);
+}
+
+/* Initialises and generate one side of the diffie-hellman key exchange values.
+ * See the transport rfc 4253 section 8 for details */
+/* dh_pub and dh_priv MUST be already initialised */
+struct kex_dh_param *gen_kexdh_param() {
+	struct kex_dh_param *param = NULL;
+
+	DEF_MP_INT(dh_p);
+	DEF_MP_INT(dh_q);
+	DEF_MP_INT(dh_g);
+
+	TRACE(("enter gen_kexdh_vals"))
+
+	param = m_malloc(sizeof(*param));
+	m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL);
+
+	/* read the prime and generator*/
+	load_dh_p(&dh_p);
+	
+	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
+		dropbear_exit("Diffie-Hellman error");
+	}
+
+	/* calculate q = (p-1)/2 */
+	/* dh_priv is just a temp var here */
+	if (mp_sub_d(&dh_p, 1, &param->priv) != MP_OKAY) { 
+		dropbear_exit("Diffie-Hellman error");
+	}
+	if (mp_div_2(&param->priv, &dh_q) != MP_OKAY) {
+		dropbear_exit("Diffie-Hellman error");
+	}
+
+	/* Generate a private portion 0 < dh_priv < dh_q */
+	gen_random_mpint(&dh_q, &param->priv);
+
+	/* f = g^y mod p */
+	if (mp_exptmod(&dh_g, &param->priv, &dh_p, &param->pub) != MP_OKAY) {
+		dropbear_exit("Diffie-Hellman error");
+	}
+	mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL);
+	return param;
+}
+
+void free_kexdh_param(struct kex_dh_param *param)
+{
+	mp_clear_multi(&param->pub, &param->priv, NULL);
+	m_free(param);
+}
+
+/* This function is fairly common between client/server, with some substitution
+ * of dh_e/dh_f etc. Hence these arguments:
+ * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is 
+ * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */
+void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
+		sign_key *hostkey) {
+
+	DEF_MP_INT(dh_p);
+	DEF_MP_INT(dh_p_min1);
+	mp_int *dh_e = NULL, *dh_f = NULL;
+
+	m_mp_init_multi(&dh_p, &dh_p_min1, NULL);
+	load_dh_p(&dh_p);
+
+	if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { 
+		dropbear_exit("Diffie-Hellman error");
+	}
+
+	/* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */
+	if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT 
+			|| mp_cmp_d(dh_pub_them, 1) != MP_GT) {
+		dropbear_exit("Diffie-Hellman error");
+	}
+	
+	/* K = e^y mod p = f^x mod p */
+	m_mp_alloc_init_multi(&ses.dh_K, NULL);
+	if (mp_exptmod(dh_pub_them, &param->priv, &dh_p, ses.dh_K) != MP_OKAY) {
+		dropbear_exit("Diffie-Hellman error");
+	}
+
+	/* clear no longer needed vars */
+	mp_clear_multi(&dh_p, &dh_p_min1, NULL);
+
+	/* From here on, the code needs to work with the _same_ vars on each side,
+	 * not vice-versaing for client/server */
+	if (IS_DROPBEAR_CLIENT) {
+		dh_e = &param->pub;
+		dh_f = dh_pub_them;
+	} else {
+		dh_e = dh_pub_them;
+		dh_f = &param->pub;
+	} 
+
+	/* Create the remainder of the hash buffer, to generate the exchange hash */
+	/* K_S, the host key */
+	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
+	/* e, exchange value sent by the client */
+	buf_putmpint(ses.kexhashbuf, dh_e);
+	/* f, exchange value sent by the server */
+	buf_putmpint(ses.kexhashbuf, dh_f);
+	/* K, the shared secret */
+	buf_putmpint(ses.kexhashbuf, ses.dh_K);
+
+	/* calculate the hash H to sign */
+	finish_kexhashbuf();
+}
+
+#if DROPBEAR_ECDH
+struct kex_ecdh_param *gen_kexecdh_param() {
+	struct kex_ecdh_param *param = m_malloc(sizeof(*param));
+	if (ecc_make_key_ex(NULL, dropbear_ltc_prng, 
+		&param->key, ses.newkeys->algo_kex->ecc_curve->dp) != CRYPT_OK) {
+		dropbear_exit("ECC error");
+	}
+	return param;
+}
+
+void free_kexecdh_param(struct kex_ecdh_param *param) {
+	ecc_free(&param->key);
+	m_free(param);
+
+}
+void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
+		sign_key *hostkey) {
+	const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex;
+	/* public keys from client and server */
+	ecc_key *Q_C, *Q_S, *Q_them;
+
+	Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve);
+	if (Q_them == NULL) {
+		dropbear_exit("ECC error");
+	}
+
+	ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key);
+
+	/* Create the remainder of the hash buffer, to generate the exchange hash
+	   See RFC5656 section 4 page 7 */
+	if (IS_DROPBEAR_CLIENT) {
+		Q_C = &param->key;
+		Q_S = Q_them;
+	} else {
+		Q_C = Q_them;
+		Q_S = &param->key;
+	} 
+
+	/* K_S, the host key */
+	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
+	/* Q_C, client's ephemeral public key octet string */
+	buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C);
+	/* Q_S, server's ephemeral public key octet string */
+	buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_S);
+	/* K, the shared secret */
+	buf_putmpint(ses.kexhashbuf, ses.dh_K);
+
+	ecc_free(Q_them);
+	m_free(Q_them);
+
+	/* calculate the hash H to sign */
+	finish_kexhashbuf();
+}
+#endif /* DROPBEAR_ECDH */
+
+#if DROPBEAR_CURVE25519
+struct kex_curve25519_param *gen_kexcurve25519_param () {
+	/* Per http://cr.yp.to/ecdh.html */
+	struct kex_curve25519_param *param = m_malloc(sizeof(*param));
+	const unsigned char basepoint[32] = {9};
+
+	genrandom(param->priv, CURVE25519_LEN);
+	param->priv[0] &= 248;
+	param->priv[31] &= 127;
+	param->priv[31] |= 64;
+
+	curve25519_donna(param->pub, param->priv, basepoint);
+
+	return param;
+}
+
+void free_kexcurve25519_param(struct kex_curve25519_param *param)
+{
+	m_burn(param->priv, CURVE25519_LEN);
+	m_free(param);
+}
+
+void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them,
+	sign_key *hostkey) {
+	unsigned char out[CURVE25519_LEN];
+	const unsigned char* Q_C = NULL;
+	const unsigned char* Q_S = NULL;
+	char zeroes[CURVE25519_LEN] = {0};
+
+	if (buf_pub_them->len != CURVE25519_LEN)
+	{
+		dropbear_exit("Bad curve25519");
+	}
+
+	curve25519_donna(out, param->priv, buf_pub_them->data);
+
+	if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
+		dropbear_exit("Bad curve25519");
+	}
+
+	m_mp_alloc_init_multi(&ses.dh_K, NULL);
+	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
+	m_burn(out, sizeof(out));
+
+	/* Create the remainder of the hash buffer, to generate the exchange hash.
+	   See RFC5656 section 4 page 7 */
+	if (IS_DROPBEAR_CLIENT) {
+		Q_C = param->pub;
+		Q_S = buf_pub_them->data;
+	} else {
+		Q_S = param->pub;
+		Q_C = buf_pub_them->data;
+	}
+
+	/* K_S, the host key */
+	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
+	/* Q_C, client's ephemeral public key octet string */
+	buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN);
+	/* Q_S, server's ephemeral public key octet string */
+	buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN);
+	/* K, the shared secret */
+	buf_putmpint(ses.kexhashbuf, ses.dh_K);
+
+	/* calculate the hash H to sign */
+	finish_kexhashbuf();
+}
+#endif /* DROPBEAR_CURVE25519 */
+
+
+void finish_kexhashbuf(void) {
+	hash_state hs;
+	const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
+
+	hash_desc->init(&hs);
+	buf_setpos(ses.kexhashbuf, 0);
+	hash_desc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
+			ses.kexhashbuf->len);
+	ses.hash = buf_new(hash_desc->hashsize);
+	hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize));
+	buf_setlen(ses.hash, hash_desc->hashsize);
+
+#if defined(DEBUG_KEXHASH) && DEBUG_TRACE
+	if (!debug_trace) {
+		printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len);
+		printhex("kexhash", ses.hash->data, ses.hash->len);
+	}
+#endif
+
+	buf_burn(ses.kexhashbuf);
+	buf_free(ses.kexhashbuf);
+	m_burn(&hs, sizeof(hash_state));
+	ses.kexhashbuf = NULL;
+	
+	/* first time around, we set the session_id to H */
+	if (ses.session_id == NULL) {
+		/* create the session_id, this never needs freeing */
+		ses.session_id = buf_newcopy(ses.hash);
+	}
+}
+
+/* read the other side's algo list. buf_match_algo is a callback to match
+ * algos for the client or server. */
+static void read_kex_algos() {
+
+	/* for asymmetry */
+	algo_type * c2s_hash_algo = NULL;
+	algo_type * s2c_hash_algo = NULL;
+	algo_type * c2s_cipher_algo = NULL;
+	algo_type * s2c_cipher_algo = NULL;
+	algo_type * c2s_comp_algo = NULL;
+	algo_type * s2c_comp_algo = NULL;
+	/* the generic one */
+	algo_type * algo = NULL;
+
+	/* which algo couldn't match */
+	char * erralgo = NULL;
+
+	int goodguess = 0;
+	int allgood = 1; /* we AND this with each goodguess and see if its still
+						true after */
+
+#if DROPBEAR_KEXGUESS2
+	enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
+#else
+	enum kexguess2_used kexguess2 = KEXGUESS2_NO;
+#endif
+
+	buf_incrpos(ses.payload, 16); /* start after the cookie */
+
+	memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
+
+	/* kex_algorithms */
+	algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess);
+	allgood &= goodguess;
+	if (algo == NULL || algo->val == KEXGUESS2_ALGO_ID) {
+		erralgo = "kex";
+		goto error;
+	}
+	TRACE(("kexguess2 %d", kexguess2))
+	TRACE(("kex algo %s", algo->name))
+	ses.newkeys->algo_kex = algo->data;
+
+	/* server_host_key_algorithms */
+	algo = buf_match_algo(ses.payload, sshhostkey, &kexguess2, &goodguess);
+	allgood &= goodguess;
+	if (algo == NULL) {
+		erralgo = "hostkey";
+		goto error;
+	}
+	TRACE(("hostkey algo %s", algo->name))
+	ses.newkeys->algo_hostkey = algo->val;
+
+	/* encryption_algorithms_client_to_server */
+	c2s_cipher_algo = buf_match_algo(ses.payload, sshciphers, NULL, NULL);
+	if (c2s_cipher_algo == NULL) {
+		erralgo = "enc c->s";
+		goto error;
+	}
+	TRACE(("enc c2s is  %s", c2s_cipher_algo->name))
+
+	/* encryption_algorithms_server_to_client */
+	s2c_cipher_algo = buf_match_algo(ses.payload, sshciphers, NULL, NULL);
+	if (s2c_cipher_algo == NULL) {
+		erralgo = "enc s->c";
+		goto error;
+	}
+	TRACE(("enc s2c is  %s", s2c_cipher_algo->name))
+
+	/* mac_algorithms_client_to_server */
+	c2s_hash_algo = buf_match_algo(ses.payload, sshhashes, NULL, NULL);
+	if (c2s_hash_algo == NULL) {
+		erralgo = "mac c->s";
+		goto error;
+	}
+	TRACE(("hash c2s is  %s", c2s_hash_algo->name))
+
+	/* mac_algorithms_server_to_client */
+	s2c_hash_algo = buf_match_algo(ses.payload, sshhashes, NULL, NULL);
+	if (s2c_hash_algo == NULL) {
+		erralgo = "mac s->c";
+		goto error;
+	}
+	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
+
+	/* compression_algorithms_client_to_server */
+	c2s_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, NULL, NULL);
+	if (c2s_comp_algo == NULL) {
+		erralgo = "comp c->s";
+		goto error;
+	}
+	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
+
+	/* compression_algorithms_server_to_client */
+	s2c_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, NULL, NULL);
+	if (s2c_comp_algo == NULL) {
+		erralgo = "comp s->c";
+		goto error;
+	}
+	TRACE(("hash s2c is  %s", s2c_comp_algo->name))
+
+	/* languages_client_to_server */
+	buf_eatstring(ses.payload);
+
+	/* languages_server_to_client */
+	buf_eatstring(ses.payload);
+
+	/* their first_kex_packet_follows */
+	if (buf_getbool(ses.payload)) {
+		TRACE(("them kex firstfollows. allgood %d", allgood))
+		ses.kexstate.them_firstfollows = 1;
+		/* if the guess wasn't good, we ignore the packet sent */
+		if (!allgood) {
+			ses.ignorenext = 1;
+		}
+	}
+
+	/* Handle the asymmetry */
+	if (IS_DROPBEAR_CLIENT) {
+		ses.newkeys->recv.algo_crypt = 
+			(struct dropbear_cipher*)s2c_cipher_algo->data;
+		ses.newkeys->trans.algo_crypt = 
+			(struct dropbear_cipher*)c2s_cipher_algo->data;
+		ses.newkeys->recv.crypt_mode = 
+			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
+		ses.newkeys->trans.crypt_mode =
+			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
+		ses.newkeys->recv.algo_mac = 
+			(struct dropbear_hash*)s2c_hash_algo->data;
+		ses.newkeys->trans.algo_mac = 
+			(struct dropbear_hash*)c2s_hash_algo->data;
+		ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
+		ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
+	} else {
+		/* SERVER */
+		ses.newkeys->recv.algo_crypt = 
+			(struct dropbear_cipher*)c2s_cipher_algo->data;
+		ses.newkeys->trans.algo_crypt = 
+			(struct dropbear_cipher*)s2c_cipher_algo->data;
+		ses.newkeys->recv.crypt_mode =
+			(struct dropbear_cipher_mode*)c2s_cipher_algo->mode;
+		ses.newkeys->trans.crypt_mode =
+			(struct dropbear_cipher_mode*)s2c_cipher_algo->mode;
+		ses.newkeys->recv.algo_mac = 
+			(struct dropbear_hash*)c2s_hash_algo->data;
+		ses.newkeys->trans.algo_mac = 
+			(struct dropbear_hash*)s2c_hash_algo->data;
+		ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
+		ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
+	}
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		fuzz_kex_fakealgos();
+	}
+#endif
+
+	/* reserved for future extensions */
+	buf_getint(ses.payload);
+
+	if (ses.send_kex_first_guess && allgood) {
+		TRACE(("our_first_follows_matches 1"))
+		ses.kexstate.our_first_follows_matches = 1;
+	}
+	return;
+
+error:
+	dropbear_exit("No matching algo %s", erralgo);
+}

common-runopts.c

@@ -0,0 +1,113 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "runopts.h"
+#include "signkey.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "auth.h"
+#include "algo.h"
+#include "dbrandom.h"
+
+runopts opts; /* GLOBAL */
+
+/* returns success or failure, and the keytype in *type. If we want
+ * to restrict the type, type can contain a type to return */
+int readhostkey(const char * filename, sign_key * hostkey, 
+	enum signkey_type *type) {
+
+	int ret = DROPBEAR_FAILURE;
+	buffer *buf;
+
+	buf = buf_new(MAX_PRIVKEY_SIZE);
+
+	if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
+		goto out;
+	}
+	buf_setpos(buf, 0);
+
+	addrandom(buf_getptr(buf, buf->len), buf->len);
+
+	if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) {
+		goto out;
+	}
+
+	ret = DROPBEAR_SUCCESS;
+out:
+
+	buf_burn(buf);
+	buf_free(buf);
+	return ret;
+}
+
+#if DROPBEAR_USER_ALGO_LIST
+void
+parse_ciphers_macs()
+{
+	if (opts.cipher_list)
+	{
+		if (strcmp(opts.cipher_list, "help") == 0)
+		{
+			char *ciphers = algolist_string(sshciphers);
+			dropbear_log(LOG_INFO, "Available ciphers:\n%s\n", ciphers);
+			m_free(ciphers);
+			dropbear_exit(".");
+		}
+
+		if (strcmp(opts.cipher_list, "none") == 0)
+		{
+			/* Encryption is required during authentication */
+			opts.cipher_list = "none,aes128-ctr";
+		}
+
+		if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0)
+		{
+			dropbear_exit("No valid ciphers specified for '-c'");
+		}
+	}
+
+	if (opts.mac_list)
+	{
+		if (strcmp(opts.mac_list, "help") == 0)
+		{
+			char *macs = algolist_string(sshhashes);
+			dropbear_log(LOG_INFO, "Available MACs:\n%s\n", macs);
+			m_free(macs);
+			dropbear_exit(".");
+		}
+
+		if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0)
+		{
+			dropbear_exit("No valid MACs specified for '-m'");
+		}
+	}
+}
+#endif
+
+void print_version() {
+	fprintf(stderr, "Dropbear v%s\n", DROPBEAR_VERSION);
+}
+
+

common-session.c

@@ -0,0 +1,693 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "session.h"
+#include "dbutil.h"
+#include "packet.h"
+#include "algo.h"
+#include "buffer.h"
+#include "dss.h"
+#include "ssh.h"
+#include "dbrandom.h"
+#include "kex.h"
+#include "channel.h"
+#include "runopts.h"
+#include "netio.h"
+
+static void checktimeouts(void);
+static long select_timeout(void);
+static int ident_readln(int fd, char* buf, int count);
+static void read_session_identification(void);
+
+struct sshsession ses; /* GLOBAL */
+
+/* called only at the start of a session, set up initial state */
+void common_session_init(int sock_in, int sock_out) {
+	time_t now;
+
+#if DEBUG_TRACE
+	debug_start_net();
+#endif
+
+	TRACE(("enter session_init"))
+
+	ses.sock_in = sock_in;
+	ses.sock_out = sock_out;
+	ses.maxfd = MAX(sock_in, sock_out);
+
+	if (sock_in >= 0) {
+		setnonblocking(sock_in);
+	}
+	if (sock_out >= 0) {
+		setnonblocking(sock_out);
+	}
+
+	ses.socket_prio = DROPBEAR_PRIO_DEFAULT;
+	/* Sets it to lowdelay */
+	update_channel_prio();
+
+#if !DROPBEAR_SVR_MULTIUSER
+	/* A sanity check to prevent an accidental configuration option
+	   leaving multiuser systems exposed */
+	errno = 0;
+	getuid();
+	if (errno != ENOSYS) {
+		dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel");
+	}
+#endif
+
+	now = monotonic_now();
+	ses.connect_time = now;
+	ses.last_packet_time_keepalive_recv = now;
+	ses.last_packet_time_idle = now;
+	ses.last_packet_time_any_sent = 0;
+	ses.last_packet_time_keepalive_sent = 0;
+	
+#if DROPBEAR_FUZZ
+	if (!fuzz.fuzzing)
+#endif
+	{
+	if (pipe(ses.signal_pipe) < 0) {
+		dropbear_exit("Signal pipe failed");
+	}
+	setnonblocking(ses.signal_pipe[0]);
+	setnonblocking(ses.signal_pipe[1]);
+	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]);
+	ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]);
+	}
+	
+	ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN);
+	ses.transseq = 0;
+
+	ses.readbuf = NULL;
+	ses.payload = NULL;
+	ses.recvseq = 0;
+
+	initqueue(&ses.writequeue);
+
+	ses.requirenext = SSH_MSG_KEXINIT;
+	ses.dataallowed = 1; /* we can send data until we actually 
+							send the SSH_MSG_KEXINIT */
+	ses.ignorenext = 0;
+	ses.lastpacket = 0;
+	ses.reply_queue_head = NULL;
+	ses.reply_queue_tail = NULL;
+
+	/* set all the algos to none */
+	ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context));
+	ses.newkeys = NULL;
+	ses.keys->recv.algo_crypt = &dropbear_nocipher;
+	ses.keys->trans.algo_crypt = &dropbear_nocipher;
+	ses.keys->recv.crypt_mode = &dropbear_mode_none;
+	ses.keys->trans.crypt_mode = &dropbear_mode_none;
+	
+	ses.keys->recv.algo_mac = &dropbear_nohash;
+	ses.keys->trans.algo_mac = &dropbear_nohash;
+
+	ses.keys->algo_kex = NULL;
+	ses.keys->algo_hostkey = -1;
+	ses.keys->recv.algo_comp = DROPBEAR_COMP_NONE;
+	ses.keys->trans.algo_comp = DROPBEAR_COMP_NONE;
+
+#ifndef DISABLE_ZLIB
+	ses.keys->recv.zstream = NULL;
+	ses.keys->trans.zstream = NULL;
+#endif
+
+	/* key exchange buffers */
+	ses.session_id = NULL;
+	ses.kexhashbuf = NULL;
+	ses.transkexinit = NULL;
+	ses.dh_K = NULL;
+	ses.remoteident = NULL;
+
+	ses.chantypes = NULL;
+
+	ses.allowprivport = 0;
+
+	TRACE(("leave session_init"))
+}
+
+void session_loop(void(*loophandler)(void)) {
+
+	fd_set readfd, writefd;
+	struct timeval timeout;
+	int val;
+
+	/* main loop, select()s for all sockets in use */
+	for(;;) {
+		const int writequeue_has_space = (ses.writequeue_len <= 2*TRANS_MAX_PAYLOAD_LEN);
+
+		timeout.tv_sec = select_timeout();
+		timeout.tv_usec = 0;
+		DROPBEAR_FD_ZERO(&writefd);
+		DROPBEAR_FD_ZERO(&readfd);
+
+		dropbear_assert(ses.payload == NULL);
+
+		/* We get woken up when signal handlers write to this pipe.
+		   SIGCHLD in svr-chansession is the only one currently. */
+#if DROPBEAR_FUZZ
+		if (!fuzz.fuzzing) 
+#endif
+		{
+		FD_SET(ses.signal_pipe[0], &readfd);
+		}
+
+		/* set up for channels which can be read/written */
+		setchannelfds(&readfd, &writefd, writequeue_has_space);
+
+		/* Pending connections to test */
+		set_connect_fds(&writefd);
+
+		/* We delay reading from the input socket during initial setup until
+		after we have written out our initial KEXINIT packet (empty writequeue). 
+		This means our initial packet can be in-flight while we're doing a blocking
+		read for the remote ident.
+		We also avoid reading from the socket if the writequeue is full, that avoids
+		replies backing up */
+		if (ses.sock_in != -1 
+			&& (ses.remoteident || isempty(&ses.writequeue)) 
+			&& writequeue_has_space) {
+			FD_SET(ses.sock_in, &readfd);
+		}
+
+		/* Ordering is important, this test must occur after any other function
+		might have queued packets (such as connection handlers) */
+		if (ses.sock_out != -1 && !isempty(&ses.writequeue)) {
+			FD_SET(ses.sock_out, &writefd);
+		}
+
+		val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout);
+
+		if (ses.exitflag) {
+			dropbear_exit("Terminated by signal");
+		}
+		
+		if (val < 0 && errno != EINTR) {
+			dropbear_exit("Error in select");
+		}
+
+		if (val <= 0) {
+			/* If we were interrupted or the select timed out, we still
+			 * want to iterate over channels etc for reading, to handle
+			 * server processes exiting etc. 
+			 * We don't want to read/write FDs. */
+			DROPBEAR_FD_ZERO(&writefd);
+			DROPBEAR_FD_ZERO(&readfd);
+		}
+		
+		/* We'll just empty out the pipe if required. We don't do
+		any thing with the data, since the pipe's purpose is purely to
+		wake up the select() above. */
+		ses.channel_signal_pending = 0;
+		if (FD_ISSET(ses.signal_pipe[0], &readfd)) {
+			char x;
+			TRACE(("signal pipe set"))
+			while (read(ses.signal_pipe[0], &x, 1) > 0) {}
+			ses.channel_signal_pending = 1;
+		}
+
+		/* check for auth timeout, rekeying required etc */
+		checktimeouts();
+
+		/* process session socket's incoming data */
+		if (ses.sock_in != -1) {
+			if (FD_ISSET(ses.sock_in, &readfd)) {
+				if (!ses.remoteident) {
+					/* blocking read of the version string */
+					read_session_identification();
+				} else {
+					read_packet();
+				}
+			}
+			
+			/* Process the decrypted packet. After this, the read buffer
+			 * will be ready for a new packet */
+			if (ses.payload != NULL) {
+				process_packet();
+			}
+		}
+
+		/* if required, flush out any queued reply packets that
+		were being held up during a KEX */
+		maybe_flush_reply_queue();
+
+		handle_connect_fds(&writefd);
+
+		/* loop handler prior to channelio, in case the server loophandler closes
+		channels on process exit */
+		loophandler();
+
+		/* process pipes etc for the channels, ses.dataallowed == 0
+		 * during rekeying ) */
+		channelio(&readfd, &writefd);
+
+		/* process session socket's outgoing data */
+		if (ses.sock_out != -1) {
+			if (!isempty(&ses.writequeue)) {
+				write_packet();
+			}
+		}
+
+	} /* for(;;) */
+	
+	/* Not reached */
+}
+
+static void cleanup_buf(buffer **buf) {
+	if (!*buf) {
+		return;
+	}
+	buf_burn(*buf);
+	buf_free(*buf);
+	*buf = NULL;
+}
+
+/* clean up a session on exit */
+void session_cleanup() {
+	
+	TRACE(("enter session_cleanup"))
+	
+	/* we can't cleanup if we don't know the session state */
+	if (!ses.init_done) {
+		TRACE(("leave session_cleanup: !ses.init_done"))
+		return;
+	}
+
+	/* BEWARE of changing order of functions here. */
+
+	/* Must be before extra_session_cleanup() */
+	chancleanup();
+
+	if (ses.extra_session_cleanup) {
+		ses.extra_session_cleanup();
+	}
+
+	/* After these are freed most functions will fail */
+#if DROPBEAR_CLEANUP
+	/* listeners call cleanup functions, this should occur before
+	other session state is freed. */
+	remove_all_listeners();
+
+	remove_connect_pending();
+
+	while (!isempty(&ses.writequeue)) {
+		buf_free(dequeue(&ses.writequeue));
+	}
+
+	m_free(ses.newkeys);
+#ifndef DISABLE_ZLIB
+	if (ses.keys->recv.zstream != NULL) {
+		if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
+			dropbear_exit("Crypto error");
+		}
+		m_free(ses.keys->recv.zstream);
+	}
+#endif
+
+	m_free(ses.remoteident);
+	m_free(ses.authstate.pw_dir);
+	m_free(ses.authstate.pw_name);
+	m_free(ses.authstate.pw_shell);
+	m_free(ses.authstate.pw_passwd);
+	m_free(ses.authstate.username);
+#endif
+
+	cleanup_buf(&ses.session_id);
+	cleanup_buf(&ses.hash);
+	cleanup_buf(&ses.payload);
+	cleanup_buf(&ses.readbuf);
+	cleanup_buf(&ses.writepayload);
+	cleanup_buf(&ses.kexhashbuf);
+	cleanup_buf(&ses.transkexinit);
+	if (ses.dh_K) {
+		mp_clear(ses.dh_K);
+	}
+	m_free(ses.dh_K);
+
+	m_burn(ses.keys, sizeof(struct key_context));
+	m_free(ses.keys);
+
+	TRACE(("leave session_cleanup"))
+}
+
+void send_session_identification() {
+	buffer *writebuf = buf_new(strlen(LOCAL_IDENT "\r\n") + 1);
+	buf_putbytes(writebuf, (const unsigned char *) LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n"));
+	writebuf_enqueue(writebuf);
+}
+
+static void read_session_identification() {
+	/* max length of 255 chars */
+	char linebuf[256];
+	int len = 0;
+	char done = 0;
+	int i;
+	/* If they send more than 50 lines, something is wrong */
+	for (i = 0; i < 50; i++) {
+		len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf));
+
+		if (len < 0 && errno != EINTR) {
+			/* It failed */
+			break;
+		}
+
+		if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) {
+			/* start of line matches */
+			done = 1;
+			break;
+		}
+	}
+
+	if (!done) {
+		TRACE(("error reading remote ident: %s\n", strerror(errno)))
+		ses.remoteclosed();
+	} else {
+		/* linebuf is already null terminated */
+		ses.remoteident = m_malloc(len);
+		memcpy(ses.remoteident, linebuf, len);
+	}
+
+	/* Shall assume that 2.x will be backwards compatible. */
+	if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
+			&& strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
+		dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
+	}
+
+	TRACE(("remoteident: %s", ses.remoteident))
+
+}
+
+/* returns the length including null-terminating zero on success,
+ * or -1 on failure */
+static int ident_readln(int fd, char* buf, int count) {
+	
+	char in;
+	int pos = 0;
+	int num = 0;
+	fd_set fds;
+	struct timeval timeout;
+
+	TRACE(("enter ident_readln"))
+
+	if (count < 1) {
+		return -1;
+	}
+
+	DROPBEAR_FD_ZERO(&fds);
+
+	/* select since it's a non-blocking fd */
+	
+	/* leave space to null-terminate */
+	while (pos < count-1) {
+
+		FD_SET(fd, &fds);
+
+		timeout.tv_sec = 1;
+		timeout.tv_usec = 0;
+		if (select(fd+1, &fds, NULL, NULL, &timeout) < 0) {
+			if (errno == EINTR) {
+				continue;
+			}
+			TRACE(("leave ident_readln: select error"))
+			return -1;
+		}
+
+		checktimeouts();
+		
+		/* Have to go one byte at a time, since we don't want to read past
+		 * the end, and have to somehow shove bytes back into the normal
+		 * packet reader */
+		if (FD_ISSET(fd, &fds)) {
+			num = read(fd, &in, 1);
+			/* a "\n" is a newline, "\r" we want to read in and keep going
+			 * so that it won't be read as part of the next line */
+			if (num < 0) {
+				/* error */
+				if (errno == EINTR) {
+					continue; /* not a real error */
+				}
+				TRACE(("leave ident_readln: read error"))
+				return -1;
+			}
+			if (num == 0) {
+				/* EOF */
+				TRACE(("leave ident_readln: EOF"))
+				return -1;
+			}
+			if (in == '\n') {
+				/* end of ident string */
+				break;
+			}
+			/* we don't want to include '\r's */
+			if (in != '\r') {
+				buf[pos] = in;
+				pos++;
+			}
+		}
+	}
+
+	buf[pos] = '\0';
+	TRACE(("leave ident_readln: return %d", pos+1))
+	return pos+1;
+}
+
+void ignore_recv_response() {
+	/* Do nothing */
+	TRACE(("Ignored msg_request_response"))
+}
+
+static void send_msg_keepalive() {
+	time_t old_time_idle = ses.last_packet_time_idle;
+	struct Channel *chan = get_any_ready_channel();
+
+	CHECKCLEARTOWRITE();
+
+	if (chan) {
+		/* Channel requests are preferable, more implementations
+		handle them than SSH_MSG_GLOBAL_REQUEST */
+		TRACE(("keepalive channel request %d", chan->index))
+		start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING);
+	} else {
+		TRACE(("keepalive global request"))
+		/* Some peers will reply with SSH_MSG_REQUEST_FAILURE, 
+		some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */
+		buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); 
+		buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING,
+			strlen(DROPBEAR_KEEPALIVE_STRING));
+	}
+	buf_putbyte(ses.writepayload, 1); /* want_reply */
+	encrypt_packet();
+
+	ses.last_packet_time_keepalive_sent = monotonic_now();
+
+	/* keepalives shouldn't update idle timeout, reset it back */
+	ses.last_packet_time_idle = old_time_idle;
+}
+
+/* Check all timeouts which are required. Currently these are the time for
+ * user authentication, and the automatic rekeying. */
+static void checktimeouts() {
+
+	time_t now;
+	now = monotonic_now();
+	
+	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
+		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+			dropbear_close("Timeout before auth");
+	}
+
+	/* we can't rekey if we haven't done remote ident exchange yet */
+	if (ses.remoteident == NULL) {
+		return;
+	}
+
+	if (!ses.kexstate.sentkexinit
+			&& (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
+			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) {
+		TRACE(("rekeying after timeout or max data reached"))
+		send_msg_kexinit();
+	}
+	
+	if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
+		/* Avoid sending keepalives prior to auth - those are
+		not valid pre-auth packet types */
+
+		/* Send keepalives if we've been idle */
+		if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
+			send_msg_keepalive();
+		}
+
+		/* Also send an explicit keepalive message to trigger a response
+		if the remote end hasn't sent us anything */
+		if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs
+			&& now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) {
+			send_msg_keepalive();
+		}
+
+		if (now - ses.last_packet_time_keepalive_recv 
+			>= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) {
+			dropbear_exit("Keepalive timeout");
+		}
+	}
+
+	if (opts.idle_timeout_secs > 0 
+			&& now - ses.last_packet_time_idle >= opts.idle_timeout_secs) {
+		dropbear_close("Idle timeout");
+	}
+}
+
+static void update_timeout(long limit, long now, long last_event, long * timeout) {
+	TRACE2(("update_timeout limit %ld, now %ld, last %ld, timeout %ld",
+		limit, now, last_event, *timeout))
+	if (last_event > 0 && limit > 0) {
+		*timeout = MIN(*timeout, last_event+limit-now);
+		TRACE2(("new timeout %ld", *timeout))
+	}
+}
+
+static long select_timeout() {
+	/* determine the minimum timeout that might be required, so
+	as to avoid waking when unneccessary */
+	long timeout = KEX_REKEY_TIMEOUT;
+	long now = monotonic_now();
+
+	if (!ses.kexstate.sentkexinit) {
+		update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout);
+	}
+
+	if (ses.authstate.authdone != 1 && IS_DROPBEAR_SERVER) {
+		/* AUTH_TIMEOUT is only relevant before authdone */
+		update_timeout(AUTH_TIMEOUT, now, ses.connect_time, &timeout);
+	}
+
+	if (ses.authstate.authdone) {
+		update_timeout(opts.keepalive_secs, now, 
+			MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent),
+			&timeout);
+	}
+
+	update_timeout(opts.idle_timeout_secs, now, ses.last_packet_time_idle,
+		&timeout);
+
+	/* clamp negative timeouts to zero - event has already triggered */
+	return MAX(timeout, 0);
+}
+
+const char* get_user_shell() {
+	/* an empty shell should be interpreted as "/bin/sh" */
+	if (ses.authstate.pw_shell[0] == '\0') {
+		return "/bin/sh";
+	} else {
+		return ses.authstate.pw_shell;
+	}
+}
+void fill_passwd(const char* username) {
+	struct passwd *pw = NULL;
+	if (ses.authstate.pw_name)
+		m_free(ses.authstate.pw_name);
+	if (ses.authstate.pw_dir)
+		m_free(ses.authstate.pw_dir);
+	if (ses.authstate.pw_shell)
+		m_free(ses.authstate.pw_shell);
+	if (ses.authstate.pw_passwd)
+		m_free(ses.authstate.pw_passwd);
+
+	pw = getpwnam(username);
+	if (!pw) {
+		return;
+	}
+	ses.authstate.pw_uid = pw->pw_uid;
+	ses.authstate.pw_gid = pw->pw_gid;
+	ses.authstate.pw_name = m_strdup(pw->pw_name);
+	ses.authstate.pw_dir = m_strdup(pw->pw_dir);
+	ses.authstate.pw_shell = m_strdup(pw->pw_shell);
+	{
+		char *passwd_crypt = pw->pw_passwd;
+#ifdef HAVE_SHADOW_H
+		/* get the shadow password if possible */
+		struct spwd *spasswd = getspnam(ses.authstate.pw_name);
+		if (spasswd && spasswd->sp_pwdp) {
+			passwd_crypt = spasswd->sp_pwdp;
+		}
+#endif
+		if (!passwd_crypt) {
+			/* android supposedly returns NULL */
+			passwd_crypt = "!!";
+		}
+		ses.authstate.pw_passwd = m_strdup(passwd_crypt);
+	}
+}
+
+/* Called when channels are modified */
+void update_channel_prio() {
+	enum dropbear_prio new_prio;
+	int any = 0;
+	unsigned int i;
+
+	TRACE(("update_channel_prio"))
+
+	if (ses.sock_out < 0) {
+		TRACE(("leave update_channel_prio: no socket"))
+		return;
+	}
+
+	new_prio = DROPBEAR_PRIO_BULK;
+	for (i = 0; i < ses.chansize; i++) {
+		struct Channel *channel = ses.channels[i];
+		if (!channel || channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+			if (channel && channel->prio == DROPBEAR_CHANNEL_PRIO_EARLY) {
+				TRACE(("update_channel_prio: early %d", channel->index))
+			}
+			continue;
+		}
+		any = 1;
+		if (channel->prio == DROPBEAR_CHANNEL_PRIO_INTERACTIVE)
+		{
+			TRACE(("update_channel_prio: lowdelay %d", channel->index))
+			new_prio = DROPBEAR_PRIO_LOWDELAY;
+			break;
+		} else if (channel->prio == DROPBEAR_CHANNEL_PRIO_UNKNOWABLE
+			&& new_prio == DROPBEAR_PRIO_BULK)
+		{
+			TRACE(("update_channel_prio: unknowable %d", channel->index))
+			new_prio = DROPBEAR_PRIO_DEFAULT;
+		}
+	}
+
+	if (any == 0) {
+		/* lowdelay during setup */
+		TRACE(("update_channel_prio: not any"))
+		new_prio = DROPBEAR_PRIO_LOWDELAY;
+	}
+
+	if (new_prio != ses.socket_prio) {
+		TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio))
+		set_sock_priority(ses.sock_out, new_prio);
+		ses.socket_prio = new_prio;
+	}
+}
+

compat.c

@@ -0,0 +1,282 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * strlcat() is copyright as follows:
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * daemon() and getusershell() is copyright as follows:
+ *
+ * Copyright (c) 1990, 1993
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+* SUCH DAMAGE.
+*
+* Modifications for Dropbear to getusershell() are by Paul Marinceu
+*/
+
+#include "includes.h"
+
+#ifndef HAVE_GETUSERSHELL
+static char **curshell, **shells, *strings;
+static char **initshells();
+#endif
+
+#ifndef HAVE_STRLCPY
+/* Implemented by matt as specified in freebsd 4.7 manpage.
+ * We don't require great speed, is simply for use with sshpty code */
+size_t strlcpy(char *dst, const char *src, size_t size) {
+
+	size_t i;
+
+	/* this is undefined, though size==0 -> return 0 */
+	if (size < 1) {
+		return 0;
+	}
+
+	for (i = 0; i < size-1; i++) {
+		if (src[i] == '\0') {
+			break;
+		} else {
+			dst[i] = src[i];
+		}
+	}
+
+	dst[i] = '\0';
+	return strlen(src);
+
+}
+#endif /* HAVE_STRLCPY */
+
+#ifndef HAVE_STRLCAT
+/* taken from openbsd-compat for OpenSSH 7.2p2 */
+/* "$OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $"
+ *
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+strlcat(char *dst, const char *src, size_t siz)
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
+#endif /* HAVE_STRLCAT */
+
+#ifndef HAVE_DAEMON
+/* From NetBSD - daemonise a process */
+
+int daemon(int nochdir, int noclose) {
+
+	int fd;
+
+	switch (fork()) {
+		case -1:
+			return (-1);
+		case 0:
+			break;
+		default:
+			_exit(0);
+	}
+
+	if (setsid() == -1)
+		return -1;
+
+	if (!nochdir)
+		(void)chdir("/");
+
+	if (!noclose && (fd = open(DROPBEAR_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+		(void)dup2(fd, STDIN_FILENO);
+		(void)dup2(fd, STDOUT_FILENO);
+		(void)dup2(fd, STDERR_FILENO);
+		if (fd > STDERR_FILENO)
+			(void)close(fd);
+	}
+	return 0;
+}
+#endif /* HAVE_DAEMON */
+
+#ifndef HAVE_BASENAME
+
+char *basename(const char *path) {
+
+	char *foo = strrchr(path, '/');
+	if (!foo)
+	{
+		return path;
+	}
+	return ++foo;
+}
+
+#endif /* HAVE_BASENAME */
+
+#ifndef HAVE_GETUSERSHELL
+
+/*
+ * Get a list of shells from /etc/shells, if it exists.
+ */
+char * getusershell() {
+	char *ret;
+
+	if (curshell == NULL)
+		curshell = initshells();
+	ret = *curshell;
+	if (ret != NULL)
+		curshell++;
+	return (ret);
+}
+
+void endusershell() {
+
+	if (shells != NULL)
+		free(shells);
+	shells = NULL;
+	if (strings != NULL)
+		free(strings);
+	strings = NULL;
+	curshell = NULL;
+}
+
+void setusershell() {
+	curshell = initshells();
+}
+
+static char **initshells() {
+	/* don't touch this list. */
+	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+	register char **sp, *cp;
+	register FILE *fp;
+	struct stat statb;
+	int flen;
+
+	if (shells != NULL)
+		free(shells);
+	shells = NULL;
+	if (strings != NULL)
+		free(strings);
+	strings = NULL;
+	if ((fp = fopen("/etc/shells", "rc")) == NULL)
+		return (char **) okshells;
+	if (fstat(fileno(fp), &statb) == -1) {
+		(void)fclose(fp);
+		return (char **) okshells;
+	}
+	if ((strings = malloc((u_int)statb.st_size + 1)) == NULL) {
+		(void)fclose(fp);
+		return (char **) okshells;
+	}
+	shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
+	if (shells == NULL) {
+		(void)fclose(fp);
+		free(strings);
+		strings = NULL;
+		return (char **) okshells;
+	}
+	sp = shells;
+	cp = strings;
+	flen = statb.st_size;
+	while (fgets(cp, flen - (cp - strings), fp) != NULL) {
+		while (*cp != '#' && *cp != '/' && *cp != '\0')
+			cp++;
+		if (*cp == '#' || *cp == '\0')
+			continue;
+		*sp++ = cp;
+		while (!isspace(*cp) && *cp != '#' && *cp != '\0')
+			cp++;
+		*cp++ = '\0';
+	}
+	*sp = NULL;
+	(void)fclose(fp);
+	return (shells);
+}
+
+#endif /* HAVE_GETUSERSHELL */

compat.h

@@ -0,0 +1,56 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_COMPAT_H_
+#define DROPBEAR_COMPAT_H_
+
+#include "includes.h"
+
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t size);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_DAEMON
+int daemon(int nochdir, int noclose);
+#endif
+
+#ifndef HAVE_BASENAME
+char *basename(const char* path);
+#endif
+
+#ifndef HAVE_GETUSERSHELL
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
+#endif
+
+#ifndef DROPBEAR_PATH_DEVNULL
+#define DROPBEAR_PATH_DEVNULL "/dev/null"
+#endif
+
+#endif /* DROPBEAR_COMPAT_H_ */

configure.ac

@@ -0,0 +1,861 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf and autoheader to produce a configure script.
+
+# This Autoconf file was cobbled from various locations. In particular, a bunch
+# of the platform checks have been taken straight from OpenSSH's configure.ac
+# Huge thanks to them for dealing with the horrible platform-specifics :)
+
+AC_PREREQ(2.59)
+AC_INIT
+AC_CONFIG_SRCDIR(buffer.c)
+
+# Record which revision is being built
+if test -s "`which hg`" && test -d "$srcdir/.hg"; then
+	hgrev=`hg id -i -R "$srcdir"`
+	AC_MSG_NOTICE([Source directory Mercurial base revision $hgrev])
+fi
+
+ORIGCFLAGS="$CFLAGS"
+# Checks for programs.
+AC_PROG_CC
+
+if test -z "$LD" ; then
+	LD=$CC
+fi
+AC_SUBST(LD)	
+
+AC_DEFUN(DB_TRYADDCFLAGS, 
+[{
+		OLDFLAGS="$CFLAGS"
+		TESTFLAGS="$1"
+		CFLAGS="$CFLAGS $TESTFLAGS"
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
+			)
+}])
+
+# set compile flags prior to other tests
+if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
+	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
+	CFLAGS="-Os -W -Wall"
+fi
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
+DB_TRYADDCFLAGS([-Wno-pointer-sign])
+
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
+DB_TRYADDCFLAGS([-fno-strict-overflow])
+
+STATIC=0
+AC_ARG_ENABLE(static,
+	[  --enable-static         Build static binaries],
+	[
+		if test "x$enableval" = "xyes"; then
+			STATIC=1
+			AC_MSG_NOTICE(Static Build)
+		fi
+	], [])
+AC_SUBST(STATIC)
+
+hardenbuild=1
+AC_ARG_ENABLE(harden,
+	[  --disable-harden        Don't set hardened build flags],
+	[
+		if test "x$enableval" = "xno"; then
+			hardenbuild=0
+			AC_MSG_NOTICE(Disabling hardened build flags)
+		fi
+	], [])
+
+if test "$hardenbuild" -eq 1; then
+	AC_MSG_NOTICE(Checking for available hardened build flags:)
+	# relocation flags don't make sense for static builds
+	if test "$STATIC" -ne 1; then
+		# pie
+		DB_TRYADDCFLAGS([-fPIE])
+
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-pie"
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[
+				LDFLAGS="$OLDLDFLAGS"
+				TESTFLAGS="-pie"
+				LDFLAGS="$LDFLAGS $TESTFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+					)
+			]
+			)
+		# readonly elf relocation sections (relro)
+		OLDLDFLAGS="$LDFLAGS"
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+			)
+	fi # non-static
+	# stack protector. -strong is good but only in gcc 4.9 or later
+	OLDCFLAGS="$CFLAGS"
+	TESTFLAGS="-fstack-protector-strong"
+	CFLAGS="$CFLAGS $TESTFLAGS"
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+	    [
+			CFLAGS="$OLDCFLAGS"
+			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
+			CFLAGS="$CFLAGS $TESTFLAGS"
+			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+			    )
+	    ]
+	    )
+	# FORTIFY_SOURCE
+	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
+
+	# Spectre v2 mitigations
+	DB_TRYADDCFLAGS([-mfunction-return=thunk])
+	DB_TRYADDCFLAGS([-mindirect-branch=thunk])
+
+fi
+
+# large file support is useful for scp
+AC_SYS_LARGEFILE
+
+# Host specific options
+# this isn't a definitive list of hosts, they are just added as required
+AC_CANONICAL_HOST
+
+case "$host" in
+
+*-*-linux*)
+	no_ptmx_check=1
+	;;
+
+*-*-solaris*)
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
+	conf_lastlog_location="/var/adm/lastlog"
+	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+	if test "$sol2ver" -ge 8; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(DISABLE_UTMP,1,Disable utmp)
+		AC_DEFINE(DISABLE_WTMP,1,Disable wtmp)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	AC_CHECK_LIB(socket, socket, LIBS="$LIBS -lsocket")
+	AC_CHECK_LIB(nsl, yp_match, LIBS="$LIBS -lnsl")
+	;;
+
+*-*-aix*)
+	AC_DEFINE(AIX,1,Using AIX)
+	# OpenSSH thinks it's broken. If it isn't, let me know.
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+	
+*-*-hpux*)
+	LIBS="$LIBS -lsec"
+	# It's probably broken.
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+*-dec-osf*)
+	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
+	;;
+esac
+
+AC_CHECK_TOOL(AR, ar, :)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+AC_CHECK_TOOL(INSTALL, install, :)
+
+dnl Can't use login() or logout() with uclibc
+AC_CHECK_DECL(__UCLIBC__, 
+	[
+	no_loginfunc_check=1
+	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
+	],,)
+
+dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
+dnl but we don't want link all binaries to -lcrypt, just dropbear server.
+dnl OS X doesn't need -lcrypt 
+AC_CHECK_FUNC(crypt, found_crypt_func=here)
+AC_CHECK_LIB(crypt, crypt, 
+	[
+	CRYPTLIB="-lcrypt"
+	found_crypt_func=here
+	])
+AC_SUBST(CRYPTLIB)	
+if test "t$found_crypt_func" = there; then
+AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
+fi
+
+# Check if zlib is needed
+AC_ARG_WITH(zlib,
+	[  --with-zlib=PATH        Use zlib in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+AC_ARG_ENABLE(zlib,
+	[  --disable-zlib          Don't include zlib support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_ZLIB,1,Use zlib)
+			AC_MSG_NOTICE(Disabling zlib)
+		else
+			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+			AC_MSG_NOTICE(Enabling zlib)
+		fi
+	],
+	[
+		# if not disabled, check for zlib
+		AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+		AC_MSG_NOTICE(Enabling zlib)
+	]
+)
+
+# Check if pam is needed
+AC_ARG_WITH(pam,
+	[  --with-pam=PATH        Use pam in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+
+AC_ARG_ENABLE(pam,
+	[  --enable-pam            Try to include PAM support],
+	[
+		if test "x$enableval" = "xyes"; then
+			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
+			AC_MSG_NOTICE(Enabling PAM)
+			AC_CHECK_FUNCS(pam_fail_delay)
+		else
+			AC_DEFINE(DISABLE_PAM,1,Use PAM)
+			AC_MSG_NOTICE(Disabling PAM)
+		fi
+	],
+	[
+		# disable it by default
+		AC_DEFINE(DISABLE_PAM,1,Use PAM)
+		AC_MSG_NOTICE(Disabling PAM)
+	]
+)
+
+AC_ARG_ENABLE(openpty,
+	[  --disable-openpty       Don't use openpty, use alternative method],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using openpty)
+		else
+			AC_MSG_NOTICE(Using openpty if available)
+			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Using openpty if available)
+		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+	]
+)
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+	no_ptc_check=yes
+	no_ptmx_check=yes
+fi
+
+AC_ARG_ENABLE(syslog,
+	[  --disable-syslog        Don't include syslog support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_SYSLOG,1,Using syslog)
+			AC_MSG_NOTICE(Disabling syslog)
+		else
+			AC_MSG_NOTICE(Enabling syslog)
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Enabling syslog)
+	]
+)
+
+AC_ARG_ENABLE(shadow,
+	[  --disable-shadow        Don't use shadow passwords (if available)],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using shadow passwords)
+		else
+			AC_CHECK_HEADERS([shadow.h])
+			AC_MSG_NOTICE(Using shadow passwords if available)
+		fi
+	],
+	[
+		AC_CHECK_HEADERS([shadow.h])
+		AC_MSG_NOTICE(Using shadow passwords if available)
+	]
+)
+
+AC_ARG_ENABLE(fuzz,
+	[  --enable-fuzz           Build fuzzing. Not recommended for deployment.],
+	[
+		AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing)
+		AC_MSG_NOTICE(Enabling fuzzing)
+		DROPBEAR_FUZZ=1
+		# libfuzzer needs linking with c++ libraries
+		AC_PROG_CXX
+	],
+	[
+		AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
+		DROPBEAR_FUZZ=0
+	]
+
+)
+AC_SUBST(DROPBEAR_FUZZ)
+AC_SUBST(CXX)
+
+# Checks for header files.
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h \
+	crypt.h \
+	pty.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
+	utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
+	pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_TYPE_UID_T
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_HEADER_TIME
+
+AC_CHECK_TYPES([uint8_t, u_int8_t, uint16_t, u_int16_t, uint32_t, u_int32_t])
+AC_CHECK_TYPES([struct sockaddr_storage])
+AC_CHECK_TYPE([socklen_t], ,[
+	AC_MSG_CHECKING([for socklen_t equivalent])
+	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+	[
+	# Systems have either "struct sockaddr *" or
+	# "void *" as the second argument to getpeername
+	curl_cv_socklen_t_equiv=
+	for arg2 in "struct sockaddr" void; do
+		for t in int size_t unsigned long "unsigned long"; do
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+
+			int getpeername (int, $arg2 *, $t *);
+		]],[[
+			$t len;
+			getpeername(0,0,&len);
+		]])],[
+			curl_cv_socklen_t_equiv="$t"
+			break
+		])
+		done
+	done
+
+	if test "x$curl_cv_socklen_t_equiv" = x; then
+		AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+	fi
+	])
+	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+			[type to use in place of socklen_t if not defined])],
+	[#include <sys/types.h>
+	#include <sys/socket.h>])
+
+# for the fake-rfc2553 stuff - straight from OpenSSH
+
+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+		]],
+		[[ if (sizeof(struct sockaddr_storage)) return 0 ]])],
+		[ ac_cv_have_struct_sockaddr_storage="yes" ],
+		[ ac_cv_have_struct_sockaddr_storage="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+fi
+
+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+		]],
+		[[ if (sizeof(struct sockaddr_in6)) return 0 ]])],
+		[ ac_cv_have_struct_sockaddr_in6="yes" ],
+		[ ac_cv_have_struct_sockaddr_in6="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6)
+fi
+
+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+		]],
+		[[ if (sizeof(struct in6_addr)) return 0 ]])],
+		[ ac_cv_have_struct_in6_addr="yes" ],
+		[ ac_cv_have_struct_in6_addr="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr)
+fi
+
+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+		]],
+		[[ if (sizeof(struct addrinfo)) return 0 ]])],
+		[ ac_cv_have_struct_addrinfo="yes" ],
+		[ ac_cv_have_struct_addrinfo="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo)
+fi
+
+
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+	AC_DEFINE(HAVE_GAI_STRERROR)
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);]],[[
+char *str;
+
+str = gai_strerror(0);]])],[
+		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+		[Define if gai_strerror() returns const char *])])])
+
+# for loginrec.c
+
+AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type, struct utmp.ut_tv, struct utmp.ut_id, struct utmp.ut_addr, struct utmp.ut_addr_v6, struct utmp.ut_exit, struct utmp.ut_time],,,[
+#include <sys/types.h>
+#if HAVE_UTMP_H
+#include <utmp.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#if HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct sockaddr_storage.ss_family],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
+AC_CHECK_FUNCS(utmpname)
+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
+AC_CHECK_FUNCS(setutxent utmpxname)
+AC_CHECK_FUNCS(logout updwtmp logwtmp)
+
+# POSIX monotonic time
+AC_CHECK_FUNCS(clock_gettime)
+
+# OS X monotonic time
+AC_CHECK_HEADERS([mach/mach_time.h])
+AC_CHECK_FUNCS(mach_absolute_time)
+
+AC_CHECK_FUNCS(explicit_bzero memset_s)
+
+AC_ARG_ENABLE(bundled-libtom,
+[  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
+  --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
+                                Default is to use system if available, otherwise bundled.],
+	[
+		if test "x$enableval" = "xyes"; then
+			BUNDLED_LIBTOM=1
+			AC_MSG_NOTICE(Forcing bundled libtom*)
+		else
+			BUNDLED_LIBTOM=0
+			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] )
+			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
+				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] )
+		fi
+	],
+	[
+		BUNDLED_LIBTOM=0
+		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+	]
+)
+
+if test $BUNDLED_LIBTOM = 1 ; then
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) 
+fi
+
+AC_SUBST(LIBTOM_LIBS)
+AC_SUBST(BUNDLED_LIBTOM)
+
+dnl Added from OpenSSH 3.6.1p2's configure.ac
+
+dnl allow user to disable some login recording features
+AC_ARG_ENABLE(lastlog,
+	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog())
+		fi
+	]
+)
+AC_ARG_ENABLE(utmp,
+	[  --disable-utmp          Disable use of utmp even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp)
+		fi
+	]
+)
+AC_ARG_ENABLE(utmpx,
+	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx)
+		fi
+	]
+)
+AC_ARG_ENABLE(wtmp,
+	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp)
+		fi
+	]
+)
+AC_ARG_ENABLE(wtmpx,
+	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx)
+		fi
+	]
+)
+AC_ARG_ENABLE(loginfunc,
+	[  --disable-loginfunc     Disable use of login() etc. [no]],
+	[ no_loginfunc_check=1
+	AC_MSG_NOTICE([Not using login() etc]) ]
+)
+AC_ARG_ENABLE(pututline,
+	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline())
+		fi
+	]
+)
+AC_ARG_ENABLE(pututxline,
+	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
+	[
+		if test "x$enableval" = "xno" ; then
+			AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline())
+		fi
+	]
+)
+AC_ARG_WITH(lastlog,
+  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+	[
+		if test "x$withval" = "xno" ; then	
+			AC_DEFINE(DISABLE_LASTLOG)
+		else
+			conf_lastlog_location=$withval
+		fi
+	]
+)
+
+if test -z "$no_loginfunc_check"; then
+	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
+	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])])
+	AC_CHECK_FUNCS(logout updwtmp logwtmp)
+fi
+
+dnl lastlog, [uw]tmpx? detection
+dnl  NOTE: set the paths in the platform section to avoid the
+dnl   need for command-line parameters
+dnl lastlog and [uw]tmp are subject to a file search if all else fails
+
+dnl lastlog detection
+dnl  NOTE: the code itself will detect if lastlog is a directory
+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+	]],
+	[[ char *lastlog = LASTLOG_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[
+		AC_MSG_RESULT(no)
+		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+		]],
+		[[ char *lastlog = _PATH_LASTLOG; ]])],
+		[ AC_MSG_RESULT(yes) ],
+		[
+			AC_MSG_RESULT(no)
+			system_lastlog_path=no
+		])
+	]
+)
+
+if test -z "$conf_lastlog_location"; then
+	if test x"$system_lastlog_path" = x"no" ; then
+		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+				if (test -d "$f" || test -f "$f") ; then
+					conf_lastlog_location=$f
+				fi
+		done
+		if test -z "$conf_lastlog_location"; then
+			AC_MSG_WARN([** Cannot find lastlog **])
+			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
+		fi
+	fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
+fi	
+
+dnl utmp detection
+AC_MSG_CHECKING([if your system defines UTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *utmp = UTMP_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmp_path=no ]
+)
+if test -z "$conf_utmp_location"; then
+	if test x"$system_utmp_path" = x"no" ; then
+		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+			if test -f $f ; then
+				conf_utmp_location=$f
+			fi
+		done
+		if test -z "$conf_utmp_location"; then
+			AC_DEFINE(DISABLE_UTMP)
+		fi
+	fi
+fi
+if test -n "$conf_utmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
+fi	
+
+dnl wtmp detection
+AC_MSG_CHECKING([if your system defines WTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *wtmp = WTMP_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmp_path=no ]
+)
+if test -z "$conf_wtmp_location"; then
+	if test x"$system_wtmp_path" = x"no" ; then
+		for f in /usr/adm/wtmp /var/log/wtmp; do
+			if test -f $f ; then
+				conf_wtmp_location=$f
+			fi
+		done
+		if test -z "$conf_wtmp_location"; then
+			AC_DEFINE(DISABLE_WTMP)
+		fi
+	fi
+fi
+if test -n "$conf_wtmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
+fi	
+
+
+dnl utmpx detection - I don't know any system so perverse as to require
+dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
+dnl  there, though.
+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *utmpx = UTMPX_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmpx_path=no ]
+)
+if test -z "$conf_utmpx_location"; then
+	if test x"$system_utmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_UTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
+fi	
+
+dnl wtmpx detection
+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_UTMP_H
+#  include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#  include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	]],
+	[[ char *wtmpx = WTMPX_FILE; ]])],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmpx_path=no ]
+)
+if test -z "$conf_wtmpx_location"; then
+	if test x"$system_wtmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_WTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
+fi	
+
+# Checks for library functions.
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_MEMCMP
+AC_FUNC_SELECT_ARGTYPES
+AC_CHECK_FUNCS([getpass getspnam getusershell putenv])
+AC_CHECK_FUNCS([clearenv strlcpy strlcat daemon basename _getpty getaddrinfo ])
+AC_CHECK_FUNCS([freeaddrinfo getnameinfo fork writev getgrouplist])
+
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
+
+# Solaris needs ptmx
+if test -z "$no_ptmx_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		if test -e /dev/ptmx ; then
+			AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx)
+		fi
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
+	fi
+fi
+
+if test -z "$no_ptc_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		if test -e /dev/ptc ; then
+			AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts)
+		fi
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
+	fi
+fi
+
+AC_EXEEXT
+
+if test $BUNDLED_LIBTOM = 1 ; then
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv 
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
+
+AC_CONFIG_HEADER(config.h)
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
+AC_OUTPUT
+
+AC_MSG_NOTICE()
+if test $BUNDLED_LIBTOM = 1 ; then
+AC_MSG_NOTICE([Using bundled libtomcrypt and libtommath])
+else
+AC_MSG_NOTICE([Using system libtomcrypt and libtommath])
+fi
+
+
+if test "x$ac_cv_func_getpass" != xyes; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([getpass() not available, dbclient will only have public-key authentication])
+fi
+
+if test "t$found_crypt_func" != there; then
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([crypt() not available, dropbear server will not have password authentication])
+fi
+
+AC_MSG_NOTICE()
+AC_MSG_NOTICE([Now edit options.h to choose features.])

crypto_desc.c

@@ -0,0 +1,75 @@
+#include "includes.h"
+#include "dbutil.h"
+#include "crypto_desc.h"
+#include "ltc_prng.h"
+#include "ecc.h"
+
+#if DROPBEAR_LTC_PRNG
+	int dropbear_ltc_prng = -1;
+#endif
+
+
+/* Register the compiled in ciphers.
+ * This should be run before using any of the ciphers/hashes */
+void crypto_init() {
+
+	const struct ltc_cipher_descriptor *regciphers[] = {
+#if DROPBEAR_AES
+		&aes_desc,
+#endif
+#if DROPBEAR_BLOWFISH
+		&blowfish_desc,
+#endif
+#if DROPBEAR_TWOFISH
+		&twofish_desc,
+#endif
+#if DROPBEAR_3DES
+		&des3_desc,
+#endif
+		NULL
+	};
+
+	const struct ltc_hash_descriptor *reghashes[] = {
+		/* we need sha1 for hostkey stuff regardless */
+		&sha1_desc,
+#if DROPBEAR_MD5_HMAC
+		&md5_desc,
+#endif
+#if DROPBEAR_SHA256
+		&sha256_desc,
+#endif
+#if DROPBEAR_SHA384
+		&sha384_desc,
+#endif
+#if DROPBEAR_SHA512
+		&sha512_desc,
+#endif
+		NULL
+	};	
+	int i;
+	
+	for (i = 0; regciphers[i] != NULL; i++) {
+		if (register_cipher(regciphers[i]) == -1) {
+			dropbear_exit("Error registering crypto");
+		}
+	}
+
+	for (i = 0; reghashes[i] != NULL; i++) {
+		if (register_hash(reghashes[i]) == -1) {
+			dropbear_exit("Error registering crypto");
+		}
+	}
+
+#if DROPBEAR_LTC_PRNG
+	dropbear_ltc_prng = register_prng(&dropbear_prng_desc);
+	if (dropbear_ltc_prng == -1) {
+		dropbear_exit("Error registering crypto");
+	}
+#endif
+
+#if DROPBEAR_ECC
+	ltc_mp = ltm_desc;
+	dropbear_ecc_fill_dp();
+#endif
+}
+

crypto_desc.h

@@ -0,0 +1,9 @@
+#ifndef DROPBEAR_CRYPTO_DESC_H
+#define DROPBEAR_CRYPTO_DESC_H
+
+void crypto_init(void);
+
+extern int dropbear_ltc_prng;
+
+#endif /* DROPBEAR_CRYPTO_DESC_H */
+

curve25519-donna.c

@@ -0,0 +1,860 @@
+/* Copyright 2008, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * curve25519-donna: Curve25519 elliptic curve, public key function
+ *
+ * http://code.google.com/p/curve25519-donna/
+ *
+ * Adam Langley <agl@imperialviolet.org>
+ *
+ * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * More information about curve25519 can be found here
+ *   http://cr.yp.to/ecdh.html
+ *
+ * djb's sample implementation of curve25519 is written in a special assembly
+ * language called qhasm and uses the floating point registers.
+ *
+ * This is, almost, a clean room reimplementation from the curve25519 paper. It
+ * uses many of the tricks described therein. Only the crecip function is taken
+ * from the sample implementation. */
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef _MSC_VER
+#define inline __inline
+#endif
+
+typedef uint8_t u8;
+typedef int32_t s32;
+typedef int64_t limb;
+
+/* Field element representation:
+ *
+ * Field elements are written as an array of signed, 64-bit limbs, least
+ * significant first. The value of the field element is:
+ *   x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ...
+ *
+ * i.e. the limbs are 26, 25, 26, 25, ... bits wide. */
+
+/* Sum two numbers: output += in */
+static void fsum(limb *output, const limb *in) {
+  unsigned i;
+  for (i = 0; i < 10; i += 2) {
+    output[0+i] = output[0+i] + in[0+i];
+    output[1+i] = output[1+i] + in[1+i];
+  }
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!). */
+static void fdifference(limb *output, const limb *in) {
+  unsigned i;
+  for (i = 0; i < 10; ++i) {
+    output[i] = in[i] - output[i];
+  }
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void fscalar_product(limb *output, const limb *in, const limb scalar) {
+  unsigned i;
+  for (i = 0; i < 10; ++i) {
+    output[i] = in[i] * scalar;
+  }
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ *
+ * output[x] <= 14 * the largest product of the input limbs. */
+static void fproduct(limb *output, const limb *in2, const limb *in) {
+  output[0] =       ((limb) ((s32) in2[0])) * ((s32) in[0]);
+  output[1] =       ((limb) ((s32) in2[0])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[0]);
+  output[2] =  2 *  ((limb) ((s32) in2[1])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[0]);
+  output[3] =       ((limb) ((s32) in2[1])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[0]);
+  output[4] =       ((limb) ((s32) in2[2])) * ((s32) in[2]) +
+               2 * (((limb) ((s32) in2[1])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[0]);
+  output[5] =       ((limb) ((s32) in2[2])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[0]);
+  output[6] =  2 * (((limb) ((s32) in2[3])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[0]);
+  output[7] =       ((limb) ((s32) in2[3])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[0]);
+  output[8] =       ((limb) ((s32) in2[4])) * ((s32) in[4]) +
+               2 * (((limb) ((s32) in2[3])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[0]);
+  output[9] =       ((limb) ((s32) in2[4])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[0]);
+  output[10] = 2 * (((limb) ((s32) in2[5])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[2]);
+  output[11] =      ((limb) ((s32) in2[5])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[2]);
+  output[12] =      ((limb) ((s32) in2[6])) * ((s32) in[6]) +
+               2 * (((limb) ((s32) in2[5])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[3])) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[4]);
+  output[13] =      ((limb) ((s32) in2[6])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[4]);
+  output[14] = 2 * (((limb) ((s32) in2[7])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[5])) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[6]);
+  output[15] =      ((limb) ((s32) in2[7])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[6]);
+  output[16] =      ((limb) ((s32) in2[8])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in2[7])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[7]));
+  output[17] =      ((limb) ((s32) in2[8])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[8]);
+  output[18] = 2 *  ((limb) ((s32) in2[9])) * ((s32) in[9]);
+}
+
+/* Reduce a long form to a short form by taking the input mod 2^255 - 19.
+ *
+ * On entry: |output[i]| < 14*2^54
+ * On exit: |output[0..8]| < 280*2^54 */
+static void freduce_degree(limb *output) {
+  /* Each of these shifts and adds ends up multiplying the value by 19.
+   *
+   * For output[0..8], the absolute entry value is < 14*2^54 and we add, at
+   * most, 19*14*2^54 thus, on exit, |output[0..8]| < 280*2^54. */
+  output[8] += output[18] << 4;
+  output[8] += output[18] << 1;
+  output[8] += output[18];
+  output[7] += output[17] << 4;
+  output[7] += output[17] << 1;
+  output[7] += output[17];
+  output[6] += output[16] << 4;
+  output[6] += output[16] << 1;
+  output[6] += output[16];
+  output[5] += output[15] << 4;
+  output[5] += output[15] << 1;
+  output[5] += output[15];
+  output[4] += output[14] << 4;
+  output[4] += output[14] << 1;
+  output[4] += output[14];
+  output[3] += output[13] << 4;
+  output[3] += output[13] << 1;
+  output[3] += output[13];
+  output[2] += output[12] << 4;
+  output[2] += output[12] << 1;
+  output[2] += output[12];
+  output[1] += output[11] << 4;
+  output[1] += output[11] << 1;
+  output[1] += output[11];
+  output[0] += output[10] << 4;
+  output[0] += output[10] << 1;
+  output[0] += output[10];
+}
+
+#if (-1 & 3) != 3
+#error "This code only works on a two's complement system"
+#endif
+
+/* return v / 2^26, using only shifts and adds.
+ *
+ * On entry: v can take any value. */
+static inline limb
+div_by_2_26(const limb v)
+{
+  /* High word of v; no shift needed. */
+  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
+  /* Set to all 1s if v was negative; else set to 0s. */
+  const int32_t sign = ((int32_t) highword) >> 31;
+  /* Set to 0x3ffffff if v was negative; else set to 0. */
+  const int32_t roundoff = ((uint32_t) sign) >> 6;
+  /* Should return v / (1<<26) */
+  return (v + roundoff) >> 26;
+}
+
+/* return v / (2^25), using only shifts and adds.
+ *
+ * On entry: v can take any value. */
+static inline limb
+div_by_2_25(const limb v)
+{
+  /* High word of v; no shift needed*/
+  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
+  /* Set to all 1s if v was negative; else set to 0s. */
+  const int32_t sign = ((int32_t) highword) >> 31;
+  /* Set to 0x1ffffff if v was negative; else set to 0. */
+  const int32_t roundoff = ((uint32_t) sign) >> 7;
+  /* Should return v / (1<<25) */
+  return (v + roundoff) >> 25;
+}
+
+/* Reduce all coefficients of the short form input so that |x| < 2^26.
+ *
+ * On entry: |output[i]| < 280*2^54 */
+static void freduce_coefficients(limb *output) {
+  unsigned i;
+
+  output[10] = 0;
+
+  for (i = 0; i < 10; i += 2) {
+    limb over = div_by_2_26(output[i]);
+    /* The entry condition (that |output[i]| < 280*2^54) means that over is, at
+     * most, 280*2^28 in the first iteration of this loop. This is added to the
+     * next limb and we can approximate the resulting bound of that limb by
+     * 281*2^54. */
+    output[i] -= over << 26;
+    output[i+1] += over;
+
+    /* For the first iteration, |output[i+1]| < 281*2^54, thus |over| <
+     * 281*2^29. When this is added to the next limb, the resulting bound can
+     * be approximated as 281*2^54.
+     *
+     * For subsequent iterations of the loop, 281*2^54 remains a conservative
+     * bound and no overflow occurs. */
+    over = div_by_2_25(output[i+1]);
+    output[i+1] -= over << 25;
+    output[i+2] += over;
+  }
+  /* Now |output[10]| < 281*2^29 and all other coefficients are reduced. */
+  output[0] += output[10] << 4;
+  output[0] += output[10] << 1;
+  output[0] += output[10];
+
+  output[10] = 0;
+
+  /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19*281*2^29
+   * So |over| will be no more than 2^16. */
+  {
+    limb over = div_by_2_26(output[0]);
+    output[0] -= over << 26;
+    output[1] += over;
+  }
+
+  /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 2^16 < 2^26. The
+   * bound on |output[1]| is sufficient to meet our needs. */
+}
+
+/* A helpful wrapper around fproduct: output = in * in2.
+ *
+ * On entry: |in[i]| < 2^27 and |in2[i]| < 2^27.
+ *
+ * output must be distinct to both inputs. The output is reduced degree
+ * (indeed, one need only provide storage for 10 limbs) and |output[i]| < 2^26. */
+static void
+fmul(limb *output, const limb *in, const limb *in2) {
+  limb t[19];
+  fproduct(t, in, in2);
+  /* |t[i]| < 14*2^54 */
+  freduce_degree(t);
+  freduce_coefficients(t);
+  /* |t[i]| < 2^26 */
+  memcpy(output, t, sizeof(limb) * 10);
+}
+
+/* Square a number: output = in**2
+ *
+ * output must be distinct from the input. The inputs are reduced coefficient
+ * form, the output is not.
+ *
+ * output[x] <= 14 * the largest product of the input limbs. */
+static void fsquare_inner(limb *output, const limb *in) {
+  output[0] =       ((limb) ((s32) in[0])) * ((s32) in[0]);
+  output[1] =  2 *  ((limb) ((s32) in[0])) * ((s32) in[1]);
+  output[2] =  2 * (((limb) ((s32) in[1])) * ((s32) in[1]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[2]));
+  output[3] =  2 * (((limb) ((s32) in[1])) * ((s32) in[2]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[3]));
+  output[4] =       ((limb) ((s32) in[2])) * ((s32) in[2]) +
+               4 *  ((limb) ((s32) in[1])) * ((s32) in[3]) +
+               2 *  ((limb) ((s32) in[0])) * ((s32) in[4]);
+  output[5] =  2 * (((limb) ((s32) in[2])) * ((s32) in[3]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[5]));
+  output[6] =  2 * (((limb) ((s32) in[3])) * ((s32) in[3]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[6]) +
+               2 *  ((limb) ((s32) in[1])) * ((s32) in[5]));
+  output[7] =  2 * (((limb) ((s32) in[3])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[7]));
+  output[8] =       ((limb) ((s32) in[4])) * ((s32) in[4]) +
+               2 * (((limb) ((s32) in[2])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[1])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[5])));
+  output[9] =  2 * (((limb) ((s32) in[4])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[9]));
+  output[10] = 2 * (((limb) ((s32) in[5])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[3])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[9])));
+  output[11] = 2 * (((limb) ((s32) in[5])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[9]));
+  output[12] =      ((limb) ((s32) in[6])) * ((s32) in[6]) +
+               2 * (((limb) ((s32) in[4])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[5])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[9])));
+  output[13] = 2 * (((limb) ((s32) in[6])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[5])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[9]));
+  output[14] = 2 * (((limb) ((s32) in[7])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[6])) * ((s32) in[8]) +
+               2 *  ((limb) ((s32) in[5])) * ((s32) in[9]));
+  output[15] = 2 * (((limb) ((s32) in[7])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[6])) * ((s32) in[9]));
+  output[16] =      ((limb) ((s32) in[8])) * ((s32) in[8]) +
+               4 *  ((limb) ((s32) in[7])) * ((s32) in[9]);
+  output[17] = 2 *  ((limb) ((s32) in[8])) * ((s32) in[9]);
+  output[18] = 2 *  ((limb) ((s32) in[9])) * ((s32) in[9]);
+}
+
+/* fsquare sets output = in^2.
+ *
+ * On entry: The |in| argument is in reduced coefficients form and |in[i]| <
+ * 2^27.
+ *
+ * On exit: The |output| argument is in reduced coefficients form (indeed, one
+ * need only provide storage for 10 limbs) and |out[i]| < 2^26. */
+static void
+fsquare(limb *output, const limb *in) {
+  limb t[19];
+  fsquare_inner(t, in);
+  /* |t[i]| < 14*2^54 because the largest product of two limbs will be <
+   * 2^(27+27) and fsquare_inner adds together, at most, 14 of those
+   * products. */
+  freduce_degree(t);
+  freduce_coefficients(t);
+  /* |t[i]| < 2^26 */
+  memcpy(output, t, sizeof(limb) * 10);
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+fexpand(limb *output, const u8 *input) {
+#define F(n,start,shift,mask) \
+  output[n] = ((((limb) input[start + 0]) | \
+                ((limb) input[start + 1]) << 8 | \
+                ((limb) input[start + 2]) << 16 | \
+                ((limb) input[start + 3]) << 24) >> shift) & mask;
+  F(0, 0, 0, 0x3ffffff);
+  F(1, 3, 2, 0x1ffffff);
+  F(2, 6, 3, 0x3ffffff);
+  F(3, 9, 5, 0x1ffffff);
+  F(4, 12, 6, 0x3ffffff);
+  F(5, 16, 0, 0x1ffffff);
+  F(6, 19, 1, 0x3ffffff);
+  F(7, 22, 3, 0x1ffffff);
+  F(8, 25, 4, 0x3ffffff);
+  F(9, 28, 6, 0x1ffffff);
+#undef F
+}
+
+#if (-32 >> 1) != -16
+#error "This code only works when >> does sign-extension on negative numbers"
+#endif
+
+/* s32_eq returns 0xffffffff iff a == b and zero otherwise. */
+static s32 s32_eq(s32 a, s32 b) {
+  a = ~(a ^ b);
+  a &= a << 16;
+  a &= a << 8;
+  a &= a << 4;
+  a &= a << 2;
+  a &= a << 1;
+  return a >> 31;
+}
+
+/* s32_gte returns 0xffffffff if a >= b and zero otherwise, where a and b are
+ * both non-negative. */
+static s32 s32_gte(s32 a, s32 b) {
+  a -= b;
+  /* a >= 0 iff a >= b. */
+  return ~(a >> 31);
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array.
+ *
+ * On entry: |input_limbs[i]| < 2^26 */
+static void
+fcontract(u8 *output, limb *input_limbs) {
+  int i;
+  int j;
+  s32 input[10];
+  s32 mask;
+
+  /* |input_limbs[i]| < 2^26, so it's valid to convert to an s32. */
+  for (i = 0; i < 10; i++) {
+    input[i] = input_limbs[i];
+  }
+
+  for (j = 0; j < 2; ++j) {
+    for (i = 0; i < 9; ++i) {
+      if ((i & 1) == 1) {
+        /* This calculation is a time-invariant way to make input[i]
+         * non-negative by borrowing from the next-larger limb. */
+        const s32 mask = input[i] >> 31;
+        const s32 carry = -((input[i] & mask) >> 25);
+        input[i] = input[i] + (carry << 25);
+        input[i+1] = input[i+1] - carry;
+      } else {
+        const s32 mask = input[i] >> 31;
+        const s32 carry = -((input[i] & mask) >> 26);
+        input[i] = input[i] + (carry << 26);
+        input[i+1] = input[i+1] - carry;
+      }
+    }
+
+    /* There's no greater limb for input[9] to borrow from, but we can multiply
+     * by 19 and borrow from input[0], which is valid mod 2^255-19. */
+    {
+      const s32 mask = input[9] >> 31;
+      const s32 carry = -((input[9] & mask) >> 25);
+      input[9] = input[9] + (carry << 25);
+      input[0] = input[0] - (carry * 19);
+    }
+
+    /* After the first iteration, input[1..9] are non-negative and fit within
+     * 25 or 26 bits, depending on position. However, input[0] may be
+     * negative. */
+  }
+
+  /* The first borrow-propagation pass above ended with every limb
+     except (possibly) input[0] non-negative.
+
+     If input[0] was negative after the first pass, then it was because of a
+     carry from input[9]. On entry, input[9] < 2^26 so the carry was, at most,
+     one, since (2**26-1) >> 25 = 1. Thus input[0] >= -19.
+
+     In the second pass, each limb is decreased by at most one. Thus the second
+     borrow-propagation pass could only have wrapped around to decrease
+     input[0] again if the first pass left input[0] negative *and* input[1]
+     through input[9] were all zero.  In that case, input[1] is now 2^25 - 1,
+     and this last borrow-propagation step will leave input[1] non-negative. */
+  {
+    const s32 mask = input[0] >> 31;
+    const s32 carry = -((input[0] & mask) >> 26);
+    input[0] = input[0] + (carry << 26);
+    input[1] = input[1] - carry;
+  }
+
+  /* All input[i] are now non-negative. However, there might be values between
+   * 2^25 and 2^26 in a limb which is, nominally, 25 bits wide. */
+  for (j = 0; j < 2; j++) {
+    for (i = 0; i < 9; i++) {
+      if ((i & 1) == 1) {
+        const s32 carry = input[i] >> 25;
+        input[i] &= 0x1ffffff;
+        input[i+1] += carry;
+      } else {
+        const s32 carry = input[i] >> 26;
+        input[i] &= 0x3ffffff;
+        input[i+1] += carry;
+      }
+    }
+
+    {
+      const s32 carry = input[9] >> 25;
+      input[9] &= 0x1ffffff;
+      input[0] += 19*carry;
+    }
+  }
+
+  /* If the first carry-chain pass, just above, ended up with a carry from
+   * input[9], and that caused input[0] to be out-of-bounds, then input[0] was
+   * < 2^26 + 2*19, because the carry was, at most, two.
+   *
+   * If the second pass carried from input[9] again then input[0] is < 2*19 and
+   * the input[9] -> input[0] carry didn't push input[0] out of bounds. */
+
+  /* It still remains the case that input might be between 2^255-19 and 2^255.
+   * In this case, input[1..9] must take their maximum value and input[0] must
+   * be >= (2^255-19) & 0x3ffffff, which is 0x3ffffed. */
+  mask = s32_gte(input[0], 0x3ffffed);
+  for (i = 1; i < 10; i++) {
+    if ((i & 1) == 1) {
+      mask &= s32_eq(input[i], 0x1ffffff);
+    } else {
+      mask &= s32_eq(input[i], 0x3ffffff);
+    }
+  }
+
+  /* mask is either 0xffffffff (if input >= 2^255-19) and zero otherwise. Thus
+   * this conditionally subtracts 2^255-19. */
+  input[0] -= mask & 0x3ffffed;
+
+  for (i = 1; i < 10; i++) {
+    if ((i & 1) == 1) {
+      input[i] -= mask & 0x1ffffff;
+    } else {
+      input[i] -= mask & 0x3ffffff;
+    }
+  }
+
+  input[1] <<= 2;
+  input[2] <<= 3;
+  input[3] <<= 5;
+  input[4] <<= 6;
+  input[6] <<= 1;
+  input[7] <<= 3;
+  input[8] <<= 4;
+  input[9] <<= 6;
+#define F(i, s) \
+  output[s+0] |=  input[i] & 0xff; \
+  output[s+1]  = (input[i] >> 8) & 0xff; \
+  output[s+2]  = (input[i] >> 16) & 0xff; \
+  output[s+3]  = (input[i] >> 24) & 0xff;
+  output[0] = 0;
+  output[16] = 0;
+  F(0,0);
+  F(1,3);
+  F(2,6);
+  F(3,9);
+  F(4,12);
+  F(5,16);
+  F(6,19);
+  F(7,22);
+  F(8,25);
+  F(9,28);
+#undef F
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ *
+ * On entry and exit, the absolute value of the limbs of all inputs and outputs
+ * are < 2^26. */
+static void fmonty(limb *x2, limb *z2,  /* output 2Q */
+                   limb *x3, limb *z3,  /* output Q + Q' */
+                   limb *x, limb *z,    /* input Q */
+                   limb *xprime, limb *zprime,  /* input Q' */
+                   const limb *qmqp /* input Q - Q' */) {
+  limb origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19],
+        zzprime[19], zzzprime[19], xxxprime[19];
+
+  memcpy(origx, x, 10 * sizeof(limb));
+  fsum(x, z);
+  /* |x[i]| < 2^27 */
+  fdifference(z, origx);  /* does x - z */
+  /* |z[i]| < 2^27 */
+
+  memcpy(origxprime, xprime, sizeof(limb) * 10);
+  fsum(xprime, zprime);
+  /* |xprime[i]| < 2^27 */
+  fdifference(zprime, origxprime);
+  /* |zprime[i]| < 2^27 */
+  fproduct(xxprime, xprime, z);
+  /* |xxprime[i]| < 14*2^54: the largest product of two limbs will be <
+   * 2^(27+27) and fproduct adds together, at most, 14 of those products.
+   * (Approximating that to 2^58 doesn't work out.) */
+  fproduct(zzprime, x, zprime);
+  /* |zzprime[i]| < 14*2^54 */
+  freduce_degree(xxprime);
+  freduce_coefficients(xxprime);
+  /* |xxprime[i]| < 2^26 */
+  freduce_degree(zzprime);
+  freduce_coefficients(zzprime);
+  /* |zzprime[i]| < 2^26 */
+  memcpy(origxprime, xxprime, sizeof(limb) * 10);
+  fsum(xxprime, zzprime);
+  /* |xxprime[i]| < 2^27 */
+  fdifference(zzprime, origxprime);
+  /* |zzprime[i]| < 2^27 */
+  fsquare(xxxprime, xxprime);
+  /* |xxxprime[i]| < 2^26 */
+  fsquare(zzzprime, zzprime);
+  /* |zzzprime[i]| < 2^26 */
+  fproduct(zzprime, zzzprime, qmqp);
+  /* |zzprime[i]| < 14*2^52 */
+  freduce_degree(zzprime);
+  freduce_coefficients(zzprime);
+  /* |zzprime[i]| < 2^26 */
+  memcpy(x3, xxxprime, sizeof(limb) * 10);
+  memcpy(z3, zzprime, sizeof(limb) * 10);
+
+  fsquare(xx, x);
+  /* |xx[i]| < 2^26 */
+  fsquare(zz, z);
+  /* |zz[i]| < 2^26 */
+  fproduct(x2, xx, zz);
+  /* |x2[i]| < 14*2^52 */
+  freduce_degree(x2);
+  freduce_coefficients(x2);
+  /* |x2[i]| < 2^26 */
+  fdifference(zz, xx);  /* does zz = xx - zz */
+  /* |zz[i]| < 2^27 */
+  memset(zzz + 10, 0, sizeof(limb) * 9);
+  fscalar_product(zzz, zz, 121665);
+  /* |zzz[i]| < 2^(27+17) */
+  /* No need to call freduce_degree here:
+     fscalar_product doesn't increase the degree of its input. */
+  freduce_coefficients(zzz);
+  /* |zzz[i]| < 2^26 */
+  fsum(zzz, xx);
+  /* |zzz[i]| < 2^27 */
+  fproduct(z2, zz, zzz);
+  /* |z2[i]| < 14*2^(26+27) */
+  freduce_degree(z2);
+  freduce_coefficients(z2);
+  /* |z2|i| < 2^26 */
+}
+
+/* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave
+ * them unchanged if 'iswap' is 0.  Runs in data-invariant time to avoid
+ * side-channel attacks.
+ *
+ * NOTE that this function requires that 'iswap' be 1 or 0; other values give
+ * wrong results.  Also, the two limb arrays must be in reduced-coefficient,
+ * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped,
+ * and all all values in a[0..9],b[0..9] must have magnitude less than
+ * INT32_MAX. */
+static void
+swap_conditional(limb a[19], limb b[19], limb iswap) {
+  unsigned i;
+  const s32 swap = (s32) -iswap;
+
+  for (i = 0; i < 10; ++i) {
+    const s32 x = swap & ( ((s32)a[i]) ^ ((s32)b[i]) );
+    a[i] = ((s32)a[i]) ^ x;
+    b[i] = ((s32)b[i]) ^ x;
+  }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a little endian, 32-byte number
+ *   q: a point of the curve (short form) */
+static void
+cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
+  limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0};
+  limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+  limb e[19] = {0}, f[19] = {1}, g[19] = {0}, h[19] = {1};
+  limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+  unsigned i, j;
+
+  memcpy(nqpqx, q, sizeof(limb) * 10);
+
+  for (i = 0; i < 32; ++i) {
+    u8 byte = n[31 - i];
+    for (j = 0; j < 8; ++j) {
+      const limb bit = byte >> 7;
+
+      swap_conditional(nqx, nqpqx, bit);
+      swap_conditional(nqz, nqpqz, bit);
+      fmonty(nqx2, nqz2,
+             nqpqx2, nqpqz2,
+             nqx, nqz,
+             nqpqx, nqpqz,
+             q);
+      swap_conditional(nqx2, nqpqx2, bit);
+      swap_conditional(nqz2, nqpqz2, bit);
+
+      t = nqx;
+      nqx = nqx2;
+      nqx2 = t;
+      t = nqz;
+      nqz = nqz2;
+      nqz2 = t;
+      t = nqpqx;
+      nqpqx = nqpqx2;
+      nqpqx2 = t;
+      t = nqpqz;
+      nqpqz = nqpqz2;
+      nqpqz2 = t;
+
+      byte <<= 1;
+    }
+  }
+
+  memcpy(resultx, nqx, sizeof(limb) * 10);
+  memcpy(resultz, nqz, sizeof(limb) * 10);
+}
+
+/* -----------------------------------------------------------------------------
+ * Shamelessly copied from djb's code
+ * ----------------------------------------------------------------------------- */
+static void
+crecip(limb *out, const limb *z) {
+  limb z2[10];
+  limb z9[10];
+  limb z11[10];
+  limb z2_5_0[10];
+  limb z2_10_0[10];
+  limb z2_20_0[10];
+  limb z2_50_0[10];
+  limb z2_100_0[10];
+  limb t0[10];
+  limb t1[10];
+  int i;
+
+  /* 2 */ fsquare(z2,z);
+  /* 4 */ fsquare(t1,z2);
+  /* 8 */ fsquare(t0,t1);
+  /* 9 */ fmul(z9,t0,z);
+  /* 11 */ fmul(z11,z9,z2);
+  /* 22 */ fsquare(t0,z11);
+  /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ fsquare(t0,z2_5_0);
+  /* 2^7 - 2^2 */ fsquare(t1,t0);
+  /* 2^8 - 2^3 */ fsquare(t0,t1);
+  /* 2^9 - 2^4 */ fsquare(t1,t0);
+  /* 2^10 - 2^5 */ fsquare(t0,t1);
+  /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ fsquare(t0,z2_10_0);
+  /* 2^12 - 2^2 */ fsquare(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ fsquare(t0,z2_20_0);
+  /* 2^22 - 2^2 */ fsquare(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ fsquare(t1,t0);
+  /* 2^42 - 2^2 */ fsquare(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ fsquare(t0,z2_50_0);
+  /* 2^52 - 2^2 */ fsquare(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ fsquare(t1,z2_100_0);
+  /* 2^102 - 2^2 */ fsquare(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ fsquare(t0,t1);
+  /* 2^202 - 2^2 */ fsquare(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ fsquare(t1,t0);
+  /* 2^252 - 2^2 */ fsquare(t0,t1);
+  /* 2^253 - 2^3 */ fsquare(t1,t0);
+  /* 2^254 - 2^4 */ fsquare(t0,t1);
+  /* 2^255 - 2^5 */ fsquare(t1,t0);
+  /* 2^255 - 21 */ fmul(out,t1,z11);
+}
+
+int
+curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
+  limb bp[10], x[10], z[11], zmone[10];
+  uint8_t e[32];
+  int i;
+
+  for (i = 0; i < 32; ++i) e[i] = secret[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  fexpand(bp, basepoint);
+  cmult(x, z, e, bp);
+  crecip(zmone, z);
+  fmul(z, x, zmone);
+  fcontract(mypublic, z);
+  return 0;
+}

dbclient.1

@@ -0,0 +1,214 @@
+.TH dbclient 1
+.SH NAME
+dbclient \- lightweight SSH client
+.SH SYNOPSIS
+.B dbclient
+[\fIflag arguments\fR] [\-p
+.I port\fR] [\-i
+.I id\fR] [\-L
+.I l\fR:\fIh\fR:\fIp\fR] [\-R
+.I l\fR:\fIh\fR:\fIp\fR] [\-l
+.IR user ]
+.I host
+.RI [ \fImore\ flags\fR ]
+.RI [ command ]
+
+.B dbclient
+[\fIargs\fR]
+[\fIuser1\fR]@\fIhost1\fR[^\fIport1\fR],[\fIuser2\fR]@\fIhost2\fR[^\fIport2\fR],...
+
+.SH DESCRIPTION
+.B dbclient
+is a small SSH client 
+.SH OPTIONS
+.TP
+.TP
+.B command
+A command to run on the remote host. This will normally be run by the remote host
+using the user's shell. The command begins at the first hyphen argument after the 
+host argument. If no command is specified an interactive terminal will be opened
+(see -t and -T).
+.TP
+.B \-p \fIport
+Connect to 
+.I port
+on the remote host. Alternatively a port can be specified as hostname^port.
+Default is 22.
+.TP
+.B \-i \fIidfile
+Identity file.
+Read the identity key from file
+.I idfile
+(multiple allowed). This file is created with dropbearkey(1) or converted
+from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
+.TP
+.B \-L\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
+Local port forwarding.
+Forward the port
+.I listenport
+on the local host through the SSH connection to port
+.I port
+on the host
+.IR host .
+.TP
+.B \-R\fR [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
+Remote port forwarding.
+Forward the port
+.I listenport
+on the remote host through the SSH connection to port
+.I port
+on the host
+.IR host .
+.TP
+.B \-l \fIuser
+Username.
+Login as
+.I user
+on the remote host.
+.TP
+.B \-t
+Allocate a PTY. This is the default when no command is given, it gives a full
+interactive remote session. The main effect is that keystrokes are sent remotely 
+immediately as opposed to local line-based editing.
+.TP
+.B \-T
+Don't allocate a PTY. This is the default a command is given. See -t.
+.TP
+.B \-N
+Don't request a remote shell or run any commands. Any command arguments are ignored.
+.TP
+.B \-f
+Fork into the background after authentication. A command argument (or -N) is required.
+This is useful when using password authentication.
+.TP
+.B \-g
+Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
+forwarded ports, though remote connections to -R forwarded ports may be limited
+by the ssh server.
+.TP
+.B \-y
+Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
+connection will abort as normal. If specified a second time no host key checking
+is performed at all, this is usually undesirable.
+.TP
+.B \-A
+Forward agent connections to the remote host. dbclient will use any
+OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
+public key authentication.  Forwarding is only enabled if -A is specified.
+.TP
+.B \-W \fIwindowsize
+Specify the per-channel receive window buffer size. Increasing this 
+may improve network performance at the expense of memory use. Use -h to see the
+default buffer size.
+.TP
+.B \-K \fItimeout_seconds
+Ensure that traffic is transmitted at a certain interval in seconds. This is
+useful for working around firewalls or routers that drop connections after
+a certain period of inactivity. The trade-off is that a session may be
+closed if there is a temporary lapse of network connectivity. A setting
+if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
+.TP
+.B \-I \fIidle_timeout
+Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
+.TP
+
+.\" TODO: how to avoid a line break between these two -J arguments?
+.B \-J \fIproxy_command
+.TP
+.B \-J \fI&fd
+.br
+Use the standard input/output of the program \fIproxy_command\fR rather than using
+a normal TCP connection. A hostname should be still be provided, as this is used for
+comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
+default shell.
+
+The second form &fd will make dbclient use the numeric file descriptor as a socket. This
+can be used for more complex tunnelling scenarios. Example usage with socat is
+
+socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22
+
+.TP
+.B \-B \fIendhost:endport
+"Netcat-alike" mode, where Dropbear will connect to the given host, then create a
+forwarded connection to \fIendhost\fR. This will then be presented as dbclient's
+standard input/output.
+.TP
+.B \-c \fIcipherlist
+Specify a comma separated list of ciphers to enable. Use \fI-c help\fR to list possibilities.
+.TP
+.B \-m \fIMAClist
+Specify a comma separated list of authentication MACs to enable. Use \fI-m help\fR to list possibilities.
+.TP
+.B \-o \fIoption
+Can be used to give options in the format used by OpenSSH config file. This is
+useful for specifying options for which there is no separate command-line flag.
+For full details of the options listed below, and their possible values, see
+ssh_config(5).
+The following options have currently been implemented:
+
+.RS
+.TP
+.B ExitOnForwardFailure
+Specifies whether dbclient should terminate the connection if it cannot set up all requested local and remote port forwardings. The argument must be “yes” or “no”.  The default is “no”.
+.TP
+.B UseSyslog
+Send dbclient log messages to syslog in addition to stderr.
+.RE
+.TP
+.B \-s 
+The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR
+.TP
+.B \-b \fI[address][:port]
+Bind to a specific local address when connecting to the remote host. This can be used to choose from
+multiple outgoing interfaces. Either address or port (or both) can be given.
+.TP
+.B \-V
+Print the version
+
+.SH MULTI-HOP
+Dropbear will also allow multiple "hops" to be specified, separated by commas. In
+this case a connection will be made to the first host, then a TCP forwarded 
+connection will be made through that to the second host, and so on. Hosts other than
+the final destination will not see anything other than the encrypted SSH stream. 
+A port for a host can be specified with a caret (eg matt@martello^44 ).
+This syntax can also be used with scp or rsync (specifying dbclient as the 
+ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
+
+scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
+
+Note that hostnames are resolved by the prior hop (so "canyons" would be resolved by the host "wrt")
+in the example above, the same way as other -L TCP forwarded hosts are. Host keys are 
+checked locally based on the given hostname.
+
+.SH ESCAPE CHARACTERS
+Typing a newline followed by the  key sequence \fI~.\fR (tilde, dot) will terminate a connection.
+The sequence \fI~^Z\fR (tilde, ctrl-z) will background the connection. This behaviour only
+applies when a PTY is used.
+
+.SH ENVIRONMENT
+.TP
+.B DROPBEAR_PASSWORD
+A password to use for remote authentication can be specified in the environment
+variable DROPBEAR_PASSWORD. Care should be taken that the password is not
+exposed to other users on a multi-user system, or stored in accessible files.
+.TP
+.B SSH_ASKPASS
+dbclient can use an external program to request a password from a user.
+SSH_ASKPASS should be set to the path of a program that will return a password
+on standard output. This program will only be used if either DISPLAY is set and
+standard input is not a TTY, or the environment variable SSH_ASKPASS_ALWAYS is
+set.
+.SH NOTES
+If compiled with zlib support and if the server supports it, dbclient will
+always use compression.
+
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Mihnea Stoenescu wrote initial Dropbear client support
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbear(8), dropbearkey(1)
+.P
+https://matt.ucc.asn.au/dropbear/dropbear.html

dbhelpers.c

@@ -0,0 +1,18 @@
+#include "dbhelpers.h"
+#include "includes.h"
+
+/* Erase data */
+void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
+	/* This must be volatile to avoid compiler optimisation */
+	volatile void *p = data;
+	memset((void*)p, 0x0, len);
+#endif
+}
+
+

dbhelpers.h

@@ -0,0 +1,21 @@
+#ifndef DROPBEAR_DBHELPERS_H_
+#define DROPBEAR_DBHELPERS_H_
+
+/* This header defines some things that are also used by libtomcrypt/math. 
+   We avoid including normal include.h since that can result in conflicting 
+   definitions - only include config.h */
+#include "config.h"
+
+#ifdef __GNUC__
+#define ATTRIB_PRINTF(fmt,args) __attribute__((format(printf, fmt, args))) 
+#define ATTRIB_NORETURN __attribute__((noreturn))
+#define ATTRIB_SENTINEL __attribute__((sentinel))
+#else
+#define ATTRIB_PRINTF(fmt,args)
+#define ATTRIB_NORETURN
+#define ATTRIB_SENTINEL
+#endif
+
+void m_burn(void* data, unsigned int len);
+
+#endif /* DROPBEAR_DBHELPERS_H_ */

dbmalloc.c

@@ -0,0 +1,182 @@
+#include "dbmalloc.h"
+#include "dbutil.h"
+
+
+void * m_calloc(size_t nmemb, size_t size) {
+    if (SIZE_T_MAX / nmemb < size) {
+        dropbear_exit("m_calloc failed");
+    }
+    return m_malloc(nmemb*size);
+}
+
+void * m_strdup(const char * str) {
+    char* ret;
+    unsigned int len;
+    len = strlen(str);
+
+    ret = m_malloc(len+1);
+    if (ret == NULL) {
+        dropbear_exit("m_strdup failed");
+    }
+    memcpy(ret, str, len+1);
+    return ret;
+}
+
+#if !DROPBEAR_TRACKING_MALLOC
+
+/* Simple wrappers around malloc etc */
+void * m_malloc(size_t size) {
+
+	void* ret;
+
+	if (size == 0) {
+		dropbear_exit("m_malloc failed");
+	}
+	ret = calloc(1, size);
+	if (ret == NULL) {
+		dropbear_exit("m_malloc failed");
+	}
+	return ret;
+
+}
+
+void * m_realloc(void* ptr, size_t size) {
+
+	void *ret;
+
+	if (size == 0) {
+		dropbear_exit("m_realloc failed");
+	}
+	ret = realloc(ptr, size);
+	if (ret == NULL) {
+		dropbear_exit("m_realloc failed");
+	}
+	return ret;
+}
+
+
+#else
+
+/* For fuzzing */
+
+struct dbmalloc_header {
+    unsigned int epoch;
+    struct dbmalloc_header *prev;
+    struct dbmalloc_header *next;
+};
+
+static void put_alloc(struct dbmalloc_header *header);
+static void remove_alloc(struct dbmalloc_header *header);
+
+/* end of the linked list */
+static struct dbmalloc_header* staple;
+
+unsigned int current_epoch = 0;
+
+void m_malloc_set_epoch(unsigned int epoch) {
+    current_epoch = epoch;
+}
+
+void m_malloc_free_epoch(unsigned int epoch, int dofree) {
+    struct dbmalloc_header* header;
+    struct dbmalloc_header* nextheader = NULL;
+    struct dbmalloc_header* oldstaple = staple;
+    staple = NULL;
+    /* free allocations from this epoch, create a new staple-anchored list from
+    the remainder */
+    for (header = oldstaple; header; header = nextheader)
+    {
+        nextheader = header->next;
+        if (header->epoch == epoch) {
+            if (dofree) {
+                free(header);
+            }
+        } else {
+            header->prev = NULL;
+            header->next = NULL;
+            put_alloc(header);
+        }
+    }
+}
+
+static void put_alloc(struct dbmalloc_header *header) {
+    assert(header->next == NULL);
+    assert(header->prev == NULL);
+    if (staple) {
+        staple->prev = header;
+    }
+    header->next = staple;
+    staple = header;
+}
+
+static void remove_alloc(struct dbmalloc_header *header) {
+    if (header->prev) {
+        header->prev->next = header->next;
+    }
+    if (header->next) {
+        header->next->prev = header->prev;
+    }
+    if (staple == header) {
+        staple = header->next;
+    }
+    header->prev = NULL;
+    header->next = NULL;
+}
+
+static struct dbmalloc_header* get_header(void* ptr) {
+    char* bptr = ptr;
+    return (struct dbmalloc_header*)&bptr[-sizeof(struct dbmalloc_header)];
+}
+
+void * m_malloc(size_t size) {
+    char* mem = NULL;
+    struct dbmalloc_header* header = NULL;
+
+    if (size == 0 || size > 1e9) {
+        dropbear_exit("m_malloc failed");
+    }
+
+    size = size + sizeof(struct dbmalloc_header);
+
+    mem = calloc(1, size);
+    if (mem == NULL) {
+        dropbear_exit("m_malloc failed");
+    }
+    header = (struct dbmalloc_header*)mem;
+    put_alloc(header);
+    header->epoch = current_epoch;
+    return &mem[sizeof(struct dbmalloc_header)];
+}
+
+void * m_realloc(void* ptr, size_t size) {
+    char* mem = NULL;
+    struct dbmalloc_header* header = NULL;
+    if (size == 0 || size > 1e9) {
+        dropbear_exit("m_realloc failed");
+    }
+
+    header = get_header(ptr);
+    remove_alloc(header);
+
+    size = size + sizeof(struct dbmalloc_header);
+    mem = realloc(header, size);
+    if (mem == NULL) {
+        dropbear_exit("m_realloc failed");
+    }
+
+    header = (struct dbmalloc_header*)mem;
+    put_alloc(header);
+    return &mem[sizeof(struct dbmalloc_header)];
+}
+
+void m_free_direct(void* ptr) {
+    struct dbmalloc_header* header = NULL;
+    if (!ptr) {
+        return;
+    }
+    header = get_header(ptr);
+    remove_alloc(header);
+    free(header);
+}
+
+#endif /* DROPBEAR_TRACKING_MALLOC */

dbmalloc.h

@@ -0,0 +1,27 @@
+#ifndef DBMALLOC_H_
+#define DBMALLOC_H_
+
+#include "stdint.h"
+#include "stdlib.h"
+#include "options.h"
+
+void * m_malloc(size_t size);
+void * m_calloc(size_t nmemb, size_t size);
+void * m_strdup(const char * str);
+void * m_realloc(void* ptr, size_t size);
+
+#if DROPBEAR_TRACKING_MALLOC
+void m_free_direct(void* ptr);
+void m_malloc_set_epoch(unsigned int epoch);
+void m_malloc_free_epoch(unsigned int epoch, int dofree);
+
+#else
+/* plain wrapper */
+#define m_free_direct free
+
+#endif
+
+#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0)
+
+
+#endif /* DBMALLOC_H_ */

dbmulti.c

@@ -0,0 +1,104 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+
+/* definitions are cleanest if we just put them here */
+int dropbear_main(int argc, char ** argv);
+int cli_main(int argc, char ** argv);
+int dropbearkey_main(int argc, char ** argv);
+int dropbearconvert_main(int argc, char ** argv);
+int scp_main(int argc, char ** argv);
+
+static int runprog(const char *progname, int argc, char ** argv, int *match) {
+	*match = DROPBEAR_SUCCESS;
+
+#ifdef DBMULTI_dropbear
+		if (strcmp(progname, "dropbear") == 0) {
+			return dropbear_main(argc, argv);
+		}
+#endif
+#ifdef DBMULTI_dbclient
+		if (strcmp(progname, "dbclient") == 0
+				|| strcmp(progname, "ssh") == 0) {
+			return cli_main(argc, argv);
+		}
+#endif
+#ifdef DBMULTI_dropbearkey
+		if (strcmp(progname, "dropbearkey") == 0) {
+			return dropbearkey_main(argc, argv);
+		}
+#endif
+#ifdef DBMULTI_dropbearconvert
+		if (strcmp(progname, "dropbearconvert") == 0) {
+			return dropbearconvert_main(argc, argv);
+		}
+#endif
+#ifdef DBMULTI_scp
+		if (strcmp(progname, "scp") == 0) {
+			return scp_main(argc, argv);
+		}
+#endif
+	*match = DROPBEAR_FAILURE;
+	return 1;
+}
+
+int main(int argc, char ** argv) {
+	int i;
+	for (i = 0; i < 2; i++) {
+		/* Try symlink first, then try as an argument eg "dropbearmulti dbclient host ..." */
+		if (argc > i) {
+			int match, res;
+			/* figure which form we're being called as */
+			const char* progname = basename(argv[i]);
+			res = runprog(progname, argc-i, &argv[i], &match);
+			if (match == DROPBEAR_SUCCESS) {
+				return res;
+			}
+		}
+	}
+
+	fprintf(stderr, "Dropbear SSH multi-purpose v%s\n"
+			"Make a symlink pointing at this binary with one of the\n"
+			"following names or run 'dropbearmulti <command>'.\n"
+#ifdef DBMULTI_dropbear
+			"'dropbear' - the Dropbear server\n"
+#endif
+#ifdef DBMULTI_dbclient
+			"'dbclient' or 'ssh' - the Dropbear client\n"
+#endif
+#ifdef DBMULTI_dropbearkey
+			"'dropbearkey' - the key generator\n"
+#endif
+#ifdef DBMULTI_dropbearconvert
+			"'dropbearconvert' - the key converter\n"
+#endif
+#ifdef DBMULTI_scp
+			"'scp' - secure copy\n"
+#endif
+			,
+			DROPBEAR_VERSION);
+	exit(1);
+
+}

dbrandom.c

@@ -0,0 +1,342 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "bignum.h"
+#include "dbrandom.h"
+#include "runopts.h"
+
+/* this is used to generate unique output from the same hashpool */
+static uint32_t counter = 0;
+/* the max value for the counter, so it won't integer overflow */
+#define MAX_COUNTER (1<<30)
+
+static unsigned char hashpool[SHA1_HASH_SIZE] = {0};
+static int donerandinit = 0;
+
+#define INIT_SEED_SIZE 32 /* 256 bits */
+
+/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
+ * into hashpool. To read data, we hash together current hashpool contents,
+ * and a counter. We feed more data in by hashing the current pool and new
+ * data into the pool.
+ *
+ * It is important to ensure that counter doesn't wrap around before we
+ * feed in new entropy.
+ *
+ */
+
+/* Pass len=0 to hash an entire file */
+static int
+process_file(hash_state *hs, const char *filename,
+		unsigned int len, int prngd)
+{
+	static int already_blocked = 0;
+	int readfd;
+	unsigned int readcount;
+	int ret = DROPBEAR_FAILURE;
+
+#if DROPBEAR_USE_PRNGD
+	if (prngd)
+	{
+		readfd = connect_unix(filename);
+	}
+	else
+#endif
+	{
+		readfd = open(filename, O_RDONLY);
+	}
+
+	if (readfd < 0) {
+		goto out;
+	}
+
+	readcount = 0;
+	while (len == 0 || readcount < len)
+	{
+		int readlen, wantread;
+		unsigned char readbuf[4096];
+		if (!already_blocked && !prngd)
+		{
+			int res;
+			struct timeval timeout;
+			fd_set read_fds;
+
+ 			timeout.tv_sec  = 2;
+ 			timeout.tv_usec = 0;
+
+			DROPBEAR_FD_ZERO(&read_fds);
+			FD_SET(readfd, &read_fds);
+			res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
+			if (res == 0)
+			{
+				dropbear_log(LOG_WARNING, "Warning: Reading the randomness source '%s' seems to have blocked.\nYou may need to find a better entropy source.", filename);
+				already_blocked = 1;
+			}
+		}
+
+		if (len == 0)
+		{
+			wantread = sizeof(readbuf);
+		} 
+		else
+		{
+			wantread = MIN(sizeof(readbuf), len-readcount);
+		}
+
+#if DROPBEAR_USE_PRNGD
+		if (prngd)
+		{
+			char egdcmd[2];
+			egdcmd[0] = 0x02;	/* blocking read */
+			egdcmd[1] = (unsigned char)wantread;
+			if (write(readfd, egdcmd, 2) < 0)
+			{
+				dropbear_exit("Can't send command to egd");
+			}
+		}
+#endif
+
+		readlen = read(readfd, readbuf, wantread);
+		if (readlen <= 0) {
+			if (readlen < 0 && errno == EINTR) {
+				continue;
+			}
+			if (readlen == 0 && len == 0)
+			{
+				/* whole file was read as requested */
+				break;
+			}
+			goto out;
+		}
+		sha1_process(hs, readbuf, readlen);
+		readcount += readlen;
+	}
+	ret = DROPBEAR_SUCCESS;
+out:
+	close(readfd);
+	return ret;
+}
+
+void addrandom(const unsigned char * buf, unsigned int len)
+{
+	hash_state hs;
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+
+	/* hash in the new seed data */
+	sha1_init(&hs);
+	/* existing state (zeroes on startup) */
+	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+
+	/* new */
+	sha1_process(&hs, buf, len);
+	sha1_done(&hs, hashpool);
+}
+
+static void write_urandom()
+{
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+#if !DROPBEAR_USE_PRNGD
+	/* This is opportunistic, don't worry about failure */
+	unsigned char buf[INIT_SEED_SIZE];
+	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
+	if (!f) {
+		return;
+	}
+	genrandom(buf, sizeof(buf));
+	fwrite(buf, sizeof(buf), 1, f);
+	fclose(f);
+#endif
+}
+
+#if DROPBEAR_FUZZ
+void fuzz_seed(void) {
+	hash_state hs;
+	sha1_init(&hs);
+	sha1_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz"));
+	sha1_done(&hs, hashpool);
+
+	counter = 0;
+	donerandinit = 1;
+}
+#endif
+
+/* Initialise the prng from /dev/urandom or prngd. This function can
+ * be called multiple times */
+void seedrandom() {
+		
+	hash_state hs;
+
+	pid_t pid;
+	struct timeval tv;
+	clock_t clockval;
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+
+	/* hash in the new seed data */
+	sha1_init(&hs);
+
+	/* existing state */
+	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+
+#if DROPBEAR_USE_PRNGD
+	if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) 
+			!= DROPBEAR_SUCCESS) {
+		dropbear_exit("Failure reading random device %s", 
+				DROPBEAR_PRNGD_SOCKET);
+	}
+#else
+	/* non-blocking random source (probably /dev/urandom) */
+	if (process_file(&hs, DROPBEAR_URANDOM_DEV, INIT_SEED_SIZE, 0) 
+			!= DROPBEAR_SUCCESS) {
+		dropbear_exit("Failure reading random device %s", 
+				DROPBEAR_URANDOM_DEV);
+	}
+#endif
+
+	/* A few other sources to fall back on. 
+	 * Add more here for other platforms */
+#ifdef __linux__
+	/* Seems to be a reasonable source of entropy from timers. Possibly hard
+	 * for even local attackers to reproduce */
+	process_file(&hs, "/proc/timer_list", 0, 0);
+	/* Might help on systems with wireless */
+	process_file(&hs, "/proc/interrupts", 0, 0);
+
+	process_file(&hs, "/proc/loadavg", 0, 0);
+	process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 0, 0);
+
+	/* Mostly network visible but useful in some situations.
+	 * Limit size to avoid slowdowns on systems with lots of routes */
+	process_file(&hs, "/proc/net/netstat", 4096, 0);
+	process_file(&hs, "/proc/net/dev", 4096, 0);
+	process_file(&hs, "/proc/net/tcp", 4096, 0);
+	/* Also includes interface lo */
+	process_file(&hs, "/proc/net/rt_cache", 4096, 0);
+	process_file(&hs, "/proc/vmstat", 0, 0);
+#endif
+
+	pid = getpid();
+	sha1_process(&hs, (void*)&pid, sizeof(pid));
+
+	/* gettimeofday() doesn't completely fill out struct timeval on 
+	   OS X (10.8.3), avoid valgrind warnings by clearing it first */
+	memset(&tv, 0x0, sizeof(tv));
+	gettimeofday(&tv, NULL);
+	sha1_process(&hs, (void*)&tv, sizeof(tv));
+
+	clockval = clock();
+	sha1_process(&hs, (void*)&clockval, sizeof(clockval));
+
+	/* When a private key is read by the client or server it will
+	 * be added to the hashpool - see runopts.c */
+
+	sha1_done(&hs, hashpool);
+
+	counter = 0;
+	donerandinit = 1;
+
+	/* Feed it all back into /dev/urandom - this might help if Dropbear
+	 * is running from inetd and gets new state each time */
+	write_urandom();
+}
+
+/* return len bytes of pseudo-random data */
+void genrandom(unsigned char* buf, unsigned int len) {
+
+	hash_state hs;
+	unsigned char hash[SHA1_HASH_SIZE];
+	unsigned int copylen;
+
+	if (!donerandinit) {
+		dropbear_exit("seedrandom not done");
+	}
+
+	while (len > 0) {
+		sha1_init(&hs);
+		sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+		sha1_process(&hs, (void*)&counter, sizeof(counter));
+		sha1_done(&hs, hash);
+
+		counter++;
+		if (counter > MAX_COUNTER) {
+			seedrandom();
+		}
+
+		copylen = MIN(len, SHA1_HASH_SIZE);
+		memcpy(buf, hash, copylen);
+		len -= copylen;
+		buf += copylen;
+	}
+	m_burn(hash, sizeof(hash));
+}
+
+/* Generates a random mp_int. 
+ * max is a *mp_int specifying an upper bound.
+ * rand must be an initialised *mp_int for the result.
+ * the result rand satisfies:  0 < rand < max 
+ * */
+void gen_random_mpint(mp_int *max, mp_int *rand) {
+
+	unsigned char *randbuf = NULL;
+	unsigned int len = 0;
+	const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+
+	const int size_bits = mp_count_bits(max);
+
+	len = size_bits / 8;
+	if ((size_bits % 8) != 0) {
+		len += 1;
+	}
+
+	randbuf = (unsigned char*)m_malloc(len);
+	do {
+		genrandom(randbuf, len);
+		/* Mask out the unrequired bits - mp_read_unsigned_bin expects
+		 * MSB first.*/
+		randbuf[0] &= masks[size_bits % 8];
+
+		bytes_to_mp(rand, randbuf, len);
+
+		/* keep regenerating until we get one satisfying
+		 * 0 < rand < max    */
+	} while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT));
+	m_burn(randbuf, len);
+	m_free(randbuf);
+}

dbrandom.h

@@ -0,0 +1,35 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_RANDOM_H_
+#define DROPBEAR_RANDOM_H_
+
+#include "includes.h"
+
+void seedrandom(void);
+void genrandom(unsigned char* buf, unsigned int len);
+void addrandom(const unsigned char * buf, unsigned int len);
+void gen_random_mpint(mp_int *max, mp_int *rand);
+
+#endif /* DROPBEAR_RANDOM_H_ */

dbutil.c

@@ -0,0 +1,688 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * strlcat() is copyright as follows:
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "config.h"
+
+#ifdef __linux__
+#define _GNU_SOURCE
+/* To call clock_gettime() directly */
+#include <sys/syscall.h>
+#endif /* __linux */
+
+#ifdef HAVE_MACH_MACH_TIME_H
+#include <mach/mach_time.h>
+#include <mach/mach.h>
+#endif
+
+#include "includes.h"
+#include "dbutil.h"
+#include "buffer.h"
+#include "session.h"
+#include "atomicio.h"
+
+#define MAX_FMT 100
+
+static void generic_dropbear_exit(int exitcode, const char* format, 
+		va_list param) ATTRIB_NORETURN;
+static void generic_dropbear_log(int priority, const char* format, 
+		va_list param);
+
+void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN
+						= generic_dropbear_exit;
+void (*_dropbear_log)(int priority, const char* format, va_list param)
+						= generic_dropbear_log;
+
+#if DEBUG_TRACE
+int debug_trace = 0;
+#endif
+
+#ifndef DISABLE_SYSLOG
+void startsyslog(const char *ident) {
+
+	openlog(ident, LOG_PID, LOG_AUTHPRIV);
+
+}
+#endif /* DISABLE_SYSLOG */
+
+/* the "format" string must be <= 100 characters */
+void dropbear_close(const char* format, ...) {
+
+	va_list param;
+
+	va_start(param, format);
+	_dropbear_exit(EXIT_SUCCESS, format, param);
+	va_end(param);
+
+}
+
+void dropbear_exit(const char* format, ...) {
+
+	va_list param;
+
+	va_start(param, format);
+	_dropbear_exit(EXIT_FAILURE, format, param);
+	va_end(param);
+}
+
+static void generic_dropbear_exit(int exitcode, const char* format, 
+		va_list param) {
+
+	char fmtbuf[300];
+
+	snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", format);
+
+	_dropbear_log(LOG_INFO, fmtbuf, param);
+
+#if DROPBEAR_FUZZ
+	/* longjmp before cleaning up svr_opts */
+    if (fuzz.do_jmp) {
+        longjmp(fuzz.jmp, 1);
+    }
+#endif
+
+	exit(exitcode);
+}
+
+void fail_assert(const char* expr, const char* file, int line) {
+	dropbear_exit("Failed assertion (%s:%d): `%s'", file, line, expr);
+}
+
+static void generic_dropbear_log(int UNUSED(priority), const char* format, 
+		va_list param) {
+
+	char printbuf[1024];
+
+	vsnprintf(printbuf, sizeof(printbuf), format, param);
+
+	fprintf(stderr, "%s\n", printbuf);
+
+}
+
+/* this is what can be called to write arbitrary log messages */
+void dropbear_log(int priority, const char* format, ...) {
+
+	va_list param;
+
+	va_start(param, format);
+	_dropbear_log(priority, format, param);
+	va_end(param);
+}
+
+
+#if DEBUG_TRACE
+
+static double debug_start_time = -1;
+
+void debug_start_net()
+{
+	if (getenv("DROPBEAR_DEBUG_NET_TIMESTAMP"))
+	{
+		/* Timestamps start from first network activity */
+		struct timeval tv;
+		gettimeofday(&tv, NULL);
+		debug_start_time = tv.tv_sec + (tv.tv_usec / 1000000.0);
+		TRACE(("Resetting Dropbear TRACE timestamps"))
+	}
+}
+
+static double time_since_start()
+{
+	double nowf;
+	struct timeval tv;
+	gettimeofday(&tv, NULL);
+	nowf = tv.tv_sec + (tv.tv_usec / 1000000.0);
+	if (debug_start_time < 0)
+	{
+		debug_start_time = nowf;
+		return 0;
+	}
+	return nowf - debug_start_time;
+}
+
+void dropbear_trace(const char* format, ...) {
+	va_list param;
+
+	if (!debug_trace) {
+		return;
+	}
+
+	va_start(param, format);
+	fprintf(stderr, "TRACE  (%d) %f: ", getpid(), time_since_start());
+	vfprintf(stderr, format, param);
+	fprintf(stderr, "\n");
+	va_end(param);
+}
+
+void dropbear_trace2(const char* format, ...) {
+	static int trace_env = -1;
+	va_list param;
+
+	if (trace_env == -1) {
+		trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0;
+	}
+
+	if (!(debug_trace && trace_env)) {
+		return;
+	}
+
+	va_start(param, format);
+	fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start());
+	vfprintf(stderr, format, param);
+	fprintf(stderr, "\n");
+	va_end(param);
+}
+#endif /* DEBUG_TRACE */
+
+/* Connect to a given unix socket. The socket is blocking */
+#if ENABLE_CONNECT_UNIX
+int connect_unix(const char* path) {
+	struct sockaddr_un addr;
+	int fd = -1;
+
+	memset((void*)&addr, 0x0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
+	fd = socket(PF_UNIX, SOCK_STREAM, 0);
+	if (fd < 0) {
+		TRACE(("Failed to open unix socket"))
+		return -1;
+	}
+	if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
+		TRACE(("Failed to connect to '%s' socket", path))
+		m_close(fd);
+		return -1;
+	}
+	return fd;
+}
+#endif
+
+/* Sets up a pipe for a, returning three non-blocking file descriptors
+ * and the pid. exec_fn is the function that will actually execute the child process,
+ * it will be run after the child has fork()ed, and is passed exec_data.
+ * If ret_errfd == NULL then stderr will not be captured.
+ * ret_pid can be passed as  NULL to discard the pid. */
+int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
+		int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
+	int infds[2];
+	int outfds[2];
+	int errfds[2];
+	pid_t pid;
+
+	const int FDIN = 0;
+	const int FDOUT = 1;
+
+	/* redirect stdin/stdout/stderr */
+	if (pipe(infds) != 0) {
+		return DROPBEAR_FAILURE;
+	}
+	if (pipe(outfds) != 0) {
+		return DROPBEAR_FAILURE;
+	}
+	if (ret_errfd && pipe(errfds) != 0) {
+		return DROPBEAR_FAILURE;
+	}
+
+#if DROPBEAR_VFORK
+	pid = vfork();
+#else
+	pid = fork();
+#endif
+
+	if (pid < 0) {
+		return DROPBEAR_FAILURE;
+	}
+
+	if (!pid) {
+		/* child */
+
+		TRACE(("back to normal sigchld"))
+		/* Revert to normal sigchld handling */
+		if (signal(SIGCHLD, SIG_DFL) == SIG_ERR) {
+			dropbear_exit("signal() error");
+		}
+
+		/* redirect stdin/stdout */
+
+		if ((dup2(infds[FDIN], STDIN_FILENO) < 0) ||
+			(dup2(outfds[FDOUT], STDOUT_FILENO) < 0) ||
+			(ret_errfd && dup2(errfds[FDOUT], STDERR_FILENO) < 0)) {
+			TRACE(("leave noptycommand: error redirecting FDs"))
+			dropbear_exit("Child dup2() failure");
+		}
+
+		close(infds[FDOUT]);
+		close(infds[FDIN]);
+		close(outfds[FDIN]);
+		close(outfds[FDOUT]);
+		if (ret_errfd)
+		{
+			close(errfds[FDIN]);
+			close(errfds[FDOUT]);
+		}
+
+		exec_fn(exec_data);
+		/* not reached */
+		return DROPBEAR_FAILURE;
+	} else {
+		/* parent */
+		close(infds[FDIN]);
+		close(outfds[FDOUT]);
+
+		setnonblocking(outfds[FDIN]);
+		setnonblocking(infds[FDOUT]);
+
+		if (ret_errfd) {
+			close(errfds[FDOUT]);
+			setnonblocking(errfds[FDIN]);
+		}
+
+		if (ret_pid) {
+			*ret_pid = pid;
+		}
+
+		*ret_writefd = infds[FDOUT];
+		*ret_readfd = outfds[FDIN];
+		if (ret_errfd) {
+			*ret_errfd = errfds[FDIN];
+		}
+		return DROPBEAR_SUCCESS;
+	}
+}
+
+/* Runs a command with "sh -c". Will close FDs (except stdin/stdout/stderr) and
+ * re-enabled SIGPIPE. If cmd is NULL, will run a login shell.
+ */
+void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
+	char * argv[4];
+	char * baseshell = NULL;
+	unsigned int i;
+
+	baseshell = basename(usershell);
+
+	if (cmd != NULL) {
+		argv[0] = baseshell;
+	} else {
+		/* a login shell should be "-bash" for "/bin/bash" etc */
+		int len = strlen(baseshell) + 2; /* 2 for "-" */
+		argv[0] = (char*)m_malloc(len);
+		snprintf(argv[0], len, "-%s", baseshell);
+	}
+
+	if (cmd != NULL) {
+		argv[1] = "-c";
+		argv[2] = (char*)cmd;
+		argv[3] = NULL;
+	} else {
+		/* construct a shell of the form "-bash" etc */
+		argv[1] = NULL;
+	}
+
+	/* Re-enable SIGPIPE for the executed process */
+	if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) {
+		dropbear_exit("signal() error");
+	}
+
+	/* close file descriptors except stdin/stdout/stderr
+	 * Need to be sure FDs are closed here to avoid reading files as root */
+	for (i = 3; i <= maxfd; i++) {
+		m_close(i);
+	}
+
+	execv(usershell, argv);
+}
+
+#if DEBUG_TRACE
+void printhex(const char * label, const unsigned char * buf, int len) {
+
+	int i;
+
+	fprintf(stderr, "%s\n", label);
+	for (i = 0; i < len; i++) {
+		fprintf(stderr, "%02x", buf[i]);
+		if (i % 16 == 15) {
+			fprintf(stderr, "\n");
+		}
+		else if (i % 2 == 1) {
+			fprintf(stderr, " ");
+		}
+	}
+	fprintf(stderr, "\n");
+}
+
+void printmpint(const char *label, mp_int *mp) {
+	buffer *buf = buf_new(1000);
+	buf_putmpint(buf, mp);
+	fprintf(stderr, "%d bits ", mp_count_bits(mp));
+	printhex(label, buf->data, buf->len);
+	buf_free(buf);
+
+}
+#endif
+
+/* Strip all control characters from text (a null-terminated string), except
+ * for '\n', '\r' and '\t'.
+ * The result returned is a newly allocated string, this must be free()d after
+ * use */
+char * stripcontrol(const char * text) {
+
+	char * ret;
+	int len, pos;
+	int i;
+	
+	len = strlen(text);
+	ret = m_malloc(len+1);
+
+	pos = 0;
+	for (i = 0; i < len; i++) {
+		if ((text[i] <= '~' && text[i] >= ' ') /* normal printable range */
+				|| text[i] == '\n' || text[i] == '\r' || text[i] == '\t') {
+			ret[pos] = text[i];
+			pos++;
+		}
+	}
+	ret[pos] = 0x0;
+	return ret;
+}
+			
+
+/* reads the contents of filename into the buffer buf, from the current
+ * position, either to the end of the file, or the buffer being full.
+ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+int buf_readfile(buffer* buf, const char* filename) {
+
+	int fd = -1;
+	int len;
+	int maxlen;
+	int ret = DROPBEAR_FAILURE;
+
+	fd = open(filename, O_RDONLY);
+
+	if (fd < 0) {
+		goto out;
+	}
+	
+	do {
+		maxlen = buf->size - buf->pos;
+		len = read(fd, buf_getwriteptr(buf, maxlen), maxlen);
+		if (len < 0) {
+			if (errno == EINTR || errno == EAGAIN) {
+				continue;
+			}
+			goto out;
+		}
+		buf_incrwritepos(buf, len);
+	} while (len < maxlen && len > 0);
+
+	ret = DROPBEAR_SUCCESS;
+
+out:
+	if (fd >= 0) {
+		m_close(fd);
+	}
+	return ret;
+}
+
+/* get a line from the file into buffer in the style expected for an
+ * authkeys file.
+ * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
+/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
+#if DROPBEAR_CLIENT || DROPBEAR_SVR_PUBKEY_AUTH
+int buf_getline(buffer * line, FILE * authfile) {
+
+	int c = EOF;
+
+	buf_setpos(line, 0);
+	buf_setlen(line, 0);
+
+	while (line->pos < line->size) {
+
+		c = fgetc(authfile); /*getc() is weird with some uClibc systems*/
+		if (c == EOF || c == '\n' || c == '\r') {
+			goto out;
+		}
+
+		buf_putbyte(line, (unsigned char)c);
+	}
+
+	TRACE(("leave getauthline: line too long"))
+	/* We return success, but the line length will be zeroed - ie we just
+	 * ignore that line */
+	buf_setlen(line, 0);
+
+out:
+
+
+	/* if we didn't read anything before EOF or error, exit */
+	if (c == EOF && line->pos == 0) {
+		return DROPBEAR_FAILURE;
+	} else {
+		buf_setpos(line, 0);
+		return DROPBEAR_SUCCESS;
+	}
+
+}	
+#endif
+
+/* make sure that the socket closes */
+void m_close(int fd) {
+	int val;
+
+	if (fd < 0) {
+		return;
+	}
+
+	do {
+		val = close(fd);
+	} while (val < 0 && errno == EINTR);
+
+	if (val < 0 && errno != EBADF) {
+		/* Linux says EIO can happen */
+		dropbear_exit("Error closing fd %d, %s", fd, strerror(errno));
+	}
+}
+	
+void setnonblocking(int fd) {
+
+	TRACE(("setnonblocking: %d", fd))
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+
+	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
+		if (errno == ENODEV) {
+			/* Some devices (like /dev/null redirected in)
+			 * can't be set to non-blocking */
+			TRACE(("ignoring ENODEV for setnonblocking"))
+		} else {
+		{
+			dropbear_exit("Couldn't set nonblocking");
+		}
+		}
+	}
+	TRACE(("leave setnonblocking"))
+}
+
+void disallow_core() {
+	struct rlimit lim;
+	lim.rlim_cur = lim.rlim_max = 0;
+	setrlimit(RLIMIT_CORE, &lim);
+}
+
+/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */
+int m_str_to_uint(const char* str, unsigned int *val) {
+	unsigned long l;
+	errno = 0;
+	l = strtoul(str, NULL, 10);
+	/* The c99 spec doesn't actually seem to define EINVAL, but most platforms
+	 * I've looked at mention it in their manpage */
+	if ((l == 0 && errno == EINVAL)
+		|| (l == ULONG_MAX && errno == ERANGE)
+		|| (l > UINT_MAX)) {
+		return DROPBEAR_FAILURE;
+	} else {
+		*val = l;
+		return DROPBEAR_SUCCESS;
+	}
+}
+
+/* Returns malloced path. inpath beginning with '/' is returned as-is,
+otherwise home directory is prepended */
+char * expand_homedir_path(const char *inpath) {
+	struct passwd *pw = NULL;
+	if (inpath[0] != '/') {
+		pw = getpwuid(getuid());
+		if (pw && pw->pw_dir) {
+			int len = strlen(inpath) + strlen(pw->pw_dir) + 2;
+			char *buf = m_malloc(len);
+			snprintf(buf, len, "%s/%s", pw->pw_dir, inpath);
+			return buf;
+		}
+	}
+
+	/* Fallback */
+	return m_strdup(inpath);
+}
+
+int constant_time_memcmp(const void* a, const void *b, size_t n)
+{
+	const char *xa = a, *xb = b;
+	uint8_t c = 0;
+	size_t i;
+	for (i = 0; i < n; i++)
+	{
+		c |= (xa[i] ^ xb[i]);
+	}
+	return c;
+}
+
+/* higher-resolution monotonic timestamp, falls back to gettimeofday */
+void gettime_wrapper(struct timespec *now) {
+	struct timeval tv;
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		/* time stands still when fuzzing */
+		now->tv_sec = 5;
+		now->tv_nsec = 0;
+	}
+#endif
+
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+	/* POSIX monotonic clock. Newer Linux, BSD, MacOSX >10.12 */
+	if (clock_gettime(CLOCK_MONOTONIC, now) == 0) {
+		return;
+	}
+#endif
+
+#if defined(__linux__) && defined(SYS_clock_gettime)
+	{
+	/* Old linux toolchain - kernel might support it but not the build headers */
+	/* Also glibc <2.17 requires -lrt which we neglect to add */
+	static int linux_monotonic_failed = 0;
+	if (!linux_monotonic_failed) {
+		/* CLOCK_MONOTONIC isn't in some headers */
+		int clock_source_monotonic = 1; 
+		if (syscall(SYS_clock_gettime, clock_source_monotonic, now) == 0) {
+			return;
+		} else {
+			/* Don't try again */
+			linux_monotonic_failed = 1;
+		}
+	}
+	}
+#endif /* linux fallback clock_gettime */
+
+#if defined(HAVE_MACH_ABSOLUTE_TIME)
+	{
+	/* OS X pre 10.12, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */
+	static mach_timebase_info_data_t timebase_info;
+	uint64_t scaled_time;
+	if (timebase_info.denom == 0) {
+		mach_timebase_info(&timebase_info);
+	}
+	scaled_time = mach_absolute_time() * timebase_info.numer / timebase_info.denom;
+	now->tv_sec = scaled_time / 1000000000;
+	now->tv_nsec = scaled_time % 1000000000;
+	}
+#endif /* osx mach_absolute_time */
+
+	/* Fallback for everything else - this will sometimes go backwards */
+	gettimeofday(&tv, NULL);
+	now->tv_sec = tv.tv_sec;
+	now->tv_nsec = 1000*tv.tv_usec;
+}
+
+/* second-resolution monotonic timestamp */
+time_t monotonic_now() {
+	struct timespec ts;
+	gettime_wrapper(&ts);
+	return ts.tv_sec;
+}
+
+void fsync_parent_dir(const char* fn) {
+#ifdef HAVE_LIBGEN_H
+	char *fn_dir = m_strdup(fn);
+	char *dir = dirname(fn_dir);
+	int dirfd = open(dir, O_RDONLY);
+
+	if (dirfd != -1) {
+		if (fsync(dirfd) != 0) {
+			TRACE(("fsync of directory %s failed: %s", dir, strerror(errno)))
+		}
+		m_close(dirfd);
+	} else {
+		TRACE(("error opening directory %s for fsync: %s", dir, strerror(errno)))
+	}
+
+	m_free(fn_dir);
+#endif
+}

dbutil.h

@@ -0,0 +1,100 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_DBUTIL_H_
+
+#define DROPBEAR_DBUTIL_H_
+
+#include "includes.h"
+#include "buffer.h"
+#include "queue.h"
+#include "dbhelpers.h"
+#include "dbmalloc.h"
+
+#ifndef DISABLE_SYSLOG
+void startsyslog(const char *ident);
+#endif
+
+extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
+extern void (*_dropbear_log)(int priority, const char* format, va_list param);
+
+void dropbear_exit(const char* format, ...) ATTRIB_PRINTF(1,2) ATTRIB_NORETURN;
+
+void dropbear_close(const char* format, ...) ATTRIB_PRINTF(1,2) ;
+void dropbear_log(int priority, const char* format, ...) ATTRIB_PRINTF(2,3) ;
+
+void fail_assert(const char* expr, const char* file, int line) ATTRIB_NORETURN;
+
+#if DEBUG_TRACE
+void dropbear_trace(const char* format, ...) ATTRIB_PRINTF(1,2);
+void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2);
+void printhex(const char * label, const unsigned char * buf, int len);
+void printmpint(const char *label, mp_int *mp);
+void debug_start_net(void);
+extern int debug_trace;
+#endif
+
+char * stripcontrol(const char * text);
+
+int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
+		int *writefd, int *readfd, int *errfd, pid_t *pid);
+void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
+#if ENABLE_CONNECT_UNIX
+int connect_unix(const char* addr);
+#endif
+int buf_readfile(buffer* buf, const char* filename);
+int buf_getline(buffer * line, FILE * authfile);
+
+void m_close(int fd);
+void setnonblocking(int fd);
+void disallow_core(void);
+int m_str_to_uint(const char* str, unsigned int *val);
+
+/* Used to force mp_ints to be initialised */
+#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
+
+/* Dropbear assertion */
+#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+
+/* Returns 0 if a and b have the same contents */
+int constant_time_memcmp(const void* a, const void *b, size_t n);
+
+/* Returns a time in seconds that doesn't go backwards - does not correspond to
+a real-world clock */
+time_t monotonic_now(void);
+/* Higher resolution clock_gettime(CLOCK_MONOTONIC) wrapper */
+void gettime_wrapper(struct timespec *now);
+
+char * expand_homedir_path(const char *inpath);
+
+void fsync_parent_dir(const char* fn);
+
+#if DROPBEAR_MSAN
+/* FD_ZERO seems to leave some memory uninitialized. clear it to avoid false positives */
+#define DROPBEAR_FD_ZERO(fds) do { memset((fds), 0x0, sizeof(fd_set)); FD_ZERO(fds); } while(0)
+#else
+#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds)
+#endif
+
+#endif /* DROPBEAR_DBUTIL_H_ */

debian/README.Debian

@@ -0,0 +1,41 @@
+Dropbear for Debian
+-------------------
+
+This package will attempt to listen on port 22. If the OpenSSH 
+package ("ssh") is installed, the file /etc/default/dropbear 
+will be set up so that the server does not start by default.
+
+You can run Dropbear concurrently with OpenSSH 'sshd' by 
+modifying /etc/default/dropbear so that "NO_START" is set to 
+"0" and changing the port number that Dropbear runs on. Follow 
+the instructions in the file.
+
+This package suggests you install the "ssh" package. This package 
+provides the "ssh" client program, as well as the "/usr/bin/scp" 
+binary you will need to be able to retrieve files from a server 
+running Dropbear via SCP.
+
+Replacing OpenSSH "sshd" with Dropbear
+--------------------------------------
+
+You will still want to have the "ssh" package installed, as it 
+provides the "ssh" and "scp" binaries. When you install this 
+package, it checks for existing OpenSSH host keys and if found, 
+converts them to the Dropbear format.
+
+If this appears to have worked, you should be able to change over 
+by following these steps:
+
+1. Stop the OpenSSH server
+   % /etc/init.d/ssh stop
+2. Prevent the OpenSSH server from starting in the future
+   % touch /etc/ssh/sshd_not_to_be_run
+3. Modify the Dropbear defaults file, set NO_START to 0 and 
+   ensure DROPBEAR_PORT is set to 22.
+   % editor /etc/default/dropbear
+4. Restart the Dropbear server.
+   % /etc/init.d/dropbear restart
+
+See the Dropbear homepage for more information:
+  http://matt.ucc.asn.au/dropbear/dropbear.html
+

debian/README.Debian.diet

@@ -0,0 +1,15 @@
+Building with the diet libc
+---------------------------
+
+This package optionally can be built with the diet libc instead of the
+glibc to provide small statically linked programs.  The resulting package
+has no dependency on any other package.
+
+To use the diet libc, make sure the latest versions of the dietlibc-dev
+package is installed, and set DEB_BUILD_OPTIONS=diet in the environment
+when building the package, e.g.:
+
+ # apt-get install dietlibc-dev
+ $ DEB_BUILD_OPTIONS=diet fakeroot apt-get source -b dropbear
+
+ -- Gerrit Pape <pape@smarden.org>, Sat, 17 Jul 2004 19:09:34 +0000

debian/README.runit

@@ -0,0 +1,46 @@
+Using the dropbear SSH server with runit's services supervision
+---------------------------------------------------------------
+
+The dropbear SSH server is perfectly suited to be run under runit's
+service supervision, and this package already has prepared an adequate
+service directory.  Follow these steps to enable the dropbear service
+using the runit package.
+
+If not yet installed on your system, install the runit package, and make
+sure its service supervision is enabled (it's by default)
+
+ # apt-get install runit
+
+Make sure the dropbear service normally handled through the sysv init
+script is stopped
+
+ # /etc/init.d/dropbear stop
+
+Create the system user ``dropbearlog'' which will run the logger service,
+and own the logs
+
+ # adduser --system --home /var/log/dropbear --no-create-home dropbearlog
+
+Create the log directory and make the newly created system user the owner
+of this directory
+
+ # mkdir -p /var/log/dropbear && chown dropbearlog /var/log/dropbear
+
+Optionally adjust the configuration of the dropbear service by editing the
+run script
+
+ # vi /etc/dropbear/run
+
+Finally enable the service through runit's update-service(8) program, the
+service will be started within five seconds, and automatically at boot
+time, and the sysv init script will automatically be disabled; see the
+sv(8) program for information on how to control services handled by runit.
+See the svlogd(8) program on how to configure the log service.
+
+ # update-service --add /etc/dropbear
+
+Optionally check the status of the service a few seconds later
+
+ # sv status dropbear
+
+ -- Gerrit Pape <pape@smarden.org>, Fri, 02 Mar 2007 20:41:08 +0000

debian/changelog

@@ -0,0 +1,449 @@
+dropbear (2019.78-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 27 Mar 2019 22:51:57 +0800
+
+dropbear (2019.77-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 23 Mar 2019 22:51:57 +0800
+
+dropbear (2018.76-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 27 Feb 2018 22:51:57 +0800
+
+dropbear (2017.75-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 May 2017 22:51:57 +0800
+
+dropbear (2016.74-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Jul 2016 22:51:57 +0800
+
+dropbear (2016.73-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 18 Mar 2016 22:52:58 +0800
+
+dropbear (2016.72-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 10 Mar 2016 22:52:58 +0800
+
+dropbear (2015.70-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 26 Nov 2015 22:52:58 +0800
+
+dropbear (2015.69-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 25 Nov 2015 22:52:58 +0800
+
+dropbear (2015.68-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 8 Aug 2015 22:52:58 +0800
+
+dropbear (2015.67-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 28 Jan 2015 22:53:59 +0800
+
+dropbear (2014.66-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 23 Oct 2014 22:54:00 +0800
+
+dropbear (2014.65-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 Aug 2014 22:54:00 +0800
+
+dropbear (2014.64-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 27 Jul 2014 22:54:00 +0800
+
+dropbear (2014.63-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 19 Feb 2014 22:54:00 +0800
+
+dropbear (2013.62) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 7 Dec 2013 22:54:00 +0800
+
+dropbear (2013.60-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 Oct 2013 22:54:00 +0800
+
+dropbear (2013.59-0.1) unstable; urgency=low
+
+  * New upstream release.
+  * Build with DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 4 Oct 2013 22:54:00 +0800
+
+dropbear (2013.58-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 18 Apr 2013 22:54:00 +0800
+
+dropbear (2013.57-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 15 Apr 2013 22:54:00 +0800
+
+dropbear (2013.56-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 21 Mar 2013 22:54:00 +0800
+
+dropbear (2012.55-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 22 Feb 2012 22:54:00 +0800
+
+dropbear (2011.54-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tues, 8 Nov 2011 22:54:00 +0800
+
+dropbear (0.53.1-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 2 Mar 2011 22:54:00 +0900
+
+dropbear (0.53-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 24 Feb 2011 22:54:00 +0900
+
+dropbear (0.52-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 12 Nov 2008 22:54:00 +0900
+
+dropbear (0.51-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 27 Mar 2008 19:14:00 +0900
+
+dropbear (0.50-4) unstable; urgency=low
+
+  * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB
+    formatted dependency info in init.d script (closes: #466257).
+  * debian/rules: no longer include symlinks for ./supervise/ subdirectories.
+  * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed
+    by runit, remove service, and re-add using update-service(8).
+  * debian/control: Standards-Version: 3.7.3.0.
+  * debian/rules: target clean: don't ignore errors but check for readable
+    ./Makefile.
+
+ -- Gerrit Pape <pape@smarden.org>  Thu, 06 Mar 2008 19:06:58 +0000
+
+dropbear (0.50-3) unstable; urgency=low
+
+  * debian/dropbear.init: use the update-service(8) program from the runit
+    package instead of directly checking for the symlink in /var/service/.
+  * debian/README.runit: talk about update-service(8) instead of symlinks
+    in /var/service/.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri, 15 Feb 2008 00:32:37 +0000
+
+dropbear (0.50-2) unstable; urgency=low
+
+  * debian/dropbear.README.Debian: no longer talk about entropy from
+    /dev/random, /dev/urandom is now used by default (thx Joey Hess,
+    closes: #441515).
+
+ -- Gerrit Pape <pape@smarden.org>  Mon, 24 Sep 2007 16:49:17 +0000
+
+dropbear (0.50-1) unstable; urgency=low
+
+  * debian/README.runit: minor.
+  * new upstream version.
+  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+    remove; fixed upstream.
+
+ -- Gerrit Pape <pape@smarden.org>  Thu, 09 Aug 2007 23:01:01 +0000
+
+dropbear (0.49-2) unstable; urgency=low
+
+  * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of
+    -p0.
+  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+    new; options.h: use /dev/urandom instead of /dev/random as
+    DROPBEAR_RANDOM_DEV (closes: #386976).
+  * debian/rules: target clean: remove libtomcrypt/Makefile,
+    libtommath/Makefile.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 09 Jun 2007 08:59:59 +0000
+
+dropbear (0.49-1) unstable; urgency=high
+
+  * new upstream release, fixes
+    * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey
+      mismatch (closes: #412899).
+    * dbclient uses static "Password:" prompt instead of using the server's
+      prompt (closes: #394996).
+  * debian/control: Suggests: openssh-client, not ssh (closes: #405686);
+    Standards-Version: 3.7.2.2.
+  * debian/README.Debian: ssh -> openssh-server, openssh-client; remove
+    'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not
+    installing the openssh-server package.
+  * debian/README.runit: runsvstat -> sv status.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri,  2 Mar 2007 20:48:18 +0000
+
+dropbear (0.48.1-1) unstable; urgency=medium
+
+  * new upstream point release.
+    * Compile fix for scp
+  * debian/diff/dbclient.1.diff: new: document -R option to dbclient
+    accurately (thx Markus Schaber; closes: #351882).
+  * debian/dropbear.README.Debian: document a workaround for systems with
+    possibly blocking /dev/random device (closes: #355414)..
+
+ -- Gerrit Pape <pape@smarden.org>  Sun, 16 Apr 2006 16:16:40 +0000
+
+dropbear (0.48-1) unstable; urgency=medium
+
+  * New upstream release.
+  * SECURITY: Improve handling of denial of service attempts from a single
+    IP.
+
+  * debian/implicit: update to revision 1.11.
+  * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a
+    security issue where use of system() could cause users to execute
+    arbitrary code through malformed filenames; CVE-2006-0225 (see also
+    #349645); the scp binary is not provided by this package though.
+
+ -- Gerrit Pape <pape@smarden.org>  Fri, 10 Mar 2006 22:00:32 +0000
+
+dropbear (0.47-1) unstable; urgency=high
+
+  * New upstream release.
+  * SECURITY: Fix incorrect buffer sizing; CVE-2005-4178.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 8 Dec 2005 19:20:21 +0800
+
+dropbear (0.46-2) unstable; urgency=low
+
+  * debian/control: Standards-Version: 3.6.2.1; update descriptions to
+    mention included server and client (thx Tino Keitel).
+  * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though
+    'NO_START is not set to zero.' (closes: #336723).
+
+ -- Gerrit Pape <pape@smarden.org>  Tue,  6 Dec 2005 13:30:49 +0000
+
+dropbear (0.46-1) unstable; urgency=medium
+
+  * New upstream release, various fixes.
+  * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove;
+    obsolete.
+  * debian/dbclient.1: move to ./dbclient.1.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 July 2005 21:32:55 +0800
+
+dropbear (0.45-3) unstable; urgency=low
+
+  * debian/dropbear.init: init script prints human readable message in case
+    it's disabled (closes: #309099).
+  * debian/dropbear.postinst: configure: restart service through init script
+    instead of start.
+  * debian/dropbear.prerm: set -u -> set -e.
+
+ -- Gerrit Pape <pape@smarden.org>  Wed, 25 May 2005 22:38:17 +0000
+
+dropbear (0.45-2) unstable; urgency=low
+
+  * Matt Johnston:
+    * New upstream release, various fixes.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 12 Mar 2005 15:17:55 +0000
+
+dropbear (0.44-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/rules: install /usr/bin/dbclient; handle possible patches more
+    gracefully; install debian/dbclient.1 man page; enable target patch;
+    minor.
+  * debian/implicit: update to revision 1.10.
+  * debian/dbclient.1: new; man page.
+  * debian/diff/dbclient-usage-typo.diff: new; fix typo.
+  * debian/diff/manpages.diff: new; add references to dbclient man page.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat,  8 Jan 2005 22:50:43 +0000
+
+dropbear (0.43-2) unstable; urgency=high
+
+  * Matt Johnston:
+    * New upstream release 0.43
+    * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
+      code
+    * Handle portforwarding to servers which don't send any initial data
+      (Closes: #258426)
+  * debian/dropbear.postinst: remove code causing bothersome warning on
+    package install (closes: #256752).
+  * debian/README.Debian.diet: new; how to build with the diet libc.
+  * debian/dropbear.docs: add debian/README.Debian.diet.
+  * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 17 Jul 2004 19:31:19 +0000
+
+dropbear (0.42-1) unstable; urgency=low
+
+  * New upstream release 0.42.
+  * debian/diff/cvs-20040520.diff: remove; obsolete.
+  * debian/rules: disable target patch.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 June 2004 12:44:54 +0800
+
+dropbear (0.41-3) unstable; urgency=low
+
+  * 1st upload to the Debian archive (closes: #216553).
+  * debian/diff/cvs-20040520.diff: new; stable cvs snapshot.
+  * debian/rules: new target patch: apply diffs in debian/diff/, reverse
+    apply in target clean; install man pages.
+  * debian/control: Priority: optional.
+
+ -- Gerrit Pape <pape@smarden.org>  Sun, 23 May 2004 08:32:37 +0000
+
+dropbear (0.41-2) unstable; urgency=low
+
+  * new maintainer.
+  * debian/control: no longer Build-Depends: debhelper; Build-Depends:
+    libz-dev; Standards-Version: 3.6.1.0; Suggests: runit; update
+    descriptions.
+  * debian/rules: stop using debhelper, use implicit rules; cleanup;
+    install dropbearconvert into /usr/lib/dropbear/.
+  * debian/impicit: new; implicit rules.
+  * debian/copyright.in: adapt.
+  * debian/dropbear.init: minor adaptions; test for dropbear service
+    directory.
+  * debian/README.runit: new; how to use dropbear with runit.
+  * debian/README.Debian, debian/docs: rename to debian/dropbear.*.
+  * debian/dropbear.docs: add debian/README.runit
+  * debian/conffiles: rename to debian/dropbear.conffiles; add init
+    script, and run scripts.
+  * debian/postinst: rename to debian/dropbear.postinst; adapt; use
+    invloke-rc.d dropbear start.
+  * debian/dropbear.prerm: new; invoke-rc.d dropbear stop.
+  * debian/postrm: rename to debian/dropbear.postrm; adapt; clean up
+    service directories.
+  * debian/compat, debian/dirs, dropbear.default: remove; obsolete.
+
+ -- Gerrit Pape <pape@smarden.org>  Sun, 16 May 2004 16:50:55 +0000
+
+dropbear (0.41-1) unstable; urgency=low
+
+  * Updated to 0.41 release.
+  * Various minor fixes
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 19 Jan 2004 23:20:54 +0800
+
+dropbear (0.39-1) unstable; urgency=low
+
+  * updated to 0.39 release. Some new features, some bugfixes.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tue, 16 Dec 2003 16:20:54 +0800
+
+dropbear (0.38-1) unstable; urgency=medium
+
+  * updated to 0.38 release - various important bugfixes
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sat, 11 Oct 2003 16:28:54 +0800
+
+dropbear (0.37-1) unstable; urgency=medium
+
+  * updated to 0.37 release - various important bugfixes
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 24 Sept 2003 19:43:54 +0800
+
+dropbear (0.36-1) unstable; urgency=high
+
+  * updated to 0.36 release - various important bugfixes
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tues, 19 Aug 2003 12:20:54 +0800
+
+dropbear (0.35-1) unstable; urgency=high
+
+  * updated to 0.35 release - contains fix for remotely exploitable
+    vulnerability.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 17 Aug 2003 05:37:47 +0800
+
+dropbear (0.34-1) unstable; urgency=medium
+
+  * updated to 0.34 release
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 15 Aug 2003 15:10:00 +0800
+
+dropbear (0.33-1) unstable; urgency=medium
+
+  * updated to 0.33 release
+
+ -- Matt Johnston <matt@ucc.asn.au>  Sun, 22 Jun 2003 22:22:00 +0800
+
+dropbear (0.32cvs-1) unstable; urgency=medium
+
+  * now maintained in UCC CVS
+  * debian/copyright.in file added, generated from LICENSE
+
+ -- Grahame Bowland <grahame@angrygoats.net>  Tue, 21 Jun 2003 17:57:02 +0800
+
+dropbear (0.32cvs-1) unstable; urgency=medium
+
+  * sync with CVS
+  * fixes X crash bug
+
+ -- Grahame Bowland <grahame@angrygoats.net>  Tue, 20 Jun 2003 15:04:47 +0800
+
+dropbear (0.32-2) unstable; urgency=low
+
+  * fix creation of host keys to use correct names in /etc/dropbear
+  * init script "restart" function fixed
+  * purging this package now deletes the host keys and /etc/dropbear
+  * change priority in debian/control to 'standard'
+
+ -- Grahame Bowland <grahame@angrygoats.net>  Tue, 17 Jun 2003 15:04:47 +0800
+
+dropbear (0.32-1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Grahame Bowland <grahame@angrygoats.net>  Tue, 17 Jun 2003 15:04:47 +0800
+

debian/control

@@ -0,0 +1,20 @@
+Source: dropbear
+Section: net
+Priority: optional
+Maintainer: Gerrit Pape <pape@smarden.org>
+Build-Depends: libz-dev
+Standards-Version: 3.7.3.0
+
+Package: dropbear
+Architecture: any
+Depends: ${shlibs:Depends}
+Suggests: openssh-client, runit
+Description: lightweight SSH2 server and client
+ dropbear is a SSH 2 server and client designed to be small enough to
+ be used in small memory environments, while still being functional and
+ secure enough for general use.
+ .
+ It implements most required features of the SSH 2 protocol, and other
+ features such as X11 and authentication agent forwarding.
+ .
+ See http://matt.ucc.asn.au/dropbear/dropbear.html

debian/copyright.in

@@ -0,0 +1,11 @@
+This package was debianized by Grahame Bowland <grahame.angrygoats.net> on
+Tue, 17 Jun 2003 15:04:47 +0800, maintained temporarily by Matt Johnston
+<matt@ucc.asn.au>, and was adopted by Gerrit Pape <pape@smarden.org> on
+Sun, 16 May 2004 14:38:33 +0000.
+
+It was downloaded from http://matt.ucc.asn.au/dropbear/
+
+Upstream Author: Matt Johnston <matt@ucc.asn.au>
+
+Copyright: 
+

debian/dropbear.README.Debian

@@ -0,0 +1,19 @@
+Dropbear for Debian
+-------------------
+
+This package will attempt to setup the Dropbear ssh server to listen on
+port 22.  If the OpenSSH server package ("openssh-server") is installed,
+the file /etc/default/dropbear will be set up so that the server does not
+start by default.
+
+You can run Dropbear concurrently with OpenSSH 'sshd' by modifying
+/etc/default/dropbear so that "NO_START" is set to "0", and changing the
+port number that Dropbear runs on.  Follow the instructions in the file.
+
+This package suggests you install the "openssh-client" package, which
+provides the "ssh" client program, as well as the "/usr/bin/scp" binary
+you will need to be able to retrieve files via SCP from a server running
+Dropbear.
+
+See the Dropbear homepage for more information:
+  http://matt.ucc.asn.au/dropbear/dropbear.html

debian/dropbear.conffiles

@@ -0,0 +1,3 @@
+/etc/init.d/dropbear
+/etc/dropbear/run
+/etc/dropbear/log/run

debian/dropbear.docs

@@ -0,0 +1,3 @@
+README
+debian/README.runit
+debian/README.Debian.diet

debian/dropbear.init

@@ -0,0 +1,71 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          dropbear
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Dropbear SSH server
+### END INIT INFO
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+NO_START=0
+
+set -e
+
+cancel() { echo "$1" >&2; exit 0; };
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
+  cancel 'The dropbear service is controlled through runit, use the sv(8) program'
+
+test -z "$DROPBEAR_BANNER" || \
+  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+  DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
+test -n "$DROPBEAR_DSSKEY" || \
+  DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
+test -n "$DROPBEAR_RECEIVE_WINDOW" || \
+  DROPBEAR_RECEIVE_WINDOW="65536"
+
+case "$1" in
+  start)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
+	echo -n "Starting $DESC: "
+	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
+	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
+	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
+	echo "$NAME."
+	;;
+  restart|force-reload)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
+	echo -n "Restarting $DESC: "
+	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
+	sleep 1
+	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
+	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
+	    -p "$DROPBEAR_PORT" -W "$DROPBEAR_RECEIVE_WINDOW" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0

debian/dropbear.postinst

@@ -0,0 +1,79 @@
+#!/bin/sh
+set -e
+
+test "$1" = 'configure' || exit 0
+
+if test ! -e /etc/dropbear/dropbear_rsa_host_key; then
+  if test -f /etc/ssh/ssh_host_rsa_key; then
+    echo "Converting existing OpenSSH RSA host key to Dropbear format."
+    /usr/lib/dropbear/dropbearconvert openssh dropbear \
+      /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key
+  else
+    echo "Generating Dropbear RSA key. Please wait."
+    dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+  fi
+fi
+if test ! -e /etc/dropbear/dropbear_dss_host_key; then
+  if test -f /etc/ssh/ssh_host_dsa_key; then
+    echo "Converting existing OpenSSH RSA host key to Dropbear format."
+    /usr/lib/dropbear/dropbearconvert openssh dropbear \
+      /etc/ssh/ssh_host_dsa_key /etc/dropbear/dropbear_dss_host_key
+  else
+    echo "Generating Dropbear DSS key. Please wait."
+    dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
+  fi
+fi
+if test ! -s /etc/default/dropbear; then 
+  # check whether OpenSSH seems to be installed.
+  if test -x /usr/sbin/sshd; then
+    cat <<EOT
+OpenSSH appears to be installed.  Setting /etc/default/dropbear so that
+Dropbear will not start by default.  Edit this file to change this behaviour.
+
+EOT
+    cat >>/etc/default/dropbear <<EOT
+# disabled because OpenSSH is installed
+# change to NO_START=0 to enable Dropbear
+NO_START=1
+
+EOT
+  fi
+  cat >>/etc/default/dropbear <<EOT
+# the TCP port that Dropbear listens on
+DROPBEAR_PORT=22
+
+# any additional arguments for Dropbear
+DROPBEAR_EXTRA_ARGS=
+
+# specify an optional banner file containing a message to be
+# sent to clients before they connect, such as "/etc/issue.net"
+DROPBEAR_BANNER=""
+
+# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)
+#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
+
+# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
+#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
+
+# Receive window size - this is a tradeoff between memory and
+# network performance
+DROPBEAR_RECEIVE_WINDOW=65536
+EOT
+fi
+
+if test -x /etc/init.d/dropbear; then
+  update-rc.d dropbear defaults >/dev/null
+  if test -x /usr/sbin/invoke-rc.d; then
+    invoke-rc.d dropbear restart
+  else
+    /etc/init.d/dropbear restart
+  fi
+fi
+
+if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' &&
+update-service --check dropbear 2>/dev/null; then
+  update-service --remove /etc/dropbear 2>/dev/null || :
+  sleep 6
+  rm -rf /var/run/dropbear /var/run/dropbear.log
+  update-service --add /etc/dropbear || :
+fi

debian/dropbear.postrm

@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+test "$1" = 'purge' || exit 0
+if test -e /etc/dropbear; then
+  rm -f /etc/dropbear/dropbear_rsa_host_key
+  rm -f /etc/dropbear/dropbear_dss_host_key
+  rmdir --ignore-fail-on-non-empty /etc/dropbear
+fi
+update-rc.d dropbear remove >/dev/null
+rm -f /etc/default/dropbear
+rm -rf /etc/dropbear/supervise /etc/dropbear/log/supervise

debian/dropbear.prerm

@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+test "$1" = 'remove' || test "$1" = 'deconfigure' || exit 0
+if test -x /etc/init.d/dropbear; then
+  if test -x /usr/sbin/invoke-rc.d; then
+    invoke-rc.d dropbear stop
+  else
+    /etc/init.d/dropbear stop
+  fi
+fi

debian/implicit

@@ -0,0 +1,93 @@
+# $Id: implicit,v 1.11 2005/11/29 21:57:55 pape Exp $
+
+.PHONY: deb-checkdir deb-checkuid
+
+deb-checkdir:
+	@test -e debian/control || sh -cx '! : wrong directory'
+deb-checkuid:
+	@test "`id -u`" -eq 0 || sh -cx '! : need root privileges'
+
+%.deb: %.deb-docs %.deb-DEBIAN
+	@rm -f $*.deb $*.deb-checkdir $*.deb-docs $*.deb-docs-base \
+	  $*.deb-docs-docs $*.deb-docs-examples $*.deb-DEBIAN \
+	  $*.deb-DEBIAN-dir $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
+
+%.udeb: %.deb-DEBIAN
+	@rm -f $*.deb $*.deb-checkdir $*.deb-DEBIAN $*.deb-DEBIAN-dir \
+	  $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
+
+%.deb-checkdir:
+	@test -d debian/$* || sh -cx '! : directory debian/$* missing'
+	@test "`id -u`" -eq 0 || sh -cx '! : need root privileges'
+
+%.deb-docs-base:
+	: implicit
+	@rm -f debian/$*/usr/share/doc/$*/* || :
+	@install -d -m0755 debian/$*/usr/share/doc/$*
+	: debian/$*/usr/share/doc/$*/
+	@sh -cx 'install -m0644 debian/copyright debian/$*/usr/share/doc/$*/'
+	@sh -cx 'install -m0644 debian/changelog \
+	  debian/$*/usr/share/doc/$*/changelog.Debian'
+	@test ! -r changelog || \
+	  sh -cx 'install -m0644 changelog debian/$*/usr/share/doc/$*/'
+	@test -r debian/$*/usr/share/doc/$*/changelog || \
+	  sh -cx 'mv debian/$*/usr/share/doc/$*/changelog.Debian \
+	    debian/$*/usr/share/doc/$*/changelog'
+	@test -s debian/$*/usr/share/doc/$*/changelog || \
+	  sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog'
+	@gzip -9 debian/$*/usr/share/doc/$*/changelog*
+%.deb-docs-docs:
+	@for i in `cat debian/$*.docs 2>/dev/null || :`; do \
+	  if test -d $$i; then \
+	    sh -cx "install -d -m0755 debian/$*/usr/share/doc/$*/$${i##*/}" && \
+	    for j in $$i/*; do \
+	      sh -cx "install -m0644 $$j \
+	        debian/$*/usr/share/doc/$*/$${i##*/}/" || exit 1; \
+	    done || exit 1; \
+	    continue; \
+	  fi; \
+	  sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/" || exit 1; \
+	done
+	@test ! -r debian/$*.README.Debian || \
+	  sh -cx 'install -m0644 debian/$*.README.Debian \
+	    debian/$*/usr/share/doc/$*/README.Debian'
+	@if test -r debian/$*.NEWS.Debian; then \
+	  sh -cx 'install -m0644 debian/$*.NEWS.Debian \
+	    debian/$*/usr/share/doc/$*/NEWS.Debian && \
+	      gzip -9 debian/$*/usr/share/doc/$*/NEWS.Debian'; \
+	fi
+%.deb-docs-examples:
+	@rm -rf debian/$*/usr/share/doc/$*/examples
+	: debian/$*/usr/share/doc/$*/examples/
+	@test ! -r debian/$*.examples || \
+	  install -d -m0755 debian/$*/usr/share/doc/$*/examples
+	@for i in `cat debian/$*.examples 2>/dev/null || :`; do \
+	  sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/examples/" \
+	    || exit 1; \
+	done
+%.deb-docs: %.deb-checkdir %.deb-docs-base %.deb-docs-docs %.deb-docs-examples
+	: debian/$*/usr/share/doc/$*/ ok
+
+%.deb-DEBIAN-base:
+	@rm -rf debian/$*/DEBIAN
+	: debian/$*/DEBIAN/
+	@install -d -m0755 debian/$*/DEBIAN
+	@for i in conffiles shlibs templates; do \
+	  test ! -r debian/$*.$$i || \
+	    sh -cx "install -m0644 debian/$*.$$i debian/$*/DEBIAN/$$i" \
+	      || exit 1; \
+	done
+%.deb-DEBIAN-scripts:
+	@for i in preinst prerm postinst postrm config; do \
+	  test ! -r debian/$*.$$i || \
+	    sh -cx "install -m0755 debian/$*.$$i debian/$*/DEBIAN/$$i" \
+	      || exit 1; \
+	done
+%.deb-DEBIAN-md5sums:
+	: debian/$*/DEBIAN/md5sums
+	@rm -f debian/$*/DEBIAN/md5sums
+	@cd debian/$* && find * -path 'DEBIAN' -prune -o \
+	  -type f -exec md5sum {} >>DEBIAN/md5sums \;
+%.deb-DEBIAN: %.deb-checkdir %.deb-DEBIAN-base %.deb-DEBIAN-scripts \
+	  %.deb-DEBIAN-md5sums
+	: debian/$*/DEBIAN/ ok

debian/rules

@@ -0,0 +1,103 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
+#export DH_OPTIONS
+DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+STRIP =strip
+ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+  STRIP =: nostrip
+endif
+
+CONFFLAGS =
+CC =gcc
+ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
+  CONFFLAGS =--disable-zlib
+  CC =diet -v -Os gcc -nostdinc
+endif
+
+DIR =$(shell pwd)/debian/dropbear
+
+patch: deb-checkdir patch-stamp
+patch-stamp:
+	for i in `ls -1 debian/diff/*.diff || :`; do \
+	  patch -p1 <$$i || exit 1; \
+	done
+	touch patch-stamp
+
+config.status: patch-stamp configure
+	CC='$(CC)' \
+	CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
+	  ./configure --host='$(DEB_HOST_GNU_TYPE)' \
+	    --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
+	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
+	    $(CONFFLAGS)
+
+build: deb-checkdir build-stamp
+build-stamp: config.status
+	$(MAKE) CC='$(CC)' LD='$(CC)'
+	touch build-stamp
+
+clean: deb-checkdir deb-checkuid
+	test ! -r Makefile || $(MAKE) distclean
+	rm -f libtomcrypt/Makefile libtommath/Makefile
+	test ! -e patch-stamp || \
+	  for i in `ls -1r debian/diff/*.diff || :`; do \
+	    patch -p1 -R <$$i; \
+	  done
+	rm -f patch-stamp build-stamp config.log config.status
+	rm -rf '$(DIR)'
+	rm -f debian/files debian/substvars debian/copyright changelog
+
+install: deb-checkdir deb-checkuid build-stamp
+	rm -rf '$(DIR)'
+	install -d -m0755 '$(DIR)'/etc/dropbear
+	# programs
+	install -d -m0755 '$(DIR)'/usr/sbin
+	install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear
+	install -d -m0755 '$(DIR)'/usr/bin
+	install -m0755 dbclient '$(DIR)'/usr/bin/dbclient
+	install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey
+	install -d -m0755 '$(DIR)'/usr/lib/dropbear
+	install -m0755 dropbearconvert \
+	  '$(DIR)'/usr/lib/dropbear/dropbearconvert
+	$(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \
+	  '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/*
+	# init and run scripts
+	install -d -m0755 '$(DIR)'/etc/init.d
+	install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
+	install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run
+	install -d -m0755 '$(DIR)'/etc/dropbear/log
+	install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
+	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
+	# man pages
+	install -d -m0755 '$(DIR)'/usr/share/man/man8
+	install -d -m0755 '$(DIR)'/usr/share/man/man1
+	install -m644 dropbear.8 '$(DIR)'/usr/share/man/man8/
+	for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \
+	  install -m644 $$i '$(DIR)'/usr/share/man/man1/ || exit 1; \
+	done
+	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
+	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
+	# copyright, changelog
+	cat debian/copyright.in LICENSE >debian/copyright
+	test -r changelog || ln -s CHANGES changelog
+
+binary-indep:
+
+binary-arch: install dropbear.deb
+	test '$(CC)' != 'gcc' || \
+	  dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \
+	    '$(DIR)'/usr/lib/dropbear/*
+	dpkg-gencontrol -isp -pdropbear -P'$(DIR)'
+	dpkg -b '$(DIR)' ..
+
+binary: binary-arch binary-indep
+
+.PHONY: patch build clean install binary-indep binary-arch binary
+
+include debian/implicit

debian/service/log

@@ -0,0 +1,2 @@
+#!/bin/sh
+exec chpst -udropbearlog svlogd -tt ./main

debian/service/run

@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec dropbear -d ./dropbear_dss_host_key -r ./dropbear_rsa_host_key -F -E -p 22

debug.h

@@ -0,0 +1,78 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_DEBUG_H_
+#define DROPBEAR_DEBUG_H_
+
+#include "includes.h"
+
+/* Debugging */
+
+/* Work well for valgrind - don't clear environment, be nicer with signals
+ * etc. Don't use this normally, it might cause problems */
+/* #define DEBUG_VALGRIND */
+
+/* All functions writing to the cleartext payload buffer call
+ * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
+ * attempting to track down a problem */
+/*#define CHECKCLEARTOWRITE() assert(ses.writepayload->len == 0 && \
+		ses.writepayload->pos == 0)*/
+
+#ifndef CHECKCLEARTOWRITE
+#define CHECKCLEARTOWRITE()
+#endif
+
+/* Define this, compile with -pg and set GMON_OUT_PREFIX=gmon to get gmon
+ * output when Dropbear forks. This will allow it gprof to be used.
+ * It's useful to run dropbear -F, so you don't fork as much */
+/* (This is Linux specific) */
+/*#define DEBUG_FORKGPROF*/
+
+/* A couple of flags, not usually useful, and mightn't do anything */
+
+/*#define DEBUG_KEXHASH*/
+/*#define DEBUG_RSA*/
+
+/* you don't need to touch this block */
+#if DEBUG_TRACE
+extern int debug_trace;
+#define TRACE(X) dropbear_trace X;
+#define TRACE2(X) dropbear_trace2 X;
+#else /*DEBUG_TRACE*/
+#define TRACE(X)
+#define TRACE2(X)
+#endif /*DEBUG_TRACE*/
+
+/* To debug with GDB it is easier to run with no forking of child processes.
+   You will need to pass "-F" as well. */
+/* #define DEBUG_NOFORK */
+
+
+/* For testing as non-root on shadowed systems, include the crypt of a password
+ * here. You can then log in as any user with this password. Ensure that you
+ * make your own password, and are careful about using this. This will also
+ * disable some of the chown pty code etc*/
+/* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" */ /* this is crypt("password") */
+
+#endif

default_options.h

@@ -0,0 +1,300 @@
+#ifndef DROPBEAR_DEFAULT_OPTIONS_H_
+#define DROPBEAR_DEFAULT_OPTIONS_H_
+/*
+                     > > > Read This < < <
+
+default_options.h  documents compile-time options, and provides default values.
+
+Local customisation should be added to localoptions.h which is
+used if it exists in the build directory. Options defined there will override 
+any options in this file.
+
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
+
+IMPORTANT: Some options will require "make clean" after changes */
+
+#define DROPBEAR_DEFPORT "22"
+
+/* Listen on all interfaces */
+#define DROPBEAR_DEFADDRESS ""
+
+/* Default hostkey paths - these can be specified on the command line */
+#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
+
+/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
+ * on chosen ports and keeps accepting connections. This is the default.
+ *
+ * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
+ * similar), where it will use stdin/stdout for connections, and each process
+ * lasts for a single connection. Dropbear should be invoked with the -i flag
+ * for inetd, and can only accept IPv4 connections.
+ *
+ * Both of these flags can be defined at once, don't compile without at least
+ * one of them. */
+#define NON_INETD_MODE 1
+#define INETD_MODE 1
+
+/* Include verbose debug output, enabled with -v at runtime. 
+ * This will add a reasonable amount to your executable size. */
+#define DEBUG_TRACE 0
+
+/* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
+#define DROPBEAR_SMALL_CODE 1
+
+/* Enable X11 Forwarding - server only */
+#define DROPBEAR_X11FWD 1
+
+/* Enable TCP Fowarding */
+/* 'Local' is "-L" style (client listening port forwarded via server)
+ * 'Remote' is "-R" style (server listening port forwarded via client) */
+#define DROPBEAR_CLI_LOCALTCPFWD 1
+#define DROPBEAR_CLI_REMOTETCPFWD 1
+
+#define DROPBEAR_SVR_LOCALTCPFWD 1
+#define DROPBEAR_SVR_REMOTETCPFWD 1
+
+/* Enable Authentication Agent Forwarding */
+#define DROPBEAR_SVR_AGENTFWD 1
+#define DROPBEAR_CLI_AGENTFWD 1
+
+/* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
+ * allow multihop dbclient connections */
+
+/* Allow using -J <proxycommand> to run the connection through a 
+   pipe to a program, rather the normal TCP connection */
+#define DROPBEAR_CLI_PROXYCMD 1
+
+/* Enable "Netcat mode" option. This will forward standard input/output
+ * to a remote TCP-forwarded connection */
+#define DROPBEAR_CLI_NETCAT 1
+
+/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
+#define DROPBEAR_USER_ALGO_LIST 1
+
+/* Encryption - at least one required.
+ * AES128 should be enabled, some very old implementations might only
+ * support 3DES.
+ * Including both AES keysize variants (128 and 256) will result in 
+ * a minimal size increase */
+#define DROPBEAR_AES128 1
+#define DROPBEAR_3DES 1
+#define DROPBEAR_AES256 1
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
+/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+#define DROPBEAR_BLOWFISH 0
+
+/* Enable CBC mode for ciphers. This has security issues though
+ * is the most compatible with older SSH implementations */
+#define DROPBEAR_ENABLE_CBC_MODE 1
+
+/* Enable "Counter Mode" for ciphers. This is more secure than
+ * CBC mode against certain attacks. It is recommended for security
+ * and forwards compatibility */
+#define DROPBEAR_ENABLE_CTR_MODE 1
+
+/* Message integrity. sha2-256 is recommended as a default, 
+   sha1 for compatibility */
+#define DROPBEAR_SHA1_HMAC 1
+#define DROPBEAR_SHA1_96_HMAC 1
+#define DROPBEAR_SHA2_256_HMAC 1
+
+/* Hostkey/public key algorithms - at least one required, these are used
+ * for hostkey as well as for verifying signatures with pubkey auth.
+ * Removing either of these won't save very much space.
+ * RSA is recommended
+ * DSS may be necessary to connect to some systems though
+   is not recommended for new keys */
+#define DROPBEAR_RSA 1
+#define DROPBEAR_DSS 1
+/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+ * code (either ECDSA or ECDH) increases binary size - around 30kB
+ * on x86-64 */
+#define DROPBEAR_ECDSA 1
+
+/* RSA must be >=1024 */
+#define DROPBEAR_DEFAULT_RSA_SIZE 2048
+/* DSS is always 1024 */
+/* ECDSA defaults to largest size configured, usually 521 */
+
+/* Add runtime flag "-R" to generate hostkeys as-needed when the first 
+   connection using that key type occurs.
+   This avoids the need to otherwise run "dropbearkey" and avoids some problems
+   with badly seeded /dev/urandom when systems first boot. */
+#define DROPBEAR_DELAY_HOSTKEY 1
+
+
+/* Key exchange algorithm.
+
+ * group14_sha1 - 2048 bit, sha1
+ * group14_sha256 - 2048 bit, sha2-256
+ * group16 - 4096 bit, sha2-512
+ * group1 - 1024 bit, sha1
+ * curve25519 - elliptic curve DH
+ * ecdh - NIST elliptic curve DH (256, 384, 521)
+ *
+ * group1 is too small for security though is necessary if you need 
+     compatibility with some implementations such as Dropbear versions < 0.53
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
+ * curve25519 increases binary size by ~8kB on x86-64
+ * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
+
+ * Small systems should generally include either curve25519 or ecdh for performance.
+ * curve25519 is less widely supported but is faster
+ */ 
+#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA256 1
+#define DROPBEAR_DH_GROUP16 0
+#define DROPBEAR_CURVE25519 1
+#define DROPBEAR_ECDH 1
+#define DROPBEAR_DH_GROUP1 1
+
+/* When group1 is enabled it will only be allowed by Dropbear client
+not as a server, due to concerns over its strength. Set to 0 to allow
+group1 in Dropbear server too */
+#define DROPBEAR_DH_GROUP1_CLIENTONLY 1
+
+/* Control the memory/performance/compression tradeoff for zlib.
+ * Set windowBits=8 for least memory usage, see your system's
+ * zlib.h for full details.
+ * Default settings (windowBits=15) will use 256kB for compression
+ * windowBits=8 will use 129kB for compression.
+ * Both modes will use ~35kB for decompression (using windowBits=15 for
+ * interoperability) */
+#define DROPBEAR_ZLIB_WINDOW_BITS 15 
+
+/* Whether to do reverse DNS lookups. */
+#define DO_HOST_LOOKUP 0
+
+/* Whether to print the message of the day (MOTD). */
+#define DO_MOTD 0
+#define MOTD_FILENAME "/etc/motd"
+
+/* Authentication Types - at least one required.
+   RFC Draft requires pubkey auth, and recommends password */
+#define DROPBEAR_SVR_PASSWORD_AUTH 1
+
+/* Note: PAM auth is quite simple and only works for PAM modules which just do
+ * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+ * It's useful for systems like OS X where standard password crypts don't work
+ * but there's an interface via a PAM module. It won't work for more complex
+ * PAM challenge/response.
+ * You can't enable both PASSWORD and PAM. */
+#define DROPBEAR_SVR_PAM_AUTH 0
+
+/* ~/.ssh/authorized_keys authentication */
+#define DROPBEAR_SVR_PUBKEY_AUTH 1
+
+/* Whether to take public key options in 
+ * authorized_keys file into account */
+#define DROPBEAR_SVR_PUBKEY_OPTIONS 1
+
+/* Set this to 0 if your system does not have multiple user support.
+   (Linux kernel CONFIG_MULTIUSER option)
+   The resulting binary will not run on a normal system. */
+#define DROPBEAR_SVR_MULTIUSER 1
+
+/* Client authentication options */
+#define DROPBEAR_CLI_PASSWORD_AUTH 1
+#define DROPBEAR_CLI_PUBKEY_AUTH 1
+
+/* A default argument for dbclient -i <privatekey>. 
+Homedir is prepended unless path begins with / */
+#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
+
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
+ * environment variable. */
+#define DROPBEAR_USE_PASSWORD_ENV 1
+
+/* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
+ * a helper program for the ssh client. The helper program should be
+ * specified in the SSH_ASKPASS environment variable, and dbclient
+ * should be run with DISPLAY set and no tty. The program should
+ * return the password on standard output */
+#define DROPBEAR_CLI_ASKPASS_HELPER 0
+
+/* Save a network roundtrip by sendng a real auth request immediately after
+ * sending a query for the available methods. This is not yet enabled by default 
+ since it could cause problems with non-compliant servers */ 
+#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+
+/* Set this to use PRNGD or EGD instead of /dev/urandom */
+#define DROPBEAR_USE_PRNGD 0
+#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
+
+/* Specify the number of clients we will allow to be connected but
+ * not yet authenticated. After this limit, connections are rejected */
+/* The first setting is per-IP, to avoid denial of service */
+#define MAX_UNAUTH_PER_IP 5
+
+/* And then a global limit to avoid chewing memory if connections 
+ * come from many IPs */
+#define MAX_UNAUTH_CLIENTS 30
+
+/* Default maximum number of failed authentication tries (server option) */
+/* -T server option overrides */
+#define MAX_AUTH_TRIES 10
+
+/* The default file to store the daemon's process ID, for shutdown
+   scripts etc. This can be overridden with the -P flag */
+#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
+
+/* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+#define XAUTH_COMMAND "/usr/bin/xauth -q"
+
+
+/* if you want to enable running an sftp server (such as the one included with
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+ * The sftp-server program is not provided by Dropbear itself */
+#define DROPBEAR_SFTPSERVER 1
+#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
+
+/* This is used by the scp binary when used as a client binary. If you're
+ * not using the Dropbear client, you'll need to change it */
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
+
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+#define LOG_COMMANDS 0
+
+/* Window size limits. These tend to be a trade-off between memory
+   usage and network performance: */
+/* Size of the network receive window. This amount of memory is allocated
+   as a per-channel receive buffer. Increasing this value can make a
+   significant difference to network performance. 24kB was empirically
+   chosen for a 100mbit ethernet network. The value can be altered at
+   runtime with the -W argument. */
+#define DEFAULT_RECV_WINDOW 24576
+/* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
+   in order to interoperate with other implementations */
+#define RECV_MAX_PAYLOAD_LEN 32768
+/* Maximum size of a transmitted data packet - this can be any value,
+   though increasing it may not make a significant difference. */
+#define TRANS_MAX_PAYLOAD_LEN 16384
+
+/* Ensure that data is transmitted every KEEPALIVE seconds. This can
+be overridden at runtime with -K. 0 disables keepalives */
+#define DEFAULT_KEEPALIVE 0
+
+/* If this many KEEPALIVES are sent with no packets received from the
+other side, exit. Not run-time configurable - if you have a need
+for runtime configuration please mail the Dropbear list */
+#define DEFAULT_KEEPALIVE_LIMIT 3
+
+/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
+be overridden at runtime with -I. 0 disables idle timeouts */
+#define DEFAULT_IDLE_TIMEOUT 0
+
+/* The default path. This will often get replaced by the shell */
+#define DEFAULT_PATH "/usr/bin:/bin"
+
+#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */

demo/demo.c

@@ -1,736 +0,0 @@
-#include <time.h>
-
-#ifdef IOWNANATHLON
-#include <unistd.h>
-#define SLEEP sleep(4)
-#else
-#define SLEEP
-#endif
-
-#include "tommath.h"
-
-void ndraw(mp_int * a, char *name)
-{
-   char buf[16000];
-
-   printf("%s: ", name);
-   mp_toradix(a, buf, 10);
-   printf("%s\n", buf);
-}
-
-static void draw(mp_int * a)
-{
-   ndraw(a, "");
-}
-
-
-unsigned long lfsr = 0xAAAAAAAAUL;
-
-int lbit(void)
-{
-   if (lfsr & 0x80000000UL) {
-      lfsr = ((lfsr << 1) ^ 0x8000001BUL) & 0xFFFFFFFFUL;
-      return 1;
-   } else {
-      lfsr <<= 1;
-      return 0;
-   }
-}
-
-int myrng(unsigned char *dst, int len, void *dat)
-{
-   int x;
-
-   for (x = 0; x < len; x++)
-      dst[x] = rand() & 0xFF;
-   return len;
-}
-
-
-
-char cmd[4096], buf[4096];
-int main(void)
-{
-   mp_int a, b, c, d, e, f;
-   unsigned long expt_n, add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n,
-      gcd_n, lcm_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n, t;
-   unsigned rr;
-   int i, n, err, cnt, ix, old_kara_m, old_kara_s;
-   mp_digit mp;
-
-
-   mp_init(&a);
-   mp_init(&b);
-   mp_init(&c);
-   mp_init(&d);
-   mp_init(&e);
-   mp_init(&f);
-
-   srand(time(NULL));
-
-#if 0
-   // test montgomery 
-   printf("Testing montgomery...\n");
-   for (i = 1; i < 10; i++) {
-      printf("Testing digit size: %d\n", i);
-      for (n = 0; n < 1000; n++) {
-         mp_rand(&a, i);
-         a.dp[0] |= 1;
-
-         // let's see if R is right
-         mp_montgomery_calc_normalization(&b, &a);
-         mp_montgomery_setup(&a, &mp);
-
-         // now test a random reduction 
-         for (ix = 0; ix < 100; ix++) {
-             mp_rand(&c, 1 + abs(rand()) % (2*i));
-             mp_copy(&c, &d);
-             mp_copy(&c, &e);
-
-             mp_mod(&d, &a, &d);
-             mp_montgomery_reduce(&c, &a, mp);
-             mp_mulmod(&c, &b, &a, &c);
-
-             if (mp_cmp(&c, &d) != MP_EQ) { 
-printf("d = e mod a, c = e MOD a\n");
-mp_todecimal(&a, buf); printf("a = %s\n", buf);
-mp_todecimal(&e, buf); printf("e = %s\n", buf);
-mp_todecimal(&d, buf); printf("d = %s\n", buf);
-mp_todecimal(&c, buf); printf("c = %s\n", buf);
-printf("compare no compare!\n"); exit(EXIT_FAILURE); }
-         }
-      }
-   }
-   printf("done\n");
-
-   // test mp_get_int
-   printf("Testing: mp_get_int\n");
-   for (i = 0; i < 1000; ++i) {
-      t = ((unsigned long) rand() * rand() + 1) & 0xFFFFFFFF;
-      mp_set_int(&a, t);
-      if (t != mp_get_int(&a)) {
-	 printf("mp_get_int() bad result!\n");
-	 return 1;
-      }
-   }
-   mp_set_int(&a, 0);
-   if (mp_get_int(&a) != 0) {
-      printf("mp_get_int() bad result!\n");
-      return 1;
-   }
-   mp_set_int(&a, 0xffffffff);
-   if (mp_get_int(&a) != 0xffffffff) {
-      printf("mp_get_int() bad result!\n");
-      return 1;
-   }
-   // test mp_sqrt
-   printf("Testing: mp_sqrt\n");
-   for (i = 0; i < 1000; ++i) {
-      printf("%6d\r", i);
-      fflush(stdout);
-      n = (rand() & 15) + 1;
-      mp_rand(&a, n);
-      if (mp_sqrt(&a, &b) != MP_OKAY) {
-	 printf("mp_sqrt() error!\n");
-	 return 1;
-      }
-      mp_n_root(&a, 2, &a);
-      if (mp_cmp_mag(&b, &a) != MP_EQ) {
-	 printf("mp_sqrt() bad result!\n");
-	 return 1;
-      }
-   }
-
-   printf("\nTesting: mp_is_square\n");
-   for (i = 0; i < 1000; ++i) {
-      printf("%6d\r", i);
-      fflush(stdout);
-
-      /* test mp_is_square false negatives */
-      n = (rand() & 7) + 1;
-      mp_rand(&a, n);
-      mp_sqr(&a, &a);
-      if (mp_is_square(&a, &n) != MP_OKAY) {
-	 printf("fn:mp_is_square() error!\n");
-	 return 1;
-      }
-      if (n == 0) {
-	 printf("fn:mp_is_square() bad result!\n");
-	 return 1;
-      }
-
-      /* test for false positives */
-      mp_add_d(&a, 1, &a);
-      if (mp_is_square(&a, &n) != MP_OKAY) {
-	 printf("fp:mp_is_square() error!\n");
-	 return 1;
-      }
-      if (n == 1) {
-	 printf("fp:mp_is_square() bad result!\n");
-	 return 1;
-      }
-
-   }
-   printf("\n\n");
-
-   /* test for size */
-   for (ix = 10; ix < 128; ix++) {
-      printf("Testing (not safe-prime): %9d bits    \r", ix);
-      fflush(stdout);
-      err =
-	 mp_prime_random_ex(&a, 8, ix,
-			    (rand() & 1) ? LTM_PRIME_2MSB_OFF :
-			    LTM_PRIME_2MSB_ON, myrng, NULL);
-      if (err != MP_OKAY) {
-	 printf("failed with err code %d\n", err);
-	 return EXIT_FAILURE;
-      }
-      if (mp_count_bits(&a) != ix) {
-	 printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
-	 return EXIT_FAILURE;
-      }
-   }
-
-   for (ix = 16; ix < 128; ix++) {
-      printf("Testing (   safe-prime): %9d bits    \r", ix);
-      fflush(stdout);
-      err =
-	 mp_prime_random_ex(&a, 8, ix,
-			    ((rand() & 1) ? LTM_PRIME_2MSB_OFF :
-			     LTM_PRIME_2MSB_ON) | LTM_PRIME_SAFE, myrng,
-			    NULL);
-      if (err != MP_OKAY) {
-	 printf("failed with err code %d\n", err);
-	 return EXIT_FAILURE;
-      }
-      if (mp_count_bits(&a) != ix) {
-	 printf("Prime is %d not %d bits!!!\n", mp_count_bits(&a), ix);
-	 return EXIT_FAILURE;
-      }
-      /* let's see if it's really a safe prime */
-      mp_sub_d(&a, 1, &a);
-      mp_div_2(&a, &a);
-      mp_prime_is_prime(&a, 8, &cnt);
-      if (cnt != MP_YES) {
-	 printf("sub is not prime!\n");
-	 return EXIT_FAILURE;
-      }
-   }
-
-   printf("\n\n");
-
-   mp_read_radix(&a, "123456", 10);
-   mp_toradix_n(&a, buf, 10, 3);
-   printf("a == %s\n", buf);
-   mp_toradix_n(&a, buf, 10, 4);
-   printf("a == %s\n", buf);
-   mp_toradix_n(&a, buf, 10, 30);
-   printf("a == %s\n", buf);
-
-
-#if 0
-   for (;;) {
-      fgets(buf, sizeof(buf), stdin);
-      mp_read_radix(&a, buf, 10);
-      mp_prime_next_prime(&a, 5, 1);
-      mp_toradix(&a, buf, 10);
-      printf("%s, %lu\n", buf, a.dp[0] & 3);
-   }
-#endif
-
-   /* test mp_cnt_lsb */
-   printf("testing mp_cnt_lsb...\n");
-   mp_set(&a, 1);
-   for (ix = 0; ix < 1024; ix++) {
-      if (mp_cnt_lsb(&a) != ix) {
-	 printf("Failed at %d, %d\n", ix, mp_cnt_lsb(&a));
-	 return 0;
-      }
-      mp_mul_2(&a, &a);
-   }
-
-/* test mp_reduce_2k */
-   printf("Testing mp_reduce_2k...\n");
-   for (cnt = 3; cnt <= 128; ++cnt) {
-      mp_digit tmp;
-
-      mp_2expt(&a, cnt);
-      mp_sub_d(&a, 2, &a);	/* a = 2**cnt - 2 */
-
-
-      printf("\nTesting %4d bits", cnt);
-      printf("(%d)", mp_reduce_is_2k(&a));
-      mp_reduce_2k_setup(&a, &tmp);
-      printf("(%d)", tmp);
-      for (ix = 0; ix < 1000; ix++) {
-	 if (!(ix & 127)) {
-	    printf(".");
-	    fflush(stdout);
-	 }
-	 mp_rand(&b, (cnt / DIGIT_BIT + 1) * 2);
-	 mp_copy(&c, &b);
-	 mp_mod(&c, &a, &c);
-	 mp_reduce_2k(&b, &a, 2);
-	 if (mp_cmp(&c, &b)) {
-	    printf("FAILED\n");
-	    exit(0);
-	 }
-      }
-   }
-
-/* test mp_div_3  */
-   printf("Testing mp_div_3...\n");
-   mp_set(&d, 3);
-   for (cnt = 0; cnt < 10000;) {
-      mp_digit r1, r2;
-
-      if (!(++cnt & 127))
-	 printf("%9d\r", cnt);
-      mp_rand(&a, abs(rand()) % 128 + 1);
-      mp_div(&a, &d, &b, &e);
-      mp_div_3(&a, &c, &r2);
-
-      if (mp_cmp(&b, &c) || mp_cmp_d(&e, r2)) {
-	 printf("\n\nmp_div_3 => Failure\n");
-      }
-   }
-   printf("\n\nPassed div_3 testing\n");
-
-/* test the DR reduction */
-   printf("testing mp_dr_reduce...\n");
-   for (cnt = 2; cnt < 32; cnt++) {
-      printf("%d digit modulus\n", cnt);
-      mp_grow(&a, cnt);
-      mp_zero(&a);
-      for (ix = 1; ix < cnt; ix++) {
-	 a.dp[ix] = MP_MASK;
-      }
-      a.used = cnt;
-      a.dp[0] = 3;
-
-      mp_rand(&b, cnt - 1);
-      mp_copy(&b, &c);
-
-      rr = 0;
-      do {
-	 if (!(rr & 127)) {
-	    printf("%9lu\r", rr);
-	    fflush(stdout);
-	 }
-	 mp_sqr(&b, &b);
-	 mp_add_d(&b, 1, &b);
-	 mp_copy(&b, &c);
-
-	 mp_mod(&b, &a, &b);
-	 mp_dr_reduce(&c, &a, (((mp_digit) 1) << DIGIT_BIT) - a.dp[0]);
-
-	 if (mp_cmp(&b, &c) != MP_EQ) {
-	    printf("Failed on trial %lu\n", rr);
-	    exit(-1);
-
-	 }
-      } while (++rr < 500);
-      printf("Passed DR test for %d digits\n", cnt);
-   }
-
-#endif
-
-/* test the mp_reduce_2k_l code */
-#if 0
-#if 0
-/* first load P with 2^1024 - 0x2A434 B9FDEC95 D8F9D550 FFFFFFFF FFFFFFFF */
-   mp_2expt(&a, 1024);
-   mp_read_radix(&b, "2A434B9FDEC95D8F9D550FFFFFFFFFFFFFFFF", 16);
-   mp_sub(&a, &b, &a);
-#elif 1
-/*  p = 2^2048 - 0x1 00000000 00000000 00000000 00000000 4945DDBF 8EA2A91D 5776399B B83E188F  */
-   mp_2expt(&a, 2048);
-   mp_read_radix(&b,
-		 "1000000000000000000000000000000004945DDBF8EA2A91D5776399BB83E188F",
-		 16);
-   mp_sub(&a, &b, &a);
-#endif
-
-   mp_todecimal(&a, buf);
-   printf("p==%s\n", buf);
-/* now mp_reduce_is_2k_l() should return */
-   if (mp_reduce_is_2k_l(&a) != 1) {
-      printf("mp_reduce_is_2k_l() return 0, should be 1\n");
-      return EXIT_FAILURE;
-   }
-   mp_reduce_2k_setup_l(&a, &d);
-   /* now do a million square+1 to see if it varies */
-   mp_rand(&b, 64);
-   mp_mod(&b, &a, &b);
-   mp_copy(&b, &c);
-   printf("testing mp_reduce_2k_l...");
-   fflush(stdout);
-   for (cnt = 0; cnt < (1UL << 20); cnt++) {
-      mp_sqr(&b, &b);
-      mp_add_d(&b, 1, &b);
-      mp_reduce_2k_l(&b, &a, &d);
-      mp_sqr(&c, &c);
-      mp_add_d(&c, 1, &c);
-      mp_mod(&c, &a, &c);
-      if (mp_cmp(&b, &c) != MP_EQ) {
-	 printf("mp_reduce_2k_l() failed at step %lu\n", cnt);
-	 mp_tohex(&b, buf);
-	 printf("b == %s\n", buf);
-	 mp_tohex(&c, buf);
-	 printf("c == %s\n", buf);
-	 return EXIT_FAILURE;
-      }
-   }
-   printf("...Passed\n");
-#endif
-
-   div2_n = mul2_n = inv_n = expt_n = lcm_n = gcd_n = add_n =
-      sub_n = mul_n = div_n = sqr_n = mul2d_n = div2d_n = cnt = add_d_n =
-      sub_d_n = 0;
-
-   /* force KARA and TOOM to enable despite cutoffs */
-   KARATSUBA_SQR_CUTOFF = KARATSUBA_MUL_CUTOFF = 110;
-   TOOM_SQR_CUTOFF = TOOM_MUL_CUTOFF = 150;
-
-   for (;;) {
-      /* randomly clear and re-init one variable, this has the affect of triming the alloc space */
-      switch (abs(rand()) % 7) {
-      case 0:
-	 mp_clear(&a);
-	 mp_init(&a);
-	 break;
-      case 1:
-	 mp_clear(&b);
-	 mp_init(&b);
-	 break;
-      case 2:
-	 mp_clear(&c);
-	 mp_init(&c);
-	 break;
-      case 3:
-	 mp_clear(&d);
-	 mp_init(&d);
-	 break;
-      case 4:
-	 mp_clear(&e);
-	 mp_init(&e);
-	 break;
-      case 5:
-	 mp_clear(&f);
-	 mp_init(&f);
-	 break;
-      case 6:
-	 break;			/* don't clear any */
-      }
-
-
-      printf
-	 ("%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu/%4lu ",
-	  add_n, sub_n, mul_n, div_n, sqr_n, mul2d_n, div2d_n, gcd_n, lcm_n,
-	  expt_n, inv_n, div2_n, mul2_n, add_d_n, sub_d_n);
-      fgets(cmd, 4095, stdin);
-      cmd[strlen(cmd) - 1] = 0;
-      printf("%s  ]\r", cmd);
-      fflush(stdout);
-      if (!strcmp(cmd, "mul2d")) {
-	 ++mul2d_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 sscanf(buf, "%d", &rr);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-
-	 mp_mul_2d(&a, rr, &a);
-	 a.sign = b.sign;
-	 if (mp_cmp(&a, &b) != MP_EQ) {
-	    printf("mul2d failed, rr == %d\n", rr);
-	    draw(&a);
-	    draw(&b);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "div2d")) {
-	 ++div2d_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 sscanf(buf, "%d", &rr);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-
-	 mp_div_2d(&a, rr, &a, &e);
-	 a.sign = b.sign;
-	 if (a.used == b.used && a.used == 0) {
-	    a.sign = b.sign = MP_ZPOS;
-	 }
-	 if (mp_cmp(&a, &b) != MP_EQ) {
-	    printf("div2d failed, rr == %d\n", rr);
-	    draw(&a);
-	    draw(&b);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "add")) {
-	 ++add_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_copy(&a, &d);
-	 mp_add(&d, &b, &d);
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("add %lu failure!\n", add_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-
-	 /* test the sign/unsigned storage functions */
-
-	 rr = mp_signed_bin_size(&c);
-	 mp_to_signed_bin(&c, (unsigned char *) cmd);
-	 memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
-	 mp_read_signed_bin(&d, (unsigned char *) cmd, rr);
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("mp_signed_bin failure!\n");
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-
-
-	 rr = mp_unsigned_bin_size(&c);
-	 mp_to_unsigned_bin(&c, (unsigned char *) cmd);
-	 memset(cmd + rr, rand() & 255, sizeof(cmd) - rr);
-	 mp_read_unsigned_bin(&d, (unsigned char *) cmd, rr);
-	 if (mp_cmp_mag(&c, &d) != MP_EQ) {
-	    printf("mp_unsigned_bin failure!\n");
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-
-      } else if (!strcmp(cmd, "sub")) {
-	 ++sub_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_copy(&a, &d);
-	 mp_sub(&d, &b, &d);
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("sub %lu failure!\n", sub_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "mul")) {
-	 ++mul_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_copy(&a, &d);
-	 mp_mul(&d, &b, &d);
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("mul %lu failure!\n", mul_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "div")) {
-	 ++div_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&d, buf, 64);
-
-	 mp_div(&a, &b, &e, &f);
-	 if (mp_cmp(&c, &e) != MP_EQ || mp_cmp(&d, &f) != MP_EQ) {
-	    printf("div %lu %d, %d, failure!\n", div_n, mp_cmp(&c, &e),
-		   mp_cmp(&d, &f));
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    draw(&e);
-	    draw(&f);
-	    return 0;
-	 }
-
-      } else if (!strcmp(cmd, "sqr")) {
-	 ++sqr_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 mp_copy(&a, &c);
-	 mp_sqr(&c, &c);
-	 if (mp_cmp(&b, &c) != MP_EQ) {
-	    printf("sqr %lu failure!\n", sqr_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "gcd")) {
-	 ++gcd_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_copy(&a, &d);
-	 mp_gcd(&d, &b, &d);
-	 d.sign = c.sign;
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("gcd %lu failure!\n", gcd_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "lcm")) {
-	 ++lcm_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_copy(&a, &d);
-	 mp_lcm(&d, &b, &d);
-	 d.sign = c.sign;
-	 if (mp_cmp(&c, &d) != MP_EQ) {
-	    printf("lcm %lu failure!\n", lcm_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "expt")) {
-	 ++expt_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&d, buf, 64);
-	 mp_copy(&a, &e);
-	 mp_exptmod(&e, &b, &c, &e);
-	 if (mp_cmp(&d, &e) != MP_EQ) {
-	    printf("expt %lu failure!\n", expt_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    draw(&e);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "invmod")) {
-	 ++inv_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&c, buf, 64);
-	 mp_invmod(&a, &b, &d);
-	 mp_mulmod(&d, &a, &b, &e);
-	 if (mp_cmp_d(&e, 1) != MP_EQ) {
-	    printf("inv [wrong value from MPI?!] failure\n");
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    draw(&d);
-	    mp_gcd(&a, &b, &e);
-	    draw(&e);
-	    return 0;
-	 }
-
-      } else if (!strcmp(cmd, "div2")) {
-	 ++div2_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 mp_div_2(&a, &c);
-	 if (mp_cmp(&c, &b) != MP_EQ) {
-	    printf("div_2 %lu failure\n", div2_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "mul2")) {
-	 ++mul2_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 mp_mul_2(&a, &c);
-	 if (mp_cmp(&c, &b) != MP_EQ) {
-	    printf("mul_2 %lu failure\n", mul2_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "add_d")) {
-	 ++add_d_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 sscanf(buf, "%d", &ix);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 mp_add_d(&a, ix, &c);
-	 if (mp_cmp(&b, &c) != MP_EQ) {
-	    printf("add_d %lu failure\n", add_d_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    printf("d == %d\n", ix);
-	    return 0;
-	 }
-      } else if (!strcmp(cmd, "sub_d")) {
-	 ++sub_d_n;
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&a, buf, 64);
-	 fgets(buf, 4095, stdin);
-	 sscanf(buf, "%d", &ix);
-	 fgets(buf, 4095, stdin);
-	 mp_read_radix(&b, buf, 64);
-	 mp_sub_d(&a, ix, &c);
-	 if (mp_cmp(&b, &c) != MP_EQ) {
-	    printf("sub_d %lu failure\n", sub_d_n);
-	    draw(&a);
-	    draw(&b);
-	    draw(&c);
-	    printf("d == %d\n", ix);
-	    return 0;
-	 }
-      }
-   }
-   return 0;
-}

dep.pl

@@ -1,123 +0,0 @@
-#!/usr/bin/perl 
-#
-# Walk through source, add labels and make classes
-#
-#use strict;
-
-my %deplist;
-
-#open class file and write preamble 
-open(CLASS, ">tommath_class.h") or die "Couldn't open tommath_class.h for writing\n";
-print CLASS "#if !(defined(LTM1) && defined(LTM2) && defined(LTM3))\n#if defined(LTM2)\n#define LTM3\n#endif\n#if defined(LTM1)\n#define LTM2\n#endif\n#define LTM1\n\n#if defined(LTM_ALL)\n";
-
-foreach my $filename (glob "bn*.c") {
-   my $define = $filename;
-
-print "Processing $filename\n";
-
-   # convert filename to upper case so we can use it as a define 
-   $define =~ tr/[a-z]/[A-Z]/;
-   $define =~ tr/\./_/;
-   print CLASS "#define $define\n";
-
-   # now copy text and apply #ifdef as required 
-   my $apply = 0;
-   open(SRC, "<$filename");
-   open(OUT, ">tmp");
-
-   # first line will be the #ifdef
-   my $line = <SRC>;
-   if ($line =~ /include/) {
-      print OUT $line;
-   } else {
-      print OUT "#include <tommath.h>\n#ifdef $define\n$line";
-      $apply = 1;
-   }
-   while (<SRC>) {
-      if (!($_ =~ /tommath\.h/)) {
-         print OUT $_;
-      }
-   }
-   if ($apply == 1) {
-      print OUT "#endif\n";
-   }
-   close SRC;
-   close OUT;
-
-   unlink($filename);
-   rename("tmp", $filename);
-}
-print CLASS "#endif\n\n";
-
-# now do classes 
-
-foreach my $filename (glob "bn*.c") {
-   open(SRC, "<$filename") or die "Can't open source file!\n"; 
-
-   # convert filename to upper case so we can use it as a define 
-   $filename =~ tr/[a-z]/[A-Z]/;
-   $filename =~ tr/\./_/;
-
-   print CLASS "#if defined($filename)\n";
-   my $list = $filename;
-
-   # scan for mp_* and make classes
-   while (<SRC>) {
-      my $line = $_;
-      while ($line =~ m/(fast_)*(s_)*mp\_[a-z_0-9]*/) {
-          $line = $';
-          # now $& is the match, we want to skip over LTM keywords like
-          # mp_int, mp_word, mp_digit
-          if (!($& eq "mp_digit") && !($& eq "mp_word") && !($& eq "mp_int")) {
-             my $a = $&;
-             $a =~ tr/[a-z]/[A-Z]/;
-             $a = "BN_" . $a . "_C";
-             if (!($list =~ /$a/)) {
-                print CLASS "   #define $a\n";
-             }
-             $list = $list . "," . $a;
-          }
-      }
-   }
-   @deplist{$filename} = $list;
-
-   print CLASS "#endif\n\n";
-   close SRC;
-}
-
-print CLASS "#ifdef LTM3\n#define LTM_LAST\n#endif\n#include <tommath_superclass.h>\n#include <tommath_class.h>\n#else\n#define LTM_LAST\n#endif\n";
-close CLASS;
-
-#now let's make a cool call graph... 
-
-open(OUT,">callgraph.txt");
-$indent = 0;
-foreach (keys %deplist) {
-   $list = "";
-   draw_func(@deplist{$_});
-   print OUT "\n\n";
-}
-close(OUT);
-
-sub draw_func()
-{
-   my @funcs = split(",", $_[0]);
-   if ($list =~ /@funcs[0]/) {
-      return;
-   } else {
-      $list = $list . @funcs[0];
-   }
-   if ($indent == 0) { }
-   elsif ($indent >= 1) { print OUT "|   " x ($indent - 1) . "+--->"; }
-   print OUT @funcs[0] . "\n";   
-   shift @funcs;
-      my $temp = $list;
-   foreach my $i (@funcs) {
-      ++$indent;
-      draw_func(@deplist{$i});
-      --$indent;
-   }
-      $list = $temp;
-}
-
-

dh_groups.c

@@ -0,0 +1,94 @@
+#include "options.h"
+#include "dh_groups.h"
+
+#if DROPBEAR_DH_GROUP1
+/* diffie-hellman-group1-sha1 value for p */
+const unsigned char dh_p_1[DH_P_1_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP1 */
+
+#if DROPBEAR_DH_GROUP14
+/* diffie-hellman-group14-sha1 value for p */
+const unsigned char dh_p_14[DH_P_14_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+	0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+	0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+	0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+	0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP14 */
+
+#if DROPBEAR_DH_GROUP16
+/* diffie-hellman-group16-256 value for p */
+const unsigned char dh_p_16[DH_P_16_LEN] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21,
+	0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02,
+	0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B,
+	0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3,
+	0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F,
+	0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E,
+	0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C,
+	0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
+	0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA,
+	0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+	0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+	0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67,
+	0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18,
+	0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77,
+	0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95,
+	0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
+	0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4,
+	0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB,
+	0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A,
+	0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1,
+	0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94,
+	0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E,
+	0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1,
+	0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
+	0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC,
+	0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A,
+	0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA,
+	0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68,
+	0x34, 0xB6, 0x15, 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+	0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F,
+	0xBE, 0xCA, 0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2,
+	0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
+	0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+	0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, 0x93,
+	0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6,
+	0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+#endif /* DROPBEAR_DH_GROUP16 */
+
+/* Same for all groups */
+const int DH_G_VAL = 2;
+

dh_groups.h

@@ -0,0 +1,24 @@
+#ifndef DROPBEAR_DH_GROUPS_H
+#define DROPBEAR_DH_GROUPS_H
+#include "options.h"
+
+#if DROPBEAR_DH_GROUP1
+#define DH_P_1_LEN 128
+extern const unsigned char dh_p_1[DH_P_1_LEN];
+#endif
+
+#if DROPBEAR_DH_GROUP14
+#define DH_P_14_LEN 256
+extern const unsigned char dh_p_14[DH_P_14_LEN];
+#endif
+
+#if DROPBEAR_DH_GROUP16
+#define DH_P_16_LEN 512
+extern const unsigned char dh_p_16[DH_P_16_LEN];
+#endif
+
+
+extern const int DH_G_VAL;
+
+
+#endif

dropbear.8

@@ -0,0 +1,202 @@
+.TH dropbear 8
+.SH NAME
+dropbear \- lightweight SSH server
+.SH SYNOPSIS
+.B dropbear
+[\fIflag arguments\fR] [\-b
+.I banner\fR] 
+[\-r
+.I hostkeyfile\fR] [\-p [\fIaddress\fR:]\fIport\fR]
+.SH DESCRIPTION
+.B dropbear
+is a small SSH server 
+.SH OPTIONS
+.TP
+.B \-b \fIbanner
+bannerfile.
+Display the contents of the file
+.I banner
+before user login (default: none).
+.TP
+.B \-r \fIhostkey
+Use the contents of the file
+.I hostkey
+for the SSH hostkey.
+This file is generated with
+.BR dropbearkey (1) 
+or automatically with the '-R' option. See "Host Key Files" below.
+.TP
+.B \-R
+Generate hostkeys automatically. See "Host Key Files" below.
+.TP
+.B \-F
+Don't fork into background.
+.TP
+.B \-E
+Log to standard error rather than syslog.
+.TP
+.B \-m
+Don't display the message of the day on login.
+.TP
+.B \-w
+Disallow root logins.
+.TP
+.B \-s
+Disable password logins.
+.TP
+.B \-g
+Disable password logins for root.
+.TP
+.B \-j
+Disable local port forwarding.
+.TP
+.B \-k
+Disable remote port forwarding.
+.TP
+.B \-p\fR [\fIaddress\fR:]\fIport
+Listen on specified 
+.I address
+and TCP
+.I port.
+If just a port is given listen
+on all addresses.
+up to 10 can be specified (default 22 if none specified).
+.TP
+.B \-i
+Service program mode.
+Use this option to run
+.B dropbear
+under TCP/IP servers like inetd, tcpsvd, or tcpserver.
+In program mode the \-F option is implied, and \-p options are ignored.
+.TP
+.B \-P \fIpidfile
+Specify a pidfile to create when running as a daemon. If not specified, the 
+default is /var/run/dropbear.pid
+.TP
+.B \-a
+Allow remote hosts to connect to forwarded ports.
+.TP
+.B \-W \fIwindowsize
+Specify the per-channel receive window buffer size. Increasing this 
+may improve network performance at the expense of memory use. Use -h to see the
+default buffer size.
+.TP
+.B \-K \fItimeout_seconds
+Ensure that traffic is transmitted at a certain interval in seconds. This is
+useful for working around firewalls or routers that drop connections after
+a certain period of inactivity. The trade-off is that a session may be
+closed if there is a temporary lapse of network connectivity. A setting
+if 0 disables keepalives. If no response is received for 3 consecutive keepalives the connection will be closed.
+.TP
+.B \-I \fIidle_timeout
+Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
+.TP
+.B \-T \fImax_authentication_attempts
+Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
+.TP
+.B \-c \fIforced_command
+Disregard the command provided by the user and always run \fIforced_command\fR. This also
+overrides any authorized_keys command= option.
+.TP
+.B \-V
+Print the version
+
+.SH FILES
+
+.TP
+Authorized Keys
+
+~/.ssh/authorized_keys can be set up to allow remote login with a RSA,
+ECDSA, or DSS
+key. Each line is of the form
+.TP
+[restrictions] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIgAsp... [comment]
+
+and can be extracted from a Dropbear private host key with "dropbearkey -y". This is the same format as used by OpenSSH, though the restrictions are a subset (keys with unknown restrictions are ignored).
+Restrictions are comma separated, with double quotes around spaces in arguments.
+Available restrictions are:
+
+.TP
+.B no-port-forwarding
+Don't allow port forwarding for this connection
+
+.TP
+.B no-agent-forwarding
+Don't allow agent forwarding for this connection
+
+.TP
+.B no-X11-forwarding
+Don't allow X11 forwarding for this connection
+
+.TP
+.B no-pty
+Disable PTY allocation. Note that a user can still obtain most of the
+same functionality with other means even if no-pty is set.
+
+.TP
+.B command=\fR"\fIforced_command\fR"
+Disregard the command provided by the user and always run \fIforced_command\fR.
+The -c command line option overrides this.
+
+The authorized_keys file and its containing ~/.ssh directory must only be
+writable by the user, otherwise Dropbear will not allow a login using public
+key authentication.
+
+.TP
+Host Key Files
+
+Host key files are read at startup from a standard location, by default
+/etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
+/etc/dropbear/dropbear_ecdsa_host_key
+
+If the -r command line option is specified the default files are not loaded.
+Host key files are of the form generated by dropbearkey. 
+The -R option can be used to automatically generate keys
+in the default location - keys will be generated after startup when the first
+connection is established. This had the benefit that the system /dev/urandom
+random number source has a better chance of being securely seeded.
+
+.TP
+Message Of The Day
+
+By default the file /etc/motd will be printed for any login shell (unless 
+disabled at compile-time). This can also be disabled per-user
+by creating a file ~/.hushlogin .
+
+.SH ENVIRONMENT VARIABLES
+Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM.
+
+The variables below are set for sessions as appropriate. 
+
+.TP
+.B SSH_TTY
+This is set to the allocated TTY if a PTY was used.
+
+.TP
+.B SSH_CONNECTION
+Contains "<remote_ip> <remote_port> <local_ip> <local_port>".
+
+.TP
+.B DISPLAY
+Set X11 forwarding is used.
+
+.TP
+.B SSH_ORIGINAL_COMMAND
+If a 'command=' authorized_keys option was used, the original command is specified
+in this variable. If a shell was requested this is set to an empty value.
+
+.TP
+.B SSH_AUTH_SOCK
+Set to a forwarded ssh-agent connection.
+
+.SH NOTES
+Dropbear only supports SSH protocol version 2.
+
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbearkey(1), dbclient(1), dropbearconvert(1)
+.P
+https://matt.ucc.asn.au/dropbear/dropbear.html

dropbearconvert.1

@@ -0,0 +1,50 @@
+.TH dropbearconvert 1
+.SH NAME
+dropbearconvert \- convert between Dropbear and OpenSSH private key formats
+.SH SYNOPSIS
+.B dropbearconvert
+.I input_type
+.I output_type
+.I input_file
+.I output_file
+.SH DESCRIPTION
+.B Dropbear
+and 
+.B OpenSSH
+SSH implementations have different private key formats.
+.B dropbearconvert
+can convert between the two.
+.P
+Dropbear uses the same SSH public key format as OpenSSH, it can be extracted
+from a private key by using
+.B dropbearkey \-y
+.P
+Encrypted private keys are not supported, use ssh-keygen(1) to decrypt them
+first.
+.SH ARGUMENTS
+.TP
+.I input_type
+Either 
+.I dropbear
+or 
+.I openssh
+.TP
+.I output_type
+Either 
+.I dropbear
+or 
+.I openssh
+.TP
+.I input_file
+An existing Dropbear or OpenSSH private key file
+.TP
+.I output_file
+The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default
+.SH EXAMPLE
+ # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.SH SEE ALSO
+ dropbearkey(1), ssh-keygen(1)
+.P
+https://matt.ucc.asn.au/dropbear/dropbear.html

dropbearconvert.c

@@ -0,0 +1,145 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* This program converts to/from Dropbear and OpenSSH private-key formats */
+#include "includes.h"
+#include "signkey.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "keyimport.h"
+#include "crypto_desc.h" 
+#include "dbrandom.h" 
+
+
+static int do_convert(int intype, const char* infile, int outtype,
+		const char* outfile);
+
+static void printhelp(char * progname);
+
+static void printhelp(char * progname) {
+
+	fprintf(stderr, "Usage: %s <inputtype> <outputtype> <inputfile> <outputfile>\n\n"
+					"CAUTION: This program is for convenience only, and is not secure if used on\n"
+					"untrusted input files, ie it could allow arbitrary code execution.\n"
+					"All parameters must be specified in order.\n"
+					"\n"
+					"The input and output types are one of:\n"
+					"openssh\n"
+					"dropbear\n"
+					"\n"
+					"Example:\n"
+					"dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear_rsa_host_key\n",
+					progname);
+}
+
+#if defined(DBMULTI_dropbearconvert) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dropbearconvert) && DROPBEAR_MULTI
+int dropbearconvert_main(int argc, char ** argv) {
+#else 
+int main(int argc, char ** argv) {
+#endif
+
+	int intype, outtype;
+	const char* infile;
+	const char* outfile;
+
+	crypto_init();
+	seedrandom();
+
+#if DEBUG_TRACE
+	/* It's hard for it to get in the way _too_ much */
+	debug_trace = 1;
+#endif
+
+	/* get the commandline options */
+	if (argc != 5) {
+		fprintf(stderr, "All arguments must be specified\n");
+		goto usage;
+	}
+
+	/* input type */
+	if (argv[1][0] == 'd') {
+		intype = KEYFILE_DROPBEAR;
+	} else if (argv[1][0] == 'o') {
+		intype = KEYFILE_OPENSSH;
+	} else {
+		fprintf(stderr, "Invalid input key type\n");
+		goto usage;
+	}
+
+	/* output type */
+	if (argv[2][0] == 'd') {
+		outtype = KEYFILE_DROPBEAR;
+	} else if (argv[2][0] == 'o') {
+		outtype = KEYFILE_OPENSSH;
+	} else {
+		fprintf(stderr, "Invalid output key type\n");
+		goto usage;
+	}
+
+	/* we don't want output readable by others */
+	umask(077);
+
+	infile = argv[3];
+	outfile = argv[4];
+
+	return do_convert(intype, infile, outtype, outfile);
+
+usage:
+	printhelp(argv[0]);
+	return 1;
+}
+#endif
+
+static int do_convert(int intype, const char* infile, int outtype,
+		const char* outfile) {
+
+	sign_key * key = NULL;
+	const char * keytype = NULL;
+	int ret = 1;
+
+	key = import_read(infile, NULL, intype);
+	if (!key) {
+		fprintf(stderr, "Error reading key from '%s'\n",
+				infile);
+		goto out;
+	}
+
+	keytype = signkey_name_from_type(key->type, NULL);
+
+	fprintf(stderr, "Key is a %s key\n", keytype);
+
+	if (import_write(outfile, key, NULL, outtype) != 1) {
+		fprintf(stderr, "Error writing key to '%s'\n", outfile);
+	} else {
+		fprintf(stderr, "Wrote key to '%s'\n", outfile);
+		ret = 0;
+	}
+
+out:
+	if (key) {
+		sign_key_free(key);
+	}
+	return ret;
+}

dropbearkey.1

@@ -0,0 +1,60 @@
+.TH dropbearkey 1
+.SH NAME
+dropbearkey \- create private keys for the use with dropbear(8) or dbclient(1)
+.SH SYNOPSIS
+.B dropbearkey
+\-t
+.I type
+\-f
+.I file
+[\-s
+.IR bits ]
+[\-y]
+.SH DESCRIPTION
+.B dropbearkey
+generates a
+\fIRSA\fR, \fIDSS\fR, or \fIECDSA\fR
+format SSH private key, and saves it to a file for the use with the
+Dropbear client or server.
+Note that 
+some SSH implementations
+use the term "DSA" rather than "DSS", they mean the same thing.
+.SH OPTIONS
+.TP
+.B \-t \fItype
+Type of key to generate.
+Must be one of
+.I rsa
+.I ecdsa
+or
+.IR dss .
+.TP
+.B \-f \fIfile
+Write the secret key to the file
+\fIfile\fR. For client authentication ~/.ssh/id_dropbear is loaded by default
+.TP
+.B \-s \fIbits
+Set the key size to
+.I bits
+bits, should be multiple of 8 (optional). 
+.TP
+.B \-y
+Just print the publickey and fingerprint for the private key in \fIfile\fR.
+.SH NOTES
+The program dropbearconvert(1) can be used to convert between Dropbear and OpenSSH key formats.
+.P
+Dropbear does not support encrypted keys. 
+.SH EXAMPLE
+generate a host-key:
+ # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+
+extract a public key suitable for authorized_keys from private key:
+ # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbear(8), dbclient(1), dropbearconvert(1)
+.P
+https://matt.ucc.asn.au/dropbear/dropbear.html

dropbearkey.c

@@ -0,0 +1,342 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* The format of the keyfiles is basically a raw dump of the buffer. Data types
+ * are specified in the transport rfc 4253 - string is a 32-bit len then the
+ * non-null-terminated string, mp_int is a 32-bit len then the bignum data.
+ * The actual functions are buf_put_rsa_priv_key() and buf_put_dss_priv_key()
+
+ * RSA:
+ * string	"ssh-rsa"
+ * mp_int	e
+ * mp_int	n
+ * mp_int	d
+ * mp_int	p (newer versions only)
+ * mp_int	q (newer versions only) 
+ *
+ * DSS:
+ * string	"ssh-dss"
+ * mp_int	p
+ * mp_int	q
+ * mp_int	g
+ * mp_int	y
+ * mp_int	x
+ *
+ */
+#include "includes.h"
+#include "signkey.h"
+#include "buffer.h"
+#include "dbutil.h"
+
+#include "genrsa.h"
+#include "gendss.h"
+#include "ecdsa.h"
+#include "crypto_desc.h"
+#include "dbrandom.h"
+#include "gensignkey.h"
+
+static void printhelp(char * progname);
+
+
+static void printpubkey(sign_key * key, int keytype);
+static int printpubfile(const char* filename);
+
+/* Print a help message */
+static void printhelp(char * progname) {
+
+	fprintf(stderr, "Usage: %s -t <type> -f <filename> [-s bits]\n"
+					"-t type	Type of key to generate. One of:\n"
+#if DROPBEAR_RSA
+					"		rsa\n"
+#endif
+#if DROPBEAR_DSS
+					"		dss\n"
+#endif
+#if DROPBEAR_ECDSA
+					"		ecdsa\n"
+#endif
+					"-f filename    Use filename for the secret key.\n"
+					"               ~/.ssh/id_dropbear is recommended for client keys.\n"
+					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
+#if DROPBEAR_DSS
+					"           DSS has a fixed size of 1024 bits\n"
+#endif
+#if DROPBEAR_ECDSA
+					"           ECDSA has sizes "
+#if DROPBEAR_ECC_256
+					"256 "
+#endif
+#if DROPBEAR_ECC_384
+					"384 "
+#endif
+#if DROPBEAR_ECC_521
+					"521 "
+#endif
+					"\n"
+#endif
+					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
+#if DEBUG_TRACE
+					"-v		verbose\n"
+#endif
+					,progname);
+}
+
+/* fails fatally */
+static void check_signkey_bits(enum signkey_type type, int bits)
+{
+	switch (type) {
+#if DROPBEAR_RSA
+		case DROPBEAR_SIGNKEY_RSA:
+			if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
+				dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
+				              " multiple of 8\n");
+			}
+			break;
+#endif
+#ifdef DROPEAR_DSS
+		case DROPBEAR_SIGNKEY_DSS:
+			if (bits != 1024) {
+				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
+				exit(EXIT_FAILURE);
+			}
+#endif
+		default:
+			(void)0; /* quiet, compiler. ecdsa handles checks itself */
+	}
+}
+
+#if defined(DBMULTI_dropbearkey) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dropbearkey) && DROPBEAR_MULTI
+int dropbearkey_main(int argc, char ** argv) {
+#else
+int main(int argc, char ** argv) {
+#endif
+
+	int i;
+	char ** next = NULL;
+	char * filename = NULL;
+	enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
+	char * typetext = NULL;
+	char * sizetext = NULL;
+	unsigned int bits = 0, genbits;
+	int printpub = 0;
+
+	crypto_init();
+	seedrandom();
+
+	/* get the commandline options */
+	for (i = 1; i < argc; i++) {
+		if (argv[i] == NULL) {
+			continue; /* Whack */
+		} 
+		if (next) {
+			*next = argv[i];
+			next = NULL;
+			continue;
+		}
+
+		if (argv[i][0] == '-') {
+			switch (argv[i][1]) {
+				case 'f':
+					next = &filename;
+					break;
+				case 't':
+					next = &typetext;
+					break;
+				case 's':
+					next = &sizetext;
+					break;
+				case 'y':
+					printpub = 1;
+					break;
+				case 'h':
+					printhelp(argv[0]);
+					exit(EXIT_SUCCESS);
+					break;
+#if DEBUG_TRACE
+				case 'v':
+					debug_trace = 1;
+					break;
+#endif
+				default:
+					fprintf(stderr, "Unknown argument %s\n", argv[i]);
+					printhelp(argv[0]);
+					exit(EXIT_FAILURE);
+					break;
+			}
+		}
+	}
+
+	if (!filename) {
+		fprintf(stderr, "Must specify a key filename\n");
+		printhelp(argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	if (printpub) {
+		int ret = printpubfile(filename);
+		exit(ret);
+	}
+
+	/* check/parse args */
+	if (!typetext) {
+		fprintf(stderr, "Must specify key type\n");
+		printhelp(argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+#if DROPBEAR_RSA
+	if (strcmp(typetext, "rsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_RSA;
+	}
+#endif
+#if DROPBEAR_DSS
+	if (strcmp(typetext, "dss") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_DSS;
+	}
+#endif
+#if DROPBEAR_ECDSA
+	if (strcmp(typetext, "ecdsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
+	}
+#endif
+
+	if (keytype == DROPBEAR_SIGNKEY_NONE) {
+		fprintf(stderr, "Unknown key type '%s'\n", typetext);
+		printhelp(argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	if (sizetext) {
+		if (sscanf(sizetext, "%u", &bits) != 1) {
+			fprintf(stderr, "Bits must be an integer\n");
+			exit(EXIT_FAILURE);
+		}
+		
+		check_signkey_bits(keytype, bits);;
+	}
+
+	genbits = signkey_generate_get_bits(keytype, bits);
+	fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext);
+	if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
+	{
+		dropbear_exit("Failed to generate key.\n");
+	}
+
+	printpubfile(filename);
+
+	return EXIT_SUCCESS;
+}
+#endif
+
+static int printpubfile(const char* filename) {
+
+	buffer *buf = NULL;
+	sign_key *key = NULL;
+	enum signkey_type keytype;
+	int ret;
+	int err = DROPBEAR_FAILURE;
+
+	buf = buf_new(MAX_PRIVKEY_SIZE);
+	ret = buf_readfile(buf, filename);
+
+	if (ret != DROPBEAR_SUCCESS) {
+		fprintf(stderr, "Failed reading '%s'\n", filename);
+		goto out;
+	}
+
+	key = new_sign_key();
+	keytype = DROPBEAR_SIGNKEY_ANY;
+
+	buf_setpos(buf, 0);
+	ret = buf_get_priv_key(buf, key, &keytype);
+	if (ret == DROPBEAR_FAILURE) {
+		fprintf(stderr, "Bad key in '%s'\n", filename);
+		goto out;
+	}
+
+	printpubkey(key, keytype);
+
+	err = DROPBEAR_SUCCESS;
+
+out:
+	buf_burn(buf);
+	buf_free(buf);
+	buf = NULL;
+	if (key) {
+		sign_key_free(key);
+		key = NULL;
+	}
+	return err;
+}
+
+static void printpubkey(sign_key * key, int keytype) {
+
+	buffer * buf = NULL;
+	unsigned char base64key[MAX_PUBKEY_SIZE*2];
+	unsigned long base64len;
+	int err;
+	const char * typestring = NULL;
+	char *fp = NULL;
+	int len;
+	struct passwd * pw = NULL;
+	char * username = NULL;
+	char hostname[100];
+
+	buf = buf_new(MAX_PUBKEY_SIZE);
+	buf_put_pub_key(buf, key, keytype);
+	buf_setpos(buf, 4);
+
+	len = buf->len - buf->pos;
+
+	base64len = sizeof(base64key);
+	err = base64_encode(buf_getptr(buf, len), len, base64key, &base64len);
+
+	if (err != CRYPT_OK) {
+		fprintf(stderr, "base64 failed");
+	}
+
+	typestring = signkey_name_from_type(keytype, NULL);
+
+	fp = sign_key_fingerprint(buf_getptr(buf, len), len);
+
+	/* a user@host comment is informative */
+	username = "";
+	pw = getpwuid(getuid());
+	if (pw) {
+		username = pw->pw_name;
+	}
+
+	gethostname(hostname, sizeof(hostname));
+	hostname[sizeof(hostname)-1] = '\0';
+
+	printf("Public key portion is:\n%s %s %s@%s\nFingerprint: %s\n",
+			typestring, base64key, username, hostname, fp);
+
+	m_free(fp);
+	buf_free(buf);
+}

dss.c

@@ -0,0 +1,377 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "bignum.h"
+#include "dss.h"
+#include "buffer.h"
+#include "ssh.h"
+#include "dbrandom.h"
+
+/* Handle DSS (Digital Signature Standard), aka DSA (D.S. Algorithm),
+ * operations, such as key reading, signing, verification. Key generation
+ * is in gendss.c, since it isn't required in the server itself.
+ *
+ * See FIPS186 or the Handbook of Applied Cryptography for details of the
+ * algorithm */
+
+#if DROPBEAR_DSS 
+
+/* Load a dss key from a buffer, initialising the values.
+ * The key will have the same format as buf_put_dss_key.
+ * These should be freed with dss_key_free.
+ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
+	int ret = DROPBEAR_FAILURE;
+
+	TRACE(("enter buf_get_dss_pub_key"))
+	dropbear_assert(key != NULL);
+	m_mp_alloc_init_multi(&key->p, &key->q, &key->g, &key->y, NULL);
+	key->x = NULL;
+
+	buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */
+	if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE
+	 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE
+	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
+	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
+		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"))
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	if (mp_count_bits(key->p) != DSS_P_BITS) {
+		dropbear_log(LOG_WARNING, "Bad DSS p");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	if (mp_count_bits(key->q) != DSS_Q_BITS) {
+		dropbear_log(LOG_WARNING, "Bad DSS q");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	/* test 1 < g < p */
+	if (mp_cmp_d(key->g, 1) != MP_GT) {
+		dropbear_log(LOG_WARNING, "Bad DSS g");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+	if (mp_cmp(key->g, key->p) != MP_LT) {
+		dropbear_log(LOG_WARNING, "Bad DSS g");
+		ret = DROPBEAR_FAILURE;
+		goto out;
+	}
+
+	ret = DROPBEAR_SUCCESS;
+	TRACE(("leave buf_get_dss_pub_key: success"))
+out:
+	if (ret == DROPBEAR_FAILURE) {
+		m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, NULL);
+	}
+	return ret;
+}
+
+/* Same as buf_get_dss_pub_key, but reads a private "x" key at the end.
+ * Loads a private dss key from a buffer
+ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
+
+	int ret = DROPBEAR_FAILURE;
+
+	dropbear_assert(key != NULL);
+
+	ret = buf_get_dss_pub_key(buf, key);
+	if (ret == DROPBEAR_FAILURE) {
+		return DROPBEAR_FAILURE;
+	}
+
+	m_mp_alloc_init_multi(&key->x, NULL);
+	ret = buf_getmpint(buf, key->x);
+	if (ret == DROPBEAR_FAILURE) {
+		m_mp_free_multi(&key->x, NULL);
+	}
+
+	return ret;
+}
+	
+
+/* Clear and free the memory used by a public or private key */
+void dss_key_free(dropbear_dss_key *key) {
+
+	TRACE2(("enter dsa_key_free"))
+	if (key == NULL) {
+		TRACE2(("enter dsa_key_free: key == NULL"))
+		return;
+	}
+	m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL);
+	m_free(key);
+	TRACE2(("leave dsa_key_free"))
+}
+
+/* put the dss public key into the buffer in the required format:
+ *
+ * string	"ssh-dss"
+ * mpint	p
+ * mpint	q
+ * mpint	g
+ * mpint	y
+ */
+void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) {
+
+	dropbear_assert(key != NULL);
+	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
+	buf_putmpint(buf, key->p);
+	buf_putmpint(buf, key->q);
+	buf_putmpint(buf, key->g);
+	buf_putmpint(buf, key->y);
+
+}
+
+/* Same as buf_put_dss_pub_key, but with the private "x" key appended */
+void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key) {
+
+	dropbear_assert(key != NULL);
+	buf_put_dss_pub_key(buf, key);
+	buf_putmpint(buf, key->x);
+
+}
+
+#if DROPBEAR_SIGNKEY_VERIFY
+/* Verify a DSS signature (in buf) made on data by the key given. 
+ * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
+	unsigned char msghash[SHA1_HASH_SIZE];
+	hash_state hs;
+	int ret = DROPBEAR_FAILURE;
+	DEF_MP_INT(val1);
+	DEF_MP_INT(val2);
+	DEF_MP_INT(val3);
+	DEF_MP_INT(val4);
+	char * string = NULL;
+	unsigned int stringlen;
+
+	TRACE(("enter buf_dss_verify"))
+	dropbear_assert(key != NULL);
+
+	m_mp_init_multi(&val1, &val2, &val3, &val4, NULL);
+
+	/* get blob, check length */
+	string = buf_getstring(buf, &stringlen);
+	if (stringlen != 2*SHA1_HASH_SIZE) {
+		goto out;
+	}
+
+#if DEBUG_DSS_VERIFY
+	printmpint("dss verify p", key->p);
+	printmpint("dss verify q", key->q);
+	printmpint("dss verify g", key->g);
+	printmpint("dss verify y", key->y);
+#endif
+
+	/* hash the data */
+	sha1_init(&hs);
+	sha1_process(&hs, data_buf->data, data_buf->len);
+	sha1_done(&hs, msghash);
+
+	/* create the signature - s' and r' are the received signatures in buf */
+	/* w = (s')-1 mod q */
+	/* let val1 = s' */
+	bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
+#if DEBUG_DSS_VERIFY
+	printmpint("dss verify s'", &val1);
+#endif
+
+	if (mp_cmp(&val1, key->q) != MP_LT) {
+		TRACE(("verify failed, s' >= q"))
+		goto out;
+	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, s' <= 0"))
+		goto out;
+	}
+	/* let val2 = w = (s')^-1 mod q*/
+	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
+		goto out;
+	}
+
+	/* u1 = ((SHA(M')w) mod q */
+	/* let val1 = SHA(M') = msghash */
+	bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE);
+#if DEBUG_DSS_VERIFY
+	printmpint("dss verify r'", &val1);
+#endif
+
+	/* let val3 = u1 = ((SHA(M')w) mod q */
+	if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) {
+		goto out;
+	}
+
+	/* u2 = ((r')w) mod q */
+	/* let val1 = r' */
+	bytes_to_mp(&val1, (const unsigned char*) &string[0], SHA1_HASH_SIZE);
+	if (mp_cmp(&val1, key->q) != MP_LT) {
+		TRACE(("verify failed, r' >= q"))
+		goto out;
+	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, r' <= 0"))
+		goto out;
+	}
+	/* let val4 = u2 = ((r')w) mod q */
+	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
+		goto out;
+	}
+
+	/* v = (((g)^u1 (y)^u2) mod p) mod q */
+	/* val2 = g^u1 mod p */
+	if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) {
+		goto out;
+	}
+	/* val3 = y^u2 mod p */
+	if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) {
+		goto out;
+	}
+	/* val4 = ((g)^u1 (y)^u2) mod p */
+	if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) {
+		goto out;
+	}
+	/* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */
+	if (mp_mod(&val4, key->q, &val2) != MP_OKAY) {
+		goto out;
+	}
+	
+	/* check whether signatures verify */
+	if (mp_cmp(&val2, &val1) == MP_EQ) {
+		/* good sig */
+		ret = DROPBEAR_SUCCESS;
+	}
+
+out:
+	mp_clear_multi(&val1, &val2, &val3, &val4, NULL);
+	m_free(string);
+
+	return ret;
+
+}
+#endif /* DROPBEAR_SIGNKEY_VERIFY */
+
+/* Sign the data presented with key, writing the signature contents
+ * to the buffer */
+void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
+	unsigned char msghash[SHA1_HASH_SIZE];
+	unsigned int writelen;
+	unsigned int i;
+	DEF_MP_INT(dss_k);
+	DEF_MP_INT(dss_m);
+	DEF_MP_INT(dss_temp1);
+	DEF_MP_INT(dss_temp2);
+	DEF_MP_INT(dss_r);
+	DEF_MP_INT(dss_s);
+	hash_state hs;
+	
+	TRACE(("enter buf_put_dss_sign"))
+	dropbear_assert(key != NULL);
+	
+	/* hash the data */
+	sha1_init(&hs);
+	sha1_process(&hs, data_buf->data, data_buf->len);
+	sha1_done(&hs, msghash);
+
+	m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+			&dss_m, NULL);
+	/* the random number generator's input has included the private key which
+	 * avoids DSS's problem of private key exposure due to low entropy */
+	gen_random_mpint(key->q, &dss_k);
+
+	/* now generate the actual signature */
+	bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE);
+
+	/* g^k mod p */
+	if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+	/* r = (g^k mod p) mod q */
+	if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+
+	/* x*r mod q */
+	if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+	/* (SHA1(M) + xr) mod q) */
+	if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+	
+	/* (k^-1) mod q */
+	if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+
+	/* s = (k^-1(SHA1(M) + xr)) mod q */
+	if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+
+	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
+	buf_putint(buf, 2*SHA1_HASH_SIZE);
+
+	writelen = mp_unsigned_bin_size(&dss_r);
+	dropbear_assert(writelen <= SHA1_HASH_SIZE);
+	/* need to pad to 160 bits with leading zeros */
+	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
+		buf_putbyte(buf, 0);
+	}
+	if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) 
+			!= MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+	mp_clear(&dss_r);
+	buf_incrwritepos(buf, writelen);
+
+	writelen = mp_unsigned_bin_size(&dss_s);
+	dropbear_assert(writelen <= SHA1_HASH_SIZE);
+	/* need to pad to 160 bits with leading zeros */
+	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
+		buf_putbyte(buf, 0);
+	}
+	if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) 
+			!= MP_OKAY) {
+		dropbear_exit("DSS error");
+	}
+	mp_clear(&dss_s);
+	buf_incrwritepos(buf, writelen);
+
+	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
+			&dss_m, NULL);
+	
+	/* create the signature to return */
+
+	TRACE(("leave buf_put_dss_sign"))
+}
+
+#endif /* DROPBEAR_DSS */

dss.h

@@ -0,0 +1,59 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef DROPBEAR_DSS_H_
+#define DROPBEAR_DSS_H_
+
+#include "includes.h"
+#include "buffer.h"
+
+#if DROPBEAR_DSS 
+
+typedef struct {
+
+	mp_int* p;
+	mp_int* q;
+	mp_int* g;
+	mp_int* y;
+	/* x is the private part */
+	mp_int* x;
+
+} dropbear_dss_key;
+
+#define DSS_P_BITS 1024
+#define DSS_Q_BITS 160
+
+void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
+#if DROPBEAR_SIGNKEY_VERIFY
+int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
+#endif
+int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
+int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
+void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key);
+void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key);
+void dss_key_free(dropbear_dss_key *key);
+
+#endif /* DROPBEAR_DSS */
+
+#endif /* DROPBEAR_DSS_H_ */

ecc.c

@@ -0,0 +1,264 @@
+#include "includes.h"
+#include "ecc.h"
+#include "dbutil.h"
+#include "bignum.h"
+
+#if DROPBEAR_ECC
+
+/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
+#if DROPBEAR_ECC_256
+struct dropbear_ecc_curve ecc_curve_nistp256 = {
+	32,		/* .ltc_size	*/
+	NULL,		/* .dp		*/
+	&sha256_desc,	/* .hash_desc	*/
+	"nistp256"	/* .name	*/
+};
+#endif
+#if DROPBEAR_ECC_384
+struct dropbear_ecc_curve ecc_curve_nistp384 = {
+	48,		/* .ltc_size	*/
+	NULL,		/* .dp		*/
+	&sha384_desc,	/* .hash_desc	*/
+	"nistp384"	/* .name	*/
+};
+#endif
+#if DROPBEAR_ECC_521
+struct dropbear_ecc_curve ecc_curve_nistp521 = {
+	66,		/* .ltc_size	*/
+	NULL,		/* .dp		*/
+	&sha512_desc,	/* .hash_desc	*/
+	"nistp521"	/* .name	*/
+};
+#endif
+
+struct dropbear_ecc_curve *dropbear_ecc_curves[] = {
+#if DROPBEAR_ECC_256
+	&ecc_curve_nistp256,
+#endif
+#if DROPBEAR_ECC_384
+	&ecc_curve_nistp384,
+#endif
+#if DROPBEAR_ECC_521
+	&ecc_curve_nistp521,
+#endif
+	NULL
+};
+
+void dropbear_ecc_fill_dp() {
+	struct dropbear_ecc_curve **curve;
+	/* libtomcrypt guarantees they're ordered by size */
+	const ltc_ecc_set_type *dp = ltc_ecc_sets;
+	for (curve = dropbear_ecc_curves; *curve; curve++) {
+		for (;dp->size > 0; dp++) {
+			if (dp->size == (*curve)->ltc_size) {
+				(*curve)->dp = dp;
+				break;
+			}
+		}
+		if (!(*curve)->dp) {
+			dropbear_exit("Missing ECC params %s", (*curve)->name);
+		}
+	}
+}
+
+struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp) {
+	struct dropbear_ecc_curve **curve = NULL;
+	for (curve = dropbear_ecc_curves; *curve; curve++) {
+		if ((*curve)->dp == dp) {
+			break;
+		}
+	}
+	assert(*curve);
+	return *curve;
+}
+
+ecc_key * new_ecc_key(void) {
+	ecc_key *key = m_malloc(sizeof(*key));
+	m_mp_alloc_init_multi((mp_int**)&key->pubkey.x, (mp_int**)&key->pubkey.y, 
+		(mp_int**)&key->pubkey.z, (mp_int**)&key->k, NULL);
+	return key;
+}
+
+/* Copied from libtomcrypt ecc_import.c (version there is static), modified
+   for different mp_int pointer without LTC_SOURCE */
+static int ecc_is_point(const ecc_key *key)
+{
+	mp_int *prime, *b, *t1, *t2;
+	int err;
+	
+	m_mp_alloc_init_multi(&prime, &b, &t1, &t2, NULL);
+	
+   /* load prime and b */
+	if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK)                          { goto error; }
+	if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK)                                  { goto error; }
+	
+   /* compute y^2 */
+	if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK)                                         { goto error; }
+	
+   /* compute x^3 */
+	if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK)                                         { goto error; }
+	if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK)                                             { goto error; }
+	if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK)                                     { goto error; }
+	
+   /* compute y^2 - x^3 */
+	if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK)                                                { goto error; }
+	
+   /* compute y^2 - x^3 + 3x */
+	if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+	if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+	if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+	if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK)                                             { goto error; }
+	while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
+		if ((err = mp_add(t1, prime, t1)) != CRYPT_OK)                                          { goto error; }
+	}
+	while (mp_cmp(t1, prime) != LTC_MP_LT) {
+		if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK)                                          { goto error; }
+	}
+	
+   /* compare to b */
+	if (mp_cmp(t1, b) != LTC_MP_EQ) {
+		err = CRYPT_INVALID_PACKET;
+	} else {
+		err = CRYPT_OK;
+	}
+	
+	error:
+	mp_clear_multi(prime, b, t1, t2, NULL);
+	m_free(prime);
+	m_free(b);
+	m_free(t1);
+	m_free(t2);
+	return err;
+}
+
+/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */
+void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) {
+	unsigned long len = key->dp->size*2 + 1;
+	int err;
+	buf_putint(buf, len);
+	err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
+	if (err != CRYPT_OK) {
+		dropbear_exit("ECC error");
+	}
+	buf_incrwritepos(buf, len);
+}
+
+/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */
+ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) {
+	ecc_key *key = NULL;
+	int ret = DROPBEAR_FAILURE;
+	const unsigned int size = curve->dp->size;
+	unsigned char first;
+
+	TRACE(("enter buf_get_ecc_raw_pubkey"))
+
+	buf_setpos(buf, 0);
+	first = buf_getbyte(buf);
+	if (first == 2 || first == 3) {
+		dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression");
+		return NULL;
+	}
+	if (first != 4 || buf->len != 1+2*size) {
+		TRACE(("leave, wrong size"))
+		return NULL;
+	}
+
+	key = new_ecc_key();
+	key->dp = curve->dp;
+
+	if (mp_read_unsigned_bin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) {
+		TRACE(("failed to read x"))
+		goto out;
+	}
+	buf_incrpos(buf, size);
+
+	if (mp_read_unsigned_bin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) {
+		TRACE(("failed to read y"))
+		goto out;
+	}
+	buf_incrpos(buf, size);
+
+	mp_set(key->pubkey.z, 1);
+
+	if (ecc_is_point(key) != CRYPT_OK) {
+		TRACE(("failed, not a point"))
+		goto out;
+	}
+
+   /* SEC1 3.2.3.1 Check that Q != 0 */
+	if (mp_cmp_d(key->pubkey.x, 0) == LTC_MP_EQ) {
+		TRACE(("failed, x == 0"))
+		goto out;
+	}
+	if (mp_cmp_d(key->pubkey.y, 0) == LTC_MP_EQ) {
+		TRACE(("failed, y == 0"))
+		goto out;
+	}
+
+	ret = DROPBEAR_SUCCESS;
+
+	out:
+	if (ret == DROPBEAR_FAILURE) {
+		if (key) {
+			ecc_free(key);
+			m_free(key);
+			key = NULL;
+		}
+	}
+
+	return key;
+
+}
+
+/* a modified version of libtomcrypt's "ecc_shared_secret" to output
+   a mp_int instead. */
+mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key)
+{
+	ecc_point *result = NULL;
+	mp_int *prime = NULL, *shared_secret = NULL;
+	int err = DROPBEAR_FAILURE;
+
+   /* type valid? */
+	if (private_key->type != PK_PRIVATE) {
+		goto out;
+	}
+
+	if (private_key->dp != public_key->dp) {
+		goto out;
+	}
+
+   /* make new point */
+	result = ltc_ecc_new_point();
+	if (result == NULL) {
+		goto out;
+	}
+
+	prime = m_malloc(sizeof(*prime));
+	m_mp_init(prime);
+
+	if (mp_read_radix(prime, (char *)private_key->dp->prime, 16) != CRYPT_OK) { 
+		goto out;
+	}
+	if (ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1) != CRYPT_OK) { 
+		goto out;
+	}
+
+	shared_secret = m_malloc(sizeof(*shared_secret));
+	m_mp_init(shared_secret);
+	if (mp_copy(result->x, shared_secret) != CRYPT_OK) {
+		goto out;
+	}
+
+	mp_clear(prime);
+	m_free(prime);
+	ltc_ecc_del_point(result);
+
+	err = DROPBEAR_SUCCESS;
+	out:
+	if (err == DROPBEAR_FAILURE) {
+		dropbear_exit("ECC error");
+	}
+	return shared_secret;
+}
+
+#endif

ecc.h

@@ -0,0 +1,35 @@
+#ifndef DROPBEAR_DROPBEAR_ECC_H
+#define DROPBEAR_DROPBEAR_ECC_H
+
+#include "includes.h"
+
+#include "buffer.h"
+
+#if DROPBEAR_ECC
+
+struct dropbear_ecc_curve {
+	int ltc_size; /* to match the byte sizes in ltc_ecc_sets[] */
+	const ltc_ecc_set_type *dp; /* curve domain parameters */
+	const struct ltc_hash_descriptor *hash_desc;
+	const char *name;
+};
+
+extern struct dropbear_ecc_curve ecc_curve_nistp256;
+extern struct dropbear_ecc_curve ecc_curve_nistp384;
+extern struct dropbear_ecc_curve ecc_curve_nistp521;
+extern struct dropbear_ecc_curve *dropbear_ecc_curves[];
+
+void dropbear_ecc_fill_dp(void);
+struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp);
+
+/* "pubkey" refers to a point, but LTC uses ecc_key structure for both public
+   and private keys */
+void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
+ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
+int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
+
+mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key);
+
+#endif
+
+#endif /* DROPBEAR_DROPBEAR_ECC_H */