Mercurial > dropbear

comparison svr-runopts.c @ 807:75509065db53 ecc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
have separate ecdsa keys for each size fix crash from the mp_alloc_init_multi change in RSA
author Matt Johnston <matt@ucc.asn.au>
date Sat, 25 May 2013 00:54:19 +0800
parents 4029d3432a4f
children b298bb438625
comparison
equal deleted inserted replaced
806:71e7d31f7671 807:75509065db53
373 break; 373 break;
374 } 374 }
375 } 375 }
376 } 376 }
377 377
378 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) {
379 if (*dst) {
380 if (fatal_duplicate) {
381 dropbear_exit("Only one %s key can be specified", name);
382 }
383 } else {
384 *dst = *src;
385 *src = NULL;
386 }
387
388 }
389
378 /* Must be called after syslog/etc is working */ 390 /* Must be called after syslog/etc is working */
379 static void loadhostkey(const char *keyfile, int fatal_duplicate) { 391 static void loadhostkey(const char *keyfile, int fatal_duplicate) {
380 sign_key * read_key = new_sign_key(); 392 sign_key * read_key = new_sign_key();
381 int type = DROPBEAR_SIGNKEY_ANY; 393 int type = DROPBEAR_SIGNKEY_ANY;
382 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { 394 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) {
383 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); 395 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile);
384 } 396 }
385 397
386 #ifdef DROPBEAR_RSA 398 #ifdef DROPBEAR_RSA
387 if (type == DROPBEAR_SIGNKEY_RSA) { 399 if (type == DROPBEAR_SIGNKEY_RSA) {
388 if (svr_opts.hostkey->rsakey) { 400 loadhostkey_helper("RSA", &read_key->rsakey, &svr_opts.hostkey->rsakey, fatal_duplicate);
389 if (fatal_duplicate) {
390 dropbear_exit("Only one RSA key can be specified");
391 }
392 } else {
393 svr_opts.hostkey->rsakey = read_key->rsakey;
394 read_key->rsakey = NULL;
395 }
396 } 401 }
397 #endif 402 #endif
398 403
399 #ifdef DROPBEAR_DSS 404 #ifdef DROPBEAR_DSS
400 if (type == DROPBEAR_SIGNKEY_DSS) { 405 if (type == DROPBEAR_SIGNKEY_DSS) {
401 if (svr_opts.hostkey->dsskey) { 406 loadhostkey_helper("DSS", &read_key->dsskey, &svr_opts.hostkey->dsskey, fatal_duplicate);
402 if (fatal_duplicate) {
403 dropbear_exit("Only one DSS key can be specified");
404 }
405 } else {
406 svr_opts.hostkey->dsskey = read_key->dsskey;
407 read_key->dsskey = NULL;
408 }
409 } 407 }
410 #endif 408 #endif
411 409
412 #ifdef DROPBEAR_ECDSA 410 #ifdef DROPBEAR_ECDSA
413 if (IS_ECDSA_KEY(type)) { 411 #ifdef DROPBEAR_ECC_256
414 if (svr_opts.hostkey->ecckey) { 412 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
415 if (fatal_duplicate) { 413 loadhostkey_helper("ECDSA256", &read_key->ecckey256, &svr_opts.hostkey->ecckey256, fatal_duplicate);
416 dropbear_exit("Only one ECDSA key can be specified"); 414 }
417 } 415 #endif
418 } else { 416 #ifdef DROPBEAR_ECC_384
419 svr_opts.hostkey->ecckey = read_key->ecckey; 417 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
420 read_key->ecckey = NULL; 418 loadhostkey_helper("ECDSA384", &read_key->ecckey384, &svr_opts.hostkey->ecckey384, fatal_duplicate);
421 } 419 }
422 } 420 #endif
423 #endif 421 #ifdef DROPBEAR_ECC_521
422 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
423 loadhostkey_helper("ECDSA521", &read_key->ecckey521, &svr_opts.hostkey->ecckey521, fatal_duplicate);
424 }
425 #endif
426 #endif // DROPBEAR_ECDSA
424 sign_key_free(read_key); 427 sign_key_free(read_key);
425 TRACE(("leave loadhostkey")) 428 TRACE(("leave loadhostkey"))
426 } 429 }
427 430
428 static void addhostkey(const char *keyfile) { 431 static void addhostkey(const char *keyfile) {
466 disablekey(DROPBEAR_SIGNKEY_RSA); 469 disablekey(DROPBEAR_SIGNKEY_RSA);
467 } 470 }
468 #endif 471 #endif
469 #ifdef DROPBEAR_ECDSA 472 #ifdef DROPBEAR_ECDSA
470 #ifdef DROPBEAR_ECC_256 473 #ifdef DROPBEAR_ECC_256
471 if (!svr_opts.hostkey->ecckey 474 if (!svr_opts.hostkey->ecckey256) {
472 || ecdsa_signkey_type(svr_opts.hostkey->ecckey) != DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
473 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); 475 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
474 } 476 }
475 #endif 477 #endif
476 #ifdef DROPBEAR_ECC_384 478 #ifdef DROPBEAR_ECC_384
477 if (!svr_opts.hostkey->ecckey 479 if (!svr_opts.hostkey->ecckey384) {
478 || ecdsa_signkey_type(svr_opts.hostkey->ecckey) != DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
479 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); 480 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
480 } 481 }
481 #endif 482 #endif
482 #ifdef DROPBEAR_ECC_521 483 #ifdef DROPBEAR_ECC_521
483 if (!svr_opts.hostkey->ecckey 484 if (!svr_opts.hostkey->ecckey521) {
484 || ecdsa_signkey_type(svr_opts.hostkey->ecckey) != DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
485 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); 485 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
486 } 486 }
487 #endif 487 #endif
488 #endif 488 #endif
489 } 489 }