Mercurial > dropbear

changeset 1535:b918ad1c5b25

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge branch 'master' of git://github.com/stellarpower/dropbear into stellarpower-master
author Matt Johnston <matt@ucc.asn.au>
date Thu, 22 Feb 2018 23:06:45 +0800
parents 2e9b6d9c7e7d (diff) ed930fd6f60f (current diff)
children a55a6901a181
files svr-runopts.c
diffstat 9 files changed, 21 insertions(+), 36 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Tue Feb 20 02:11:55 2018 +0000
+++ b/CHANGES	Thu Feb 22 23:06:45 2018 +0800
@@ -2,7 +2,7 @@
 
 - IMPORTANT:
   Custom configuration is now specified in local_options.h rather than options.h
-  Available options and defaults can be seen in default_options.h.in
+  Available options and defaults can be seen in default_options.h
 
   To migrate your configuration, compare your customised options.h against the
   upstream options.h from your relevant version. Any customised options should
--- a/INSTALL	Tue Feb 20 02:11:55 2018 +0000
+++ b/INSTALL	Thu Feb 22 23:06:45 2018 +0800
@@ -1,7 +1,7 @@
 Basic Dropbear build instructions:
 
 - Edit localoptions.h to set which features you want. Available options
-  are described in default_options.h.in, these will be overridden by
+  are described in default_options.h, these will be overridden by
   anything set in localoptions.h
 
 - If using a Mercurial or Git checkout, "autoconf; autoheader"
--- a/TODO	Tue Feb 20 02:11:55 2018 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- default private dbclient keys
-
-- Make options.h generated from configure perhaps?
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- CTR mode
-- SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-
-- Client agent forwarding
-
-- Handle restrictions in ~/.ssh/authorized_keys ?
--- a/common-algo.c	Tue Feb 20 02:11:55 2018 +0000
+++ b/common-algo.c	Thu Feb 22 23:06:45 2018 +0800
@@ -276,6 +276,7 @@
 
 algo_type sshkex[] = {
 #if DROPBEAR_CURVE25519
+	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
 	{"[email protected]", 0, &kex_curve25519, 1, NULL},
 #endif
 #if DROPBEAR_ECDH
--- a/common-session.c	Tue Feb 20 02:11:55 2018 +0000
+++ b/common-session.c	Thu Feb 22 23:06:45 2018 +0800
@@ -136,7 +136,7 @@
 	TRACE(("leave session_init"))
 }
 
-void session_loop(void(*loophandler)()) {
+void session_loop(void(*loophandler)(void)) {
 
 	fd_set readfd, writefd;
 	struct timeval timeout;
--- a/dropbear.8	Tue Feb 20 02:11:55 2018 +0000
+++ b/dropbear.8	Thu Feb 22 23:06:45 2018 +0800
@@ -148,8 +148,10 @@
 Host key files are read at startup from a standard location, by default
 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
 /etc/dropbear/dropbear_ecdsa_host_key
-or specified on the commandline with -r. These are of the form generated
-by dropbearkey. The -R option can be used to automatically generate keys
+
+If the -r command line option is specified the default files are not loaded.
+Host key files are of the form generated by dropbearkey. 
+The -R option can be used to automatically generate keys
 in the default location - keys will be generated after startup when the first
 connection is established. This had the benefit that the system /dev/urandom
 random number source has a better chance of being securely seeded.
--- a/rsa.c	Tue Feb 20 02:11:55 2018 +0000
+++ b/rsa.c	Thu Feb 22 23:06:45 2018 +0800
@@ -68,6 +68,12 @@
 		goto out;
 	}
 
+	/* 64 bit is limit used by openssl, so we won't block any keys in the wild */
+	if (mp_count_bits(key->e) > 64) {
+		dropbear_log(LOG_WARNING, "RSA key bad e");
+		goto out;
+	}
+
 	TRACE(("leave buf_get_rsa_pub_key: success"))
 	ret = DROPBEAR_SUCCESS;
 out:
--- a/session.h	Tue Feb 20 02:11:55 2018 +0000
+++ b/session.h	Thu Feb 22 23:06:45 2018 +0800
@@ -40,7 +40,7 @@
 #include "netio.h"
 
 void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
+void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN;
 void session_cleanup(void);
 void send_session_identification(void);
 void send_msg_ignore(void);
--- a/svr-runopts.c	Tue Feb 20 02:11:55 2018 +0000
+++ b/svr-runopts.c	Thu Feb 22 23:06:45 2018 +0800
@@ -532,17 +532,20 @@
 		m_free(hostkey_file);
 	}
 
+	/* Only load default host keys if a host key is not specified by the user */
+	if (svr_opts.num_hostkey_files == 0) {
 #if DROPBEAR_RSA
-	loadhostkey(RSA_PRIV_FILENAME, 0);
+		loadhostkey(RSA_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_DSS
-	loadhostkey(DSS_PRIV_FILENAME, 0);
+		loadhostkey(DSS_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_ECDSA
-	loadhostkey(ECDSA_PRIV_FILENAME, 0);
+		loadhostkey(ECDSA_PRIV_FILENAME, 0);
 #endif
+   }
 
 #if DROPBEAR_DELAY_HOSTKEY
 	if (svr_opts.delay_hostkey) {