From 3710f278ae76751118fb3ced2ee6e8e320b91002 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 26 May 2005 12:19:17 +1000 Subject: - djm@cvs.openbsd.org 2005/05/23 23:32:46 [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5] add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes; ok markus@ --- cipher.c | 61 ++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 23 deletions(-) (limited to 'cipher.c') diff --git a/cipher.c b/cipher.c index beba4618d..b56492940 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -74,39 +74,42 @@ struct Cipher { int number; /* for ssh1 only */ u_int block_size; u_int key_len; + u_int discard_len; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, - { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, - - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, - { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, - { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, + + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, + { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, + { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, + { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, + SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, #else - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, + SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, #endif #if OPENSSL_VERSION_NUMBER >= 0x00905000L - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, #endif #if defined(EVP_CTRL_SET_ACSS_MODE) - { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss }, + { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, #endif - { NULL, SSH_CIPHER_INVALID, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } }; /*--*/ @@ -224,6 +227,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, const EVP_CIPHER *type; #endif int klen; + u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { if (dowarn) { @@ -271,6 +275,17 @@ cipher_init(CipherContext *cc, Cipher *cipher, fatal("cipher_init: EVP_CipherInit: set key failed for %s", cipher->name); #endif + + if (cipher->discard_len > 0) { + junk = xmalloc(cipher->discard_len); + discard = xmalloc(cipher->discard_len); + if (EVP_Cipher(&cc->evp, discard, junk, + cipher->discard_len) == 0) + fatal("evp_crypt: EVP_Cipher failed during discard"); + memset(discard, 0, cipher->discard_len); + xfree(junk); + xfree(discard); + } } void -- cgit v1.2.3 From a55ec7701336230c76b63ad426057146ae516a4f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 9 Jun 2005 21:45:10 +1000 Subject: - (dtucker) [cipher.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] Move compatibility code for supporting older OpenSSL versions to the compat layer. Suggested by and "no objection" djm@ --- ChangeLog | 8 ++++- cipher.c | 42 ++------------------------ openbsd-compat/Makefile.in | 4 +-- openbsd-compat/openbsd-compat.h | 5 +++- openbsd-compat/openssl-compat.c | 44 ++++++++++++++++++++++++++++ openbsd-compat/openssl-compat.h | 65 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 124 insertions(+), 44 deletions(-) create mode 100644 openbsd-compat/openssl-compat.c create mode 100644 openbsd-compat/openssl-compat.h (limited to 'cipher.c') diff --git a/ChangeLog b/ChangeLog index efebb2820..f0424fa81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050609 + - (dtucker) [cipher.c openbsd-compat/Makefile.in + openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h] + Move compatibility code for supporting older OpenSSL versions to the + compat layer. Suggested by and "no objection" djm@ + 20050607 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: in today's episode we attempt to coax it from limits.h where it may be @@ -2686,4 +2692,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3813 2005/06/07 07:53:40 dtucker Exp $ +$Id: ChangeLog,v 1.3814 2005/06/09 11:45:10 dtucker Exp $ diff --git a/cipher.c b/cipher.c index b56492940..df46c0175 100644 --- a/cipher.c +++ b/cipher.c @@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); #include -#if OPENSSL_VERSION_NUMBER < 0x00906000L -#define SSH_OLD_EVP -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#endif - -#if OPENSSL_VERSION_NUMBER < 0x00907000L -extern const EVP_CIPHER *evp_rijndael(void); -extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); -#endif - -#if !defined(EVP_CTRL_SET_ACSS_MODE) -# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) -extern const EVP_CIPHER *evp_acss(void); -# define EVP_acss evp_acss -# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */ -# else -# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */ -# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */ -#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */ - extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); @@ -88,25 +68,15 @@ struct Cipher { { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, -#if OPENSSL_VERSION_NUMBER < 0x00907000L - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, - { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael }, -#else { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, -#endif -#if OPENSSL_VERSION_NUMBER >= 0x00905000L { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, -#endif -#if defined(EVP_CTRL_SET_ACSS_MODE) +#ifdef USE_CIPHER_ACSS { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, #endif { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } @@ -225,8 +195,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, EVP_CIPHER *type; #else const EVP_CIPHER *type; -#endif int klen; +#endif u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { @@ -293,23 +263,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) fatal("cipher_encrypt: bad plaintext length %d", len); -#ifdef SSH_OLD_EVP - EVP_Cipher(&cc->evp, dest, (u_char *)src, len); -#else if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) fatal("evp_crypt: EVP_Cipher failed"); -#endif } void cipher_cleanup(CipherContext *cc) { -#ifdef SSH_OLD_EVP - EVP_CIPHER_CTX_cleanup(&cc->evp); -#else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); -#endif } /* diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 30d2410bc..c6e08867c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $ +# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-irix.o port-aix.o diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a4cfa6c4d..f468d5aab 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw); /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" +/* compatibility with old or broken OpenSSL versions */ +#include "openssl-compat.h" + /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 000000000..10b4d1d74 --- /dev/null +++ b/openbsd-compat/openssl-compat.c @@ -0,0 +1,44 @@ +/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSH_DONT_REDEF_EVP +#include "includes.h" + +#ifdef SSH_OLD_EVP +int +ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, + unsigned char *key, unsigned char *iv, int enc) +{ + EVP_CipherInit(evp, type, key, iv, enc); + return 1; +} + +int +ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) +{ + EVP_Cipher(evp, dst, src, len); + return 1; +} + +int +ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) +{ + EVP_CIPHER_CTX_cleanup(evp); + return 1; +} +#endif diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 000000000..d9b2fa55f --- /dev/null +++ b/openbsd-compat/openssl-compat.h @@ -0,0 +1,65 @@ +/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ + +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" +#include + +#if OPENSSL_VERSION_NUMBER < 0x00906000L +# define SSH_OLD_EVP +# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +#endif + +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# define EVP_aes_128_cbc evp_rijndael +# define EVP_aes_192_cbc evp_rijndael +# define EVP_aes_256_cbc evp_rijndael +extern const EVP_CIPHER *evp_rijndael(void); +extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); +#endif + +#if !defined(EVP_CTRL_SET_ACSS_MODE) +# if (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# define USE_CIPHER_ACSS 1 +extern const EVP_CIPHER *evp_acss(void); +# define EVP_acss evp_acss +# else +# define EVP_acss NULL +# endif +#endif + +/* + * insert comment here + */ +#ifdef SSH_OLD_EVP + +# ifndef SSH_DONT_REDEF_EVP + +# ifdef EVP_Cipher +# undef EVP_Cipher +# endif + +# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) +# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) +# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) +# endif + +int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, + unsigned char *, int); +int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); +int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +#endif -- cgit v1.2.3 From 46f55d366508ab7eab3c1dcdf0ec8c61f0e798a3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 16 Jun 2005 13:21:17 +1000 Subject: - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 [cipher.c] Correctly initialize end of array sentinel; ok djm@ (Id sync only, change already in portable) --- ChangeLog | 6 +++++- cipher.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'cipher.c') diff --git a/ChangeLog b/ChangeLog index 35249dd85..e91ea2fdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,10 @@ [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] add ControlMaster=auto/autoask options to support opportunistic multiplexing; tested avsm@ and jakob@, ok markus@ + - dtucker@cvs.openbsd.org 2005/06/09 13:43:49 + [cipher.c] + Correctly initialize end of array sentinel; ok djm@ + (Id sync only, change already in portable) 20050609 - (dtucker) [cipher.c openbsd-compat/Makefile.in @@ -2710,4 +2714,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3819 2005/06/16 03:19:41 djm Exp $ +$Id: ChangeLog,v 1.3820 2005/06/16 03:21:17 djm Exp $ diff --git a/cipher.c b/cipher.c index df46c0175..8096a5174 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $"); #include "xmalloc.h" #include "log.h" -- cgit v1.2.3 From eccb9de72aa29da5a3fad87a4287b32438689c1f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 17 Jun 2005 12:59:34 +1000 Subject: - djm@cvs.openbsd.org 2005/06/17 02:44:33 [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean --- ChangeLog | 11 ++++++++++- auth-rsa.c | 6 ++++-- auth.c | 4 ++-- auth2-chall.c | 9 ++++----- auth2-gss.c | 4 ++-- authfd.c | 9 +++++---- authfile.c | 16 +++++++++------- bufaux.c | 4 ++-- canohost.c | 5 +++-- channels.c | 9 +++++---- cipher.c | 8 ++++---- clientloop.c | 11 +++++++---- dns.c | 8 ++++---- gss-serv.c | 4 ++-- kex.c | 33 +++++++++++++++++---------------- kex.h | 8 ++++---- key.c | 4 ++-- mac.c | 11 +++++++---- match.c | 4 ++-- misc.c | 13 +++++++------ packet.c | 8 ++++---- packet.h | 4 ++-- scp.c | 10 +++++----- servconf.c | 7 ++++--- session.c | 6 +++--- session.h | 4 ++-- sftp-client.c | 10 ++++------ sftp-server.c | 12 ++++++------ sftp.c | 13 +++++++------ ssh-keyscan.c | 12 ++++++------ ssh-rsa.c | 4 ++-- sshconnect.c | 5 +++-- sshconnect1.c | 4 ++-- sshconnect2.c | 7 ++++--- sshd.c | 7 ++++--- 35 files changed, 160 insertions(+), 134 deletions(-) (limited to 'cipher.c') diff --git a/ChangeLog b/ChangeLog index 02eb57908..f3c3c93ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,15 @@ [canohost.c channels.c sshd.c] don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm + - djm@cvs.openbsd.org 2005/06/17 02:44:33 + [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] + [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] + [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] + [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] + [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] + make this -Wsign-compare clean; ok avsm@ markus@ + NB. auth1.c changes not committed yet (conflicts with uncommitted sync) + NB2. more work may be needed to make portable Wsign-compare clean 20050616 - (djm) OpenBSD CVS Sync @@ -2725,4 +2734,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3822 2005/06/17 02:55:03 djm Exp $ +$Id: ChangeLog,v 1.3823 2005/06/17 02:59:34 djm Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 4378008d3..d9c9652dc 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $"); #include #include @@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; + int keybits; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) @@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) continue; /* check the real bits */ - if (bits != BN_num_bits(key->rsa->n)) + keybits = BN_num_bits(key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); diff --git a/auth.c b/auth.c index 68c2824fb..82fe8f06b 100644 --- a/auth.c +++ b/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.59 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $"); #ifdef HAVE_LOGIN_H #include @@ -76,7 +76,7 @@ allowed_user(struct passwd * pw) struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; - int i; + u_int i; #ifdef USE_SHADOW struct spwd *spw = NULL; #endif diff --git a/auth2-chall.c b/auth2-chall.c index 384a543ee..1cea15378 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.23 2005/06/17 02:44:32 djm Exp $"); #include "ssh2.h" #include "auth.h" @@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt) { KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; - int i; - u_int *echo_on; + u_int i, *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, @@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; KbdintAuthctxt *kbdintctxt; - int i, authenticated = 0, res, len; - u_int nresp; + int authenticated = 0, res, len; + u_int i, nresp; char **response = NULL, *method; if (authctxt == NULL) diff --git a/auth2-gss.c b/auth2-gss.c index 3289ba18e..855b61b4e 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.9 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt) int present; OM_uint32 ms; u_int len; - char *doid = NULL; + u_char *doid = NULL; if (!authctxt->valid || authctxt->user == NULL) return (0); diff --git a/authfd.c b/authfd.c index 9ce5b5ea8..8976616b4 100644 --- a/authfd.c +++ b/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.65 2005/05/24 17:32:43 avsm Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $"); #include @@ -114,8 +114,7 @@ ssh_get_authentication_socket(void) static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { - int l; - u_int len; + u_int l, len; char buf[1024]; /* Get the length of the message, and format it in the buffer. */ @@ -302,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi Key * ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) { + int keybits; u_int bits; u_char *blob; u_int blen; @@ -322,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio buffer_get_bignum(&auth->identities, key->rsa->e); buffer_get_bignum(&auth->identities, key->rsa->n); *comment = buffer_get_string(&auth->identities, NULL); - if (bits != BN_num_bits(key->rsa->n)) + keybits = BN_num_bits(key->rsa->n); + if (keybits < 0 || bits != (u_int)keybits) logit("Warning: identity keysize mismatch: actual %d, announced %u", BN_num_bits(key->rsa->n), bits); break; diff --git a/authfile.c b/authfile.c index 6a04cd7a9..420813f37 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); #include #include @@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); #include "authfile.h" #include "rsa.h" #include "misc.h" +#include "atomicio.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, buffer_free(&encrypted); return 0; } - if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != - buffer_len(&encrypted)) { + if (atomicio(vwrite, fd, buffer_ptr(&encrypted), + buffer_len(&encrypted)) != buffer_len(&encrypted)) { error("write to key file %s failed: %s", filename, strerror(errno)); buffer_free(&encrypted); @@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) Key *pub; struct stat st; char *cp; - int i; + u_int i; size_t len; if (fstat(fd, &st) < 0) { @@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) buffer_init(&buffer); cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); @@ -322,7 +323,8 @@ static Key * key_load_private_rsa1(int fd, const char *filename, const char *passphrase, char **commentp) { - int i, check1, check2, cipher_type; + u_int i; + int check1, check2, cipher_type; size_t len; Buffer buffer, decrypted; u_char *cp; @@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, buffer_init(&buffer); cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); diff --git a/bufaux.c b/bufaux.c index 5dbf2b770..8d096a056 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); #include #include "bufaux.h" @@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) buf[0] = 0x00; /* Get the value of in binary */ oi = BN_bn2bin(value, buf+1); - if (oi != bytes-1) { + if (oi < 0 || (u_int)oi != bytes - 1) { error("buffer_put_bignum2_ret: BN_bn2bin() failed: " "oi %d != bin_size %d", oi, bytes); xfree(buf); diff --git a/canohost.c b/canohost.c index c3ab45556..04dc3d182 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.43 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $"); #include "packet.h" #include "xmalloc.h" @@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr) u_char options[200]; char text[sizeof(options) * 3 + 1]; socklen_t option_size; - int i, ipproto; + u_int i; + int ipproto; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) diff --git a/channels.c b/channels.c index 66b15f5b5..7ca1c53ba 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.216 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.217 2005/06/17 02:44:32 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -894,7 +894,7 @@ static int channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { char *p, *host; - int len, have, i, found; + u_int len, have, i, found; char username[256]; struct { u_int8_t version; @@ -979,7 +979,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) } s5_req, s5_rsp; u_int16_t dest_port; u_char *p, dest_addr[255+1]; - int i, have, found, nmethods, addrlen, af; + u_int have, i, found, nmethods, addrlen, af; debug2("channel %d: decode socks5", c->self); p = buffer_ptr(&c->input); @@ -1075,7 +1075,8 @@ static void channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) { u_char *p; - int have, ret; + u_int have; + int ret; have = buffer_len(&c->input); c->delayed = 0; diff --git a/cipher.c b/cipher.c index 8096a5174..20d0a80c4 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.75 2005/06/09 13:43:49 dtucker Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -235,7 +235,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, fatal("cipher_init: EVP_CipherInit failed for %s", cipher->name); klen = EVP_CIPHER_CTX_key_length(&cc->evp); - if (klen > 0 && keylen != klen) { + if (klen > 0 && keylen != (u_int)klen) { debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) fatal("cipher_init: set keylen failed (%d -> %d)", @@ -326,9 +326,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); - if (evplen == 0) + if (evplen <= 0) return; - if (evplen != len) + if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); #if OPENSSL_VERSION_NUMBER < 0x00907000L diff --git a/clientloop.c b/clientloop.c index ee36cc9e5..a030cf6e4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.138 2005/06/16 03:38:36 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.139 2005/06/17 02:44:32 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -659,12 +659,12 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, i, allowed; + int client_fd, new_fd[3], ver, allowed; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; char *cmd; - u_int len, env_len, command, flags; + u_int i, len, env_len, command, flags; uid_t euid; gid_t egid; @@ -971,7 +971,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) u_char ch; char *s; - for (i = 0; i < len; i++) { + if (len <= 0) + return (0); + + for (i = 0; i < (u_int)len; i++) { /* Get one character at a time. */ ch = buf[i]; diff --git a/dns.c b/dns.c index 5a964bc7f..4487c1aba 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -43,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.11 2005/04/20 10:05:45 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -171,7 +171,7 @@ int verify_host_key_dns(const char *hostname, struct sockaddr *address, const Key *hostkey, int *flags) { - int counter; + u_int counter; int result; struct rrsetinfo *fingerprints = NULL; @@ -274,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) u_char *rdata_digest; u_int rdata_digest_len; - int i; + u_int i; int success = 0; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, diff --git a/gss-serv.c b/gss-serv.c index de32a3f2e..e1b843f01 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, static OM_uint32 ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) { - char *tok; + u_char *tok; OM_uint32 offset; OM_uint32 oidl; diff --git a/kex.c b/kex.c index a668346c3..8736aa286 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); #include @@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *); static void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { - int i; + u_int i; buffer_clear(b); /* @@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) static void kex_prop_free(char **proposal) { - int i; + u_int i; for (i = 0; i < PROPOSAL_MAX; i++) xfree(proposal[i]); @@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex) { u_int32_t rnd = 0; u_char *cookie; - int i; + u_int i; if (kex == NULL) { error("kex_send_kexinit: no kex, cannot rekey"); @@ -183,8 +183,7 @@ void kex_input_kexinit(int type, u_int32_t seq, void *ctxt) { char *ptr; - int dlen; - int i; + u_int i, dlen; Kex *kex = (Kex *)ctxt; debug("SSH2_MSG_KEXINIT received"); @@ -343,9 +342,7 @@ kex_choose_conf(Kex *kex) char **my, **peer; char **cprop, **sprop; int nenc, nmac, ncomp; - int mode; - int ctos; /* direction: if true client-to-server */ - int need; + u_int mode, ctos, need; int first_kex_follows, type; my = kex_buf2prop(&kex->my, NULL); @@ -405,15 +402,19 @@ kex_choose_conf(Kex *kex) } static u_char * -derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) +derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) { Buffer b; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; char c = id; - int have; + u_int have; int mdsz = EVP_MD_size(evp_md); - u_char *digest = xmalloc(roundup(need, mdsz)); + u_char *digest; + + if (mdsz < 0) + fatal("derive_key: mdsz < 0"); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); @@ -455,7 +456,7 @@ void kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) { u_char *keys[NKEYS]; - int i, mode, ctos; + u_int i, mode, ctos; for (i = 0; i < NKEYS; i++) keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); @@ -493,13 +494,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, EVP_DigestInit(&md, evp_md); len = BN_num_bytes(host_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad host modulus (len %d)", __func__, len); BN_bn2bin(host_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); len = BN_num_bytes(server_modulus); - if (len < (512 / 8) || len > sizeof(nbuf)) + if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) fatal("%s: bad server modulus (len %d)", __func__, len); BN_bn2bin(server_modulus, nbuf); EVP_DigestUpdate(&md, nbuf, len); @@ -518,7 +519,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, void dump_digest(char *msg, u_char *digest, int len) { - int i; + u_int i; fprintf(stderr, "%s\n", msg); for (i = 0; i< len; i++) { diff --git a/kex.h b/kex.h index d9e9d6522..059d83cd5 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -83,9 +83,9 @@ struct Mac { char *name; int enabled; const EVP_MD *md; - int mac_len; + u_int mac_len; u_char *key; - int key_len; + u_int key_len; }; struct Comp { int type; @@ -101,7 +101,7 @@ struct Kex { u_char *session_id; u_int session_id_len; Newkeys *newkeys[MODE_MAX]; - int we_need; + u_int we_need; int server; char *name; int hostkey_type; diff --git a/key.c b/key.c index e41930464..08c158b59 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); +RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $"); #include @@ -231,7 +231,7 @@ static char * key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) { char *retval; - int i; + u_int i; retval = xmalloc(dgst_raw_len * 3 + 1); retval[0] = '\0'; diff --git a/mac.c b/mac.c index 097f0b93b..2bda5a1b9 100644 --- a/mac.c +++ b/mac.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $"); #include @@ -51,12 +51,15 @@ struct { int mac_init(Mac *mac, char *name) { - int i; + int i, evp_len; + for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { if (mac != NULL) { mac->md = (*macs[i].mdfunc)(); - mac->key_len = mac->mac_len = EVP_MD_size(mac->md); + if ((evp_len = EVP_MD_size(mac->md)) <= 0) + fatal("mac %s len %d", name, evp_len); + mac->key_len = mac->mac_len = (u_int)evp_len; if (macs[i].truncatebits != 0) mac->mac_len = macs[i].truncatebits/8; } @@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) if (mac->key == NULL) fatal("mac_compute: no key"); - if ((u_int)mac->mac_len > sizeof(m)) + if (mac->mac_len > sizeof(m)) fatal("mac_compute: mac too long"); HMAC_Init(&c, mac->key, mac->key_len, mac->md); PUT_32BIT(b, seqno); diff --git a/match.c b/match.c index 3ddb62730..29fb7dab9 100644 --- a/match.c +++ b/match.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); +RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $"); #include "match.h" #include "xmalloc.h" @@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next) ret = xstrdup(p); if (next != NULL) *next = (cp == NULL) ? - strlen(c) : cp - c; + strlen(c) : (u_int)(cp - c); xfree(c); xfree(s); return ret; diff --git a/misc.c b/misc.c index fc094f874..c5ca0ce38 100644 --- a/misc.c +++ b/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.31 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.32 2005/06/17 02:44:32 djm Exp $"); #include "misc.h" #include "log.h" @@ -386,7 +386,7 @@ tilde_expand_filename(const char *filename, uid_t uid) const char *path; char user[128], ret[MAXPATHLEN]; struct passwd *pw; - int len; + u_int len, slash; if (*filename != '~') return (xstrdup(filename)); @@ -394,10 +394,11 @@ tilde_expand_filename(const char *filename, uid_t uid) path = strchr(filename, '/'); if (path != NULL && path > filename) { /* ~user/path */ - if (path - filename > sizeof(user) - 1) + slash = path - filename; + if (slash > sizeof(user) - 1) fatal("tilde_expand_filename: ~username too long"); - memcpy(user, filename, path - filename); - user[path - filename] = '\0'; + memcpy(user, filename, slash); + user[slash] = '\0'; if ((pw = getpwnam(user)) == NULL) fatal("tilde_expand_filename: No such user %s", user); } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ @@ -435,7 +436,7 @@ percent_expand(const char *string, ...) const char *key; const char *repl; } keys[EXPAND_MAX_KEYS]; - int num_keys, i, j; + u_int num_keys, i, j; char buf[4096]; va_list ap; diff --git a/packet.c b/packet.c index 7c150fde7..d5b50f2f4 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -992,7 +992,7 @@ packet_read_poll2(u_int32_t *seqnr_p) static u_int packet_length = 0; u_int padlen, need; u_char *macbuf, *cp, type; - int maclen, block_size; + u_int maclen, block_size; Enc *enc = NULL; Mac *mac = NULL; Comp *comp = NULL; @@ -1229,9 +1229,9 @@ packet_get_bignum2(BIGNUM * value) } void * -packet_get_raw(int *length_ptr) +packet_get_raw(u_int *length_ptr) { - int bytes = buffer_len(&incoming_packet); + u_int bytes = buffer_len(&incoming_packet); if (length_ptr != NULL) *length_ptr = bytes; diff --git a/packet.h b/packet.h index 37f82f2f6..1ab6d8572 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */ +/* $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */ /* * Author: Tatu Ylonen @@ -52,7 +52,7 @@ u_int packet_get_char(void); u_int packet_get_int(void); void packet_get_bignum(BIGNUM * value); void packet_get_bignum2(BIGNUM * value); -void *packet_get_raw(int *length_ptr); +void *packet_get_raw(u_int *length_ptr); void *packet_get_string(u_int *length_ptr); void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff --git a/scp.c b/scp.c index 9dc060e26..10c4b507c 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.123 2005/05/26 02:08:05 avsm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.124 2005/06/17 02:44:33 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -186,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) } typedef struct { - int cnt; + size_t cnt; char *buf; } BUF; @@ -724,8 +724,8 @@ sink(int argc, char **argv) } wrerr; BUF *bp; off_t i; - size_t j; - int amt, count, exists, first, mask, mode, ofd, omode; + size_t j, count; + int amt, exists, first, mask, mode, ofd, omode; off_t size, statbytes; int setimes, targisdir, wrerrno = 0; char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; @@ -833,7 +833,7 @@ sink(int argc, char **argv) } if (targisdir) { static char *namebuf; - static int cursize; + static size_t cursize; size_t need; need = strlen(targ) + strlen(cp) + 250; diff --git a/servconf.c b/servconf.c index ddb34f9b9..deec167be 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.141 2005/05/16 15:30:51 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $"); #include "ssh.h" #include "log.h" @@ -398,7 +398,7 @@ parse_token(const char *cp, const char *filename, static void add_listen_addr(ServerOptions *options, char *addr, u_short port) { - int i; + u_int i; if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; @@ -438,9 +438,10 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value, i, n; + int *intptr, value, n; ServerOpCodes opcode; u_short port; + u_int i; cp = line; arg = strdelim(&cp); diff --git a/session.c b/session.c index d931532db..a1dc6835a 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1801,7 +1801,7 @@ session_subsystem_req(Session *s) u_int len; int success = 0; char *cmd, *subsys = packet_get_string(&len); - int i; + u_int i; packet_check_eom(); logit("subsystem request for %.100s", subsys); @@ -2107,7 +2107,7 @@ session_exit_message(Session *s, int status) void session_close(Session *s) { - int i; + u_int i; debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) diff --git a/session.h b/session.h index 48be5070c..92bd16573 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */ +/* $OpenBSD: session.h,v 1.24 2005/06/17 02:44:33 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -50,7 +50,7 @@ struct Session { /* proto 2 */ int chanid; int is_subsystem; - int num_env; + u_int num_env; struct { char *name; char *val; diff --git a/sftp-client.c b/sftp-client.c index 47297898a..ce15fc0a3 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.54 2005/05/24 17:32:44 avsm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -311,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, SFTP_DIRENT ***dir) { Buffer msg; - u_int type, id, handle_len, i, expected_id, ents = 0; + u_int count, type, id, handle_len, i, expected_id, ents = 0; char *handle; id = conn->msg_id++; @@ -335,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, } for (; !interrupted;) { - int count; - id = expected_id = conn->msg_id++; debug3("Sending SSH2_FXP_READDIR I:%u", id); @@ -744,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, Attrib junk, *a; Buffer msg; char *handle; - int local_fd, status, num_req, max_req, write_error; + int local_fd, status, write_error; int read_error, write_errno; u_int64_t offset, size; - u_int handle_len, mode, type, id, buflen; + u_int handle_len, mode, type, id, buflen, num_req, max_req; off_t progress_counter; struct request { u_int id; diff --git a/sftp-server.c b/sftp-server.c index e82280057..6870e7732 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); #include "buffer.h" #include "bufaux.h" @@ -130,7 +130,7 @@ Handle handles[100]; static void handle_init(void) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) handles[i].use = HANDLE_UNUSED; @@ -139,7 +139,7 @@ handle_init(void) static int handle_new(int use, const char *name, int fd, DIR *dirp) { - int i; + u_int i; for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { if (handles[i].use == HANDLE_UNUSED) { @@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp) static int handle_is_ok(int i, int type) { - return i >= 0 && i < sizeof(handles)/sizeof(Handle) && + return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) && handles[i].use == type; } @@ -477,10 +477,10 @@ process_write(void) } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret == -1) { + if (ret < 0) { error("process_write: write failed"); status = errno_to_portable(errno); - } else if (ret == len) { + } else if ((size_t)ret == len) { status = SSH2_FX_OK; } else { logit("nothing at all written"); diff --git a/sftp.c b/sftp.c index 16a6cf0c6..a77be84c6 100644 --- a/sftp.c +++ b/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.64 2005/06/17 02:44:33 djm Exp $"); #ifdef USE_LIBEDIT #include @@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path) { const char *cp = *cpp, *end; char quot; - int i, j; + u_int i, j; cp += strspn(cp, WHITESPACE); if (!*cp) { @@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb) static int do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - int n, c = 1, colspace = 0, columns = 1; + int n; + u_int c = 1, colspace = 0, columns = 1; SFTP_DIRENT **d; if ((n = do_readdir(conn, path, &d)) != 0) return (n); if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; char *tmp; @@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { glob_t g; - int i, c = 1, colspace = 0, columns = 1; + u_int i, c = 1, colspace = 0, columns = 1; Attrib *a = NULL; memset(&g, 0, sizeof(g)); @@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } if (!(lflag & LS_SHORT_VIEW)) { - int m = 0, width = 80; + u_int m = 0, width = 80; struct winsize ws; /* Count entries for sort and find longest filename */ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7dffb8517..46f063687 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.54 2005/05/24 17:32:44 avsm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -166,7 +166,7 @@ Linebuf_lineno(Linebuf * lb) static char * Linebuf_getline(Linebuf * lb) { - int n = 0; + size_t n = 0; void *p; lb->lineno++; @@ -493,10 +493,10 @@ conrecycle(int s) static void congreet(int s) { - int remote_major = 0, remote_minor = 0; + int n = 0, remote_major = 0, remote_minor = 0; char buf[256], *cp; char remote_version[sizeof buf]; - size_t bufsiz, n = 0; + size_t bufsiz; con *c = &fdcon[s]; bufsiz = sizeof(buf); @@ -546,12 +546,12 @@ congreet(int s) n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); - if (n == -1 || n >= sizeof buf) { + if (n < 0 || (size_t)n >= sizeof(buf)) { error("snprintf: buffer too small"); confree(s); return; } - if (atomicio(vwrite, s, buf, n) != n) { + if (atomicio(vwrite, s, buf, n) != (size_t)n) { error("write (%s): %s", c->c_name, strerror(errno)); confree(s); return; diff --git a/ssh-rsa.c b/ssh-rsa.c index 6e3be0a7e..eb422d07e 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, ERR_error_string(ERR_get_error(), NULL)); goto done; } - if (len != hlen + oidlen) { + if (len < 0 || (u_int)len != hlen + oidlen) { error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); goto done; } diff --git a/sshconnect.c b/sshconnect.c index 0bd351f6b..cbbe54821 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.164 2005/06/06 11:20:36 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.165 2005/06/17 02:44:33 djm Exp $"); #include @@ -402,10 +402,11 @@ static void ssh_exchange_identification(void) { char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, i, mismatch; + int remote_major, remote_minor, mismatch; int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); int minor1 = PROTOCOL_MINOR_1; + u_int i; /* Read other side's version identification. */ for (;;) { diff --git a/sshconnect1.c b/sshconnect1.c index 6e2e31c02..bd05723c7 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -162,7 +162,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) /* Compute the response. */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); - if (len <= 0 || len > sizeof(buf)) + if (len <= 0 || (u_int)len > sizeof(buf)) packet_disconnect( "respond_to_rsa_challenge: bad challenge length %d", len); diff --git a/sshconnect2.c b/sshconnect2.c index 68d56d020..60afd6d3d 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -482,7 +482,7 @@ userauth_gssapi(Authctxt *authctxt) { Gssctxt *gssctxt = NULL; static gss_OID_set gss_supported = NULL; - static int mech = 0; + static u_int mech = 0; OM_uint32 min; int ok = 0; @@ -509,7 +509,8 @@ userauth_gssapi(Authctxt *authctxt) } } - if (!ok) return 0; + if (!ok) + return 0; authctxt->methoddata=(void *)gssctxt; diff --git a/sshd.c b/sshd.c index ed4158801..b0d65575f 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.310 2005/06/16 08:00:00 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $"); #include #include @@ -358,7 +358,8 @@ key_regeneration_alarm(int sig) static void sshd_exchange_identification(int sock_in, int sock_out) { - int i, mismatch; + u_int i; + int mismatch; int remote_major, remote_minor; int major, minor; char *s; @@ -1900,7 +1901,7 @@ do_ssh1_kex(void) if (!rsafail) { BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); - if (len < 0 || len > sizeof(session_key)) { + if (len < 0 || (u_int)len > sizeof(session_key)) { error("do_connection: bad session key len from %s: " "session_key_int %d > sizeof(session_key) %lu", get_remote_ipaddr(), len, (u_long)sizeof(session_key)); -- cgit v1.2.3 From f0bd352429f26f99b7bdacd23baf46b39a9f600a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Jun 2005 21:15:20 +1000 Subject: - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.c] only include openssl compat stuff where it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by and ok tim@ ---------------------------------------------------------------------- automatically CVS: CVS: Committing in . CVS: CVS: Modified Files: ---------------------------------------------------------------------- --- ChangeLog | 6 +++++- cipher.c | 3 +++ openbsd-compat/openbsd-compat.h | 5 +---- openbsd-compat/openssl-compat.c | 6 ++++-- 4 files changed, 13 insertions(+), 7 deletions(-) (limited to 'cipher.c') diff --git a/ChangeLog b/ChangeLog index f3c3c93ba..3cfba58a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean + - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h + openbsd-compat/openssl-compat.c] only include openssl compat stuff where + it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by + and ok tim@ 20050616 - (djm) OpenBSD CVS Sync @@ -2734,4 +2738,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3823 2005/06/17 02:59:34 djm Exp $ +$Id: ChangeLog,v 1.3824 2005/06/17 11:15:20 dtucker Exp $ diff --git a/cipher.c b/cipher.c index 20d0a80c4..fc1e2ae1c 100644 --- a/cipher.c +++ b/cipher.c @@ -43,6 +43,9 @@ RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); #include +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" + extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index f468d5aab..e66f5ec55 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.29 2005/06/17 11:15:21 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -168,9 +168,6 @@ char *shadow_pw(struct passwd *pw); /* rfc2553 socket API replacements */ #include "fake-rfc2553.h" -/* compatibility with old or broken OpenSSL versions */ -#include "openssl-compat.h" - /* Routines for a single OS platform */ #include "bsd-cray.h" #include "bsd-cygwin_util.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 10b4d1d74..b690e8fe6 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -16,9 +16,11 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define SSH_DONT_REDEF_EVP #include "includes.h" +#define SSH_DONT_REDEF_EVP +#include "openssl-compat.h" + #ifdef SSH_OLD_EVP int ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, -- cgit v1.2.3 From 46d38de48b1018c74040d2399bafbedf50247529 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 17 Jul 2005 17:02:09 +1000 Subject: - djm@cvs.openbsd.org 2005/07/16 01:35:24 [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing --- ChangeLog | 9 ++++++++- auth1.c | 4 ++-- channels.c | 4 ++-- cipher.c | 4 ++-- clientloop.c | 4 ++-- kex.c | 4 ++-- session.c | 12 ++++++------ ssh.c | 12 ++++++------ sshconnect.c | 4 ++-- 9 files changed, 32 insertions(+), 25 deletions(-) (limited to 'cipher.c') diff --git a/ChangeLog b/ChangeLog index d46f02d2b..08b382213 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20050717 +- OpenBSD CVS Sync + - djm@cvs.openbsd.org 2005/07/16 01:35:24 + [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] + [sshconnect.c] + spacing + 20050716 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication socketpair stays open on in both the monitor and PAM process. Patch from @@ -2830,4 +2837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3846 2005/07/16 01:33:06 dtucker Exp $ +$Id: ChangeLog,v 1.3847 2005/07/17 07:02:09 djm Exp $ diff --git a/auth1.c b/auth1.c index 0f6be8201..ff937f80f 100644 --- a/auth1.c +++ b/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -179,7 +179,7 @@ static int auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) { char *challenge; - + if ((challenge = get_challenge(authctxt)) == NULL) return (0); diff --git a/channels.c b/channels.c index a7c69a066..b7ff85007 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.220 2005/07/04 14:04:11 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.221 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2986,7 +2986,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, /* Save protocol name. */ x11_saved_proto = xstrdup(proto); /* - * Extract real authentication data and generate fake data + * Extract real authentication data and generate fake data * of the same length. */ x11_saved_data = xmalloc(data_len); diff --git a/cipher.c b/cipher.c index fc1e2ae1c..0dddf270a 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.76 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $"); #include "xmalloc.h" #include "log.h" @@ -249,7 +249,7 @@ cipher_init(CipherContext *cc, Cipher *cipher, cipher->name); #endif - if (cipher->discard_len > 0) { + if (cipher->discard_len > 0) { junk = xmalloc(cipher->discard_len); discard = xmalloc(cipher->discard_len); if (EVP_Cipher(&cc->evp, discard, junk, diff --git a/clientloop.c b/clientloop.c index 9611a5e3e..47f3c7ecd 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.140 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -642,7 +642,7 @@ client_extra_session2_setup(int id, void *arg) if ((c = channel_lookup(id)) == NULL) fatal("%s: no channel for id %d", __func__, id); - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ diff --git a/kex.c b/kex.c index 8736aa286..32c6d03ea 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.62 2005/07/16 01:35:24 djm Exp $"); #include @@ -411,7 +411,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) u_int have; int mdsz = EVP_MD_size(evp_md); u_char *digest; - + if (mdsz < 0) fatal("derive_key: mdsz < 0"); digest = xmalloc(roundup(need, mdsz)); diff --git a/session.c b/session.c index a1dc6835a..13c3b001f 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.182 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.183 2005/07/16 01:35:24 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -196,11 +196,11 @@ auth_input_request_forwarding(struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + printf("%s", (char *)buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } } void diff --git a/ssh.c b/ssh.c index 43d97abcc..cabc538e3 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.247 2005/07/04 00:58:43 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.248 2005/07/16 01:35:24 djm Exp $"); #include #include @@ -790,8 +790,8 @@ ssh_init_forwarding(void) for (i = 0; i < options.num_remote_forwards; i++) { debug("Remote connections from %.200s:%d forwarded to " "local address %.200s:%d", - (options.remote_forwards[i].listen_host == NULL) ? - (options.gateway_ports ? "*" : "LOCALHOST") : + (options.remote_forwards[i].listen_host == NULL) ? + (options.gateway_ports ? "*" : "LOCALHOST") : options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, @@ -1037,7 +1037,7 @@ ssh_session2_setup(int id, void *arg) const char *display; int interactive = tty_flag; - display = getenv("DISPLAY"); + display = getenv("DISPLAY"); if (options.forward_x11 && display != NULL) { char *proto, *data; /* Get reasonable local authentication information. */ @@ -1253,7 +1253,7 @@ control_client(const char *path) close(sock); return; } - + if (stdin_null_flag) { if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("open(/dev/null): %s", strerror(errno)); @@ -1262,7 +1262,7 @@ control_client(const char *path) if (fd > STDERR_FILENO) close(fd); } - + term = getenv("TERM"); flags = 0; diff --git a/sshconnect.c b/sshconnect.c index 92f0f3800..84f287145 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.166 2005/06/17 22:53:47 djm Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.167 2005/07/16 01:35:24 djm Exp $"); #include @@ -404,7 +404,7 @@ ssh_exchange_identification(void) for (i = 0; i < sizeof(buf) - 1; i++) { size_t len = atomicio(read, connection_in, &buf[i], 1); - if (len != 1 && errno == EPIPE) + if (len != 1 && errno == EPIPE) fatal("ssh_exchange_identification: Connection closed by remote host"); else if (len != 1) fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); -- cgit v1.2.3