diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rw-r--r-- | common-kex.c | 6 | ||||
| -rw-r--r-- | dropbearkey.c | 2 | ||||
| -rw-r--r-- | options.h | 2 | ||||
| -rw-r--r-- | random.c | 5 | ||||
| -rw-r--r-- | svr-agentfwd.c | 2 | ||||
| -rw-r--r-- | svr-chansession.c | 8 | ||||
| -rw-r--r-- | svr-kex.c | 2 | ||||
| -rw-r--r-- | sysoptions.h | 7 |
10 files changed, 25 insertions, 19 deletions
@@ -1,3 +1,7 @@ +0.53.1 + +- -lcrypt needs to be before object files for static linking + 0.53 - Thurs 24 February 2011 - Various performance/memory use improvements @@ -19,6 +23,8 @@ - Make -K (keepalive) and -I (idle timeout) work together sensibly in the client. The idle timeout is no longer reset by SSH_MSG_IGNORE packets. +- Add diffie-hellman-group14-sha1 key exchange method + - Compile fix if ENABLE_CLI_PROXYCMD is disabled - /usr/bin/X11/xauth is now the default path diff --git a/Makefile.in b/Makefile.in index d72828b..8d81647 100644 --- a/Makefile.in +++ b/Makefile.in @@ -28,10 +28,10 @@ COMMONOBJS=dbutil.o buffer.o \ queue.o \ atomicio.o compat.o fake-rfc2553.o -SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \ +SVROBJS=@CRYPTLIB@ svr-kex.o svr-algo.o svr-auth.o sshpty.o \ svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\ - svr-tcpfwd.o svr-authpam.o @CRYPTLIB@ + svr-tcpfwd.o svr-authpam.o CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \ cli-session.o cli-service.o cli-runopts.o cli-chansession.o \ diff --git a/common-kex.c b/common-kex.c index 55c5aba..173bf8c 100644 --- a/common-kex.c +++ b/common-kex.c @@ -272,8 +272,8 @@ static void hashkeys(unsigned char *out, int outlen, } /* Generate the actual encryption/integrity keys, using the results of the - * key exchange, as specified in section 5.2 of the IETF secsh-transport - * draft. This occurs after the DH key-exchange. + * key exchange, as specified in section 7.2 of the transport rfc 4253. + * This occurs after the DH key-exchange. * * ses.newkeys is the new set of keys which are generated, these are only * taken into use after both sides have sent a newkeys message */ @@ -532,7 +532,7 @@ static void load_dh_p(mp_int * dh_p) } /* Initialises and generate one side of the diffie-hellman key exchange values. - * See the ietf-secsh-transport draft, section 6, for details */ + * See the transport rfc 4253 section 8 for details */ /* dh_pub and dh_priv MUST be already initialised */ void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) { diff --git a/dropbearkey.c b/dropbearkey.c index aff809f..421b6e0 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -23,7 +23,7 @@ * SOFTWARE. */ /* The format of the keyfiles is basically a raw dump of the buffer. Data types - * are specified in the transport draft - string is a 32-bit len then the + * are specified in the transport rfc 4253 - string is a 32-bit len then the * non-null-terminated string, mp_int is a 32-bit len then the bignum data. * The actual functions are buf_put_rsa_priv_key() and buf_put_dss_priv_key() @@ -64,7 +64,7 @@ much traffic. */ #define ENABLE_SVR_LOCALTCPFWD #define ENABLE_SVR_REMOTETCPFWD -/* Enable Authentication Agent Forwarding - server only for now */ +/* Enable Authentication Agent Forwarding */ #define ENABLE_SVR_AGENTFWD #define ENABLE_CLI_AGENTFWD @@ -74,11 +74,6 @@ static void readrand(unsigned char* buf, unsigned int buflen) { if (readfd < 0) { dropbear_exit("Couldn't open random device"); } - /* todo - try various common locations */ - if (connect(readfd, (struct sockaddr*)&egdsock, - sizeof(struct sockaddr_un)) < 0) { - dropbear_exit("Couldn't open random device"); - } if (buflen > 255) dropbear_exit("Can't request more than 255 bytes from egd"); diff --git a/svr-agentfwd.c b/svr-agentfwd.c index ef0d757..054a3b5 100644 --- a/svr-agentfwd.c +++ b/svr-agentfwd.c @@ -27,7 +27,7 @@ #include "includes.h" -#ifndef DISABLE_AGENTFWD +#ifdef ENABLE_SVR_AGENTFWD #include "agentfwd.h" #include "session.h" diff --git a/svr-chansession.c b/svr-chansession.c index 1b5fcc6..a914f25 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -240,7 +240,7 @@ static int newchansess(struct Channel *channel) { chansess->x11authcookie = NULL; #endif -#ifndef DISABLE_AGENTFWD +#ifdef ENABLE_AGENTFWD chansess->agentlistener = NULL; chansess->agentfile = NULL; chansess->agentdir = NULL; @@ -293,7 +293,7 @@ static void closechansess(struct Channel *channel) { x11cleanup(chansess); #endif -#ifndef DISABLE_AGENTFWD +#ifdef ENABLE_AGENTFWD svr_agentcleanup(chansess); #endif @@ -351,7 +351,7 @@ static void chansessionrequest(struct Channel *channel) { } else if (strcmp(type, "x11-req") == 0) { ret = x11req(chansess); #endif -#ifndef DISABLE_AGENTFWD +#ifdef ENABLE_AGENTFWD } else if (strcmp(type, "auth-agent-req@openssh.com") == 0) { ret = svr_agentreq(chansess); #endif @@ -937,7 +937,7 @@ static void execchild(void *user_data) { /* set up X11 forwarding if enabled */ x11setauth(chansess); #endif -#ifndef DISABLE_AGENTFWD +#ifdef ENABLE_AGENTFWD /* set up agent env variable */ svr_agentset(chansess); #endif @@ -70,7 +70,7 @@ void recv_msg_kexdh_init() { * that, the session hash is calculated, and signed with RSA or DSS. The * result is sent to the client. * - * See the ietf-secsh-transport draft, section 6, for details */ + * See the transport rfc 4253 section 8 for details */ static void send_msg_kexdh_reply(mp_int *dh_e) { DEF_MP_INT(dh_y); diff --git a/sysoptions.h b/sysoptions.h index e01ec1f..ce2c045 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -99,6 +99,7 @@ #define MAX_PROPOSED_ALGO 20 /* size/count limits */ +/* From transport rfc */ #define MIN_PACKET_LEN 16 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) @@ -123,7 +124,7 @@ #define MAX_PRIVKEY_SIZE 1700 /* The maximum size of the bignum portion of the kexhash buffer */ -/* Sect. 8 of the transport draft, K_S + e + f + K */ +/* Sect. 8 of the transport rfc 4253, K_S + e + f + K */ #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit @@ -161,6 +162,10 @@ #define USING_LISTENERS #endif +#if defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_CLI_LOCALTCPFWD) +#define ENABLE_AGENTFWD +#endif + #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD) #define ENABLE_CLI_MULTIHOP #endif |