# HG changeset patch # User Matt Johnston # Date 1384268552 -28800 # Node ID 7540c08223740c07a118c225ab72540af696488e # Parent c1c1b43f78c2024aed8b59ea8b50f12c93831fe9 Various cleanups and fixes for warnings diff -r c1c1b43f78c2 -r 7540c0822374 algo.h --- a/algo.h Sat Nov 09 00:14:28 2013 +0800 +++ b/algo.h Tue Nov 12 23:02:32 2013 +0800 @@ -56,7 +56,6 @@ extern const struct dropbear_cipher dropbear_nocipher; extern const struct dropbear_cipher_mode dropbear_mode_none; extern const struct dropbear_hash dropbear_nohash; -extern const struct dropbear_kex kex_curve25519; struct dropbear_cipher { const struct ltc_cipher_descriptor *cipherdesc; diff -r c1c1b43f78c2 -r 7540c0822374 bignum.c --- a/bignum.c Sat Nov 09 00:14:28 2013 +0800 +++ b/bignum.c Tue Nov 12 23:02:32 2013 +0800 @@ -78,8 +78,6 @@ /* hash the ssh representation of the mp_int mp */ void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, hash_state *hs, mp_int *mp) { - - int i; buffer * buf; buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, diff -r c1c1b43f78c2 -r 7540c0822374 cli-runopts.c --- a/cli-runopts.c Sat Nov 09 00:14:28 2013 +0800 +++ b/cli-runopts.c Tue Nov 12 23:02:32 2013 +0800 @@ -450,7 +450,7 @@ #ifdef ENABLE_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename) { sign_key *key; - int keytype; + enum signkey_type keytype; key = new_sign_key(); keytype = DROPBEAR_SIGNKEY_ANY; diff -r c1c1b43f78c2 -r 7540c0822374 common-algo.c --- a/common-algo.c Sat Nov 09 00:14:28 2013 +0800 +++ b/common-algo.c Tue Nov 12 23:02:32 2013 +0800 @@ -231,6 +231,8 @@ static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; +/* These can't be const since dropbear_ecc_fill_dp() fills out + ecc_curve at runtime */ #ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECC_256 static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc }; @@ -245,7 +247,7 @@ #ifdef DROPBEAR_CURVE25519 /* Referred to directly */ -const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc }; +static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc }; #endif algo_type sshkex[] = { diff -r c1c1b43f78c2 -r 7540c0822374 common-kex.c --- a/common-kex.c Sat Nov 09 00:14:28 2013 +0800 +++ b/common-kex.c Tue Nov 12 23:02:32 2013 +0800 @@ -577,7 +577,7 @@ TRACE(("enter gen_kexdh_vals")) struct kex_dh_param *param = m_malloc(sizeof(*param)); - m_mp_init_multi(¶m->pub, ¶m->priv, NULL); + m_mp_init_multi(¶m->pub, ¶m->priv, &dh_g, &dh_p, &dh_q, NULL); /* read the prime and generator*/ load_dh_p(&dh_p); @@ -738,7 +738,7 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them, sign_key *hostkey) { - unsigned char* out = m_malloc(CURVE25519_LEN); + unsigned char out[CURVE25519_LEN]; const unsigned char* Q_C = NULL; const unsigned char* Q_S = NULL; @@ -748,10 +748,9 @@ } curve25519_donna(out, param->priv, buf_pub_them->data); - ses.dh_K = m_malloc(sizeof(*ses.dh_K)); - m_mp_init(ses.dh_K); + m_mp_alloc_init_multi(&ses.dh_K, NULL); bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); - m_free(out); + m_burn(out, sizeof(out)); /* Create the remainder of the hash buffer, to generate the exchange hash. See RFC5656 section 4 page 7 */ diff -r c1c1b43f78c2 -r 7540c0822374 ecc.c --- a/ecc.c Sat Nov 09 00:14:28 2013 +0800 +++ b/ecc.c Tue Nov 12 23:02:32 2013 +0800 @@ -6,7 +6,7 @@ #ifdef DROPBEAR_ECC -// .dp members are filled out by dropbear_ecc_fill_dp() at startup +/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */ #ifdef DROPBEAR_ECC_256 struct dropbear_ecc_curve ecc_curve_nistp256 = { .ltc_size = 32, @@ -44,7 +44,7 @@ void dropbear_ecc_fill_dp() { struct dropbear_ecc_curve **curve; - // libtomcrypt guarantees they're ordered by size + /* libtomcrypt guarantees they're ordered by size */ const ltc_ecc_set_type *dp = ltc_ecc_sets; for (curve = dropbear_ecc_curves; *curve; curve++) { for (;dp->size > 0; dp++) { diff -r c1c1b43f78c2 -r 7540c0822374 ecdsa.c --- a/ecdsa.c Sat Nov 09 00:14:28 2013 +0800 +++ b/ecdsa.c Tue Nov 12 23:02:32 2013 +0800 @@ -246,8 +246,8 @@ // returns values in s and r // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE -static int buf_get_ecdsa_verify_params(buffer *buf, struct dropbear_ecc_curve *curve, - void *r, void* s) { +static int buf_get_ecdsa_verify_params(buffer *buf, + void *r, void* s) { int ret = DROPBEAR_FAILURE; unsigned int sig_len; unsigned int sig_pos; @@ -302,7 +302,7 @@ dropbear_exit("ECC error"); } - if (buf_get_ecdsa_verify_params(buf, curve, r, s) != DROPBEAR_SUCCESS) { + if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) { goto out; } diff -r c1c1b43f78c2 -r 7540c0822374 ecdsa.h --- a/ecdsa.h Sat Nov 09 00:14:28 2013 +0800 +++ b/ecdsa.h Tue Nov 12 23:02:32 2013 +0800 @@ -7,6 +7,7 @@ #ifdef DROPBEAR_ECDSA +/* Prefer the larger size - it's fast anyway */ #if defined(DROPBEAR_ECC_521) #define ECDSA_DEFAULT_SIZE 521 #elif defined(DROPBEAR_ECC_384) diff -r c1c1b43f78c2 -r 7540c0822374 gensignkey.c --- a/gensignkey.c Sat Nov 09 00:14:28 2013 +0800 +++ b/gensignkey.c Tue Nov 12 23:02:32 2013 +0800 @@ -85,6 +85,8 @@ /* now we can generate the key */ key = new_sign_key(); + seedrandom(); + switch(keytype) { #ifdef DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: @@ -112,6 +114,8 @@ dropbear_exit("Internal error"); } + seedrandom(); + buf = buf_new(MAX_PRIVKEY_SIZE); buf_put_priv_key(buf, key, keytype); diff -r c1c1b43f78c2 -r 7540c0822374 signkey.c --- a/signkey.c Sat Nov 09 00:14:28 2013 +0800 +++ b/signkey.c Tue Nov 12 23:02:32 2013 +0800 @@ -39,8 +39,7 @@ #ifdef DROPBEAR_ECDSA "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", - "ecdsa-sha2-nistp521", - "ecdsa" // for keygen + "ecdsa-sha2-nistp521" #endif // DROPBEAR_ECDSA }; diff -r c1c1b43f78c2 -r 7540c0822374 svr-auth.c --- a/svr-auth.c Sat Nov 09 00:14:28 2013 +0800 +++ b/svr-auth.c Tue Nov 12 23:02:32 2013 +0800 @@ -231,7 +231,7 @@ char* listshell = NULL; char* usershell = NULL; - int uid; + uid_t uid; TRACE(("enter checkusername")) if (userlen > MAX_USERNAME_LEN) { return DROPBEAR_FAILURE; diff -r c1c1b43f78c2 -r 7540c0822374 svr-authpubkey.c --- a/svr-authpubkey.c Sat Nov 09 00:14:28 2013 +0800 +++ b/svr-authpubkey.c Tue Nov 12 23:02:32 2013 +0800 @@ -89,7 +89,7 @@ buffer * signbuf = NULL; sign_key * key = NULL; char* fp = NULL; - int type = -1; + enum signkey_type type = -1; TRACE(("enter pubkeyauth")) diff -r c1c1b43f78c2 -r 7540c0822374 svr-kex.c --- a/svr-kex.c Sat Nov 09 00:14:28 2013 +0800 +++ b/svr-kex.c Tue Nov 12 23:02:32 2013 +0800 @@ -64,18 +64,19 @@ case DROPBEAR_KEX_CURVE25519: #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519) ecdh_qs = buf_getstringbuf(ses.payload); - if (ses.payload->pos != ses.payload->len) { - dropbear_exit("Bad kex value"); - } #endif break; } + if (ses.payload->pos != ses.payload->len) { + dropbear_exit("Bad kex value"); + } send_msg_kexdh_reply(&dh_e, ecdh_qs); mp_clear(&dh_e); if (ecdh_qs) { buf_free(ecdh_qs); + ecdh_qs = NULL; } send_msg_newkeys(); @@ -132,8 +133,11 @@ } if (link(fn_temp, fn) < 0) { + /* It's OK to get EEXIST - we probably just lost a race + with another connection to generate the key */ if (errno != EEXIST) { - dropbear_log(LOG_ERR, "Failed moving key file to %s", fn); + dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", fn, + strerror(errno)); /* XXX fallback to non-atomic copy for some filesystems? */ goto out; } @@ -151,14 +155,6 @@ { dropbear_exit("Couldn't read or generate hostkey %s", fn); } - - // directory for keys. - - // Create lockfile first, or wait if it exists. PID! - // Generate key - // write it, load to memory - // atomic rename, done. - } #endif diff -r c1c1b43f78c2 -r 7540c0822374 svr-runopts.c --- a/svr-runopts.c Sat Nov 09 00:14:28 2013 +0800 +++ b/svr-runopts.c Tue Nov 12 23:02:32 2013 +0800 @@ -410,30 +410,30 @@ #ifdef DROPBEAR_RSA if (type == DROPBEAR_SIGNKEY_RSA) { - loadhostkey_helper("RSA", &read_key->rsakey, &svr_opts.hostkey->rsakey, fatal_duplicate); + loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); } #endif #ifdef DROPBEAR_DSS if (type == DROPBEAR_SIGNKEY_DSS) { - loadhostkey_helper("DSS", &read_key->dsskey, &svr_opts.hostkey->dsskey, fatal_duplicate); + loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); } #endif #ifdef DROPBEAR_ECDSA #ifdef DROPBEAR_ECC_256 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { - loadhostkey_helper("ECDSA256", &read_key->ecckey256, &svr_opts.hostkey->ecckey256, fatal_duplicate); + loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); } #endif #ifdef DROPBEAR_ECC_384 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { - loadhostkey_helper("ECDSA384", &read_key->ecckey384, &svr_opts.hostkey->ecckey384, fatal_duplicate); + loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); } #endif #ifdef DROPBEAR_ECC_521 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { - loadhostkey_helper("ECDSA521", &read_key->ecckey521, &svr_opts.hostkey->ecckey521, fatal_duplicate); + loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); } #endif #endif // DROPBEAR_ECDSA