changeset 642:33fd2f3499d2 dropbear-tfm

A few build fixes
author Matt Johnston <matt@ucc.asn.au>
date Tue, 22 Nov 2011 19:28:58 +0700
parents 2b1bb792cd4d
children a362b62d38b2
files Makefile.in buffer.c common-kex.c configure.in dss.c dss.h includes.h random.h rsa.c
diffstat 9 files changed, 73 insertions(+), 73 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile.in	Mon Nov 21 19:52:28 2011 +0800
+++ b/Makefile.in	Tue Nov 22 19:28:58 2011 +0700
@@ -15,11 +15,12 @@
 
 LTC=libtomcrypt/libtomcrypt.a
 LTM=libtommath/libtommath.a
+TFM=tomsfastmath/libtfm.a
 
 ifeq (@BUNDLED_LIBTOM@, 1)
-LIBTOM_DEPS=$(LTC) $(LTM)
+LIBTOM_DEPS=$(LTC) $(TFM)
 CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/ 
-LIBS+=$(LTC) $(LTM)
+LIBS+=$(LTC) $(TFM)
 endif
 
 COMMONOBJS=dbutil.o buffer.o \
@@ -190,7 +191,10 @@
 $(LTM): options.h
 	cd libtommath && $(MAKE)
 
-.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
+$(TFM): options.h
+	cd tomsfastmath && $(MAKE)
+
+.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean tfm-clean
 
 ltc-clean:
 	cd libtomcrypt && $(MAKE) clean
@@ -198,10 +202,13 @@
 ltm-clean:
 	cd libtommath && $(MAKE) clean
 
+tfm-clean:
+	cd tomsfastmath && $(MAKE) clean
+
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
 
-clean: ltc-clean ltm-clean thisclean
+clean: ltc-clean ltm-clean tfm-clean thisclean
 
 thisclean:
 	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
--- a/buffer.c	Mon Nov 21 19:52:28 2011 +0800
+++ b/buffer.c	Tue Nov 22 19:28:58 2011 +0700
@@ -288,12 +288,12 @@
 
 	dropbear_assert(fp != NULL);
 
-	if (SIGN(fp) == FP_NEG) {
+	if (fp->sign == FP_NEG) {
 		dropbear_exit("negative bignum");
 	}
 
 	/* zero check */
-	if (USED(fp) == 1 && DIGIT(fp, 0) == 0) {
+	if (fp_iszero(fp) == FP_YES) {
 		len = 0;
 	} else {
 		/* SSH spec requires padding for fpints with the MSB set, this code
--- a/common-kex.c	Mon Nov 21 19:52:28 2011 +0800
+++ b/common-kex.c	Tue Nov 22 19:28:58 2011 +0700
@@ -519,7 +519,7 @@
 	TRACE(("leave recv_msg_kexinit"))
 }
 
-static void load_dh_p(mp_int * dh_p)
+static void load_dh_p(fp_int * dh_p)
 {
 	switch (ses.newkeys->algo_kex) {
 		case DROPBEAR_KEX_DH_GROUP1:
@@ -644,8 +644,8 @@
 	algo_type * s2c_hash_algo = NULL;
 	algo_type * c2s_cipher_algo = NULL;
 	algo_type * s2c_cipher_algo = NULL;
-	algo_type * c2s_cofp_algo = NULL;
-	algo_type * s2c_cofp_algo = NULL;
+	algo_type * c2s_comp_algo = NULL;
+	algo_type * s2c_comp_algo = NULL;
 	/* the generic one */
 	algo_type * algo = NULL;
 
@@ -713,30 +713,20 @@
 	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 
 	/* compression_algorithms_client_to_server */
-<<<<<<< mine
-	c2s_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (c2s_cofp_algo == NULL) {
-=======
 	c2s_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (c2s_comp_algo == NULL) {
->>>>>>> theirs
 		erralgo = "comp c->s";
 		goto error;
 	}
-	TRACE(("hash c2s is  %s", c2s_cofp_algo->name))
+	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
 
 	/* compression_algorithms_server_to_client */
-<<<<<<< mine
-	s2c_cofp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (s2c_cofp_algo == NULL) {
-=======
 	s2c_comp_algo = ses.buf_match_algo(ses.payload, ses.compress_algos, &goodguess);
 	if (s2c_comp_algo == NULL) {
->>>>>>> theirs
 		erralgo = "comp s->c";
 		goto error;
 	}
-	TRACE(("hash s2c is  %s", s2c_cofp_algo->name))
+	TRACE(("hash s2c is  %s", s2c_comp_algo->name))
 
 	/* languages_client_to_server */
 	buf_eatstring(ses.payload);
@@ -767,13 +757,8 @@
 			(struct dropbear_hash*)s2c_hash_algo->data;
 		ses.newkeys->trans.algo_mac = 
 			(struct dropbear_hash*)c2s_hash_algo->data;
-<<<<<<< mine
-		ses.newkeys->recv_algo_comp = s2c_cofp_algo->val;
-		ses.newkeys->trans_algo_comp = c2s_cofp_algo->val;
-=======
 		ses.newkeys->recv.algo_comp = s2c_comp_algo->val;
 		ses.newkeys->trans.algo_comp = c2s_comp_algo->val;
->>>>>>> theirs
 	} else {
 		/* SERVER */
 		ses.newkeys->recv.algo_crypt = 
@@ -788,13 +773,8 @@
 			(struct dropbear_hash*)c2s_hash_algo->data;
 		ses.newkeys->trans.algo_mac = 
 			(struct dropbear_hash*)s2c_hash_algo->data;
-<<<<<<< mine
-		ses.newkeys->recv_algo_comp = c2s_cofp_algo->val;
-		ses.newkeys->trans_algo_comp = s2c_cofp_algo->val;
-=======
 		ses.newkeys->recv.algo_comp = c2s_comp_algo->val;
 		ses.newkeys->trans.algo_comp = s2c_comp_algo->val;
->>>>>>> theirs
 	}
 
 	/* reserved for future extensions */
--- a/configure.in	Mon Nov 21 19:52:28 2011 +0800
+++ b/configure.in	Tue Nov 22 19:28:58 2011 +0700
@@ -82,7 +82,8 @@
 	],,,)
 
 # Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
+AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
+AC_SUBST(CRYPTLIB)	
 
 # Check if zlib is needed
 AC_ARG_WITH(zlib,
@@ -145,6 +146,7 @@
 		if test "x$enableval" = "xyes"; then
 			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
 			AC_MSG_NOTICE(Enabling PAM)
+			AC_CHECK_FUNCS(pam_fail_delay)
 		else
 			AC_DEFINE(DISABLE_PAM,, Use PAM)
 			AC_MSG_NOTICE(Disabling PAM)
@@ -361,6 +363,25 @@
 AC_CHECK_FUNCS(setutxent utmpxname)
 AC_CHECK_FUNCS(logout updwtmp logwtmp)
 
+AC_ARG_ENABLE(bundled-libtom,
+	[  --enable-bundled-libtom       Use bundled libtomcrypt/libtommath even if a system version exists],
+	[ 
+		BUNDLED_LIBTOM=1
+		AC_MSG_NOTICE(Forcing bundled libtom*)
+	],
+	[
+		BUNDLED_LIBTOM=0
+		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
+	]
+)
+
+if test $BUNDLED_LIBTOM = 1 ; then
+	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
+fi
+
+AC_SUBST(BUNDLED_LIBTOM)
+
 dnl Added from OpenSSH 3.6.1p2's configure.ac
 
 dnl allow user to disable some login recording features
@@ -668,6 +689,15 @@
 AC_CONFIG_HEADER(config.h)
 AC_OUTPUT(Makefile)
 AC_OUTPUT(libtomcrypt/Makefile)
-#AC_OUTPUT(libtommath/Makefile)
+AC_OUTPUT(libtommath/Makefile)
+AC_OUTPUT(tomsfastmath/Makefile)
+
+AC_MSG_NOTICE()
+if test $BUNDLED_LIBTOM = 1 ; then
+AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
+else
+AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
+fi
+
 AC_MSG_NOTICE()
 AC_MSG_NOTICE(Now edit options.h to choose features.)
--- a/dss.c	Mon Nov 21 19:52:28 2011 +0800
+++ b/dss.c	Tue Nov 22 19:28:58 2011 +0700
@@ -43,7 +43,7 @@
  * The key will have the same format as buf_put_dss_key.
  * These should be freed with dss_key_free.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
+int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 
 	TRACE(("enter buf_get_dss_pub_key"))
 	dropbear_assert(key != NULL);
@@ -51,10 +51,7 @@
 	key->q = m_malloc(sizeof(fp_int));
 	key->g = m_malloc(sizeof(fp_int));
 	key->y = m_malloc(sizeof(fp_int));
-	fp_init(key->p);
-	fp_init(key->q);
-	fp_init(key->g);
-	fp_init(key->y);
+	m_fp_init_multi(key->p, key->q, key->g, key->y, NULL);
 	key->x = NULL;
 
 	buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */
@@ -79,7 +76,7 @@
 /* Same as buf_get_dss_pub_key, but reads a private "x" key at the end.
  * Loads a private dss key from a buffer
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_dss_priv_key(buffer* buf, dss_key *key) {
+int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
 
 	int ret = DROPBEAR_FAILURE;
 
@@ -102,7 +99,7 @@
 	
 
 /* Clear and free the memory used by a public or private key */
-void dss_key_free(dss_key *key) {
+void dss_key_free(dropbear_dss_key *key) {
 
 	TRACE(("enter dsa_key_free"))
 	if (key == NULL) {
@@ -141,7 +138,7 @@
  * fpint	g
  * fpint	y
  */
-void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
+void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
@@ -153,7 +150,7 @@
 }
 
 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
-void buf_put_dss_priv_key(buffer* buf, dss_key *key) {
+void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
 
 	dropbear_assert(key != NULL);
 	buf_put_dss_pub_key(buf, key);
@@ -164,7 +161,7 @@
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a DSS signature (in buf) made on data by the key given. 
  * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
+int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned char msghash[SHA1_HASH_SIZE];
@@ -180,10 +177,7 @@
 	TRACE(("enter buf_dss_verify"))
 	dropbear_assert(key != NULL);
 
-	fp_init(&val1);
-	fp_init(&val2);
-	fp_init(&val3);
-	fp_init(&val4);
+	m_fp_init_multi(&val1, &val2, &val3, &val4, NULL);
 
 	/* get blob, check length */
 	string = buf_getstring(buf, &stringlen);
@@ -296,7 +290,7 @@
  *
  * Now we aren't relying on the random number generation to protect the private
  * key x, which is a long term secret */
-void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
+void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned char msghash[SHA1_HASH_SIZE];
--- a/dss.h	Mon Nov 21 19:52:28 2011 +0800
+++ b/dss.h	Tue Nov 22 19:28:58 2011 +0700
@@ -34,20 +34,12 @@
 
 typedef struct {
 
-<<<<<<< mine
 	fp_int* p;
 	fp_int* q;
 	fp_int* g;
 	fp_int* y;
+	/* x is the private part */
 	fp_int* x;
-=======
-	mp_int* p;
-	mp_int* q;
-	mp_int* g;
-	mp_int* y;
-	/* x is the private part */
-	mp_int* x;
->>>>>>> theirs
 
 } dropbear_dss_key;
 
--- a/includes.h	Mon Nov 21 19:52:28 2011 +0800
+++ b/includes.h	Tue Nov 22 19:28:58 2011 +0700
@@ -122,7 +122,7 @@
 
 #ifdef BUNDLED_LIBTOM
 #include "libtomcrypt/src/headers/tomcrypt.h"
-#include "libtommath/tommath.h"
+#include "tomsfastmath/src/headers/tfm.h"
 #else
 #include <tomcrypt.h>
 #include <tommath.h>
--- a/random.h	Mon Nov 21 19:52:28 2011 +0800
+++ b/random.h	Tue Nov 22 19:28:58 2011 +0700
@@ -31,6 +31,6 @@
 void reseedrandom();
 void genrandom(unsigned char* buf, int len);
 void addrandom(unsigned char* buf, int len);
-void gen_random_mpint(fp_int *max, fp_int *rand);
+void gen_random_fpint(fp_int *max, fp_int *rand);
 
 #endif /* _RANDOM_H_ */
--- a/rsa.c	Mon Nov 21 19:52:28 2011 +0800
+++ b/rsa.c	Tue Nov 22 19:28:58 2011 +0700
@@ -38,7 +38,7 @@
 
 #ifdef DROPBEAR_RSA 
 
-static void rsa_pad_em(rsa_key * key,
+static void rsa_pad_em(dropbear_rsa_key * key,
 		const unsigned char * data, unsigned int len,
 		fp_int * rsa_em);
 
@@ -47,15 +47,14 @@
  * The key will have the same format as buf_put_rsa_key.
  * These should be freed with rsa_key_free.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_rsa_pub_key(buffer* buf, rsa_key *key) {
+int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
 
     int ret = DROPBEAR_FAILURE;
 	TRACE(("enter buf_get_rsa_pub_key"))
 	dropbear_assert(key != NULL);
 	key->e = m_malloc(sizeof(fp_int));
 	key->n = m_malloc(sizeof(fp_int));
-	fp_init(key->e);
-	fp_init(key->n);
+	m_fp_init_multi(key->e, key->n, NULL);
 	key->d = NULL;
 	key->p = NULL;
 	key->q = NULL;
@@ -86,7 +85,7 @@
 /* Same as buf_get_rsa_pub_key, but reads private bits at the end.
  * Loads a private rsa key from a buffer
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_get_rsa_priv_key(buffer* buf, rsa_key *key) {
+int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
     int ret = DROPBEAR_FAILURE;
 
 	TRACE(("enter buf_get_rsa_priv_key"))
@@ -140,7 +139,7 @@
 	
 
 /* Clear and free the memory used by a public or private key */
-void rsa_key_free(rsa_key *key) {
+void rsa_key_free(dropbear_rsa_key *key) {
 
 	TRACE(("enter rsa_key_free"))
 
@@ -178,7 +177,7 @@
  * fp_int	e
  * fp_int	n
  */
-void buf_put_rsa_pub_key(buffer* buf, rsa_key *key) {
+void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
 
 	TRACE(("enter buf_put_rsa_pub_key"))
 	dropbear_assert(key != NULL);
@@ -192,7 +191,7 @@
 }
 
 /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
-void buf_put_rsa_priv_key(buffer* buf, rsa_key *key) {
+void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
 
 	TRACE(("enter buf_put_rsa_priv_key"))
 
@@ -216,7 +215,7 @@
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a signature in buf, made on data by the key given.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data,
+int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned int slen;
@@ -275,7 +274,7 @@
 
 /* Sign the data presented with key, writing the signature contents
  * to the buffer */
-void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,
+void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned int nsize, ssize;
@@ -342,9 +341,7 @@
 
 #endif /* RSA_BLINDING */
 
-	fp_zero(&rsa_tmp1);
-	fp_zero(&rsa_tmp2);
-	fp_zero(&rsa_tmp3);
+	m_fp_zero_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
 	
 	/* create the signature to return */
 	buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
@@ -385,7 +382,7 @@
  *
  * rsa_em must be a pointer to an initialised fp_int.
  */
-static void rsa_pad_em(rsa_key * key,
+static void rsa_pad_em(dropbear_rsa_key * key,
 		const unsigned char * data, unsigned int len, 
 		fp_int * rsa_em) {