summaryrefslogtreecommitdiffhomepage
path: root/svr-kex.c
diff options
context:
space:
mode:
Diffstat (limited to 'svr-kex.c')
-rw-r--r--svr-kex.c77
1 files changed, 21 insertions, 56 deletions
diff --git a/svr-kex.c b/svr-kex.c
index f3828aa..7108f64 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -54,18 +54,24 @@ void recv_msg_kexdh_init() {
}
switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
m_mp_init(&dh_e);
if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
dropbear_exit("Bad kex value");
}
break;
+#endif
+#if DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
+#endif
+#if DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
-#if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
- ecdh_qs = buf_getstringbuf(ses.payload);
#endif
+#if DROPBEAR_ECDH || DROPBEAR_CURVE25519
+ ecdh_qs = buf_getstringbuf(ses.payload);
break;
+#endif
}
if (ses.payload->pos != ses.payload->len) {
dropbear_exit("Bad kex value");
@@ -85,31 +91,11 @@ void recv_msg_kexdh_init() {
}
-#ifdef DROPBEAR_DELAY_HOSTKEY
-
-static void fsync_parent_dir(const char* fn) {
-#ifdef HAVE_LIBGEN_H
- char *fn_dir = m_strdup(fn);
- char *dir = dirname(fn_dir);
- int dirfd = open(dir, O_RDONLY);
-
- if (dirfd != -1) {
- if (fsync(dirfd) != 0) {
- TRACE(("fsync of directory %s failed: %s", dir, strerror(errno)))
- }
- m_close(dirfd);
- } else {
- TRACE(("error opening directory %s for fsync: %s", dir, strerror(errno)))
- }
-
- free(fn_dir);
-#endif
-}
+#if DROPBEAR_DELAY_HOSTKEY
static void svr_ensure_hostkey() {
const char* fn = NULL;
- char *fn_temp = NULL;
enum signkey_type type = ses.newkeys->algo_hostkey;
void **hostkey = signkey_key_ptr(svr_opts.hostkey, type);
int ret = DROPBEAR_FAILURE;
@@ -120,17 +106,17 @@ static void svr_ensure_hostkey() {
switch (type)
{
-#ifdef DROPBEAR_RSA
+#if DROPBEAR_RSA
case DROPBEAR_SIGNKEY_RSA:
fn = RSA_PRIV_FILENAME;
break;
#endif
-#ifdef DROPBEAR_DSS
+#if DROPBEAR_DSS
case DROPBEAR_SIGNKEY_DSS:
fn = DSS_PRIV_FILENAME;
break;
#endif
-#ifdef DROPBEAR_ECDSA
+#if DROPBEAR_ECDSA
case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
@@ -145,28 +131,10 @@ static void svr_ensure_hostkey() {
return;
}
- fn_temp = m_malloc(strlen(fn) + 20);
- snprintf(fn_temp, strlen(fn)+20, "%s.tmp%d", fn, getpid());
-
- if (signkey_generate(type, 0, fn_temp) == DROPBEAR_FAILURE) {
+ if (signkey_generate(type, 0, fn, 1) == DROPBEAR_FAILURE) {
goto out;
}
-
- if (link(fn_temp, fn) < 0) {
- /* It's OK to get EEXIST - we probably just lost a race
- with another connection to generate the key */
- if (errno != EEXIST) {
- dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", fn,
- strerror(errno));
- /* XXX fallback to non-atomic copy for some filesystems? */
- goto out;
- }
- }
-
- /* ensure directory update is flushed to disk, otherwise we can end up
- with zero-byte hostkey files if the power goes off */
- fsync_parent_dir(fn);
-
+
ret = readhostkey(fn, svr_opts.hostkey, &type);
if (ret == DROPBEAR_SUCCESS) {
@@ -184,11 +152,6 @@ static void svr_ensure_hostkey() {
}
out:
- if (fn_temp) {
- unlink(fn_temp);
- m_free(fn_temp);
- }
-
if (ret == DROPBEAR_FAILURE)
{
dropbear_exit("Couldn't read or generate hostkey %s", fn);
@@ -209,7 +172,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
/* we can start creating the kexdh_reply packet */
CHECKCLEARTOWRITE();
-#ifdef DROPBEAR_DELAY_HOSTKEY
+#if DROPBEAR_DELAY_HOSTKEY
if (svr_opts.delay_hostkey)
{
svr_ensure_hostkey();
@@ -221,6 +184,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
ses.newkeys->algo_hostkey);
switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
{
struct kex_dh_param * dh_param = gen_kexdh_param();
@@ -231,8 +195,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
free_kexdh_param(dh_param);
}
break;
+#endif
+#if DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
{
struct kex_ecdh_param *ecdh_param = gen_kexecdh_param();
kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
@@ -240,18 +205,18 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key);
free_kexecdh_param(ecdh_param);
}
-#endif
break;
+#endif
+#if DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
-#ifdef DROPBEAR_CURVE25519
{
struct kex_curve25519_param *param = gen_kexcurve25519_param();
kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN);
free_kexcurve25519_param(param);
}
-#endif
break;
+#endif
}
/* calc the signature */
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-17 08:47:06 +0000