# HG changeset patch # User Matt Johnston # Date 1384436205 -28800 # Node ID 04ede40a529af77f6b291228cea2ba03fd5c7e00 # Parent ccc76acaf4c78f8263ce04e07580c3f97e2242f5 - Some fixes for old compilers like tru64 v4 from Daniel Richard G. - Don't warn about blocking random device for prngd diff -r ccc76acaf4c7 -r 04ede40a529a common-kex.c --- a/common-kex.c Thu Nov 14 20:45:46 2013 +0800 +++ b/common-kex.c Thu Nov 14 21:36:45 2013 +0800 @@ -286,7 +286,7 @@ const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; hash_state hs2; unsigned int offset; - unsigned char tmpout[hash_desc->hashsize]; + unsigned char tmpout[MAX_HASH_SIZE]; memcpy(&hs2, hs, sizeof(hash_state)); hash_desc->process(&hs2, &X, 1); @@ -303,6 +303,7 @@ hash_desc->done(&hs2, tmpout); memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); } + } /* Generate the actual encryption/integrity keys, using the results of the @@ -569,6 +570,7 @@ * See the transport rfc 4253 section 8 for details */ /* dh_pub and dh_priv MUST be already initialised */ struct kex_dh_param *gen_kexdh_param() { + struct kex_dh_param *param = NULL; DEF_MP_INT(dh_p); DEF_MP_INT(dh_q); @@ -576,7 +578,7 @@ TRACE(("enter gen_kexdh_vals")) - struct kex_dh_param *param = m_malloc(sizeof(*param)); + param = m_malloc(sizeof(*param)); m_mp_init_multi(¶m->pub, ¶m->priv, &dh_g, &dh_p, &dh_q, NULL); /* read the prime and generator*/ @@ -823,16 +825,16 @@ int allgood = 1; /* we AND this with each goodguess and see if its still true after */ - buf_incrpos(ses.payload, 16); /* start after the cookie */ - - memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); - #ifdef USE_KEXGUESS2 enum kexguess2_used kexguess2 = KEXGUESS2_LOOK; #else enum kexguess2_used kexguess2 = KEXGUESS2_NO; #endif + buf_incrpos(ses.payload, 16); /* start after the cookie */ + + memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); + /* kex_algorithms */ algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess); allgood &= goodguess; diff -r ccc76acaf4c7 -r 04ede40a529a ecc.c --- a/ecc.c Thu Nov 14 20:45:46 2013 +0800 +++ b/ecc.c Thu Nov 14 21:36:45 2013 +0800 @@ -9,23 +9,26 @@ /* .dp members are filled out by dropbear_ecc_fill_dp() at startup */ #ifdef DROPBEAR_ECC_256 struct dropbear_ecc_curve ecc_curve_nistp256 = { - .ltc_size = 32, - .hash_desc = &sha256_desc, - .name = "nistp256" + 32, /* .ltc_size */ + NULL, /* .dp */ + &sha256_desc, /* .hash_desc */ + "nistp256" /* .name */ }; #endif #ifdef DROPBEAR_ECC_384 struct dropbear_ecc_curve ecc_curve_nistp384 = { - .ltc_size = 48, - .hash_desc = &sha384_desc, - .name = "nistp384" + 48, /* .ltc_size */ + NULL, /* .dp */ + &sha384_desc, /* .hash_desc */ + "nistp384" /* .name */ }; #endif #ifdef DROPBEAR_ECC_521 struct dropbear_ecc_curve ecc_curve_nistp521 = { - .ltc_size = 66, - .hash_desc = &sha512_desc, - .name = "nistp521" + 66, /* .ltc_size */ + NULL, /* .dp */ + &sha512_desc, /* .hash_desc */ + "nistp521" /* .name */ }; #endif @@ -137,8 +140,9 @@ /* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) { unsigned long len = key->dp->size*2 + 1; + int err; buf_putint(buf, len); - int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); + err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); if (err != CRYPT_OK) { dropbear_exit("ECC error"); } diff -r ccc76acaf4c7 -r 04ede40a529a ecdsa.c --- a/ecdsa.c Thu Nov 14 20:45:46 2013 +0800 +++ b/ecdsa.c Thu Nov 14 21:36:45 2013 +0800 @@ -36,6 +36,7 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) { const ltc_ecc_set_type *dp = NULL; // curve domain parameters + ecc_key *new_key = NULL; switch (bit_size) { #ifdef DROPBEAR_ECC_256 case 256: @@ -67,7 +68,7 @@ , bit_size); } - ecc_key *new_key = m_malloc(sizeof(*new_key)); + new_key = m_malloc(sizeof(*new_key)); if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) { dropbear_exit("ECC error"); } diff -r ccc76acaf4c7 -r 04ede40a529a gensignkey.c --- a/gensignkey.c Thu Nov 14 20:45:46 2013 +0800 +++ b/gensignkey.c Thu Nov 14 21:36:45 2013 +0800 @@ -5,6 +5,7 @@ #include "genrsa.h" #include "gendss.h" #include "signkey.h" +#include "random.h" #define RSA_DEFAULT_SIZE 2048 #define DSS_DEFAULT_SIZE 1024 diff -r ccc76acaf4c7 -r 04ede40a529a includes.h --- a/includes.h Thu Nov 14 20:45:46 2013 +0800 +++ b/includes.h Thu Nov 14 21:36:45 2013 +0800 @@ -134,15 +134,30 @@ #include "compat.h" -#include "fake-rfc2553.h" -#ifndef HAVE_UINT16_T +#ifndef HAVE_U_INT8_T +typedef unsigned char u_int8_t; +#endif /* HAVE_U_INT8_T */ +#ifndef HAVE_UINT8_T +typedef u_int8_t uint8_t; +#endif /* HAVE_UINT8_T */ + #ifndef HAVE_U_INT16_T typedef unsigned short u_int16_t; #endif /* HAVE_U_INT16_T */ +#ifndef HAVE_UINT16_T typedef u_int16_t uint16_t; #endif /* HAVE_UINT16_T */ +#ifndef HAVE_U_INT32_T +typedef unsigned int u_int32_t; +#endif /* HAVE_U_INT32_T */ +#ifndef HAVE_UINT32_T +typedef u_int32_t uint32_t; +#endif /* HAVE_UINT32_T */ + +#include "fake-rfc2553.h" + #ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH #endif diff -r ccc76acaf4c7 -r 04ede40a529a random.c --- a/random.c Thu Nov 14 20:45:46 2013 +0800 +++ b/random.c Thu Nov 14 21:36:45 2013 +0800 @@ -79,12 +79,15 @@ { int readlen, wantread; unsigned char readbuf[4096]; - if (!already_blocked) + if (!already_blocked && !prngd) { int res; - struct timeval timeout = { .tv_sec = 2, .tv_usec = 0}; + struct timeval timeout; fd_set read_fds; + timeout.tv_sec = 2; + timeout.tv_usec = 0; + FD_ZERO(&read_fds); FD_SET(readfd, &read_fds); res = select(readfd + 1, &read_fds, NULL, NULL, &timeout); diff -r ccc76acaf4c7 -r 04ede40a529a random.h --- a/random.h Thu Nov 14 20:45:46 2013 +0800 +++ b/random.h Thu Nov 14 21:36:45 2013 +0800 @@ -25,7 +25,7 @@ #ifndef _RANDOM_H_ #define _RANDOM_H_ -struct mp_int; +#include "includes.h" void seedrandom(); void genrandom(unsigned char* buf, unsigned int len); diff -r ccc76acaf4c7 -r 04ede40a529a signkey.c --- a/signkey.c Thu Nov 14 20:45:46 2013 +0800 +++ b/signkey.c Thu Nov 14 21:36:45 2013 +0800 @@ -511,12 +511,13 @@ unsigned int bloblen; unsigned char * type_name = NULL; unsigned int type_name_len = 0; + enum signkey_type type; TRACE(("enter buf_verify")) bloblen = buf_getint(buf); type_name = buf_getstring(buf, &type_name_len); - enum signkey_type type = signkey_type_from_name(type_name, type_name_len); + type = signkey_type_from_name(type_name, type_name_len); m_free(type_name); #ifdef DROPBEAR_DSS diff -r ccc76acaf4c7 -r 04ede40a529a sysoptions.h --- a/sysoptions.h Thu Nov 14 20:45:46 2013 +0800 +++ b/sysoptions.h Thu Nov 14 21:36:45 2013 +0800 @@ -76,6 +76,7 @@ #define SHA1_HASH_SIZE 20 #define MD5_HASH_SIZE 16 +#define MAX_HASH_SIZE 64 /* sha512 */ #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ #define MAX_IV_LEN 20 /* must be same as max blocksize, */ diff -r ccc76acaf4c7 -r 04ede40a529a tcpfwd.h --- a/tcpfwd.h Thu Nov 14 20:45:46 2013 +0800 +++ b/tcpfwd.h Thu Nov 14 21:36:45 2013 +0800 @@ -40,7 +40,7 @@ unsigned char *listenaddr; unsigned int listenport; /* The address that the remote host asked to listen on */ - unsigned char *request_listenaddr;; + unsigned char *request_listenaddr; const struct ChanType *chantype; enum {direct, forwarded} tcp_type;