# HG changeset patch # User Matt Johnston # Date 1516888680 -28800 # Node ID a3479d0d7e795ecd25120a44ee7a0597b698d4a5 # Parent fb90a5ba84e0dd252ffa3ad62c97c1db99810dbd# Parent e017e46b14349e7a9b9afb75315faa0f9b23e1f8 Merge pull request #48 from DengkeDu/dengke/configure-add-variable-to-allow-openpty-check-cached configure: add a variable to allow openpty check to be cached diff -r e017e46b1434 -r a3479d0d7e79 Makefile.in --- a/Makefile.in Thu Apr 25 00:27:25 2013 +0200 +++ b/Makefile.in Thu Jan 25 21:58:00 2018 +0800 @@ -116,7 +116,7 @@ endif ifeq ($(MULTI), 1) - TARGETS=dropbearmulti + TARGETS=dropbearmulti$(EXEEXT) else TARGETS=$(PROGRAMS) endif @@ -133,14 +133,14 @@ install: $(addprefix inst_, $(TARGETS)) -insmultidropbear: dropbearmulti +insmultidropbear: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(sbindir) -rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 -insmulti%: dropbearmulti +insmulti%: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(bindir) -rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) @@ -220,8 +220,9 @@ clean: ltc-clean ltm-clean thisclean thisclean: - -rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \ - dropbearmulti *.o *.da *.bb *.bbg *.prof + -rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \ + dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \ + dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof distclean: clean tidy -rm -f config.h diff -r e017e46b1434 -r a3479d0d7e79 agentfwd.h --- a/agentfwd.h Thu Apr 25 00:27:25 2013 +0200 +++ b/agentfwd.h Thu Jan 25 21:58:00 2018 +0800 @@ -40,8 +40,8 @@ /* client functions */ void cli_load_agent_keys(m_list * ret_list); void agent_buf_sign(buffer *sigblob, sign_key *key, - buffer *data_buf); -void cli_setup_agent(struct Channel *channel); + const buffer *data_buf); +void cli_setup_agent(const struct Channel *channel); #ifdef __hpux #define seteuid(a) setresuid(-1, (a), -1) @@ -56,7 +56,7 @@ int svr_agentreq(struct ChanSess * chansess); void svr_agentcleanup(struct ChanSess * chansess); -void svr_agentset(struct ChanSess *chansess); +void svr_agentset(const struct ChanSess *chansess); #endif /* DROPBEAR_SVR_AGENTFWD */ diff -r e017e46b1434 -r a3479d0d7e79 algo.h --- a/algo.h Thu Apr 25 00:27:25 2013 +0200 +++ b/algo.h Thu Jan 25 21:58:00 2018 +0800 @@ -112,8 +112,8 @@ const struct ltc_hash_descriptor *hash_desc; }; -int have_algo(char* algo, size_t algolen, algo_type algos[]); -void buf_put_algolist(buffer * buf, algo_type localalgos[]); +int have_algo(const char* algo, size_t algolen, const algo_type algos[]); +void buf_put_algolist(buffer * buf, const algo_type localalgos[]); enum kexguess2_used { KEXGUESS2_LOOK, @@ -131,7 +131,7 @@ #if DROPBEAR_USER_ALGO_LIST int check_user_algos(const char* user_algo_list, algo_type * algos, const char *algo_desc); -char * algolist_string(algo_type algos[]); +char * algolist_string(const algo_type algos[]); #endif enum { diff -r e017e46b1434 -r a3479d0d7e79 auth.h --- a/auth.h Thu Apr 25 00:27:25 2013 +0200 +++ b/auth.h Thu Jan 25 21:58:00 2018 +0800 @@ -36,7 +36,7 @@ void recv_msg_userauth_request(void); void send_msg_userauth_failure(int partial, int incrfail); void send_msg_userauth_success(void); -void send_msg_userauth_banner(buffer *msg); +void send_msg_userauth_banner(const buffer *msg); void svr_auth_password(void); void svr_auth_pubkey(void); void svr_auth_pam(void); @@ -74,7 +74,7 @@ void cli_auth_password(void); int cli_auth_pubkey(void); void cli_auth_interactive(void); -char* getpass_or_cancel(char* prompt); +char* getpass_or_cancel(const char* prompt); void cli_auth_pubkey_cleanup(void); diff -r e017e46b1434 -r a3479d0d7e79 buffer.c --- a/buffer.c Thu Apr 25 00:27:25 2013 +0200 +++ b/buffer.c Thu Jan 25 21:58:00 2018 +0800 @@ -67,7 +67,7 @@ } /* overwrite the contents of the buffer to clear it */ -void buf_burn(buffer* buf) { +void buf_burn(const buffer* buf) { m_burn(buf->data, buf->size); @@ -91,7 +91,7 @@ /* Create a copy of buf, allocating required memory etc. */ /* The new buffer is sized the same as the length of the source buffer. */ -buffer* buf_newcopy(buffer* buf) { +buffer* buf_newcopy(const buffer* buf) { buffer* ret; @@ -184,7 +184,7 @@ /* returns an in-place pointer to the buffer, checking that * the next len bytes from that position can be used */ -unsigned char* buf_getptr(buffer* buf, unsigned int len) { +unsigned char* buf_getptr(const buffer* buf, unsigned int len) { if (len > BUF_MAX_INCR || buf->pos + len > buf->len) { dropbear_exit("Bad buf_getptr"); @@ -194,7 +194,7 @@ /* like buf_getptr, but checks against total size, not used length. * This allows writing past the used length, but not past the size */ -unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) { +unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) { if (len > BUF_MAX_INCR || buf->pos + len > buf->size) { dropbear_exit("Bad buf_getwriteptr"); diff -r e017e46b1434 -r a3479d0d7e79 buffer.h --- a/buffer.h Thu Apr 25 00:27:25 2013 +0200 +++ b/buffer.h Thu Jan 25 21:58:00 2018 +0800 @@ -44,8 +44,8 @@ /* Possibly returns a new buffer*, like realloc() */ buffer * buf_resize(buffer *buf, unsigned int newsize); void buf_free(buffer* buf); -void buf_burn(buffer* buf); -buffer* buf_newcopy(buffer* buf); +void buf_burn(const buffer* buf); +buffer* buf_newcopy(const buffer* buf); void buf_setlen(buffer* buf, unsigned int len); void buf_incrlen(buffer* buf, unsigned int incr); void buf_setpos(buffer* buf, unsigned int pos); @@ -54,8 +54,8 @@ unsigned char buf_getbyte(buffer* buf); unsigned char buf_getbool(buffer* buf); void buf_putbyte(buffer* buf, unsigned char val); -unsigned char* buf_getptr(buffer* buf, unsigned int len); -unsigned char* buf_getwriteptr(buffer* buf, unsigned int len); +unsigned char* buf_getptr(const buffer* buf, unsigned int len); +unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len); char* buf_getstring(buffer* buf, unsigned int *retlen); buffer * buf_getstringbuf(buffer *buf); void buf_eatstring(buffer *buf); diff -r e017e46b1434 -r a3479d0d7e79 channel.h --- a/channel.h Thu Apr 25 00:27:25 2013 +0200 +++ b/channel.h Thu Jan 25 21:58:00 2018 +0800 @@ -84,7 +84,7 @@ int flushing; /* Used by client chansession to handle ~ escaping, NULL ignored otherwise */ - void (*read_mangler)(struct Channel*, unsigned char* bytes, int *len); + void (*read_mangler)(const struct Channel*, const unsigned char* bytes, int *len); const struct ChanType* type; @@ -98,7 +98,7 @@ int (*inithandler)(struct Channel*); int (*check_close)(struct Channel*); void (*reqhandler)(struct Channel*); - void (*closehandler)(struct Channel*); + void (*closehandler)(const struct Channel*); }; /* Callback for connect_remote */ @@ -107,7 +107,7 @@ void chaninitialise(const struct ChanType *chantypes[]); void chancleanup(void); void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads); -void channelio(fd_set *readfd, fd_set *writefd); +void channelio(const fd_set *readfd, const fd_set *writefd); struct Channel* getchannel(void); /* Returns an arbitrary channel that is in a ready state - not being initialised and no EOF in either direction. NULL if none. */ @@ -115,8 +115,8 @@ void recv_msg_channel_open(void); void recv_msg_channel_request(void); -void send_msg_channel_failure(struct Channel *channel); -void send_msg_channel_success(struct Channel *channel); +void send_msg_channel_failure(const struct Channel *channel); +void send_msg_channel_success(const struct Channel *channel); void recv_msg_channel_data(void); void recv_msg_channel_extended_data(void); void recv_msg_channel_window_adjust(void); @@ -135,7 +135,7 @@ void recv_msg_channel_open_confirmation(void); void recv_msg_channel_open_failure(void); #endif -void start_send_channel_request(struct Channel *channel, char *type); +void start_send_channel_request(const struct Channel *channel, const char *type); void send_msg_request_success(void); void send_msg_request_failure(void); diff -r e017e46b1434 -r a3479d0d7e79 circbuffer.c --- a/circbuffer.c Thu Apr 25 00:27:25 2013 +0200 +++ b/circbuffer.c Thu Jan 25 21:58:00 2018 +0800 @@ -56,19 +56,19 @@ m_free(cbuf); } -unsigned int cbuf_getused(circbuffer * cbuf) { +unsigned int cbuf_getused(const circbuffer * cbuf) { return cbuf->used; } -unsigned int cbuf_getavail(circbuffer * cbuf) { +unsigned int cbuf_getavail(const circbuffer * cbuf) { return cbuf->size - cbuf->used; } -unsigned int cbuf_writelen(circbuffer *cbuf) { +unsigned int cbuf_writelen(const circbuffer *cbuf) { dropbear_assert(cbuf->used <= cbuf->size); dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size); @@ -86,7 +86,7 @@ return cbuf->size - cbuf->writepos; } -void cbuf_readptrs(circbuffer *cbuf, +void cbuf_readptrs(const circbuffer *cbuf, unsigned char **p1, unsigned int *len1, unsigned char **p2, unsigned int *len2) { *p1 = &cbuf->data[cbuf->readpos]; diff -r e017e46b1434 -r a3479d0d7e79 circbuffer.h --- a/circbuffer.h Thu Apr 25 00:27:25 2013 +0200 +++ b/circbuffer.h Thu Jan 25 21:58:00 2018 +0800 @@ -38,12 +38,12 @@ circbuffer * cbuf_new(unsigned int size); void cbuf_free(circbuffer * cbuf); -unsigned int cbuf_getused(circbuffer * cbuf); /* how much data stored */ -unsigned int cbuf_getavail(circbuffer * cbuf); /* how much we can write */ -unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */ +unsigned int cbuf_getused(const circbuffer * cbuf); /* how much data stored */ +unsigned int cbuf_getavail(const circbuffer * cbuf); /* how much we can write */ +unsigned int cbuf_writelen(const circbuffer *cbuf); /* max linear write len */ /* returns pointers to the two portions of the circular buffer that can be read */ -void cbuf_readptrs(circbuffer *cbuf, +void cbuf_readptrs(const circbuffer *cbuf, unsigned char **p1, unsigned int *len1, unsigned char **p2, unsigned int *len2); unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len); diff -r e017e46b1434 -r a3479d0d7e79 cli-agentfwd.c --- a/cli-agentfwd.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-agentfwd.c Thu Jan 25 21:58:00 2018 +0800 @@ -108,7 +108,7 @@ data Any data, depending on packet type. Encoding as in the ssh packet protocol. */ -static buffer * agent_request(unsigned char type, buffer *data) { +static buffer * agent_request(unsigned char type, const buffer *data) { buffer * payload = NULL; buffer * inbuf = NULL; @@ -230,7 +230,7 @@ } } -void cli_setup_agent(struct Channel *channel) { +void cli_setup_agent(const struct Channel *channel) { if (!getenv("SSH_AUTH_SOCK")) { return; } @@ -254,7 +254,7 @@ } void agent_buf_sign(buffer *sigblob, sign_key *key, - buffer *data_buf) { + const buffer *data_buf) { buffer *request_data = NULL; buffer *response = NULL; unsigned int siglen; diff -r e017e46b1434 -r a3479d0d7e79 cli-auth.c --- a/cli-auth.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-auth.c Thu Jan 25 21:58:00 2018 +0800 @@ -331,7 +331,7 @@ #if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH /* A helper for getpass() that exits if the user cancels. The returned * password is statically allocated by getpass() */ -char* getpass_or_cancel(char* prompt) +char* getpass_or_cancel(const char* prompt) { char* password = NULL; diff -r e017e46b1434 -r a3479d0d7e79 cli-authpubkey.c --- a/cli-authpubkey.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-authpubkey.c Thu Jan 25 21:58:00 2018 +0800 @@ -121,7 +121,7 @@ } void cli_buf_put_sign(buffer* buf, sign_key *key, int type, - buffer *data_buf) { + const buffer *data_buf) { #if DROPBEAR_CLI_AGENTFWD if (key->source == SIGNKEY_SOURCE_AGENT) { /* Format the agent signature ourselves, as buf_put_sign would. */ diff -r e017e46b1434 -r a3479d0d7e79 cli-chansession.c --- a/cli-chansession.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-chansession.c Thu Jan 25 21:58:00 2018 +0800 @@ -35,12 +35,12 @@ #include "chansession.h" #include "agentfwd.h" -static void cli_closechansess(struct Channel *channel); +static void cli_closechansess(const struct Channel *channel); static int cli_initchansess(struct Channel *channel); static void cli_chansessreq(struct Channel *channel); -static void send_chansess_pty_req(struct Channel *channel); -static void send_chansess_shell_req(struct Channel *channel); -static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len); +static void send_chansess_pty_req(const struct Channel *channel); +static void send_chansess_shell_req(const struct Channel *channel); +static void cli_escape_handler(const struct Channel *channel, const unsigned char* buf, int *len); static int cli_init_netcat(struct Channel *channel); static void cli_tty_setup(void); @@ -83,7 +83,7 @@ /* If the main session goes, we close it up */ -static void cli_closechansess(struct Channel *UNUSED(channel)) { +static void cli_closechansess(const struct Channel *UNUSED(channel)) { cli_tty_cleanup(); /* Restore tty modes etc */ /* This channel hasn't gone yet, so we have > 1 */ @@ -270,7 +270,7 @@ cli_ses.winchange = 0; } -static void send_chansess_pty_req(struct Channel *channel) { +static void send_chansess_pty_req(const struct Channel *channel) { char* term = NULL; @@ -303,7 +303,7 @@ TRACE(("leave send_chansess_pty_req")) } -static void send_chansess_shell_req(struct Channel *channel) { +static void send_chansess_shell_req(const struct Channel *channel) { char* reqtype = NULL; @@ -452,7 +452,7 @@ } static -void cli_escape_handler(struct Channel* UNUSED(channel), unsigned char* buf, int *len) { +void cli_escape_handler(const struct Channel* UNUSED(channel), const unsigned char* buf, int *len) { char c; int skip_char = 0; diff -r e017e46b1434 -r a3479d0d7e79 cli-kex.c --- a/cli-kex.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-kex.c Thu Jan 25 21:58:00 2018 +0800 @@ -39,7 +39,7 @@ #include "ecc.h" -static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen); +static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen); #define MAX_KNOWNHOSTS_LINE 4500 void send_msg_kexdh_init() { @@ -185,7 +185,7 @@ TRACE(("leave recv_msg_kexdh_init")) } -static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen, +static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen, const char* algoname) { char* fp = NULL; @@ -282,7 +282,7 @@ return hostsfile; } -static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { +static void checkhostkey(const unsigned char* keyblob, unsigned int keybloblen) { FILE *hostsfile = NULL; int readonly = 0; diff -r e017e46b1434 -r a3479d0d7e79 cli-main.c --- a/cli-main.c Thu Apr 25 00:27:25 2013 +0200 +++ b/cli-main.c Thu Jan 25 21:58:00 2018 +0800 @@ -142,7 +142,7 @@ fflush(stderr); } -static void exec_proxy_cmd(void *user_data_cmd) { +static void exec_proxy_cmd(const void *user_data_cmd) { const char *cmd = user_data_cmd; char *usershell; diff -r e017e46b1434 -r a3479d0d7e79 common-algo.c --- a/common-algo.c Thu Apr 25 00:27:25 2013 +0200 +++ b/common-algo.c Thu Jan 25 21:58:00 2018 +0800 @@ -314,7 +314,7 @@ * against. * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE * otherwise */ -int have_algo(char* algo, size_t algolen, algo_type algos[]) { +int have_algo(const char* algo, size_t algolen, const algo_type algos[]) { int i; @@ -329,7 +329,7 @@ } /* Output a comma separated list of algorithms to a buffer */ -void buf_put_algolist(buffer * buf, algo_type localalgos[]) { +void buf_put_algolist(buffer * buf, const algo_type localalgos[]) { unsigned int i, len; unsigned int donefirst = 0; @@ -501,7 +501,7 @@ #if DROPBEAR_USER_ALGO_LIST char * -algolist_string(algo_type algos[]) +algolist_string(const algo_type algos[]) { char *ret_list; buffer *b = buf_new(200); diff -r e017e46b1434 -r a3479d0d7e79 common-channel.c --- a/common-channel.c Thu Apr 25 00:27:25 2013 +0200 +++ b/common-channel.c Thu Jan 25 21:58:00 2018 +0800 @@ -38,18 +38,18 @@ static void send_msg_channel_open_failure(unsigned int remotechan, int reason, const char *text, const char *lang); -static void send_msg_channel_open_confirmation(struct Channel* channel, +static void send_msg_channel_open_confirmation(const struct Channel* channel, unsigned int recvwindow, unsigned int recvmaxpacket); static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf, const unsigned char *moredata, unsigned int *morelen); -static void send_msg_channel_window_adjust(struct Channel *channel, +static void send_msg_channel_window_adjust(const struct Channel *channel, unsigned int incr); static void send_msg_channel_data(struct Channel *channel, int isextended); static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel); static void remove_channel(struct Channel *channel); -static unsigned int write_pending(struct Channel * channel); +static unsigned int write_pending(const struct Channel * channel); static void check_close(struct Channel *channel); static void close_chan_fd(struct Channel *channel, int fd, int how); @@ -198,7 +198,7 @@ } /* Iterate through the channels, performing IO if available */ -void channelio(fd_set *readfds, fd_set *writefds) { +void channelio(const fd_set *readfds, const fd_set *writefds) { /* Listeners such as TCP, X11, agent-auth */ struct Channel *channel; @@ -262,7 +262,7 @@ /* Returns true if there is data remaining to be written to stdin or * stderr of a channel's endpoint. */ -static unsigned int write_pending(struct Channel * channel) { +static unsigned int write_pending(const struct Channel * channel) { if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) { return 1; @@ -903,7 +903,7 @@ /* Increment the incoming data window for a channel, and let the remote * end know */ -static void send_msg_channel_window_adjust(struct Channel* channel, +static void send_msg_channel_window_adjust(const struct Channel* channel, unsigned int incr) { TRACE(("sending window adjust %d", incr)) @@ -1008,7 +1008,7 @@ } /* Send a failure message */ -void send_msg_channel_failure(struct Channel *channel) { +void send_msg_channel_failure(const struct Channel *channel) { TRACE(("enter send_msg_channel_failure")) CHECKCLEARTOWRITE(); @@ -1021,7 +1021,7 @@ } /* Send a success message */ -void send_msg_channel_success(struct Channel *channel) { +void send_msg_channel_success(const struct Channel *channel) { TRACE(("enter send_msg_channel_success")) CHECKCLEARTOWRITE(); @@ -1053,7 +1053,7 @@ /* Confirm a channel open, and let the remote end know what number we've * allocated and the receive parameters */ -static void send_msg_channel_open_confirmation(struct Channel* channel, +static void send_msg_channel_open_confirmation(const struct Channel* channel, unsigned int recvwindow, unsigned int recvmaxpacket) { @@ -1239,8 +1239,8 @@ return NULL; } -void start_send_channel_request(struct Channel *channel, - char *type) { +void start_send_channel_request(const struct Channel *channel, + const char *type) { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); diff -r e017e46b1434 -r a3479d0d7e79 common-kex.c --- a/common-kex.c Thu Apr 25 00:27:25 2013 +0200 +++ b/common-kex.c Thu Jan 25 21:58:00 2018 +0800 @@ -714,7 +714,7 @@ m_free(param); } -void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them, +void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them, sign_key *hostkey) { unsigned char out[CURVE25519_LEN]; const unsigned char* Q_C = NULL; diff -r e017e46b1434 -r a3479d0d7e79 configure.ac --- a/configure.ac Thu Apr 25 00:27:25 2013 +0200 +++ b/configure.ac Thu Jan 25 21:58:00 2018 +0800 @@ -833,6 +833,7 @@ AS_MKDIR_P(libtomcrypt/src/modes/ofb) AS_MKDIR_P(libtomcrypt/src/modes/f8) AS_MKDIR_P(libtomcrypt/src/modes/lrw) +AS_MKDIR_P(libtomcrypt/src/modes/xts) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice) diff -r e017e46b1434 -r a3479d0d7e79 dbrandom.c --- a/dbrandom.c Thu Apr 25 00:27:25 2013 +0200 +++ b/dbrandom.c Thu Jan 25 21:58:00 2018 +0800 @@ -141,7 +141,7 @@ return ret; } -void addrandom(unsigned char * buf, unsigned int len) +void addrandom(const unsigned char * buf, unsigned int len) { hash_state hs; diff -r e017e46b1434 -r a3479d0d7e79 dbrandom.h --- a/dbrandom.h Thu Apr 25 00:27:25 2013 +0200 +++ b/dbrandom.h Thu Jan 25 21:58:00 2018 +0800 @@ -29,7 +29,7 @@ void seedrandom(void); void genrandom(unsigned char* buf, unsigned int len); -void addrandom(unsigned char * buf, unsigned int len); +void addrandom(const unsigned char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); #endif /* DROPBEAR_RANDOM_H_ */ diff -r e017e46b1434 -r a3479d0d7e79 dbutil.c --- a/dbutil.c Thu Apr 25 00:27:25 2013 +0200 +++ b/dbutil.c Thu Jan 25 21:58:00 2018 +0800 @@ -241,7 +241,7 @@ * it will be run after the child has fork()ed, and is passed exec_data. * If ret_errfd == NULL then stderr will not be captured. * ret_pid can be passed as NULL to discard the pid. */ -int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, +int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { int infds[2]; int outfds[2]; @@ -506,7 +506,7 @@ void m_close(int fd) { int val; - if (fd == -1) { + if (fd < 0) { return; } diff -r e017e46b1434 -r a3479d0d7e79 dbutil.h --- a/dbutil.h Thu Apr 25 00:27:25 2013 +0200 +++ b/dbutil.h Thu Jan 25 21:58:00 2018 +0800 @@ -56,7 +56,7 @@ char * stripcontrol(const char * text); -int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, +int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, int *writefd, int *readfd, int *errfd, pid_t *pid); void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); #ifdef ENABLE_CONNECT_UNIX diff -r e017e46b1434 -r a3479d0d7e79 dropbearkey.c --- a/dropbearkey.c Thu Apr 25 00:27:25 2013 +0200 +++ b/dropbearkey.c Thu Jan 25 21:58:00 2018 +0800 @@ -241,7 +241,7 @@ } genbits = signkey_generate_get_bits(keytype, bits); - fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext); + fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext); if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE) { dropbear_exit("Failed to generate key.\n"); diff -r e017e46b1434 -r a3479d0d7e79 dss.c --- a/dss.c Thu Apr 25 00:27:25 2013 +0200 +++ b/dss.c Thu Jan 25 21:58:00 2018 +0800 @@ -127,7 +127,7 @@ * mpint g * mpint y */ -void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) { +void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) { dropbear_assert(key != NULL); buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); @@ -139,7 +139,7 @@ } /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ -void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) { +void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key) { dropbear_assert(key != NULL); buf_put_dss_pub_key(buf, key); @@ -150,7 +150,7 @@ #if DROPBEAR_SIGNKEY_VERIFY /* Verify a DSS signature (in buf) made on data by the key given. * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { +int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) { unsigned char msghash[SHA1_HASH_SIZE]; hash_state hs; int ret = DROPBEAR_FAILURE; @@ -255,7 +255,7 @@ /* Sign the data presented with key, writing the signature contents * to the buffer */ -void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { +void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) { unsigned char msghash[SHA1_HASH_SIZE]; unsigned int writelen; unsigned int i; diff -r e017e46b1434 -r a3479d0d7e79 dss.h --- a/dss.h Thu Apr 25 00:27:25 2013 +0200 +++ b/dss.h Thu Jan 25 21:58:00 2018 +0800 @@ -44,14 +44,14 @@ #define DSS_P_BITS 1024 #define DSS_Q_BITS 160 -void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf); +void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf); #if DROPBEAR_SIGNKEY_VERIFY -int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf); +int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf); #endif int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key); int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key); -void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key); -void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key); +void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key); +void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key); void dss_key_free(dropbear_dss_key *key); #endif /* DROPBEAR_DSS */ diff -r e017e46b1434 -r a3479d0d7e79 ecc.c --- a/ecc.c Thu Apr 25 00:27:25 2013 +0200 +++ b/ecc.c Thu Jan 25 21:58:00 2018 +0800 @@ -82,7 +82,7 @@ /* Copied from libtomcrypt ecc_import.c (version there is static), modified for different mp_int pointer without LTC_SOURCE */ -static int ecc_is_point(ecc_key *key) +static int ecc_is_point(const ecc_key *key) { mp_int *prime, *b, *t1, *t2; int err; @@ -213,7 +213,7 @@ /* a modified version of libtomcrypt's "ecc_shared_secret" to output a mp_int instead. */ -mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key) +mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key) { ecc_point *result = NULL; mp_int *prime = NULL, *shared_secret = NULL; diff -r e017e46b1434 -r a3479d0d7e79 ecc.h --- a/ecc.h Thu Apr 25 00:27:25 2013 +0200 +++ b/ecc.h Thu Jan 25 21:58:00 2018 +0800 @@ -29,7 +29,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve); int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key); -mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key); +mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key); #endif diff -r e017e46b1434 -r a3479d0d7e79 ecdsa.c --- a/ecdsa.c Thu Apr 25 00:27:25 2013 +0200 +++ b/ecdsa.c Thu Jan 25 21:58:00 2018 +0800 @@ -15,7 +15,7 @@ || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521; } -enum signkey_type ecdsa_signkey_type(ecc_key * key) { +enum signkey_type ecdsa_signkey_type(const ecc_key * key) { #if DROPBEAR_ECC_256 if (key->dp == ecc_curve_nistp256.dp) { return DROPBEAR_SIGNKEY_ECDSA_NISTP256; @@ -154,7 +154,7 @@ buf_putmpint(buf, key->k); } -void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) { +void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) { /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */ int err = DROPBEAR_FAILURE; struct dropbear_ecc_curve *curve = NULL; @@ -272,7 +272,7 @@ } -int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) { +int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) { /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */ int ret = DROPBEAR_FAILURE; hash_state hs; diff -r e017e46b1434 -r a3479d0d7e79 ecdsa.h --- a/ecdsa.h Thu Apr 25 00:27:25 2013 +0200 +++ b/ecdsa.h Thu Jan 25 21:58:00 2018 +0800 @@ -23,10 +23,10 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf); void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key); void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key); -enum signkey_type ecdsa_signkey_type(ecc_key * key); +enum signkey_type ecdsa_signkey_type(const ecc_key * key); -void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf); -int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf); +void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf); +int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf); /* Returns 1 on success */ int signkey_is_ecdsa(enum signkey_type type); diff -r e017e46b1434 -r a3479d0d7e79 gendss.c --- a/gendss.c Thu Apr 25 00:27:25 2013 +0200 +++ b/gendss.c Thu Jan 25 21:58:00 2018 +0800 @@ -37,11 +37,11 @@ #if DROPBEAR_DSS -static void getq(dropbear_dss_key *key); -static void getp(dropbear_dss_key *key, unsigned int size); -static void getg(dropbear_dss_key *key); -static void getx(dropbear_dss_key *key); -static void gety(dropbear_dss_key *key); +static void getq(const dropbear_dss_key *key); +static void getp(const dropbear_dss_key *key, unsigned int size); +static void getg(const dropbear_dss_key *key); +static void getx(const dropbear_dss_key *key); +static void gety(const dropbear_dss_key *key); dropbear_dss_key * gen_dss_priv_key(unsigned int size) { @@ -65,7 +65,7 @@ } -static void getq(dropbear_dss_key *key) { +static void getq(const dropbear_dss_key *key) { unsigned char buf[QSIZE]; @@ -83,7 +83,7 @@ } } -static void getp(dropbear_dss_key *key, unsigned int size) { +static void getp(const dropbear_dss_key *key, unsigned int size) { DEF_MP_INT(tempX); DEF_MP_INT(tempC); @@ -142,7 +142,7 @@ m_free(buf); } -static void getg(dropbear_dss_key * key) { +static void getg(const dropbear_dss_key * key) { DEF_MP_INT(div); DEF_MP_INT(h); @@ -179,12 +179,12 @@ mp_clear_multi(&div, &h, &val, NULL); } -static void getx(dropbear_dss_key *key) { +static void getx(const dropbear_dss_key *key) { gen_random_mpint(key->q, key->x); } -static void gety(dropbear_dss_key *key) { +static void gety(const dropbear_dss_key *key) { if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) { fprintf(stderr, "DSS key generation failed\n"); diff -r e017e46b1434 -r a3479d0d7e79 kex.h --- a/kex.h Thu Apr 25 00:27:25 2013 +0200 +++ b/kex.h Thu Jan 25 21:58:00 2018 +0800 @@ -50,7 +50,7 @@ #if DROPBEAR_CURVE25519 struct kex_curve25519_param *gen_kexcurve25519_param(void); void free_kexcurve25519_param(struct kex_curve25519_param *param); -void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them, +void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *pub_them, sign_key *hostkey); #endif diff -r e017e46b1434 -r a3479d0d7e79 keyimport.c --- a/keyimport.c Thu Apr 25 00:27:25 2013 +0200 +++ b/keyimport.c Thu Jan 25 21:58:00 2018 +0800 @@ -55,9 +55,9 @@ ((unsigned long)(unsigned char)(cp)[3])) static int openssh_encrypted(const char *filename); -static sign_key *openssh_read(const char *filename, char *passphrase); +static sign_key *openssh_read(const char *filename, const char *passphrase); static int openssh_write(const char *filename, sign_key *key, - char *passphrase); + const char *passphrase); static int dropbear_write(const char*filename, sign_key * key); static sign_key *dropbear_read(const char* filename); @@ -83,7 +83,7 @@ return 0; } -sign_key *import_read(const char *filename, char *passphrase, int filetype) { +sign_key *import_read(const char *filename, const char *passphrase, int filetype) { if (filetype == KEYFILE_OPENSSH) { return openssh_read(filename, passphrase); @@ -97,7 +97,7 @@ return NULL; } -int import_write(const char *filename, sign_key *key, char *passphrase, +int import_write(const char *filename, sign_key *key, const char *passphrase, int filetype) { if (filetype == KEYFILE_OPENSSH) { @@ -194,7 +194,7 @@ ) /* cpl has to be less than 100 */ -static void base64_encode_fp(FILE * fp, unsigned char *data, +static void base64_encode_fp(FILE * fp, const unsigned char *data, int datalen, int cpl) { unsigned char out[100]; @@ -509,7 +509,7 @@ return ret; } -static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) +static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase)) { struct openssh_key *key; unsigned char *p; @@ -828,7 +828,7 @@ } static int openssh_write(const char *filename, sign_key *key, - char *passphrase) + const char *passphrase) { buffer * keyblob = NULL; buffer * extrablob = NULL; /* used for calculated values to write */ diff -r e017e46b1434 -r a3479d0d7e79 keyimport.h --- a/keyimport.h Thu Apr 25 00:27:25 2013 +0200 +++ b/keyimport.h Thu Jan 25 21:58:00 2018 +0800 @@ -34,9 +34,9 @@ KEYFILE_SSHCOM }; -int import_write(const char *filename, sign_key *key, char *passphrase, +int import_write(const char *filename, sign_key *key, const char *passphrase, int filetype); -sign_key *import_read(const char *filename, char *passphrase, int filetype); +sign_key *import_read(const char *filename, const char *passphrase, int filetype); int import_encrypted(const char* filename, int filetype); #endif /* DROPBEAR_KEYIMPORT_H_ */ diff -r e017e46b1434 -r a3479d0d7e79 libtomcrypt/Makefile.in --- a/libtomcrypt/Makefile.in Thu Apr 25 00:27:25 2013 +0200 +++ b/libtomcrypt/Makefile.in Thu Jan 25 21:58:00 2018 +0800 @@ -9,7 +9,8 @@ PLATFORM := $(shell uname | sed -e 's/_.*//') -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # Compiler and Linker Names #CC=gcc diff -r e017e46b1434 -r a3479d0d7e79 libtommath/Makefile.in --- a/libtommath/Makefile.in Thu Apr 25 00:27:25 2013 +0200 +++ b/libtommath/Makefile.in Thu Jan 25 21:58:00 2018 +0800 @@ -2,7 +2,8 @@ # #Tom St Denis -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # So that libtommath can include Dropbear headers for options and m_burn() CFLAGS += -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../ @@ -26,8 +27,6 @@ coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME) -Wl,--no-whole-archive -include makefile.include - LCOV_ARGS=--directory . #START_INS diff -r e017e46b1434 -r a3479d0d7e79 listener.c --- a/listener.c Thu Apr 25 00:27:25 2013 +0200 +++ b/listener.c Thu Jan 25 21:58:00 2018 +0800 @@ -53,7 +53,7 @@ } -void handle_listeners(fd_set * readfds) { +void handle_listeners(const fd_set * readfds) { unsigned int i, j; struct Listener *listener; @@ -76,10 +76,10 @@ /* acceptor(int fd, void* typedata) is a function to accept connections, * cleanup(void* typedata) happens when cleaning up */ -struct Listener* new_listener(int socks[], unsigned int nsocks, +struct Listener* new_listener(const int socks[], unsigned int nsocks, int type, void* typedata, - void (*acceptor)(struct Listener* listener, int sock), - void (*cleanup)(struct Listener*)) { + void (*acceptor)(const struct Listener* listener, int sock), + void (*cleanup)(const struct Listener*)) { unsigned int i, j; struct Listener *newlisten = NULL; @@ -132,8 +132,8 @@ /* Return the first listener which matches the type-specific comparison * function. Particularly needed for global requests, like tcp */ -struct Listener * get_listener(int type, void* typedata, - int (*match)(void*, void*)) { +struct Listener * get_listener(int type, const void* typedata, + int (*match)(const void*, const void*)) { unsigned int i; struct Listener* listener; diff -r e017e46b1434 -r a3479d0d7e79 listener.h --- a/listener.h Thu Apr 25 00:27:25 2013 +0200 +++ b/listener.h Thu Jan 25 21:58:00 2018 +0800 @@ -35,8 +35,8 @@ int index; /* index in the array of listeners */ - void (*acceptor)(struct Listener*, int sock); - void (*cleanup)(struct Listener*); + void (*acceptor)(const struct Listener*, int sock); + void (*cleanup)(const struct Listener*); int type; /* CHANNEL_ID_X11, CHANNEL_ID_AGENT, CHANNEL_ID_TCPDIRECT (for clients), @@ -47,16 +47,16 @@ }; void listeners_initialise(void); -void handle_listeners(fd_set * readfds); +void handle_listeners(const fd_set * readfds); void set_listener_fds(fd_set * readfds); -struct Listener* new_listener(int socks[], unsigned int nsocks, +struct Listener* new_listener(const int socks[], unsigned int nsocks, int type, void* typedata, - void (*acceptor)(struct Listener* listener, int sock), - void (*cleanup)(struct Listener*)); + void (*acceptor)(const struct Listener* listener, int sock), + void (*cleanup)(const struct Listener*)); -struct Listener * get_listener(int type, void* typedata, - int (*match)(void*, void*)); +struct Listener * get_listener(int type, const void* typedata, + int (*match)(const void*, const void*)); void remove_listener(struct Listener* listener); diff -r e017e46b1434 -r a3479d0d7e79 netio.c --- a/netio.c Thu Apr 25 00:27:25 2013 +0200 +++ b/netio.c Thu Jan 25 21:58:00 2018 +0800 @@ -197,7 +197,7 @@ } } -void handle_connect_fds(fd_set *writefd) { +void handle_connect_fds(const fd_set *writefd) { m_list_elem *iter; TRACE(("enter handle_connect_fds")) for (iter = ses.conn_pending.first; iter; iter = iter->next) { @@ -240,7 +240,7 @@ c->writequeue = writequeue; } -void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count) { +void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count) { struct Link *l; unsigned int i; int len; diff -r e017e46b1434 -r a3479d0d7e79 netio.h --- a/netio.h Thu Apr 25 00:27:25 2013 +0200 +++ b/netio.h Thu Jan 25 21:58:00 2018 +0800 @@ -34,7 +34,7 @@ /* Sets up for select() */ void set_connect_fds(fd_set *writefd); /* Handles ready sockets after select() */ -void handle_connect_fds(fd_set *writefd); +void handle_connect_fds(const fd_set *writefd); /* Cleanup */ void remove_connect_pending(void); @@ -45,7 +45,7 @@ /* TODO: writev #ifdef guard */ /* Fills out iov which contains iov_count slots, returning the number filled in iov_count */ -void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count); +void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count); void packet_queue_consume(struct Queue *queue, ssize_t written); #if DROPBEAR_SERVER_TCP_FAST_OPEN diff -r e017e46b1434 -r a3479d0d7e79 packet.c --- a/packet.c Thu Apr 25 00:27:25 2013 +0200 +++ b/packet.c Thu Jan 25 21:58:00 2018 +0800 @@ -49,7 +49,7 @@ #define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6) #define ZLIB_DECOMPRESS_INCR 1024 #ifndef DISABLE_ZLIB -static buffer* buf_decompress(buffer* buf, unsigned int len); +static buffer* buf_decompress(const buffer* buf, unsigned int len); static void buf_compress(buffer * dest, buffer * src, unsigned int len); #endif @@ -367,7 +367,7 @@ #ifndef DISABLE_ZLIB /* returns a pointer to a newly created buffer */ -static buffer* buf_decompress(buffer* buf, unsigned int len) { +static buffer* buf_decompress(const buffer* buf, unsigned int len) { int result; buffer * ret; diff -r e017e46b1434 -r a3479d0d7e79 queue.c --- a/queue.c Thu Apr 25 00:27:25 2013 +0200 +++ b/queue.c Thu Jan 25 21:58:00 2018 +0800 @@ -33,7 +33,7 @@ queue->count = 0; } -int isempty(struct Queue* queue) { +int isempty(const struct Queue* queue) { return (queue->head == NULL); } @@ -60,7 +60,7 @@ return ret; } -void *examine(struct Queue* queue) { +void *examine(const struct Queue* queue) { dropbear_assert(!isempty(queue)); return queue->head->item; diff -r e017e46b1434 -r a3479d0d7e79 queue.h --- a/queue.h Thu Apr 25 00:27:25 2013 +0200 +++ b/queue.h Thu Jan 25 21:58:00 2018 +0800 @@ -41,9 +41,9 @@ }; void initqueue(struct Queue* queue); -int isempty(struct Queue* queue); +int isempty(const struct Queue* queue); void* dequeue(struct Queue* queue); -void *examine(struct Queue* queue); +void *examine(const struct Queue* queue); void enqueue(struct Queue* queue, void* item); #endif diff -r e017e46b1434 -r a3479d0d7e79 rsa.c --- a/rsa.c Thu Apr 25 00:27:25 2013 +0200 +++ b/rsa.c Thu Jan 25 21:58:00 2018 +0800 @@ -38,8 +38,8 @@ #if DROPBEAR_RSA -static void rsa_pad_em(dropbear_rsa_key * key, - buffer *data_buf, mp_int * rsa_em); +static void rsa_pad_em(const dropbear_rsa_key * key, + const buffer *data_buf, mp_int * rsa_em); /* Load a public rsa key from a buffer, initialising the values. * The key will have the same format as buf_put_rsa_key. @@ -147,7 +147,7 @@ * mp_int e * mp_int n */ -void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { +void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) { TRACE(("enter buf_put_rsa_pub_key")) dropbear_assert(key != NULL); @@ -161,7 +161,7 @@ } /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */ -void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) { +void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key) { TRACE(("enter buf_put_rsa_priv_key")) @@ -185,7 +185,7 @@ #if DROPBEAR_SIGNKEY_VERIFY /* Verify a signature in buf, made on data by the key given. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) { +int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf) { unsigned int slen; DEF_MP_INT(rsa_s); DEF_MP_INT(rsa_mdash); @@ -240,7 +240,7 @@ /* Sign the data presented with key, writing the signature contents * to the buffer */ -void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) { +void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf) { unsigned int nsize, ssize; unsigned int i; DEF_MP_INT(rsa_s); @@ -346,8 +346,8 @@ * * rsa_em must be a pointer to an initialised mp_int. */ -static void rsa_pad_em(dropbear_rsa_key * key, - buffer *data_buf, mp_int * rsa_em) { +static void rsa_pad_em(const dropbear_rsa_key * key, + const buffer *data_buf, mp_int * rsa_em) { /* ASN1 designator (including the 0x00 preceding) */ const unsigned char rsa_asn1_magic[] = diff -r e017e46b1434 -r a3479d0d7e79 rsa.h --- a/rsa.h Thu Apr 25 00:27:25 2013 +0200 +++ b/rsa.h Thu Jan 25 21:58:00 2018 +0800 @@ -43,14 +43,14 @@ } dropbear_rsa_key; -void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf); +void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf); #if DROPBEAR_SIGNKEY_VERIFY -int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf); +int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf); #endif int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key); int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key); -void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key); -void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key); +void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key); +void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key); void rsa_key_free(dropbear_rsa_key *key); #endif /* DROPBEAR_RSA */ diff -r e017e46b1434 -r a3479d0d7e79 signkey.c --- a/signkey.c Thu Apr 25 00:27:25 2013 +0200 +++ b/signkey.c Thu Jan 25 21:58:00 2018 +0800 @@ -400,7 +400,7 @@ /* Since we're not sure if we'll have md5 or sha1, we present both. * MD5 is used in preference, but sha1 could still be useful */ #if DROPBEAR_MD5_HMAC -static char * sign_key_md5_fingerprint(unsigned char* keyblob, +static char * sign_key_md5_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) { char * ret; @@ -435,7 +435,7 @@ } #else /* use SHA1 rather than MD5 for fingerprint */ -static char * sign_key_sha1_fingerprint(unsigned char* keyblob, +static char * sign_key_sha1_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) { char * ret; @@ -472,7 +472,7 @@ /* This will return a freshly malloced string, containing a fingerprint * in either sha1 or md5 */ -char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) { +char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) { #if DROPBEAR_MD5_HMAC return sign_key_md5_fingerprint(keyblob, keybloblen); @@ -482,7 +482,7 @@ } void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, - buffer *data_buf) { + const buffer *data_buf) { buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); @@ -517,7 +517,7 @@ * If FAILURE is returned, the position of * buf is undefined. If SUCCESS is returned, buf will be positioned after the * signature blob */ -int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { +int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf) { char *type_name = NULL; unsigned int type_name_len = 0; @@ -570,7 +570,7 @@ of the key if it is successfully decoded */ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, const unsigned char* algoname, unsigned int algolen, - buffer * line, char ** fingerprint) { + const buffer * line, char ** fingerprint) { buffer * decodekey = NULL; int ret = DROPBEAR_FAILURE; diff -r e017e46b1434 -r a3479d0d7e79 signkey.h --- a/signkey.h Thu Apr 25 00:27:25 2013 +0200 +++ b/signkey.h Thu Jan 25 21:58:00 2018 +0800 @@ -90,14 +90,14 @@ void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type); void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type); void sign_key_free(sign_key *key); -void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf); +void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, const buffer *data_buf); #if DROPBEAR_SIGNKEY_VERIFY -int buf_verify(buffer * buf, sign_key *key, buffer *data_buf); -char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen); +int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf); +char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen); #endif int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, const unsigned char* algoname, unsigned int algolen, - buffer * line, char ** fingerprint); + const buffer * line, char ** fingerprint); void** signkey_key_ptr(sign_key *key, enum signkey_type type); diff -r e017e46b1434 -r a3479d0d7e79 svr-agentfwd.c --- a/svr-agentfwd.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-agentfwd.c Thu Jan 25 21:58:00 2018 +0800 @@ -45,7 +45,7 @@ static int send_msg_channel_open_agent(int fd); static int bindagent(int fd, struct ChanSess * chansess); -static void agentaccept(struct Listener * listener, int sock); +static void agentaccept(const struct Listener * listener, int sock); /* Handles client requests to start agent forwarding, sets up listening socket. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ @@ -100,7 +100,7 @@ /* accepts a connection on the forwarded socket and opens a new channel for it * back to the client */ /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -static void agentaccept(struct Listener *UNUSED(listener), int sock) { +static void agentaccept(const struct Listener *UNUSED(listener), int sock) { int fd; @@ -118,7 +118,7 @@ /* set up the environment variable pointing to the socket. This is called * just before command/shell execution, after dropping privileges */ -void svr_agentset(struct ChanSess * chansess) { +void svr_agentset(const struct ChanSess * chansess) { char *path = NULL; int len; diff -r e017e46b1434 -r a3479d0d7e79 svr-auth.c --- a/svr-auth.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-auth.c Thu Jan 25 21:58:00 2018 +0800 @@ -81,7 +81,7 @@ /* Send a banner message if specified to the client. The client might * ignore this, but possibly serves as a legal "no trespassing" sign */ -void send_msg_userauth_banner(buffer *banner) { +void send_msg_userauth_banner(const buffer *banner) { TRACE(("enter send_msg_userauth_banner")) diff -r e017e46b1434 -r a3479d0d7e79 svr-authpubkey.c --- a/svr-authpubkey.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-authpubkey.c Thu Jan 25 21:58:00 2018 +0800 @@ -70,11 +70,11 @@ #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ -static int checkpubkey(char* algo, unsigned int algolen, - unsigned char* keyblob, unsigned int keybloblen); +static int checkpubkey(const char* algo, unsigned int algolen, + const unsigned char* keyblob, unsigned int keybloblen); static int checkpubkeyperms(void); -static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen, - unsigned char* keyblob, unsigned int keybloblen); +static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen, + const unsigned char* keyblob, unsigned int keybloblen); static int checkfileperm(char * filename); /* process a pubkey auth request, sending success or failure message as @@ -173,8 +173,8 @@ /* Reply that the key is valid for auth, this is sent when the user sends * a straight copy of their pubkey to test, to avoid having to perform * expensive signing operations with a worthless key */ -static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen, - unsigned char* keyblob, unsigned int keybloblen) { +static void send_msg_userauth_pk_ok(const char* algo, unsigned int algolen, + const unsigned char* keyblob, unsigned int keybloblen) { TRACE(("enter send_msg_userauth_pk_ok")) CHECKCLEARTOWRITE(); @@ -188,7 +188,7 @@ } -static int checkpubkey_line(buffer* line, int line_num, char* filename, +static int checkpubkey_line(buffer* line, int line_num, const char* filename, const char* algo, unsigned int algolen, const unsigned char* keyblob, unsigned int keybloblen) { buffer *options_buf = NULL; @@ -196,7 +196,7 @@ int ret = DROPBEAR_FAILURE; if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { - TRACE(("checkpubkey: bad line length %d", line->len)) + TRACE(("checkpubkey_line: bad line length %d", line->len)) return DROPBEAR_FAILURE; } @@ -261,7 +261,7 @@ /* check for space (' ') character */ if (buf_getbyte(line) != ' ') { - TRACE(("checkpubkey: space character expected, isn't there")) + TRACE(("checkpubkey_line: space character expected, isn't there")) goto out; } @@ -273,7 +273,7 @@ buf_setpos(line, pos); buf_setlen(line, line->pos + len); - TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) + TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len)) ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); @@ -292,8 +292,8 @@ /* Checks whether a specified publickey (and associated algorithm) is an * acceptable key for authentication */ /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ -static int checkpubkey(char* algo, unsigned int algolen, - unsigned char* keyblob, unsigned int keybloblen) { +static int checkpubkey(const char* algo, unsigned int algolen, + const unsigned char* keyblob, unsigned int keybloblen) { FILE * authfile = NULL; char * filename = NULL; @@ -361,8 +361,8 @@ } line_num++; - if (checkpubkey_line(line, line_num, filename, - algo, algolen, keyblob, keybloblen) == DROPBEAR_SUCCESS) { + ret = checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); + if (ret == DROPBEAR_SUCCESS) { break; } diff -r e017e46b1434 -r a3479d0d7e79 svr-chansession.c --- a/svr-chansession.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-chansession.c Thu Jan 25 21:58:00 2018 +0800 @@ -43,24 +43,24 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, int iscmd, int issubsys); static int sessionpty(struct ChanSess * chansess); -static int sessionsignal(struct ChanSess *chansess); +static int sessionsignal(const struct ChanSess *chansess); static int noptycommand(struct Channel *channel, struct ChanSess *chansess); static int ptycommand(struct Channel *channel, struct ChanSess *chansess); -static int sessionwinchange(struct ChanSess *chansess); -static void execchild(void *user_data_chansess); +static int sessionwinchange(const struct ChanSess *chansess); +static void execchild(const void *user_data_chansess); static void addchildpid(struct ChanSess *chansess, pid_t pid); static void sesssigchild_handler(int val); -static void closechansess(struct Channel *channel); +static void closechansess(const struct Channel *channel); static int newchansess(struct Channel *channel); static void chansessionrequest(struct Channel *channel); -static int sesscheckclose(struct Channel *channel); +static int sesscheckclose(const struct Channel *channel); -static void send_exitsignalstatus(struct Channel *channel); -static void send_msg_chansess_exitstatus(struct Channel * channel, - struct ChanSess * chansess); -static void send_msg_chansess_exitsignal(struct Channel * channel, - struct ChanSess * chansess); -static void get_termmodes(struct ChanSess *chansess); +static void send_exitsignalstatus(const struct Channel *channel); +static void send_msg_chansess_exitstatus(const struct Channel * channel, + const struct ChanSess * chansess); +static void send_msg_chansess_exitsignal(const struct Channel * channel, + const struct ChanSess * chansess); +static void get_termmodes(const struct ChanSess *chansess); const struct ChanType svrchansess = { 0, /* sepfds */ @@ -74,7 +74,7 @@ /* required to clear environment */ extern char** environ; -static int sesscheckclose(struct Channel *channel) { +static int sesscheckclose(const struct Channel *channel) { struct ChanSess *chansess = (struct ChanSess*)channel->typedata; TRACE(("sesscheckclose, pid is %d", chansess->exit.exitpid)) return chansess->exit.exitpid != -1; @@ -159,7 +159,7 @@ } /* send the exit status or the signal causing termination for a session */ -static void send_exitsignalstatus(struct Channel *channel) { +static void send_exitsignalstatus(const struct Channel *channel) { struct ChanSess *chansess = (struct ChanSess*)channel->typedata; @@ -173,8 +173,8 @@ } /* send the exitstatus to the client */ -static void send_msg_chansess_exitstatus(struct Channel * channel, - struct ChanSess * chansess) { +static void send_msg_chansess_exitstatus(const struct Channel * channel, + const struct ChanSess * chansess) { dropbear_assert(chansess->exit.exitpid != -1); dropbear_assert(chansess->exit.exitsignal == -1); @@ -192,8 +192,8 @@ } /* send the signal causing the exit to the client */ -static void send_msg_chansess_exitsignal(struct Channel * channel, - struct ChanSess * chansess) { +static void send_msg_chansess_exitsignal(const struct Channel * channel, + const struct ChanSess * chansess) { int i; char* signame = NULL; @@ -273,7 +273,7 @@ } static struct logininfo* -chansess_login_alloc(struct ChanSess *chansess) { +chansess_login_alloc(const struct ChanSess *chansess) { struct logininfo * li; li = login_alloc_entry(chansess->pid, ses.authstate.username, svr_ses.remotehost, chansess->tty); @@ -281,7 +281,7 @@ } /* clean a session channel */ -static void closechansess(struct Channel *channel) { +static void closechansess(const struct Channel *channel) { struct ChanSess *chansess; unsigned int i; @@ -403,7 +403,7 @@ /* Send a signal to a session's process as requested by the client*/ -static int sessionsignal(struct ChanSess *chansess) { +static int sessionsignal(const struct ChanSess *chansess) { int sig = 0; char* signame = NULL; @@ -441,7 +441,7 @@ /* Let the process know that the window size has changed, as notified from the * client. Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -static int sessionwinchange(struct ChanSess *chansess) { +static int sessionwinchange(const struct ChanSess *chansess) { int termc, termr, termw, termh; @@ -460,7 +460,7 @@ return DROPBEAR_SUCCESS; } -static void get_termmodes(struct ChanSess *chansess) { +static void get_termmodes(const struct ChanSess *chansess) { struct termios termio; unsigned char opcode; @@ -898,7 +898,7 @@ /* Clean up, drop to user privileges, set up the environment and execute * the command/shell. This function does not return. */ -static void execchild(void *user_data) { +static void execchild(const void *user_data) { struct ChanSess *chansess = user_data; char *usershell = NULL; diff -r e017e46b1434 -r a3479d0d7e79 svr-tcpfwd.c --- a/svr-tcpfwd.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-tcpfwd.c Thu Jan 25 21:58:00 2018 +0800 @@ -107,7 +107,7 @@ TRACE(("leave recv_msg_global_request")) } -static int matchtcp(void* typedata1, void* typedata2) { +static int matchtcp(const void* typedata1, const void* typedata2) { const struct TCPListener *info1 = (struct TCPListener*)typedata1; const struct TCPListener *info2 = (struct TCPListener*)typedata2; diff -r e017e46b1434 -r a3479d0d7e79 svr-x11fwd.c --- a/svr-x11fwd.c Thu Apr 25 00:27:25 2013 +0200 +++ b/svr-x11fwd.c Thu Jan 25 21:58:00 2018 +0800 @@ -38,9 +38,9 @@ #define X11BASEPORT 6000 #define X11BINDBASE 6010 -static void x11accept(struct Listener* listener, int sock); +static void x11accept(const struct Listener* listener, int sock); static int bindport(int fd); -static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr); +static int send_msg_channel_open_x11(int fd, const struct sockaddr_in* addr); /* Check untrusted xauth strings for metacharacters */ /* Returns DROPBEAR_SUCCESS/DROPBEAR_FAILURE */ @@ -126,7 +126,7 @@ /* accepts a new X11 socket */ /* returns DROPBEAR_FAILURE or DROPBEAR_SUCCESS */ -static void x11accept(struct Listener* listener, int sock) { +static void x11accept(const struct Listener* listener, int sock) { int fd; struct sockaddr_in addr; @@ -154,7 +154,7 @@ /* This is called after switching to the user, and sets up the xauth * and environment variables. */ -void x11setauth(struct ChanSess *chansess) { +void x11setauth(const struct ChanSess *chansess) { char display[20]; /* space for "localhost:12345.123" */ FILE * authprog = NULL; @@ -220,7 +220,7 @@ }; -static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr) { +static int send_msg_channel_open_x11(int fd, const struct sockaddr_in* addr) { char* ipstring = NULL; diff -r e017e46b1434 -r a3479d0d7e79 tcp-accept.c --- a/tcp-accept.c Thu Apr 25 00:27:25 2013 +0200 +++ b/tcp-accept.c Thu Jan 25 21:58:00 2018 +0800 @@ -35,7 +35,7 @@ #if DROPBEAR_TCP_ACCEPT -static void cleanup_tcp(struct Listener *listener) { +static void cleanup_tcp(const struct Listener *listener) { struct TCPListener *tcpinfo = (struct TCPListener*)(listener->typedata); @@ -52,7 +52,7 @@ return 0; } -static void tcp_acceptor(struct Listener *listener, int sock) { +static void tcp_acceptor(const struct Listener *listener, int sock) { int fd; struct sockaddr_storage sa; diff -r e017e46b1434 -r a3479d0d7e79 x11fwd.h --- a/x11fwd.h Thu Apr 25 00:27:25 2013 +0200 +++ b/x11fwd.h Thu Jan 25 21:58:00 2018 +0800 @@ -30,7 +30,7 @@ #include "channel.h" int x11req(struct ChanSess * chansess); -void x11setauth(struct ChanSess *chansess); +void x11setauth(const struct ChanSess *chansess); void x11cleanup(struct ChanSess *chansess); #endif /* DROPBEAR_X11FWD */