# HG changeset patch # User Matt Johnston # Date 1321964938 -25200 # Node ID 33fd2f3499d2aed78878fd8ad7c47ad5e9bbc8cc # Parent 2b1bb792cd4d43a2db7299e3e6547e1da2f28797 A few build fixes diff -r 2b1bb792cd4d -r 33fd2f3499d2 Makefile.in --- a/Makefile.in Mon Nov 21 19:52:28 2011 +0800 +++ b/Makefile.in Tue Nov 22 19:28:58 2011 +0700 @@ -15,11 +15,12 @@ LTC=libtomcrypt/libtomcrypt.a LTM=libtommath/libtommath.a +TFM=tomsfastmath/libtfm.a ifeq (@BUNDLED_LIBTOM@, 1) -LIBTOM_DEPS=$(LTC) $(LTM) +LIBTOM_DEPS=$(LTC) $(TFM) CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/ -LIBS+=$(LTC) $(LTM) +LIBS+=$(LTC) $(TFM) endif COMMONOBJS=dbutil.o buffer.o \ @@ -190,7 +191,10 @@ $(LTM): options.h cd libtommath && $(MAKE) -.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean +$(TFM): options.h + cd tomsfastmath && $(MAKE) + +.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean tfm-clean ltc-clean: cd libtomcrypt && $(MAKE) clean @@ -198,10 +202,13 @@ ltm-clean: cd libtommath && $(MAKE) clean +tfm-clean: + cd tomsfastmath && $(MAKE) clean + sizes: dropbear objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn -clean: ltc-clean ltm-clean thisclean +clean: ltc-clean ltm-clean tfm-clean thisclean thisclean: -rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \ diff -r 2b1bb792cd4d -r 33fd2f3499d2 buffer.c --- a/buffer.c Mon Nov 21 19:52:28 2011 +0800 +++ b/buffer.c Tue Nov 22 19:28:58 2011 +0700 @@ -288,12 +288,12 @@ dropbear_assert(fp != NULL); - if (SIGN(fp) == FP_NEG) { + if (fp->sign == FP_NEG) { dropbear_exit("negative bignum"); } /* zero check */ - if (USED(fp) == 1 && DIGIT(fp, 0) == 0) { + if (fp_iszero(fp) == FP_YES) { len = 0; } else { /* SSH spec requires padding for fpints with the MSB set, this code diff -r 2b1bb792cd4d -r 33fd2f3499d2 common-kex.c --- a/common-kex.c Mon Nov 21 19:52:28 2011 +0800 +++ b/common-kex.c Tue Nov 22 19:28:58 2011 +0700 @@ -519,7 +519,7 @@ TRACE(("leave recv_msg_kexinit")) } -static void load_dh_p(mp_int * dh_p) +static void load_dh_p(fp_int * dh_p) { switch (ses.newkeys->algo_kex) { case DROPBEAR_KEX_DH_GROUP1: @@ -644,8 +644,8 @@ algo_type * s2c_hash_algo = NULL; algo_type * c2s_cipher_algo = NULL; algo_type * s2c_cipher_algo = NULL; - algo_type * c2s_cofp_algo = NULL; - algo_type * s2c_cofp_algo = NULL; + algo_type * c2s_comp_algo = NULL; + algo_type * s2c_comp_algo = NULL; /* the generic one */ algo_type * algo = NULL; @@ -713,30 +713,20 @@ TRACE(("hash s2c is %s", s2c_hash_algo->name)) /* compression_algorithms_client_to_server */ -<<<<<<< mine - c2s_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); - if (c2s_cofp_algo == NULL) { -======= c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess); if (c2s_comp_algo == NULL) { ->>>>>>> theirs erralgo = "comp c->s"; goto error; } - TRACE(("hash c2s is %s", c2s_cofp_algo->name)) + TRACE(("hash c2s is %s", c2s_comp_algo->name)) /* compression_algorithms_server_to_client */ -<<<<<<< mine - s2c_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); - if (s2c_cofp_algo == NULL) { -======= s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess); if (s2c_comp_algo == NULL) { ->>>>>>> theirs erralgo = "comp s->c"; goto error; } - TRACE(("hash s2c is %s", s2c_cofp_algo->name)) + TRACE(("hash s2c is %s", s2c_comp_algo->name)) /* languages_client_to_server */ buf_eatstring(ses.payload); @@ -767,13 +757,8 @@ (struct dropbear_hash*)s2c_hash_algo->data; ses.newkeys->trans.algo_mac = (struct dropbear_hash*)c2s_hash_algo->data; -<<<<<<< mine - ses.newkeys->recv_algo_comp = s2c_cofp_algo->val; - ses.newkeys->trans_algo_comp = c2s_cofp_algo->val; -======= ses.newkeys->recv.algo_comp = s2c_comp_algo->val; ses.newkeys->trans.algo_comp = c2s_comp_algo->val; ->>>>>>> theirs } else { /* SERVER */ ses.newkeys->recv.algo_crypt = @@ -788,13 +773,8 @@ (struct dropbear_hash*)c2s_hash_algo->data; ses.newkeys->trans.algo_mac = (struct dropbear_hash*)s2c_hash_algo->data; -<<<<<<< mine - ses.newkeys->recv_algo_comp = c2s_cofp_algo->val; - ses.newkeys->trans_algo_comp = s2c_cofp_algo->val; -======= ses.newkeys->recv.algo_comp = c2s_comp_algo->val; ses.newkeys->trans.algo_comp = s2c_comp_algo->val; ->>>>>>> theirs } /* reserved for future extensions */ diff -r 2b1bb792cd4d -r 33fd2f3499d2 configure.in --- a/configure.in Mon Nov 21 19:52:28 2011 +0800 +++ b/configure.in Tue Nov 22 19:28:58 2011 +0700 @@ -82,7 +82,8 @@ ],,,) # Checks for libraries. -AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") +AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt") +AC_SUBST(CRYPTLIB) # Check if zlib is needed AC_ARG_WITH(zlib, @@ -145,6 +146,7 @@ if test "x$enableval" = "xyes"; then AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***])) AC_MSG_NOTICE(Enabling PAM) + AC_CHECK_FUNCS(pam_fail_delay) else AC_DEFINE(DISABLE_PAM,, Use PAM) AC_MSG_NOTICE(Disabling PAM) @@ -361,6 +363,25 @@ AC_CHECK_FUNCS(setutxent utmpxname) AC_CHECK_FUNCS(logout updwtmp logwtmp) +AC_ARG_ENABLE(bundled-libtom, + [ --enable-bundled-libtom Use bundled libtomcrypt/libtommath even if a system version exists], + [ + BUNDLED_LIBTOM=1 + AC_MSG_NOTICE(Forcing bundled libtom*) + ], + [ + BUNDLED_LIBTOM=0 + AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1) + AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1) + ] +) + +if test $BUNDLED_LIBTOM = 1 ; then + AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) +fi + +AC_SUBST(BUNDLED_LIBTOM) + dnl Added from OpenSSH 3.6.1p2's configure.ac dnl allow user to disable some login recording features @@ -668,6 +689,15 @@ AC_CONFIG_HEADER(config.h) AC_OUTPUT(Makefile) AC_OUTPUT(libtomcrypt/Makefile) -#AC_OUTPUT(libtommath/Makefile) +AC_OUTPUT(libtommath/Makefile) +AC_OUTPUT(tomsfastmath/Makefile) + +AC_MSG_NOTICE() +if test $BUNDLED_LIBTOM = 1 ; then +AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath) +else +AC_MSG_NOTICE(Using system libtomcrypt and libtommath) +fi + AC_MSG_NOTICE() AC_MSG_NOTICE(Now edit options.h to choose features.) diff -r 2b1bb792cd4d -r 33fd2f3499d2 dss.c --- a/dss.c Mon Nov 21 19:52:28 2011 +0800 +++ b/dss.c Tue Nov 22 19:28:58 2011 +0700 @@ -43,7 +43,7 @@ * The key will have the same format as buf_put_dss_key. * These should be freed with dss_key_free. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_get_dss_pub_key(buffer* buf, dss_key *key) { +int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { TRACE(("enter buf_get_dss_pub_key")) dropbear_assert(key != NULL); @@ -51,10 +51,7 @@ key->q = m_malloc(sizeof(fp_int)); key->g = m_malloc(sizeof(fp_int)); key->y = m_malloc(sizeof(fp_int)); - fp_init(key->p); - fp_init(key->q); - fp_init(key->g); - fp_init(key->y); + m_fp_init_multi(key->p, key->q, key->g, key->y, NULL); key->x = NULL; buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ @@ -79,7 +76,7 @@ /* Same as buf_get_dss_pub_key, but reads a private "x" key at the end. * Loads a private dss key from a buffer * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_get_dss_priv_key(buffer* buf, dss_key *key) { +int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) { int ret = DROPBEAR_FAILURE; @@ -102,7 +99,7 @@ /* Clear and free the memory used by a public or private key */ -void dss_key_free(dss_key *key) { +void dss_key_free(dropbear_dss_key *key) { TRACE(("enter dsa_key_free")) if (key == NULL) { @@ -141,7 +138,7 @@ * fpint g * fpint y */ -void buf_put_dss_pub_key(buffer* buf, dss_key *key) { +void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) { dropbear_assert(key != NULL); buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); @@ -153,7 +150,7 @@ } /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ -void buf_put_dss_priv_key(buffer* buf, dss_key *key) { +void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) { dropbear_assert(key != NULL); buf_put_dss_pub_key(buf, key); @@ -164,7 +161,7 @@ #ifdef DROPBEAR_SIGNKEY_VERIFY /* Verify a DSS signature (in buf) made on data by the key given. * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data, +int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data, unsigned int len) { unsigned char msghash[SHA1_HASH_SIZE]; @@ -180,10 +177,7 @@ TRACE(("enter buf_dss_verify")) dropbear_assert(key != NULL); - fp_init(&val1); - fp_init(&val2); - fp_init(&val3); - fp_init(&val4); + m_fp_init_multi(&val1, &val2, &val3, &val4, NULL); /* get blob, check length */ string = buf_getstring(buf, &stringlen); @@ -296,7 +290,7 @@ * * Now we aren't relying on the random number generation to protect the private * key x, which is a long term secret */ -void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data, +void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data, unsigned int len) { unsigned char msghash[SHA1_HASH_SIZE]; diff -r 2b1bb792cd4d -r 33fd2f3499d2 dss.h --- a/dss.h Mon Nov 21 19:52:28 2011 +0800 +++ b/dss.h Tue Nov 22 19:28:58 2011 +0700 @@ -34,20 +34,12 @@ typedef struct { -<<<<<<< mine fp_int* p; fp_int* q; fp_int* g; fp_int* y; + /* x is the private part */ fp_int* x; -======= - mp_int* p; - mp_int* q; - mp_int* g; - mp_int* y; - /* x is the private part */ - mp_int* x; ->>>>>>> theirs } dropbear_dss_key; diff -r 2b1bb792cd4d -r 33fd2f3499d2 includes.h --- a/includes.h Mon Nov 21 19:52:28 2011 +0800 +++ b/includes.h Tue Nov 22 19:28:58 2011 +0700 @@ -122,7 +122,7 @@ #ifdef BUNDLED_LIBTOM #include "libtomcrypt/src/headers/tomcrypt.h" -#include "libtommath/tommath.h" +#include "tomsfastmath/src/headers/tfm.h" #else #include #include diff -r 2b1bb792cd4d -r 33fd2f3499d2 random.h --- a/random.h Mon Nov 21 19:52:28 2011 +0800 +++ b/random.h Tue Nov 22 19:28:58 2011 +0700 @@ -31,6 +31,6 @@ void reseedrandom(); void genrandom(unsigned char* buf, int len); void addrandom(unsigned char* buf, int len); -void gen_random_mpint(fp_int *max, fp_int *rand); +void gen_random_fpint(fp_int *max, fp_int *rand); #endif /* _RANDOM_H_ */ diff -r 2b1bb792cd4d -r 33fd2f3499d2 rsa.c --- a/rsa.c Mon Nov 21 19:52:28 2011 +0800 +++ b/rsa.c Tue Nov 22 19:28:58 2011 +0700 @@ -38,7 +38,7 @@ #ifdef DROPBEAR_RSA -static void rsa_pad_em(rsa_key * key, +static void rsa_pad_em(dropbear_rsa_key * key, const unsigned char * data, unsigned int len, fp_int * rsa_em); @@ -47,15 +47,14 @@ * The key will have the same format as buf_put_rsa_key. * These should be freed with rsa_key_free. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) { +int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { int ret = DROPBEAR_FAILURE; TRACE(("enter buf_get_rsa_pub_key")) dropbear_assert(key != NULL); key->e = m_malloc(sizeof(fp_int)); key->n = m_malloc(sizeof(fp_int)); - fp_init(key->e); - fp_init(key->n); + m_fp_init_multi(key->e, key->n, NULL); key->d = NULL; key->p = NULL; key->q = NULL; @@ -86,7 +85,7 @@ /* Same as buf_get_rsa_pub_key, but reads private bits at the end. * Loads a private rsa key from a buffer * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) { +int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) { int ret = DROPBEAR_FAILURE; TRACE(("enter buf_get_rsa_priv_key")) @@ -140,7 +139,7 @@ /* Clear and free the memory used by a public or private key */ -void rsa_key_free(rsa_key *key) { +void rsa_key_free(dropbear_rsa_key *key) { TRACE(("enter rsa_key_free")) @@ -178,7 +177,7 @@ * fp_int e * fp_int n */ -void buf_put_rsa_pub_key(buffer* buf, rsa_key *key) { +void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { TRACE(("enter buf_put_rsa_pub_key")) dropbear_assert(key != NULL); @@ -192,7 +191,7 @@ } /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */ -void buf_put_rsa_priv_key(buffer* buf, rsa_key *key) { +void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) { TRACE(("enter buf_put_rsa_priv_key")) @@ -216,7 +215,7 @@ #ifdef DROPBEAR_SIGNKEY_VERIFY /* Verify a signature in buf, made on data by the key given. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, +int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data, unsigned int len) { unsigned int slen; @@ -275,7 +274,7 @@ /* Sign the data presented with key, writing the signature contents * to the buffer */ -void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data, +void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data, unsigned int len) { unsigned int nsize, ssize; @@ -342,9 +341,7 @@ #endif /* RSA_BLINDING */ - fp_zero(&rsa_tmp1); - fp_zero(&rsa_tmp2); - fp_zero(&rsa_tmp3); + m_fp_zero_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); /* create the signature to return */ buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); @@ -385,7 +382,7 @@ * * rsa_em must be a pointer to an initialised fp_int. */ -static void rsa_pad_em(rsa_key * key, +static void rsa_pad_em(dropbear_rsa_key * key, const unsigned char * data, unsigned int len, fp_int * rsa_em) {