dropbear: crypto_desc.c annotate

annotate crypto_desc.c @ 1715:3974f087d9c0

Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Mon, 15 Jun 2020 18:22:18 +0500
parents	750ec4ec4cbe
children	34d9d3c022ce

rev	line source
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #include "includes.h"
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 #include "dbutil.h"
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 #include "crypto_desc.h"
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 #include "ltc_prng.h"
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	5 #include "ecc.h"
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	7 #if DROPBEAR_LTC_PRNG
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 int dropbear_ltc_prng = -1;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 /* Register the compiled in ciphers.
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * This should be run before using any of the ciphers/hashes */
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 void crypto_init() {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 const struct ltc_cipher_descriptor *regciphers[] = {
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	17 #if DROPBEAR_AES
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 &aes_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	20 #if DROPBEAR_BLOWFISH
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 &blowfish_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	23 #if DROPBEAR_TWOFISH
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 &twofish_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	26 #if DROPBEAR_3DES
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 &des3_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 NULL
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 };
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 const struct ltc_hash_descriptor *reghashes[] = {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 /* we need sha1 for hostkey stuff regardless */
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 &sha1_desc,
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	35 #if DROPBEAR_MD5_HMAC
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 &md5_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	38 #if DROPBEAR_SHA256
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39 &sha256_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	41 #if DROPBEAR_SHA384
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42 &sha384_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	44 #if DROPBEAR_SHA512
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 &sha512_desc,
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 NULL
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 };
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 int i;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 for (i = 0; regciphers[i] != NULL; i++) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 if (register_cipher(regciphers[i]) == -1) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 dropbear_exit("Error registering crypto");
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 for (i = 0; reghashes[i] != NULL; i++) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 if (register_hash(reghashes[i]) == -1) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 dropbear_exit("Error registering crypto");
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	63 #if DROPBEAR_LTC_PRNG
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 dropbear_ltc_prng = register_prng(&dropbear_prng_desc);
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 if (dropbear_ltc_prng == -1) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 dropbear_exit("Error registering crypto");
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	70 #if DROPBEAR_ECC
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 ltc_mp = ltm_desc;
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	72 dropbear_ecc_fill_dp();
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75

Mercurial > dropbear

annotate crypto_desc.c @ 1715:3974f087d9c0