summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2013-11-14 21:36:45 +0800
committerMatt Johnston <matt@ucc.asn.au>2013-11-14 21:36:45 +0800
commit071895f0bd68ef4856320943851aa103a224b8e0 (patch)
tree7b6f78984a6205655880f39e693a34b07cb02399
parent4c9e6614be992ced4b6a519560bd67621003ec0c (diff)
downloaddropbear-071895f0bd68ef4856320943851aa103a224b8e0.tar.gz
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
- Don't warn about blocking random device for prngd
Diffstat
-rw-r--r--common-kex.c14
-rw-r--r--ecc.c24
-rw-r--r--ecdsa.c3
-rw-r--r--gensignkey.c1
-rw-r--r--includes.h19
-rw-r--r--random.c7
-rw-r--r--random.h2
-rw-r--r--signkey.c3
-rw-r--r--sysoptions.h1
-rw-r--r--tcpfwd.h2
10 files changed, 52 insertions, 24 deletions
diff --git a/common-kex.c b/common-kex.c
index a304d02..2af6253 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -286,7 +286,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
hash_state hs2;
unsigned int offset;
- unsigned char tmpout[hash_desc->hashsize];
+ unsigned char tmpout[MAX_HASH_SIZE];
memcpy(&hs2, hs, sizeof(hash_state));
hash_desc->process(&hs2, &X, 1);
@@ -303,6 +303,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen,
hash_desc->done(&hs2, tmpout);
memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
}
+
}
/* Generate the actual encryption/integrity keys, using the results of the
@@ -569,6 +570,7 @@ static void load_dh_p(mp_int * dh_p)
* See the transport rfc 4253 section 8 for details */
/* dh_pub and dh_priv MUST be already initialised */
struct kex_dh_param *gen_kexdh_param() {
+ struct kex_dh_param *param = NULL;
DEF_MP_INT(dh_p);
DEF_MP_INT(dh_q);
@@ -576,7 +578,7 @@ struct kex_dh_param *gen_kexdh_param() {
TRACE(("enter gen_kexdh_vals"))
- struct kex_dh_param *param = m_malloc(sizeof(*param));
+ param = m_malloc(sizeof(*param));
m_mp_init_multi(&param->pub, &param->priv, &dh_g, &dh_p, &dh_q, NULL);
/* read the prime and generator*/
@@ -823,16 +825,16 @@ static void read_kex_algos() {
int allgood = 1; /* we AND this with each goodguess and see if its still
true after */
- buf_incrpos(ses.payload, 16); /* start after the cookie */
-
- memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
-
#ifdef USE_KEXGUESS2
enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
#else
enum kexguess2_used kexguess2 = KEXGUESS2_NO;
#endif
+ buf_incrpos(ses.payload, 16); /* start after the cookie */
+
+ memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
+
/* kex_algorithms */
algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess);
allgood &= goodguess;
diff --git a/ecc.c b/ecc.c
index 5812b18..e90fb6d 100644
--- a/ecc.c
+++ b/ecc.c
@@ -9,23 +9,26 @@
/* .dp members are filled out by dropbear_ecc_fill_dp() at startup */
#ifdef DROPBEAR_ECC_256
struct dropbear_ecc_curve ecc_curve_nistp256 = {
- .ltc_size = 32,
- .hash_desc = &sha256_desc,
- .name = "nistp256"
+ 32, /* .ltc_size */
+ NULL, /* .dp */
+ &sha256_desc, /* .hash_desc */
+ "nistp256" /* .name */
};
#endif
#ifdef DROPBEAR_ECC_384
struct dropbear_ecc_curve ecc_curve_nistp384 = {
- .ltc_size = 48,
- .hash_desc = &sha384_desc,
- .name = "nistp384"
+ 48, /* .ltc_size */
+ NULL, /* .dp */
+ &sha384_desc, /* .hash_desc */
+ "nistp384" /* .name */
};
#endif
#ifdef DROPBEAR_ECC_521
struct dropbear_ecc_curve ecc_curve_nistp521 = {
- .ltc_size = 66,
- .hash_desc = &sha512_desc,
- .name = "nistp521"
+ 66, /* .ltc_size */
+ NULL, /* .dp */
+ &sha512_desc, /* .hash_desc */
+ "nistp521" /* .name */
};
#endif
@@ -137,8 +140,9 @@ static int ecc_is_point(ecc_key *key)
/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */
void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) {
unsigned long len = key->dp->size*2 + 1;
+ int err;
buf_putint(buf, len);
- int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
+ err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
if (err != CRYPT_OK) {
dropbear_exit("ECC error");
}
diff --git a/ecdsa.c b/ecdsa.c
index eddbf13..05912e2 100644
--- a/ecdsa.c
+++ b/ecdsa.c
@@ -36,6 +36,7 @@ enum signkey_type ecdsa_signkey_type(ecc_key * key) {
ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
const ltc_ecc_set_type *dp = NULL; // curve domain parameters
+ ecc_key *new_key = NULL;
switch (bit_size) {
#ifdef DROPBEAR_ECC_256
case 256:
@@ -67,7 +68,7 @@ ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
, bit_size);
}
- ecc_key *new_key = m_malloc(sizeof(*new_key));
+ new_key = m_malloc(sizeof(*new_key));
if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
dropbear_exit("ECC error");
}
diff --git a/gensignkey.c b/gensignkey.c
index 88a3949..eb1fe2b 100644
--- a/gensignkey.c
+++ b/gensignkey.c
@@ -5,6 +5,7 @@
#include "genrsa.h"
#include "gendss.h"
#include "signkey.h"
+#include "random.h"
#define RSA_DEFAULT_SIZE 2048
#define DSS_DEFAULT_SIZE 1024
diff --git a/includes.h b/includes.h
index 203ccfd..62a8d73 100644
--- a/includes.h
+++ b/includes.h
@@ -134,15 +134,30 @@
#include "compat.h"
-#include "fake-rfc2553.h"
-#ifndef HAVE_UINT16_T
+#ifndef HAVE_U_INT8_T
+typedef unsigned char u_int8_t;
+#endif /* HAVE_U_INT8_T */
+#ifndef HAVE_UINT8_T
+typedef u_int8_t uint8_t;
+#endif /* HAVE_UINT8_T */
+
#ifndef HAVE_U_INT16_T
typedef unsigned short u_int16_t;
#endif /* HAVE_U_INT16_T */
+#ifndef HAVE_UINT16_T
typedef u_int16_t uint16_t;
#endif /* HAVE_UINT16_T */
+#ifndef HAVE_U_INT32_T
+typedef unsigned int u_int32_t;
+#endif /* HAVE_U_INT32_T */
+#ifndef HAVE_UINT32_T
+typedef u_int32_t uint32_t;
+#endif /* HAVE_UINT32_T */
+
+#include "fake-rfc2553.h"
+
#ifndef LOG_AUTHPRIV
#define LOG_AUTHPRIV LOG_AUTH
#endif
diff --git a/random.c b/random.c
index bbe84b5..6743654 100644
--- a/random.c
+++ b/random.c
@@ -79,12 +79,15 @@ process_file(hash_state *hs, const char *filename,
{
int readlen, wantread;
unsigned char readbuf[4096];
- if (!already_blocked)
+ if (!already_blocked && !prngd)
{
int res;
- struct timeval timeout = { .tv_sec = 2, .tv_usec = 0};
+ struct timeval timeout;
fd_set read_fds;
+ timeout.tv_sec = 2;
+ timeout.tv_usec = 0;
+
FD_ZERO(&read_fds);
FD_SET(readfd, &read_fds);
res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
diff --git a/random.h b/random.h
index 544e77e..2c79ec3 100644
--- a/random.h
+++ b/random.h
@@ -25,7 +25,7 @@
#ifndef _RANDOM_H_
#define _RANDOM_H_
-struct mp_int;
+#include "includes.h"
void seedrandom();
void genrandom(unsigned char* buf, unsigned int len);
diff --git a/signkey.c b/signkey.c
index b1e0220..2414477 100644
--- a/signkey.c
+++ b/signkey.c
@@ -511,12 +511,13 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
unsigned int bloblen;
unsigned char * type_name = NULL;
unsigned int type_name_len = 0;
+ enum signkey_type type;
TRACE(("enter buf_verify"))
bloblen = buf_getint(buf);
type_name = buf_getstring(buf, &type_name_len);
- enum signkey_type type = signkey_type_from_name(type_name, type_name_len);
+ type = signkey_type_from_name(type_name, type_name_len);
m_free(type_name);
#ifdef DROPBEAR_DSS
diff --git a/sysoptions.h b/sysoptions.h
index 8459eb6..49099e2 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -76,6 +76,7 @@
#define SHA1_HASH_SIZE 20
#define MD5_HASH_SIZE 16
+#define MAX_HASH_SIZE 64 /* sha512 */
#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
#define MAX_IV_LEN 20 /* must be same as max blocksize, */
diff --git a/tcpfwd.h b/tcpfwd.h
index 749e1cb..7f0cd93 100644
--- a/tcpfwd.h
+++ b/tcpfwd.h
@@ -40,7 +40,7 @@ struct TCPListener {
unsigned char *listenaddr;
unsigned int listenport;
/* The address that the remote host asked to listen on */
- unsigned char *request_listenaddr;;
+ unsigned char *request_listenaddr;
const struct ChanType *chantype;
enum {direct, forwarded} tcp_type;
View Lorry Controller Status