diff options
56 files changed, 201 insertions, 191 deletions
@@ -35,7 +35,7 @@ struct Algo_Type { - const char *name; /* identifying name */ + const unsigned char *name; /* identifying name */ char val; /* a value for this cipher, or -1 for invalid */ const void *data; /* algorithm specific data */ char usable; /* whether we can use this algorithm */ @@ -133,7 +133,7 @@ struct PubKeyOptions { int no_x11_forwarding_flag; int no_pty_flag; /* "command=" option. */ - char * forced_command; + unsigned char * forced_command; }; #endif @@ -203,10 +203,10 @@ unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) { /* Return a null-terminated string, it is malloced, so must be free()ed * Note that the string isn't checked for null bytes, hence the retlen * may be longer than what is returned by strlen */ -unsigned char* buf_getstring(buffer* buf, unsigned int *retlen) { +char* buf_getstring(buffer* buf, unsigned int *retlen) { unsigned int len; - unsigned char* ret; + char* ret; len = buf_getint(buf); if (len > MAX_STRING_LEN) { dropbear_exit("String too long"); @@ -262,16 +262,16 @@ void buf_putint(buffer* buf, int unsigned val) { } /* put a SSH style string into the buffer, increasing buffer len if required */ -void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) { +void buf_putstring(buffer* buf, const char* str, unsigned int len) { buf_putint(buf, len); - buf_putbytes(buf, str, len); + buf_putbytes(buf, (const unsigned char*)str, len); } /* puts an entire buffer as a SSH string. ignore pos of buf_str. */ void buf_putbufstring(buffer *buf, const buffer* buf_str) { - buf_putstring(buf, buf_str->data, buf_str->len); + buf_putstring(buf, (const char*)buf_str->data, buf_str->len); } /* put the set of len bytes into the buffer, incrementing the pos, increasing @@ -56,11 +56,11 @@ unsigned char buf_getbool(buffer* buf); void buf_putbyte(buffer* buf, unsigned char val); unsigned char* buf_getptr(buffer* buf, unsigned int len); unsigned char* buf_getwriteptr(buffer* buf, unsigned int len); -unsigned char* buf_getstring(buffer* buf, unsigned int *retlen); +char* buf_getstring(buffer* buf, unsigned int *retlen); buffer * buf_getstringbuf(buffer *buf); void buf_eatstring(buffer *buf); void buf_putint(buffer* buf, unsigned int val); -void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len); +void buf_putstring(buffer* buf, const char* str, unsigned int len); void buf_putbufstring(buffer *buf, const buffer* buf_str); void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len); void buf_putmpint(buffer* buf, mp_int * mp); @@ -135,7 +135,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type); void recv_msg_channel_open_confirmation(); void recv_msg_channel_open_failure(); #endif -void start_send_channel_request(struct Channel *channel, char *type); +void start_send_channel_request(struct Channel *channel, unsigned char *type); void send_msg_request_success(); void send_msg_request_failure(); diff --git a/chansession.h b/chansession.h index 6eb8c76..3dd58ac 100644 --- a/chansession.h +++ b/chansession.h @@ -39,14 +39,14 @@ struct exitinfo { struct ChanSess { - char * cmd; /* command to exec */ + unsigned char * cmd; /* command to exec */ pid_t pid; /* child process pid */ /* pty details */ int master; /* the master terminal fd*/ int slave; - char * tty; - char * term; + unsigned char * tty; + unsigned char * term; /* exit details */ struct exitinfo exit; @@ -43,11 +43,11 @@ void cli_auth_getmethods() { TRACE(("enter cli_auth_getmethods")) CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.username, + buf_putstring(ses.writepayload, cli_opts.username, strlen(cli_opts.username)); - buf_putstring(ses.writepayload, (const unsigned char *)SSH_SERVICE_CONNECTION, + buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); - buf_putstring(ses.writepayload, (const unsigned char *)"none", 4); /* 'none' method */ + buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ encrypt_packet(); @@ -85,7 +85,7 @@ void recv_msg_userauth_banner() { return; } - banner = (char *)buf_getstring(ses.payload, &bannerlen); + banner = buf_getstring(ses.payload, &bannerlen); buf_eatstring(ses.payload); /* The language string */ if (bannerlen > MAX_BANNER_SIZE) { @@ -201,7 +201,7 @@ void recv_msg_userauth_failure() { cli_ses.lastauthtype = AUTH_TYPE_NONE; } - methods = (char *)buf_getstring(ses.payload, &methlen); + methods = buf_getstring(ses.payload, &methlen); partial = buf_getbool(ses.payload); diff --git a/cli-authinteract.c b/cli-authinteract.c index 02aeab8..49d65a7 100644 --- a/cli-authinteract.c +++ b/cli-authinteract.c @@ -84,8 +84,8 @@ void recv_msg_userauth_info_request() { } cli_ses.interact_request_received = 1; - name = (char *)buf_getstring(ses.payload, NULL); - instruction = (char *)buf_getstring(ses.payload, NULL); + name = buf_getstring(ses.payload, NULL); + instruction = buf_getstring(ses.payload, NULL); /* language tag */ buf_eatstring(ses.payload); @@ -115,7 +115,7 @@ void recv_msg_userauth_info_request() { for (i = 0; i < num_prompts; i++) { unsigned int response_len = 0; - prompt = (char *)buf_getstring(ses.payload, NULL); + prompt = buf_getstring(ses.payload, NULL); cleantext(prompt); echo = buf_getbool(ses.payload); @@ -129,7 +129,7 @@ void recv_msg_userauth_info_request() { } response_len = strlen(response); - buf_putstring(ses.writepayload, (const unsigned char *)response, response_len); + buf_putstring(ses.writepayload, response, response_len); m_burn(response, response_len); m_free(prompt); m_free(response); @@ -149,22 +149,22 @@ void cli_auth_interactive() { buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); /* username */ - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.username, + buf_putstring(ses.writepayload, cli_opts.username, strlen(cli_opts.username)); /* service name */ - buf_putstring(ses.writepayload, (const unsigned char *)SSH_SERVICE_CONNECTION, + buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); /* method */ - buf_putstring(ses.writepayload, (const unsigned char *)AUTH_METHOD_INTERACT, + buf_putstring(ses.writepayload, AUTH_METHOD_INTERACT, AUTH_METHOD_INTERACT_LEN); /* empty language tag */ - buf_putstring(ses.writepayload, (const unsigned char *)"", 0); + buf_putstring(ses.writepayload, "", 0); /* empty submethods */ - buf_putstring(ses.writepayload, (const unsigned char *)"", 0); + buf_putstring(ses.writepayload, "", 0); encrypt_packet(); cli_ses.interact_request_received = 0; diff --git a/cli-authpasswd.c b/cli-authpasswd.c index e014629..3cf49a2 100644 --- a/cli-authpasswd.c +++ b/cli-authpasswd.c @@ -140,18 +140,18 @@ void cli_auth_password() { buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.username, + buf_putstring(ses.writepayload, cli_opts.username, strlen(cli_opts.username)); - buf_putstring(ses.writepayload, (const unsigned char *)SSH_SERVICE_CONNECTION, + buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); - buf_putstring(ses.writepayload, (const unsigned char *)AUTH_METHOD_PASSWORD, + buf_putstring(ses.writepayload, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN); buf_putbyte(ses.writepayload, 0); /* FALSE - so says the spec */ - buf_putstring(ses.writepayload, (const unsigned char *)password, strlen(password)); + buf_putstring(ses.writepayload, password, strlen(password)); encrypt_packet(); m_burn(password, strlen(password)); diff --git a/cli-authpubkey.c b/cli-authpubkey.c index fa04f17..d53178e 100644 --- a/cli-authpubkey.c +++ b/cli-authpubkey.c @@ -63,7 +63,7 @@ void recv_msg_userauth_pk_ok() { TRACE(("enter recv_msg_userauth_pk_ok")) - algotype = (char *)buf_getstring(ses.payload, &algolen); + algotype = buf_getstring(ses.payload, &algolen); keytype = signkey_type_from_name(algotype, algolen); TRACE(("recv_msg_userauth_pk_ok: type %d", keytype)) m_free(algotype); @@ -149,20 +149,20 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) { buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.username, + buf_putstring(ses.writepayload, cli_opts.username, strlen(cli_opts.username)); - buf_putstring(ses.writepayload, (const unsigned char *)SSH_SERVICE_CONNECTION, + buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); - buf_putstring(ses.writepayload, (const unsigned char *)AUTH_METHOD_PUBKEY, + buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN); buf_putbyte(ses.writepayload, realsign); algoname = signkey_name_from_type(type, &algolen); - buf_putstring(ses.writepayload, (const unsigned char *)algoname, algolen); + buf_putstring(ses.writepayload, algoname, algolen); buf_put_pub_key(ses.writepayload, key, type); if (realsign) { diff --git a/cli-chansession.c b/cli-chansession.c index 7bbca1e..5e00149 100644 --- a/cli-chansession.c +++ b/cli-chansession.c @@ -61,7 +61,7 @@ static void cli_chansessreq(struct Channel *channel) { TRACE(("enter cli_chansessreq")) - type = (char *) buf_getstring(ses.payload, NULL); + type = buf_getstring(ses.payload, NULL); wantreply = buf_getbool(ses.payload); if (strcmp(type, "exit-status") == 0) { @@ -261,7 +261,7 @@ void cli_chansess_winchange() { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); buf_putint(ses.writepayload, channel->remotechan); - buf_putstring(ses.writepayload, (const unsigned char *) "window-change", 13); + buf_putstring(ses.writepayload, "window-change", 13); buf_putbyte(ses.writepayload, 0); /* FALSE says the spec */ put_winsize(); encrypt_packet(); @@ -286,7 +286,7 @@ static void send_chansess_pty_req(struct Channel *channel) { if (term == NULL) { term = "vt100"; /* Seems a safe default */ } - buf_putstring(ses.writepayload, (const unsigned char *)term, strlen(term)); + buf_putstring(ses.writepayload, term, strlen(term)); /* Window size */ put_winsize(); @@ -324,7 +324,7 @@ static void send_chansess_shell_req(struct Channel *channel) { /* XXX TODO */ buf_putbyte(ses.writepayload, 0); /* Don't want replies */ if (cli_opts.cmd) { - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.cmd, strlen(cli_opts.cmd)); + buf_putstring(ses.writepayload, cli_opts.cmd, strlen(cli_opts.cmd)); } encrypt_packet(); @@ -403,12 +403,12 @@ void cli_send_netcat_request() { dropbear_exit("Couldn't open initial channel"); } - buf_putstring(ses.writepayload, (const unsigned char *)cli_opts.netcat_host, + buf_putstring(ses.writepayload, cli_opts.netcat_host, strlen(cli_opts.netcat_host)); buf_putint(ses.writepayload, cli_opts.netcat_port); /* originator ip - localhost is accurate enough */ - buf_putstring(ses.writepayload, (const unsigned char *)source_host, strlen(source_host)); + buf_putstring(ses.writepayload, source_host, strlen(source_host)); buf_putint(ses.writepayload, source_port); encrypt_packet(); @@ -79,7 +79,7 @@ void send_msg_kexdh_init() { } cli_ses.curve25519_param = gen_kexcurve25519_param(); } - buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN); + buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); #endif break; } @@ -322,7 +322,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { } /* Compare hostnames */ - if (strncmp(cli_opts.remotehost, (const char *) buf_getptr(line, hostlen), + if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen), hostlen) != 0) { continue; } @@ -334,7 +334,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { continue; } - if (strncmp((const char *) buf_getptr(line, algolen), algoname, algolen) != 0) { + if (strncmp(buf_getptr(line, algolen), algoname, algolen) != 0) { TRACE(("algo doesn't match")) continue; } @@ -346,7 +346,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { } /* Now we're at the interesting hostkey */ - ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algoname, algolen, + ret = cmp_base64_key(keyblob, keybloblen, algoname, algolen, line, &fingerprint); if (ret == DROPBEAR_SUCCESS) { @@ -382,9 +382,9 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ buf_setpos(line, 0); buf_setlen(line, 0); - buf_putbytes(line, (const unsigned char *) cli_opts.remotehost, hostlen); + buf_putbytes(line, cli_opts.remotehost, hostlen); buf_putbyte(line, ' '); - buf_putbytes(line, (const unsigned char *) algoname, algolen); + buf_putbytes(line, algoname, algolen); buf_putbyte(line, ' '); len = line->size - line->pos; /* The only failure with base64 is buffer_overflow, but buf_getwriteptr diff --git a/cli-runopts.c b/cli-runopts.c index 467776b..5bd4c55 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -447,7 +447,7 @@ void cli_getopts(int argc, char ** argv) { } #endif -#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY +#if defined(DROPBEAR_DEFAULT_CLI_AUTHKEY) && defined(ENABLE_CLI_PUBKEY_AUTH) { char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY); loadidentityfile(expand_path, 0); @@ -498,11 +498,14 @@ multihop_passthrough_args() { m_list_elem *iter; /* Fill out -i, -y, -W options that make sense for all * the intermediate processes */ +#ifdef ENABLE_CLI_PUBKEY_AUTH for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { sign_key * key = (sign_key*)iter->item; len += 3 + strlen(key->filename); } +#endif /* ENABLE_CLI_PUBKEY_AUTH */ + len += 30; /* space for -W <size>, terminator. */ ret = m_malloc(len); total = 0; @@ -524,6 +527,7 @@ multihop_passthrough_args() { total += written; } +#ifdef ENABLE_CLI_PUBKEY_AUTH for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { sign_key * key = (sign_key*)iter->item; @@ -532,6 +536,7 @@ multihop_passthrough_args() { dropbear_assert((unsigned int)written < size); total += written; } +#endif /* ENABLE_CLI_PUBKEY_AUTH */ /* if args were passed, total will be not zero, and it will have a space at the end, so remove that */ if (total > 0) diff --git a/cli-session.c b/cli-session.c index 8bf530c..10244a7 100644 --- a/cli-session.c +++ b/cli-session.c @@ -124,6 +124,8 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection /* Exchange identification */ send_session_identification(); + kexfirstinitialise(); /* initialise the kex state */ + send_msg_kexinit(); session_loop(cli_sessionloop); @@ -192,7 +194,7 @@ static void send_msg_service_request(char* servicename) { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *)servicename, strlen(servicename)); + buf_putstring(ses.writepayload, servicename, strlen(servicename)); encrypt_packet(); TRACE(("leave send_msg_service_request")) diff --git a/cli-tcpfwd.c b/cli-tcpfwd.c index df51e31..ec65f41 100644 --- a/cli-tcpfwd.c +++ b/cli-tcpfwd.c @@ -136,9 +136,9 @@ static void send_msg_global_request_remotetcp(const char *addr, int port) { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *)"tcpip-forward", 13); + buf_putstring(ses.writepayload, "tcpip-forward", 13); buf_putbyte(ses.writepayload, 1); /* want_reply */ - buf_putstring(ses.writepayload, (const unsigned char *)addr, strlen(addr)); + buf_putstring(ses.writepayload, addr, strlen(addr)); buf_putint(ses.writepayload, port); encrypt_packet(); @@ -218,7 +218,7 @@ static int newtcpforwarded(struct Channel * channel) { char portstring[NI_MAXSERV]; int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; - origaddr = (char *)buf_getstring(ses.payload, NULL); + origaddr = buf_getstring(ses.payload, NULL); origport = buf_getint(ses.payload); /* Find which port corresponds. First try and match address as well as port, diff --git a/common-algo.c b/common-algo.c index 76d3977..002ae66 100644 --- a/common-algo.c +++ b/common-algo.c @@ -144,12 +144,15 @@ algo_type sshciphers[] = { #ifdef DROPBEAR_AES256 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, #endif +#ifdef DROPBEAR_TWOFISH_CTR +/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */ #ifdef DROPBEAR_TWOFISH256 {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, #endif #ifdef DROPBEAR_TWOFISH128 {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, #endif +#endif /* DROPBEAR_TWOFISH_CTR */ #endif /* DROPBEAR_ENABLE_CTR_MODE */ #ifdef DROPBEAR_ENABLE_CBC_MODE @@ -325,7 +328,7 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) { buf_putbytes(algolist, (const unsigned char *) localalgos[i].name, len); } } - buf_putstring(buf, algolist->data, algolist->len); + buf_putstring(buf, (const char*)algolist->data, algolist->len); buf_free(algolist); } @@ -350,7 +353,7 @@ algo_type * buf_match_algo(buffer* buf, algo_type localalgos[], } /* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */ - algolist = (char *) buf_getstring(buf, &len); + algolist = buf_getstring(buf, &len); TRACE(("buf_match_algo: %s", algolist)) if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) { goto out; diff --git a/common-channel.c b/common-channel.c index a4fd787..abe5941 100644 --- a/common-channel.c +++ b/common-channel.c @@ -934,7 +934,7 @@ void recv_msg_channel_open() { TRACE(("enter recv_msg_channel_open")) /* get the packet contents */ - type = (char *) buf_getstring(ses.payload, &typelen); + type = buf_getstring(ses.payload, &typelen); remotechan = buf_getint(ses.payload); transwindow = buf_getint(ses.payload); @@ -1047,8 +1047,8 @@ static void send_msg_channel_open_failure(unsigned int remotechan, buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE); buf_putint(ses.writepayload, remotechan); buf_putint(ses.writepayload, reason); - buf_putstring(ses.writepayload, (const unsigned char *) text, strlen(text)); - buf_putstring(ses.writepayload, (const unsigned char *) lang, strlen(lang)); + buf_putstring(ses.writepayload, text, strlen(text)); + buf_putstring(ses.writepayload, lang, strlen(lang)); encrypt_packet(); TRACE(("leave send_msg_channel_open_failure")) @@ -1149,7 +1149,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN); - buf_putstring(ses.writepayload, (const unsigned char *) type->name, strlen(type->name)); + buf_putstring(ses.writepayload, type->name, strlen(type->name)); buf_putint(ses.writepayload, chan->index); buf_putint(ses.writepayload, opts.recv_window); buf_putint(ses.writepayload, RECV_MAX_CHANNEL_DATA_LEN); @@ -1250,6 +1250,6 @@ void start_send_channel_request(struct Channel *channel, buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); buf_putint(ses.writepayload, channel->remotechan); - buf_putstring(ses.writepayload, (const unsigned char *) type, strlen(type)); + buf_putstring(ses.writepayload, type, strlen(type)); } diff --git a/common-kex.c b/common-kex.c index 4de4b52..84b6efd 100644 --- a/common-kex.c +++ b/common-kex.c @@ -128,10 +128,10 @@ void send_msg_kexinit() { buf_put_algolist(ses.writepayload, ses.compress_algos); /* languages_client_to_server */ - buf_putstring(ses.writepayload, (const unsigned char *) "", 0); + buf_putstring(ses.writepayload, "", 0); /* languages_server_to_client */ - buf_putstring(ses.writepayload, (const unsigned char *) "", 0); + buf_putstring(ses.writepayload, "", 0); /* first_kex_packet_follows */ buf_putbyte(ses.writepayload, (ses.send_kex_first_guess != NULL)); @@ -511,7 +511,7 @@ void recv_msg_kexinit() { /* start the kex hash */ local_ident_len = strlen(LOCAL_IDENT); - remote_ident_len = strlen(ses.remoteident); + remote_ident_len = strlen((char*)ses.remoteident); kexhashbuf_len = local_ident_len + remote_ident_len + ses.transkexinit->len + ses.payload->len @@ -525,18 +525,17 @@ void recv_msg_kexinit() { read_kex_algos(); /* V_C, the client's version string (CR and NL excluded) */ - buf_putstring(ses.kexhashbuf, - (unsigned char*)LOCAL_IDENT, local_ident_len); + buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); /* V_S, the server's version string (CR and NL excluded) */ - buf_putstring(ses.kexhashbuf, (unsigned char*)ses.remoteident, remote_ident_len); + buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); /* I_C, the payload of the client's SSH_MSG_KEXINIT */ buf_putstring(ses.kexhashbuf, - ses.transkexinit->data, ses.transkexinit->len); + (const char*)ses.transkexinit->data, ses.transkexinit->len); /* I_S, the payload of the server's SSH_MSG_KEXINIT */ buf_setpos(ses.payload, ses.payload_beginning); buf_putstring(ses.kexhashbuf, - buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), + (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), ses.payload->len-ses.payload->pos); ses.requirenext = SSH_MSG_KEXDH_REPLY; } else { @@ -545,20 +544,19 @@ void recv_msg_kexinit() { /* read the peer's choice of algos */ read_kex_algos(); /* V_C, the client's version string (CR and NL excluded) */ - buf_putstring(ses.kexhashbuf, (unsigned char*)ses.remoteident, remote_ident_len); + buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); /* V_S, the server's version string (CR and NL excluded) */ - buf_putstring(ses.kexhashbuf, - (unsigned char*)LOCAL_IDENT, local_ident_len); + buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); /* I_C, the payload of the client's SSH_MSG_KEXINIT */ buf_setpos(ses.payload, ses.payload_beginning); buf_putstring(ses.kexhashbuf, - buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), + (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), ses.payload->len-ses.payload->pos); /* I_S, the payload of the server's SSH_MSG_KEXINIT */ buf_putstring(ses.kexhashbuf, - ses.transkexinit->data, ses.transkexinit->len); + (const char*)ses.transkexinit->data, ses.transkexinit->len); ses.requirenext = SSH_MSG_KEXDH_INIT; } @@ -783,9 +781,9 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_ /* K_S, the host key */ buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); /* Q_C, client's ephemeral public key octet string */ - buf_putstring(ses.kexhashbuf, Q_C, CURVE25519_LEN); + buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN); /* Q_S, server's ephemeral public key octet string */ - buf_putstring(ses.kexhashbuf, Q_S, CURVE25519_LEN); + buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN); /* K, the shared secret */ buf_putmpint(ses.kexhashbuf, ses.dh_K); diff --git a/common-session.c b/common-session.c index e565570..8ec7516 100644 --- a/common-session.c +++ b/common-session.c @@ -90,8 +90,6 @@ void common_session_init(int sock_in, int sock_out) { ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]); ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]); - kexfirstinitialise(); /* initialise the kex state */ - ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN); ses.transseq = 0; @@ -469,7 +467,7 @@ static void send_msg_keepalive() { /* Some peers will reply with SSH_MSG_REQUEST_FAILURE, some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */ buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); - buf_putstring(ses.writepayload, (const unsigned char *) DROPBEAR_KEEPALIVE_STRING, + buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING, strlen(DROPBEAR_KEEPALIVE_STRING)); } buf_putbyte(ses.writepayload, 1); /* want_reply */ diff --git a/configure.ac b/configure.ac index 6ae8c32..b0e85e5 100644 --- a/configure.ac +++ b/configure.ac @@ -265,7 +265,7 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage #include <sys/types.h> #include <sys/socket.h> ]], - [[ if (sizeof(struct sockaddr_storage)) return 0 ]])], + [[ struct sockaddr_storage s; ]])], [ ac_cv_have_struct_sockaddr_storage="yes" ], [ ac_cv_have_struct_sockaddr_storage="no" ] ) @@ -279,7 +279,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ #include <sys/types.h> #include <netinet/in.h> ]], - [[ if (sizeof(struct sockaddr_in6)) return 0 ]])], + [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], [ ac_cv_have_struct_sockaddr_in6="yes" ], [ ac_cv_have_struct_sockaddr_in6="no" ] ) @@ -293,7 +293,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ #include <sys/types.h> #include <netinet/in.h> ]], - [[ if (sizeof(struct in6_addr)) return 0 ]])], + [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], [ ac_cv_have_struct_in6_addr="yes" ], [ ac_cv_have_struct_in6_addr="no" ] ) @@ -308,7 +308,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ #include <sys/socket.h> #include <netdb.h> ]], - [[ if (sizeof(struct addrinfo)) return 0 ]])], + [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], [ ac_cv_have_struct_addrinfo="yes" ], [ ac_cv_have_struct_addrinfo="no" ] ) @@ -141,7 +141,7 @@ out: return ret; } -void addrandom(unsigned char * buf, unsigned int len) +void addrandom(char * buf, unsigned int len) { hash_state hs; @@ -29,7 +29,7 @@ void seedrandom(); void genrandom(unsigned char* buf, unsigned int len); -void addrandom(unsigned char * buf, unsigned int len); +void addrandom(char * buf, unsigned int len); void gen_random_mpint(mp_int *max, mp_int *rand); #endif /* DROPBEAR_RANDOM_H_ */ @@ -136,7 +136,7 @@ void dss_key_free(dropbear_dss_key *key) { void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) { dropbear_assert(key != NULL); - buf_putstring(buf, (const unsigned char*) SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); + buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); buf_putmpint(buf, key->p); buf_putmpint(buf, key->q); buf_putmpint(buf, key->g); @@ -173,7 +173,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); /* get blob, check length */ - string = (char*) buf_getstring(buf, &stringlen); + string = buf_getstring(buf, &stringlen); if (stringlen != 2*SHA1_HASH_SIZE) { goto out; } @@ -310,7 +310,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { dropbear_exit("DSS error"); } - buf_putstring(buf, (const unsigned char*) SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); + buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); buf_putint(buf, 2*SHA1_HASH_SIZE); writelen = mp_unsigned_bin_size(&dss_r); @@ -12,7 +12,7 @@ struct dropbear_ecc_curve { int ltc_size; /* to match the byte sizes in ltc_ecc_sets[] */ const ltc_ecc_set_type *dp; /* curve domain parameters */ const struct ltc_hash_descriptor *hash_desc; - const char *name; + const unsigned char *name; }; extern struct dropbear_ecc_curve ecc_curve_nistp256; @@ -83,9 +83,9 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { ecc_key *new_key = NULL; /* string "ecdsa-sha2-[identifier]" */ - key_ident = buf_getstring(buf, &key_ident_len); + key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len); /* string "[identifier]" */ - identifier = buf_getstring(buf, &identifier_len); + identifier = (unsigned char*)buf_getstring(buf, &identifier_len); if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) { TRACE(("Bad identifier lengths")) @@ -144,8 +144,8 @@ void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) { curve = curve_for_dp(key->dp); snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); - buf_putstring(buf, (const unsigned char *) key_ident, strlen(key_ident)); - buf_putstring(buf, (const unsigned char *) curve->name, strlen(curve->name)); + buf_putstring(buf, key_ident, strlen(key_ident)); + buf_putstring(buf, curve->name, strlen(curve->name)); buf_put_ecc_raw_pubkey_string(buf, key); } @@ -223,7 +223,7 @@ void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) { } snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); - buf_putstring(buf, (const unsigned char *) key_ident, strlen(key_ident)); + buf_putstring(buf, key_ident, strlen(key_ident)); /* enough for nistp521 */ sigbuf = buf_new(200); buf_putmpint(sigbuf, (mp_int*)r); @@ -67,7 +67,7 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) { static void getq(dropbear_dss_key *key) { - unsigned char buf[QSIZE]; + char buf[QSIZE]; /* 160 bit prime */ genrandom(buf, QSIZE); diff --git a/keyimport.c b/keyimport.c index b7490aa..362d775 100644 --- a/keyimport.c +++ b/keyimport.c @@ -193,7 +193,7 @@ out: static void base64_encode_fp(FILE * fp, unsigned char *data, int datalen, int cpl) { - unsigned char out[100]; + char out[100]; int n; unsigned long outlen; int rawcpl; @@ -445,7 +445,7 @@ static struct openssh_key *load_openssh_key(const char *filename) ret->keyblob_size); } outlen = ret->keyblob_size - ret->keyblob_len; - if (base64_decode((const unsigned char *)buffer, len, + if (base64_decode(buffer, len, ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){ errmsg = "Error decoding base64"; goto error; @@ -507,7 +507,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) int i, num_integers = 0; sign_key *retval = NULL; char *errmsg; - unsigned char *modptr = NULL; + char *modptr = NULL; int modlen = -9999; enum signkey_type type; @@ -602,13 +602,13 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) #ifdef DROPBEAR_DSS if (key->type == OSSH_DSA) { - buf_putstring(blobbuf, (const unsigned char *)"ssh-dss", 7); + buf_putstring(blobbuf, "ssh-dss", 7); retkey->type = DROPBEAR_SIGNKEY_DSS; } #endif #ifdef DROPBEAR_RSA if (key->type == OSSH_RSA) { - buf_putstring(blobbuf, (const unsigned char *)"ssh-rsa", 7); + buf_putstring(blobbuf, "ssh-rsa", 7); retkey->type = DROPBEAR_SIGNKEY_RSA; } #endif @@ -646,12 +646,12 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) */ if (i == 1) { /* Save the details for after we deal with number 2. */ - modptr = p; + modptr = (char *)p; modlen = len; } else if (i >= 2 && i <= 5) { - buf_putstring(blobbuf, p, len); + buf_putstring(blobbuf, (const char*)p, len); if (i == 2) { - buf_putstring(blobbuf, modptr, modlen); + buf_putstring(blobbuf, (const char*)modptr, modlen); } } } else if (key->type == OSSH_DSA) { @@ -659,7 +659,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) * OpenSSH key order is p, q, g, y, x, * we want the same. */ - buf_putstring(blobbuf, p, len); + buf_putstring(blobbuf, (const char*)p, len); } /* Skip past the number. */ @@ -1043,7 +1043,7 @@ static int openssh_write(const char *filename, sign_key *key, int curve_oid_len = 0; const void* curve_oid = NULL; unsigned long pubkey_size = 2*curve_size+1; - int k_size; + unsigned int k_size; int err = 0; /* version. less than 10 bytes */ diff --git a/libtomcrypt/src/ciphers/aes/aes.c b/libtomcrypt/src/ciphers/aes/aes.c index 55f6333..74798e8 100644 --- a/libtomcrypt/src/ciphers/aes/aes.c +++ b/libtomcrypt/src/ciphers/aes/aes.c @@ -122,10 +122,9 @@ static ulong32 setup_mix2(ulong32 temp) */ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { - int i; + int i, j; ulong32 temp, *rk; #ifndef ENCRYPT_ONLY - int j; ulong32 *rrk; #endif LTC_ARGCHK(key != NULL); @@ -149,9 +148,7 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s LOAD32H(rk[2], key + 8); LOAD32H(rk[3], key + 12); if (keylen == 16) { - #ifndef ENCRYPT_ONLY j = 44; - #endif for (;;) { temp = rk[3]; rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; @@ -164,9 +161,7 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s rk += 4; } } else if (keylen == 24) { - #ifndef ENCRYPT_ONLY j = 52; - #endif LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); for (;;) { @@ -187,9 +182,7 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s rk += 6; } } else if (keylen == 32) { - #ifndef ENCRYPT_ONLY j = 60; - #endif LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); LOAD32H(rk[6], key + 24); @@ -735,7 +728,6 @@ int ECB_TEST(void) */ void ECB_DONE(symmetric_key *skey) { - (void)skey; } diff --git a/libtomcrypt/src/ciphers/des.c b/libtomcrypt/src/ciphers/des.c index 6005e84..e505b14 100644 --- a/libtomcrypt/src/ciphers/des.c +++ b/libtomcrypt/src/ciphers/des.c @@ -1871,7 +1871,6 @@ void des_done(symmetric_key *skey) */ void des3_done(symmetric_key *skey) { - (void)skey; } diff --git a/libtomcrypt/src/ciphers/twofish/twofish.c b/libtomcrypt/src/ciphers/twofish/twofish.c index 8f81bdd..9e6d0d4 100644 --- a/libtomcrypt/src/ciphers/twofish/twofish.c +++ b/libtomcrypt/src/ciphers/twofish/twofish.c @@ -684,7 +684,6 @@ int twofish_test(void) */ void twofish_done(symmetric_key *skey) { - (void)skey; } /** diff --git a/libtomcrypt/src/hashes/helper/hash_file.c b/libtomcrypt/src/hashes/helper/hash_file.c index df31606..a92025c 100644 --- a/libtomcrypt/src/hashes/helper/hash_file.c +++ b/libtomcrypt/src/hashes/helper/hash_file.c @@ -25,7 +25,6 @@ int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE - (void)hash; (void)fname; (void)out; (void)outlen; return CRYPT_NOP; #else FILE *in; diff --git a/libtomcrypt/src/hashes/helper/hash_filehandle.c b/libtomcrypt/src/hashes/helper/hash_filehandle.c index 03155ea..be2cbf9 100644 --- a/libtomcrypt/src/hashes/helper/hash_filehandle.c +++ b/libtomcrypt/src/hashes/helper/hash_filehandle.c @@ -26,7 +26,6 @@ int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE - (void)hash; (void)in; (void)out; (void)outlen; return CRYPT_NOP; #else hash_state md; diff --git a/libtomcrypt/src/mac/hmac/hmac_file.c b/libtomcrypt/src/mac/hmac/hmac_file.c index d7c40b1..b296320 100644 --- a/libtomcrypt/src/mac/hmac/hmac_file.c +++ b/libtomcrypt/src/mac/hmac/hmac_file.c @@ -32,7 +32,6 @@ int hmac_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE - (void)hash; (void)fname; (void)key; (void)keylen; (void)out; (void)outlen; return CRYPT_NOP; #else hmac_state hmac; diff --git a/libtomcrypt/src/misc/crypt/crypt_argchk.c b/libtomcrypt/src/misc/crypt/crypt_argchk.c index a6d2a48..c6675ef 100644 --- a/libtomcrypt/src/misc/crypt/crypt_argchk.c +++ b/libtomcrypt/src/misc/crypt/crypt_argchk.c @@ -21,7 +21,7 @@ void crypt_argchk(char *v, char *s, int d) { fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n", v, d, s); - abort(); + (void)raise(SIGABRT); } #endif diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c index 8cbcdf3..b94a50c 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c @@ -40,7 +40,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) int i, j, err; void *mu, *mp; unsigned long buf; - int bitcnt, mode, digidx; + int first, bitbuf, bitcpy, bitcnt, mode, digidx; LTC_ARGCHK(k != NULL); LTC_ARGCHK(G != NULL); @@ -98,6 +98,8 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) bitcnt = 1; buf = 0; digidx = mp_get_digit_count(k) - 1; + bitcpy = bitbuf = 0; + first = 1; /* perform ops */ for (;;) { @@ -70,7 +70,7 @@ static void connect_try_next(struct dropbear_progress_connection *c) { struct addrinfo *r; int res = 0; int fastopen = 0; -#ifdef DROPBEAR_TCP_FAST_OPEN +#ifdef DROPBEAR_CLIENT_TCP_FAST_OPEN struct msghdr message; #endif @@ -91,14 +91,13 @@ static void connect_try_next(struct dropbear_progress_connection *c) { set_piggyback_ack(c->sock); #endif -#ifdef DROPBEAR_TCP_FAST_OPEN +#ifdef DROPBEAR_CLIENT_TCP_FAST_OPEN fastopen = (c->writequeue != NULL); - memset(&message, 0x0, sizeof(message)); - message.msg_name = r->ai_addr; - message.msg_namelen = r->ai_addrlen; - - if (c->writequeue) { + if (fastopen) { + memset(&message, 0x0, sizeof(message)); + message.msg_name = r->ai_addr; + message.msg_namelen = r->ai_addrlen; /* 6 is arbitrary, enough to hold initial packets */ unsigned int iovlen = 6; /* Linux msg_iovlen is a size_t */ struct iovec iov[6]; @@ -106,18 +105,22 @@ static void connect_try_next(struct dropbear_progress_connection *c) { message.msg_iov = iov; message.msg_iovlen = iovlen; res = sendmsg(c->sock, &message, MSG_FASTOPEN); - if (res < 0 && errno != EINPROGRESS) { - m_free(c->errstring); - c->errstring = m_strdup(strerror(errno)); - /* Not entirely sure which kind of errors are normal - 2.6.32 seems to - return EPIPE for any (nonblocking?) sendmsg(). just fall back */ - TRACE(("sendmsg tcp_fastopen failed, falling back. %s", strerror(errno))); - /* No kernel MSG_FASTOPEN support. Fall back below */ - fastopen = 0; - /* Set to NULL to avoid trying again */ - c->writequeue = NULL; + /* Returns EINPROGRESS if FASTOPEN wasn't available */ + if (res < 0) { + if (errno != EINPROGRESS) { + m_free(c->errstring); + c->errstring = m_strdup(strerror(errno)); + /* Not entirely sure which kind of errors are normal - 2.6.32 seems to + return EPIPE for any (nonblocking?) sendmsg(). just fall back */ + TRACE(("sendmsg tcp_fastopen failed, falling back. %s", strerror(errno))); + /* No kernel MSG_FASTOPEN support. Fall back below */ + fastopen = 0; + /* Set to NULL to avoid trying again */ + c->writequeue = NULL; + } + } else { + packet_queue_consume(c->writequeue, res); } - packet_queue_consume(c->writequeue, res); } #endif @@ -310,7 +313,7 @@ void set_sock_nodelay(int sock) { setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val)); } -#ifdef DROPBEAR_TCP_FAST_OPEN +#ifdef DROPBEAR_SERVER_TCP_FAST_OPEN void set_listen_fast_open(int sock) { int qlen = MAX(MAX_UNAUTH_PER_IP, 5); if (setsockopt(sock, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) != 0) { @@ -48,7 +48,7 @@ void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count); void packet_queue_consume(struct Queue *queue, ssize_t written); -#ifdef DROPBEAR_TCP_FAST_OPEN +#ifdef DROPBEAR_SERVER_TCP_FAST_OPEN /* Try for any Linux builds, will fall back if the kernel doesn't support it */ void set_listen_fast_open(int sock); /* Define values which may be supported by the kernel even if the libc is too old */ @@ -103,10 +103,15 @@ much traffic. */ #define DROPBEAR_ENABLE_CBC_MODE /* Enable "Counter Mode" for ciphers. This is more secure than normal - * CBC mode against certain attacks. This adds around 1kB to binary - * size and is recommended for most cases */ + * CBC mode against certain attacks. It is recommended for security + * and forwards compatibility */ #define DROPBEAR_ENABLE_CTR_MODE +/* Twofish counter mode is disabled by default because it +has not been tested for interoperability with other SSH implementations. +If you test it please contact the Dropbear author */ +/* #define DROPBEAR_TWOFISH_CTR */ + /* You can compile with no encryption if you want. In some circumstances * this could be safe security-wise, though make sure you know what * you're doing. Anyone can see everything that goes over the wire, so @@ -174,7 +174,7 @@ void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { TRACE(("enter buf_put_rsa_pub_key")) dropbear_assert(key != NULL); - buf_putstring(buf, (const unsigned char *) SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); + buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); buf_putmpint(buf, key->e); buf_putmpint(buf, key->n); @@ -327,7 +327,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) { mp_clear_multi(&rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); /* create the signature to return */ - buf_putstring(buf, (const unsigned char *) SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); + buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); nsize = mp_unsigned_bin_size(key->n); @@ -63,7 +63,7 @@ void svr_dropbear_log(int priority, const char* format, va_list param); /* Client */ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN; void cli_connected(int result, int sock, void* userdata, const char *errstring); -void cleantext(char* dirtytext); +void cleantext(unsigned char* dirtytext); /* crypto parameters that are stored individually for transmit and receive */ struct key_context_directional { @@ -115,7 +115,7 @@ struct sshsession { /* remotehost will be initially NULL as we delay * reading the remote version string. it will be set * by the time any recv_() packet methods are called */ - char *remoteident; + unsigned char *remoteident; int maxfd; /* the maximum file descriptor to check with select() */ @@ -145,7 +145,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) { TRACE2(("enter buf_get_pub_key")) - ident = (char *) buf_getstring(buf, &len); + ident = buf_getstring(buf, &len); keytype = signkey_type_from_name(ident, len); m_free(ident); @@ -216,7 +216,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) { TRACE2(("enter buf_get_priv_key")) - ident = (char *)buf_getstring(buf, &len); + ident = buf_getstring(buf, &len); keytype = signkey_type_from_name(ident, len); m_free(ident); @@ -522,7 +522,7 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { TRACE(("enter buf_verify")) buf_getint(buf); /* blob length */ - type_name = (char *) buf_getstring(buf, &type_name_len); + type_name = buf_getstring(buf, &type_name_len); type = signkey_type_from_name(type_name, type_name_len); m_free(type_name); @@ -89,7 +89,7 @@ void send_msg_userauth_banner(buffer *banner) { buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); buf_putbufstring(ses.writepayload, banner); - buf_putstring(ses.writepayload, (const unsigned char *)"en", 2); + buf_putstring(ses.writepayload, "en", 2); encrypt_packet(); @@ -119,9 +119,9 @@ void recv_msg_userauth_request() { svr_opts.banner = NULL; } - username = (char *)buf_getstring(ses.payload, &userlen); - servicename = (char *)buf_getstring(ses.payload, &servicelen); - methodname = (char *)buf_getstring(ses.payload, &methodlen); + username = buf_getstring(ses.payload, &userlen); + servicename = buf_getstring(ses.payload, &servicelen); + methodname = buf_getstring(ses.payload, &methodlen); /* only handle 'ssh-connection' currently */ if (servicelen != SSH_SERVICE_CONNECTION_LEN diff --git a/svr-authpam.c b/svr-authpam.c index 0b1d69f..101017c 100644 --- a/svr-authpam.c +++ b/svr-authpam.c @@ -188,7 +188,7 @@ void svr_auth_pam() { pam_handle_t* pamHandlep = NULL; - unsigned char * password = NULL; + char * password = NULL; unsigned int passwordlen; int rc = PAM_SUCCESS; diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 7a5a121..9852ac6 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -33,6 +33,8 @@ #ifdef ENABLE_SVR_PASSWORD_AUTH +/* not constant time when strings are differing lengths. + string content isn't leaked, and crypt hashes are predictable length. */ static int constant_time_strcmp(const char* a, const char* b) { size_t la = strlen(a); size_t lb = strlen(b); @@ -50,7 +52,7 @@ void svr_auth_password() { char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ - unsigned char * password; + char * password; unsigned int passwordlen; unsigned int changepw; @@ -73,7 +75,7 @@ void svr_auth_password() { password = buf_getstring(ses.payload, &passwordlen); /* the first bytes of passwdcrypt are the salt */ - testcrypt = crypt((char*)password, passwdcrypt); + testcrypt = crypt(password, passwdcrypt); m_burn(password, passwordlen); m_free(password); diff --git a/svr-authpubkey.c b/svr-authpubkey.c index ecce2b1..89d77ed 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -98,7 +98,7 @@ void svr_auth_pubkey() { * actual attempt*/ testkey = (buf_getbool(ses.payload) == 0); - algo = (char *) buf_getstring(ses.payload, &algolen); + algo = buf_getstring(ses.payload, &algolen); keybloblen = buf_getint(ses.payload); keyblob = buf_getptr(ses.payload, keybloblen); @@ -180,8 +180,8 @@ static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen, CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK); - buf_putstring(ses.writepayload, (const unsigned char *) algo, algolen); - buf_putstring(ses.writepayload, keyblob, keybloblen); + buf_putstring(ses.writepayload, algo, algolen); + buf_putstring(ses.writepayload, (const char*)keyblob, keybloblen); encrypt_packet(); TRACE(("leave send_msg_userauth_pk_ok")) diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c index c296141..71d7c14 100644 --- a/svr-authpubkeyoptions.c +++ b/svr-authpubkeyoptions.c @@ -120,7 +120,7 @@ static int match_option(buffer *options_buf, const char *opt_name) { if (options_buf->len - options_buf->pos < len) { return DROPBEAR_FAILURE; } - if (strncasecmp((const char *) buf_getptr(options_buf, len), opt_name, len) == 0) { + if (strncasecmp(buf_getptr(options_buf, len), opt_name, len) == 0) { buf_incrpos(options_buf, len); return DROPBEAR_SUCCESS; } diff --git a/svr-chansession.c b/svr-chansession.c index 18e4bf0..e44299e 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -183,7 +183,7 @@ static void send_msg_chansess_exitstatus(struct Channel * channel, buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); buf_putint(ses.writepayload, channel->remotechan); - buf_putstring(ses.writepayload, (const unsigned char *) "exit-status", 11); + buf_putstring(ses.writepayload, "exit-status", 11); buf_putbyte(ses.writepayload, 0); /* boolean FALSE */ buf_putint(ses.writepayload, chansess->exit.exitstatus); @@ -219,12 +219,12 @@ static void send_msg_chansess_exitsignal(struct Channel * channel, buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); buf_putint(ses.writepayload, channel->remotechan); - buf_putstring(ses.writepayload, (const unsigned char *) "exit-signal", 11); + buf_putstring(ses.writepayload, "exit-signal", 11); buf_putbyte(ses.writepayload, 0); /* boolean FALSE */ - buf_putstring(ses.writepayload, (const unsigned char *) signame, strlen(signame)); + buf_putstring(ses.writepayload, signame, strlen(signame)); buf_putbyte(ses.writepayload, chansess->exit.exitcore); - buf_putstring(ses.writepayload, (const unsigned char *) "", 0); /* error msg */ - buf_putstring(ses.writepayload, (const unsigned char *) "", 0); /* lang */ + buf_putstring(ses.writepayload, "", 0); /* error msg */ + buf_putstring(ses.writepayload, "", 0); /* lang */ encrypt_packet(); } @@ -351,7 +351,7 @@ static void chansessionrequest(struct Channel *channel) { TRACE(("enter chansessionrequest")) - type = (char *) buf_getstring(ses.payload, &typelen); + type = buf_getstring(ses.payload, &typelen); wantreply = buf_getbool(ses.payload); if (typelen > MAX_NAME_LEN) { @@ -414,7 +414,7 @@ static int sessionsignal(struct ChanSess *chansess) { return DROPBEAR_FAILURE; } - signame = (char *) buf_getstring(ses.payload, NULL); + signame = buf_getstring(ses.payload, NULL); i = 0; while (signames[i].name != 0) { @@ -567,7 +567,7 @@ static int sessionpty(struct ChanSess * chansess) { return DROPBEAR_FAILURE; } - chansess->term = (char *) buf_getstring(ses.payload, &termlen); + chansess->term = buf_getstring(ses.payload, &termlen); if (termlen > MAX_TERM_LEN) { /* TODO send disconnect ? */ TRACE(("leave sessionpty: term len too long")) @@ -649,7 +649,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, if (iscmd) { /* "exec" */ if (chansess->cmd == NULL) { - chansess->cmd = (char *) buf_getstring(ses.payload, &cmdlen); + chansess->cmd = buf_getstring(ses.payload, &cmdlen); if (cmdlen > MAX_CMD_LEN) { m_free(chansess->cmd); @@ -247,7 +247,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) { { struct kex_curve25519_param *param = gen_kexcurve25519_param(); kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); - buf_putstring(ses.writepayload, param->pub, CURVE25519_LEN); + buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN); free_kexcurve25519_param(param); } #endif @@ -429,7 +429,7 @@ static size_t listensockets(int *socks, size_t sockcount, int *maxfd) { for (n = 0; n < (unsigned int)nsock; n++) { int sock = socks[sockpos + n]; set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); -#ifdef DROPBEAR_TCP_FAST_OPEN +#ifdef DROPBEAR_SERVER_TCP_FAST_OPEN set_listen_fast_open(sock); #endif } diff --git a/svr-service.c b/svr-service.c index 6c946a1..1f72ea5 100644 --- a/svr-service.c +++ b/svr-service.c @@ -41,7 +41,7 @@ void recv_msg_service_request() { TRACE(("enter recv_msg_service_request")) - name = (char *) buf_getstring(ses.payload, &len); + name = buf_getstring(ses.payload, &len); /* ssh-userauth */ if (len == SSH_SERVICE_USERAUTH_LEN && @@ -80,7 +80,7 @@ static void send_msg_service_accept(char *name, int len) { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_ACCEPT); - buf_putstring(ses.writepayload, (const unsigned char *) name, len); + buf_putstring(ses.writepayload, name, len); encrypt_packet(); diff --git a/svr-session.c b/svr-session.c index 8485905..d638d59 100644 --- a/svr-session.c +++ b/svr-session.c @@ -138,6 +138,8 @@ void svr_session(int sock, int childpipe) { /* exchange identification, version etc */ send_session_identification(); + + kexfirstinitialise(); /* initialise the kex state */ /* start off with key exchange */ send_msg_kexinit(); diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c index 615045e..d2f1427 100644 --- a/svr-tcpfwd.c +++ b/svr-tcpfwd.c @@ -77,7 +77,7 @@ void recv_msg_global_request_remotetcp() { goto out; } - reqname = (char *)buf_getstring(ses.payload, &namelen); + reqname = buf_getstring(ses.payload, &namelen); wantreply = buf_getbool(ses.payload); if (namelen > MAX_NAME_LEN) { @@ -128,7 +128,7 @@ static int svr_cancelremotetcp() { TRACE(("enter cancelremotetcp")) - bindaddr = (char *)buf_getstring(ses.payload, &addrlen); + bindaddr = buf_getstring(ses.payload, &addrlen); if (addrlen > MAX_IP_LEN) { TRACE(("addr len too long: %d", addrlen)) goto out; @@ -162,7 +162,7 @@ static int svr_remotetcpreq() { TRACE(("enter remotetcpreq")) - request_addr = (char *)buf_getstring(ses.payload, &addrlen); + request_addr = buf_getstring(ses.payload, &addrlen); if (addrlen > MAX_IP_LEN) { TRACE(("addr len too long: %d", addrlen)) goto out; @@ -247,7 +247,7 @@ static int newtcpdirect(struct Channel * channel) { goto out; } - desthost = (char *)buf_getstring(ses.payload, &len); + desthost = buf_getstring(ses.payload, &len); if (len > MAX_HOST_LEN) { TRACE(("leave newtcpdirect: desthost too long")) goto out; @@ -255,7 +255,7 @@ static int newtcpdirect(struct Channel * channel) { destport = buf_getint(ses.payload); - orighost = (char *)buf_getstring(ses.payload, &len); + orighost = buf_getstring(ses.payload, &len); if (len > MAX_HOST_LEN) { TRACE(("leave newtcpdirect: orighost too long")) goto out; diff --git a/svr-x11fwd.c b/svr-x11fwd.c index ad1e7d4..144ec0b 100644 --- a/svr-x11fwd.c +++ b/svr-x11fwd.c @@ -58,8 +58,8 @@ int x11req(struct ChanSess * chansess) { } chansess->x11singleconn = buf_getbool(ses.payload); - chansess->x11authprot = (char *)buf_getstring(ses.payload, NULL); - chansess->x11authcookie = (char *)buf_getstring(ses.payload, NULL); + chansess->x11authprot = buf_getstring(ses.payload, NULL); + chansess->x11authcookie = buf_getstring(ses.payload, NULL); chansess->x11screennum = buf_getint(ses.payload); /* create listening socket */ @@ -203,7 +203,7 @@ static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr) { if (send_msg_channel_open_init(fd, &chan_x11) == DROPBEAR_SUCCESS) { ipstring = inet_ntoa(addr->sin_addr); - buf_putstring(ses.writepayload, (const unsigned char *)ipstring, strlen(ipstring)); + buf_putstring(ses.writepayload, ipstring, strlen(ipstring)); buf_putint(ses.writepayload, addr->sin_port); encrypt_packet(); diff --git a/sysoptions.h b/sysoptions.h index 11dc10d..185c8e6 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -262,9 +262,12 @@ /* Use this string since some implementations might special-case it */ #define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com" -/* Linux will attempt TCP fast open, falling back if not supported by the kernel */ +/* Linux will attempt TCP fast open, falling back if not supported by the kernel. + * Currently server is enabled but client is disabled by default until there + * is further compatibility testing */ #ifdef __linux__ -#define DROPBEAR_TCP_FAST_OPEN 1 +#define DROPBEAR_SERVER_TCP_FAST_OPEN +/* #define DROPBEAR_CLIENT_TCP_FAST_OPEN */ #endif /* no include guard for this file */ diff --git a/tcp-accept.c b/tcp-accept.c index fc9b4c1..35be32d 100644 --- a/tcp-accept.c +++ b/tcp-accept.c @@ -75,7 +75,7 @@ static void tcp_acceptor(struct Listener *listener, int sock) { } if (send_msg_channel_open_init(fd, tcpinfo->chantype) == DROPBEAR_SUCCESS) { - char* addr = NULL; + unsigned char* addr = NULL; unsigned int port = 0; if (tcpinfo->tcp_type == direct) { @@ -94,11 +94,11 @@ static void tcp_acceptor(struct Listener *listener, int sock) { if (addr == NULL) { addr = "localhost"; } - buf_putstring(ses.writepayload, (const unsigned char *)addr, strlen(addr)); + buf_putstring(ses.writepayload, addr, strlen(addr)); buf_putint(ses.writepayload, port); /* originator ip */ - buf_putstring(ses.writepayload, (const unsigned char *)ipstring, strlen(ipstring)); + buf_putstring(ses.writepayload, ipstring, strlen(ipstring)); /* originator port */ buf_putint(ses.writepayload, atol(portstring)); @@ -31,16 +31,16 @@ struct TCPListener { /* For a direct-tcpip request, it's the addr/port we want the other * end to connect to */ - char *sendaddr; + unsigned char *sendaddr; unsigned int sendport; /* This is the address/port that we listen on. The address has special * meanings as per the rfc, "" for all interfaces, "localhost" for * localhost, or a normal interface name. */ - char *listenaddr; + unsigned char *listenaddr; unsigned int listenport; /* The address that the remote host asked to listen on */ - char *request_listenaddr; + unsigned char *request_listenaddr; const struct ChanType *chantype; enum {direct, forwarded} tcp_type; @@ -48,9 +48,9 @@ struct TCPListener { /* A forwarding entry */ struct TCPFwdEntry { - const char *connectaddr; + const unsigned char* connectaddr; unsigned int connectport; - const char *listenaddr; + const unsigned char* listenaddr; unsigned int listenport; unsigned int have_reply; /* is set to 1 after a reply has been received when setting up the forwarding */ |