Minix/minix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Buildable openssh.

Browse Source 
2 known bugs:
 . Build doesn't copy libssh* to the destination directory.
   + workaround is to copy them from the lib directory to destination and recreate links
 . ssh_config and sshd_config don't install
   + workaround is to copy them manually

Note the software doesn't build to completion until you do the workarounds.
Still trying to sort this out, but wanted to get these changes up for more
visibility and collaboration.
This commit is contained in:
James T. Sprinkle
2017-10-01 16:42:37 -07:00
parent 58a339025d
commit b54c312497
252 changed files with 4746 additions and 7064 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/external/bsd/openssh/Makefile.inc vendored
View File

@@ -13,10 +13,8 @@ CPPFLAGS+=-I${SSHDIST}
CPPFLAGS+=-DHAVE_DLOPEN
CPPFLAGS+=-DHAVE_HEADER_AD
CPPFLAGS+=-DHAVE_LOGIN_CAP
CPPFLAGS+=-DHAVE_STDLIB_H
CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
.if !defined(NOPIC)
CPPFLAGS+=-DHAVE_DLOPEN
.endif
@@ -42,4 +40,12 @@ CPPFLAGS+=-DWITH_LDAP_PUBKEY
CPPFLAGS+=-DX11BASE=\"/usr/X11R7\"
CPPFLAGS+=-DSUPPORT_UTMP -DSUPPORT_UTMPX
.if defined(__MINIX)
CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -D_OPENBSD_SOURCE
CPPFLAGS+=-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -Wno-error
CPPFLAGS+=-I. -I$(srcdir) $(PATHS) -DHAVE_CONFIG_H
.else
CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
CPPFLAGS+=-DHAVE_LOGIN_CAP
CPPFLAGS+=-DLIBWRAP
.endif

1
crypto/external/bsd/openssh/bin/Makefile vendored
View File

@@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.3 2010/11/21 19:19:21 adam Exp $
.include <bsd.own.mk>
.include <bsd.obj.mk>
SSHDIST?= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist

25
crypto/external/bsd/openssh/bin/sshd/Makefile vendored
View File

@@ -7,6 +7,23 @@ MAN= sshd.8 sshd_config.5 moduli.5
BINDIR= /usr/sbin
.if defined(__MINIX)
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
audit.c audit-bsm.c audit-linux.c platform.c \
sshpty.c sshlogin.c servconf.c serverloop.c \
auth.c auth1.c auth2.c auth-options.c session.c \
auth-chall.c auth2-chall.c groupaccess.c \
auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor_mm.c monitor.c monitor_wrap.c auth-krb5.c \
auth2-gss.c gss-serv.c gss-serv-krb5.c \
loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \
sftp-server.c sftp-common.c \
roaming_common.c roaming_serv.c \
sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c \
sandbox-seccomp-filter.c sandbox-capsicum.c
.else
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
sshpty.c sshlogin.c servconf.c serverloop.c \
auth.c auth1.c auth2.c auth-options.c session.c \
@@ -15,7 +32,8 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor_mm.c monitor.c monitor_wrap.c \
kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
.endif
COPTS.auth-options.c= -Wno-pointer-sign
COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
@@ -66,6 +84,10 @@ DPADD+= ${LIBLDAP} ${LIBSSL} ${LIBLBER}
LDADD+= -lcrypt -lutil
DPADD+= ${LIBCRYPT} ${LIBUTIL}
.if defined(__MINIX)
LDADD+=
DPADD+=
.else
LDADD+= -lwrap
DPADD+= ${LIBWRAP}
@@ -75,3 +97,4 @@ CPPFLAGS+=-DSMALL
LDADD+= -lblacklist
DPADD+= ${LIBBLACKLIST}
.endif
.endif

135
crypto/external/bsd/openssh/dist/LICENCE vendored
View File

@@ -182,6 +182,33 @@ OpenSSH contains no GPL code.
Nils Nordman
Simon Wilkinson
Portable OpenSSH additionally includes code from the following copyright
holders, also under the 2-term BSD license:
Ben Lindstrom
Tim Rice
Andre Lucas
Chris Adams
Corinna Vinschen
Cray Inc.
Denis Parker
Gert Doering
Jakob Schlyter
Jason Downs
Juha Yrjölä
Michael Stone
Networks Associates Technology, Inc.
Solar Designer
Todd C. Miller
Wayne Schroeder
William Jones
Darren Tucker
Sun Microsystems
The SCO Group
Daniel Walsh
Red Hat, Inc
Simon Vallet / Genoscope
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -202,6 +229,112 @@ OpenSSH contains no GPL code.
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8) Portable OpenSSH contains the following additional licenses:
a) md5crypt.c, md5crypt.h
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet
* some day, and you think this stuff is worth it, you can buy me a
* beer in return. Poul-Henning Kamp
b) snprintf replacement
* Copyright Patrick Powell 1995
* This code is based on code written by Patrick Powell
* (papowell@astart.com) It may be used for any purpose as long as this
* notice remains intact on all source code distributions
c) Compatibility code (openbsd-compat)
Apart from the previously mentioned licenses, various pieces of code
in the openbsd-compat/ subdirectory are licensed as follows:
Some code is licensed under a 3-term BSD license, to the following
copyright holders:
Todd C. Miller
Theo de Raadt
Damien Miller
Eric P. Allman
The Regents of the University of California
Constantin S. Svintsoff
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
Some code is licensed under an ISC-style license, to the following
copyright holders:
Internet Software Consortium.
Todd C. Miller
Reyk Floeter
Chad Mynhier
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Some code is licensed under a MIT-style license to the following
copyright holders:
Free Software Foundation, Inc.
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
* "Software"), to deal in the Software without restriction, including *
* without limitation the rights to use, copy, modify, merge, publish, *
* distribute, distribute with modifications, sublicense, and/or sell *
* copies of the Software, and to permit persons to whom the Software is *
* furnished to do so, subject to the following conditions: *
* *
* The above copyright notice and this permission notice shall be included *
* in all copies or substantial portions of the Software. *
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS *
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF *
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. *
* IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, *
* DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR *
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR *
* THE USE OR OTHER DEALINGS IN THE SOFTWARE. *
* *
* Except as contained in this notice, the name(s) of the above copyright *
* holders shall not be used in advertising or otherwise to promote the *
* sale, use or other dealings in this Software without prior written *
* authorization. *
****************************************************************************/
------
$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $
$NetBSD: LICENCE,v 1.4 2015/04/03 23:58:19 christos Exp $

1
crypto/external/bsd/openssh/dist/OVERVIEW vendored
View File

@@ -166,4 +166,3 @@ these programs.
xmalloc.c "safe" malloc routines
$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $

1
crypto/external/bsd/openssh/dist/PROTOCOL vendored
View File

@@ -453,4 +453,3 @@ This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $
$NetBSD: PROTOCOL,v 1.7 2015/08/13 10:33:21 christos Exp $

1
crypto/external/bsd/openssh/dist/PROTOCOL.agent vendored
View File

@@ -558,4 +558,3 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys.
SSH_AGENT_CONSTRAIN_CONFIRM 2
$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $
$NetBSD: PROTOCOL.agent,v 1.6 2015/07/03 00:59:59 christos Exp $

1
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys vendored
View File

@@ -263,4 +263,3 @@ permit-user-rc empty Flag indicating that execution of
this option is not present.
$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $
$NetBSD: PROTOCOL.certkeys,v 1.5 2015/04/03 23:58:19 christos Exp $

1
crypto/external/bsd/openssh/dist/PROTOCOL.mux vendored
View File

@@ -226,4 +226,3 @@ XXX server->client error/warning notifications
XXX send signals via mux
$OpenBSD: PROTOCOL.mux,v 1.10 2015/07/17 03:04:27 djm Exp $
$NetBSD: PROTOCOL.mux,v 1.8 2015/08/13 10:33:21 christos Exp $

85
crypto/external/bsd/openssh/dist/README vendored
View File

@@ -1,28 +1,69 @@
This release of OpenSSH is for OpenBSD systems only.
See http://www.openssh.com/txt/release-7.1 for the release notes.
Please read
http://www.openssh.com/portable.html
if you want to install OpenSSH on other operating systems.
Please read http://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.
To extract and install this release on your OpenBSD system use:
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>
# cd /usr/src/usr.bin
# tar xvfz .../openssh-x.y.tgz
# cd ssh
# make obj
# make cleandir
# make depend
# make
# make install
# cp ssh_config sshd_config /etc/ssh
This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.
OpenSSH is a derivative of the original and free ssh 1.2.12 release
by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels
Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer
features and created OpenSSH. Markus Friedl contributed the support
for SSH protocol versions 1.5 and 2.0.
OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups. OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/
See http://www.openssh.com/ for more information.
This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.
$OpenBSD: README,v 1.7 2006/04/01 05:37:46 djm Exp $
$NetBSD: README,v 1.4 2015/04/03 23:58:19 christos Exp $
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.
OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
There is now several mailing lists for this port of OpenSSH. Please
refer to http://www.openssh.com/list.html for details on how to join.
Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.Code contribution are welcomed, but please follow the
OpenBSD style guidelines[6].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.
Damien Miller <djm@mindrot.org>
Miscellania -
This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.
References -
[0] http://www.openssh.com/faq.html
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
http://www.kernel.org/pub/linux/libs/pam/
(PAM also is standard on Solaris and HP-UX 11)
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $

11
crypto/external/bsd/openssh/dist/addrmatch.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
/*
@@ -18,7 +17,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: addrmatch.c,v 1.9 2015/08/13 10:33:21 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -81,8 +80,8 @@ masklen_valid(int af, u_int masklen)
static int
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
{
struct sockaddr_in *in4 = (struct sockaddr_in *)(void *)sa;
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)(void *)sa;
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
memset(xa, '\0', sizeof(*xa));
@@ -98,7 +97,9 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
return -1;
xa->af = AF_INET6;
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
xa->scope_id = in6->sin6_scope_id;
#endif
break;
default:
return -1;
@@ -312,7 +313,7 @@ static int
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
{
struct xaddr tmp;
unsigned int masklen = 999;
long unsigned int masklen = 999;
char addrbuf[64], *mp, *cp;
/* Don't modify argument */

27
crypto/external/bsd/openssh/dist/atomicio.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: atomicio.c,v 1.27 2015/01/16 06:40:12 deraadt Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
@@ -28,12 +27,18 @@
*/
#include "includes.h"
__RCSID("$NetBSD: atomicio.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#include <sys/param.h>
#include <sys/uio.h>
#include <errno.h>
#ifdef HAVE_POLL_H
#include <poll.h>
#else
# ifdef HAVE_SYS_POLL_H
# include <sys/poll.h>
# endif
#endif
#include <string.h>
#include <unistd.h>
#include <limits.h>
@@ -52,20 +57,20 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
ssize_t res;
struct pollfd pfd;
#ifndef BROKEN_READ_COMPARISON
pfd.fd = fd;
/*
* check for vwrite instead of read to avoid read being renamed
* by SSP issues
*/
pfd.events = f == vwrite ? POLLOUT : POLLIN;
pfd.events = f == read ? POLLIN : POLLOUT;
#endif
while (n > pos) {
res = (f) (fd, s + pos, n - pos);
switch (res) {
case -1:
if (errno == EINTR)
continue;
if (errno == EAGAIN) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READ_COMPARISON
(void)poll(&pfd, 1, -1);
#endif
continue;
}
return 0;
@@ -109,16 +114,20 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
/* Make a copy of the iov array because we may modify it below */
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
#ifndef BROKEN_READV_COMPARISON
pfd.fd = fd;
pfd.events = f == readv ? POLLIN : POLLOUT;
#endif
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
if (errno == EINTR)
continue;
if (errno == EAGAIN) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READV_COMPARISON
(void)poll(&pfd, 1, -1);
#endif
continue;
}
return 0;

1
crypto/external/bsd/openssh/dist/atomicio.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: atomicio.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */
/*

5
crypto/external/bsd/openssh/dist/auth-bsdauth.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-bsdauth.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -25,11 +24,13 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-bsdauth.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdarg.h>
#ifdef BSD_AUTH
#include "xmalloc.h"
#include "key.h"

42
crypto/external/bsd/openssh/dist/auth-chall.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-chall.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdlib.h>
@@ -36,18 +35,14 @@ __RCSID("$NetBSD: auth-chall.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#ifdef USE_PAM
#include "misc.h"
#include "buffer.h"
#include "servconf.h"
extern ServerOptions options;
void remove_kbdint_device(const char *);
#endif
/* limited protocol v1 interface to kbd-interactive authentication */
extern KbdintDevice *devices[];
static KbdintDevice *device;
extern ServerOptions options;
char *
get_challenge(Authctxt *authctxt)
@@ -87,17 +82,44 @@ get_challenge(Authctxt *authctxt)
int
verify_response(Authctxt *authctxt, const char *response)
{
char *resp[1];
char *resp[1], *name, *info, **prompts;
u_int i, numprompts, *echo_on;
int authenticated = 0;
if (device == NULL)
return 0;
if (authctxt->kbdintctxt == NULL)
return 0;
resp[0] = __UNCONST(response);
if (device->respond(authctxt->kbdintctxt, 1, resp) == 0)
resp[0] = (char *)response;
switch (device->respond(authctxt->kbdintctxt, 1, resp)) {
case 0: /* Success */
authenticated = 1;
break;
case 1: /* Postponed - retry with empty query for PAM */
if ((device->query(authctxt->kbdintctxt, &name, &info,
&numprompts, &prompts, &echo_on)) != 0)
break;
if (numprompts == 0 &&
device->respond(authctxt->kbdintctxt, 0, resp) == 0)
authenticated = 1;
for (i = 0; i < numprompts; i++)
free(prompts[i]);
free(prompts);
free(name);
free(echo_on);
free(info);
break;
}
device->free_ctx(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
return authenticated;
}
void
abandon_challenge_response(Authctxt *authctxt)
{
if (authctxt->kbdintctxt != NULL) {
device->free_ctx(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
}
}

282
crypto/external/bsd/openssh/dist/auth-krb5.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
@@ -30,11 +29,10 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <pwd.h>
#include <stdarg.h>
#include <string.h>
#include "xmalloc.h"
#include "ssh.h"
@@ -50,6 +48,9 @@ __RCSID("$NetBSD: auth-krb5.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
#include "auth.h"
#ifdef KRB5
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <krb5.h>
extern ServerOptions options;
@@ -64,187 +65,45 @@ krb5_init(void *context)
problem = krb5_init_context(&authctxt->krb5_ctx);
if (problem)
return (problem);
krb5_init_ets(authctxt->krb5_ctx);
}
return (0);
}
/*
* Try krb5 authentication. server_user is passed for logging purposes
* only, in auth is received ticket, in client is returned principal
* from the ticket
*/
int
auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
{
krb5_error_code problem;
krb5_principal server;
krb5_ticket *ticket;
int fd, ret;
const char *errtxt;
ret = 0;
server = NULL;
ticket = NULL;
reply->length = 0;
problem = krb5_init(authctxt);
if (problem)
goto err;
problem = krb5_auth_con_init(authctxt->krb5_ctx,
&authctxt->krb5_auth_ctx);
if (problem)
goto err;
fd = packet_get_connection_in();
problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx,
authctxt->krb5_auth_ctx, &fd);
if (problem)
goto err;
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
KRB5_NT_SRV_HST, &server);
if (problem)
goto err;
problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx,
auth, server, NULL, NULL, &ticket);
if (problem)
goto err;
problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client,
&authctxt->krb5_user);
if (problem)
goto err;
/* if client wants mutual auth */
problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
reply);
if (problem)
goto err;
/* Check .k5login authorization now. */
if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
authctxt->pw->pw_name))
goto err;
if (client)
krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
client);
ret = 1;
err:
if (server)
krb5_free_principal(authctxt->krb5_ctx, server);
if (ticket)
krb5_free_ticket(authctxt->krb5_ctx, ticket);
if (!ret && reply->length) {
free(reply->data);
memset(reply, 0, sizeof(*reply));
}
if (problem) {
errtxt = NULL;
if (authctxt->krb5_ctx != NULL)
errtxt = krb5_get_error_message(authctxt->krb5_ctx,
problem);
if (errtxt != NULL) {
debug("Kerberos v5 authentication failed: %s", errtxt);
krb5_free_error_message(authctxt->krb5_ctx, errtxt);
} else
debug("Kerberos v5 authentication failed: %d",
problem);
}
return (ret);
}
int
auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt)
{
krb5_error_code problem;
krb5_ccache ccache = NULL;
char *pname;
const char *errtxt;
if (authctxt->pw == NULL || authctxt->krb5_user == NULL)
return (0);
temporarily_use_uid(authctxt->pw);
problem = krb5_cc_new_unique(authctxt->krb5_ctx, "FILE", NULL, &ccache);
if (problem)
goto fail;
problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
authctxt->krb5_user);
if (problem)
goto fail;
problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
ccache, tgt);
if (problem)
goto fail;
authctxt->krb5_fwd_ccache = ccache;
ccache = NULL;
authctxt->krb5_ticket_file = __UNCONST(krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache));
problem = krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
&pname);
if (problem)
goto fail;
#ifdef USE_PAM
if (options.use_pam)
do_pam_putenv(__UNCONST("KRB5CCNAME"), authctxt->krb5_ticket_file);
#endif
debug("Kerberos v5 TGT accepted (%s)", pname);
restore_uid();
return (1);
fail:
if (problem) {
errtxt = krb5_get_error_message(authctxt->krb5_ctx, problem);
if (errtxt != NULL) {
debug("Kerberos v5 TGT passing failed: %s", errtxt);
krb5_free_error_message(authctxt->krb5_ctx, errtxt);
} else
debug("Kerberos v5 TGT passing failed: %d", problem);
}
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
restore_uid();
return (0);
}
int
auth_krb5_password(Authctxt *authctxt, const char *password)
{
#ifndef HEIMDAL
krb5_creds creds;
krb5_principal server;
#endif
krb5_error_code problem;
krb5_ccache ccache = NULL;
int len;
char *client, *platform_client;
const char *errmsg;
/* get platform-specific kerberos client principal name (if it exists) */
platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
client = platform_client ? platform_client : authctxt->pw->pw_name;
temporarily_use_uid(authctxt->pw);
problem = krb5_init(authctxt);
if (problem)
goto out;
problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name,
problem = krb5_parse_name(authctxt->krb5_ctx, client,
&authctxt->krb5_user);
if (problem)
goto out;
#ifdef HEIMDAL
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_mcc_ops.prefix, NULL, &ccache);
# else
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
# endif
if (problem)
goto out;
@@ -263,8 +122,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
# else
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
&authctxt->krb5_fwd_ccache);
# endif
if (problem)
goto out;
@@ -275,20 +139,71 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
authctxt->krb5_ticket_file = __UNCONST(krb5_cc_get_name(
authctxt->krb5_ctx, authctxt->krb5_fwd_ccache));
#else
problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL);
if (problem)
goto out;
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
KRB5_NT_SRV_HST, &server);
if (problem)
goto out;
restore_uid();
problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server,
NULL, NULL, NULL);
krb5_free_principal(authctxt->krb5_ctx, server);
temporarily_use_uid(authctxt->pw);
if (problem)
goto out;
if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
authctxt->pw->pw_name)) {
problem = -1;
goto out;
}
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
if (problem)
goto out;
problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
authctxt->krb5_user);
if (problem)
goto out;
problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
&creds);
if (problem)
goto out;
#endif
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
len = strlen(authctxt->krb5_ticket_file) + 6;
authctxt->krb5_ccname = xmalloc(len);
snprintf(authctxt->krb5_ccname, len, "FILE:%s",
authctxt->krb5_ticket_file);
#ifdef USE_PAM
if (options.use_pam)
do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
#endif
out:
restore_uid();
free(platform_client);
if (problem) {
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
if (authctxt->krb5_ctx != NULL) {
if (authctxt->krb5_ctx != NULL && problem!=-1) {
errmsg = krb5_get_error_message(authctxt->krb5_ctx,
problem);
debug("Kerberos password authentication failed: %s",
debug("Kerberos password authentication failed: %s",
errmsg);
krb5_free_error_message(authctxt->krb5_ctx, errmsg);
} else
@@ -317,15 +232,42 @@ krb5_cleanup_proc(Authctxt *authctxt)
krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
authctxt->krb5_user = NULL;
}
if (authctxt->krb5_auth_ctx) {
krb5_auth_con_free(authctxt->krb5_ctx,
authctxt->krb5_auth_ctx);
authctxt->krb5_auth_ctx = NULL;
}
if (authctxt->krb5_ctx) {
krb5_free_context(authctxt->krb5_ctx);
authctxt->krb5_ctx = NULL;
}
}
#ifndef HEIMDAL
krb5_error_code
ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
int tmpfd, ret, oerrno;
char ccname[40];
mode_t old_umask;
ret = snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
oerrno = errno;
umask(old_umask);
if (tmpfd == -1) {
logit("mkstemp(): %.100s", strerror(oerrno));
return oerrno;
}
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
oerrno = errno;
logit("fchmod(): %.100s", strerror(oerrno));
close(tmpfd);
return oerrno;
}
close(tmpfd);
return (krb5_cc_resolve(ctx, ccname, ccache));
}
#endif /* !HEIMDAL */
#endif /* KRB5 */

10
crypto/external/bsd/openssh/dist/auth-options.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-options.c,v 1.11 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,16 +11,16 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-options.c,v 1.11 2015/08/13 10:33:21 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
#include <netdb.h>
#include <pwd.h>
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include <time.h>
#include "openbsd-compat/sys-queue.h"
#include "key.h" /* XXX for typedef */
#include "buffer.h" /* XXX for typedef */
@@ -93,8 +92,7 @@ auth_clear_options(void)
* side effect: sets key option flags
*/
int
auth_parse_options(struct passwd *pw, const char *opts, const char *file,
u_long linenum)
auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
{
const char *cp;
int i;

3
crypto/external/bsd/openssh/dist/auth-options.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-options.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */
/*
@@ -34,7 +33,7 @@ extern int forced_tun_device;
extern int key_is_cert_authority;
extern char *authorized_principals;
int auth_parse_options(struct passwd *, const char *, const char *, u_long);
int auth_parse_options(struct passwd *, char *, char *, u_long);
void auth_clear_options(void);
int auth_cert_options(struct sshkey *, struct passwd *);

36
crypto/external/bsd/openssh/dist/auth-pam.c vendored
View File

@@ -47,31 +47,16 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
/*
* NetBSD local changes
*/
__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST
#define HAVE_PAM_PUTENV
#define sshpam_const const /* LinuxPAM, OpenPAM */
#define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
#define mysig_t sig_t
void sshpam_password_change_required(int);
/* end NetBSD local changes */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -80,7 +65,6 @@ void sshpam_password_change_required(int);
#include <pam/pam_appl.h>
#endif
#ifndef __NetBSD__
/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
#ifdef PAM_SUN_CODEBASE
# define sshpam_const /* Solaris, HP-UX, AIX */
@@ -94,7 +78,6 @@ void sshpam_password_change_required(int);
#else
# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
#endif
#endif
#include "xmalloc.h"
#include "buffer.h"
@@ -184,7 +167,7 @@ sshpam_sigchld_handler(int sig)
}
/* ARGSUSED */
__dead static void
static void
pthread_exit(void *value)
{
_exit(0);
@@ -429,8 +412,7 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
fail:
for(i = 0; i < n; i++) {
if (reply[i].resp != NULL)
free(reply[i].resp);
free(reply[i].resp);
}
free(reply);
buffer_free(&buffer);
@@ -456,8 +438,10 @@ sshpam_thread(void *ctxtp)
const char **ptr_pam_user = &pam_user;
char *tz = getenv("TZ");
pam_get_item(sshpam_handle, PAM_USER,
sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
(sshpam_const void **)ptr_pam_user);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
environ[0] = NULL;
if (tz != NULL)
@@ -603,8 +587,7 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
fail:
for(i = 0; i < n; i++) {
if (reply[i].resp != NULL)
free(reply[i].resp);
free(reply[i].resp);
}
free(reply);
return (PAM_CONV_ERR);
@@ -637,6 +620,7 @@ sshpam_cleanup(void)
static int
sshpam_init(Authctxt *authctxt)
{
extern char *__progname;
const char *pam_rhost, *pam_user, *user = authctxt->user;
const char **ptr_pam_user = &pam_user;
@@ -1022,8 +1006,7 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
fail:
for(i = 0; i < n; i++) {
if (reply[i].resp != NULL)
free(reply[i].resp);
free(reply[i].resp);
}
free(reply);
return (PAM_CONV_ERR);
@@ -1181,8 +1164,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
fail:
for(i = 0; i < n; i++) {
if (reply[i].resp != NULL)
free(reply[i].resp);
free(reply[i].resp);
}
free(reply);
return (PAM_CONV_ERR);

5
crypto/external/bsd/openssh/dist/auth-pam.h vendored
View File

@@ -1,5 +1,4 @@
/* $NetBSD: auth-pam.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp */
/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
/*
* Copyright (c) 2000 Damien Miller. All rights reserved.
@@ -29,7 +28,7 @@
#ifdef USE_PAM
#if !defined(SSHD_PAM_SERVICE)
# define SSHD_PAM_SERVICE "sshd"
# define SSHD_PAM_SERVICE __progname
#endif
void start_pam(Authctxt *);

62
crypto/external/bsd/openssh/dist/auth-passwd.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,15 +37,13 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <login_cap.h>
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include "packet.h"
#include "buffer.h"
@@ -60,16 +57,15 @@ __RCSID("$NetBSD: auth-passwd.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
extern Buffer loginmsg;
extern ServerOptions options;
int sys_auth_passwd(Authctxt *, const char *);
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
#endif
#define DAY (24L * 60 * 60) /* 1 day in seconds */
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
#if defined(BSD_AUTH) || defined(USE_PAM)
void
disable_forwarding(void)
{
@@ -77,7 +73,6 @@ disable_forwarding(void)
no_agent_forwarding_flag = 1;
no_x11_forwarding_flag = 1;
}
#endif
/*
* Tries to authenticate the user using password. Returns true if
@@ -87,16 +82,18 @@ int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
int ok = authctxt->valid;
int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
static int expire_checked = 0;
#endif
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef USE_PAM
if (options.use_pam)
return (sshpam_auth_passwd(authctxt, password) && ok);
#endif
#ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
@@ -105,7 +102,31 @@ auth_password(Authctxt *authctxt, const char *password)
/* Fall back to ordinary passwd authentication. */
}
#endif
return (sys_auth_passwd(authctxt, password) && ok);
#ifdef HAVE_CYGWIN
{
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)
return 0;
cygwin_set_impersonation_token(hToken);
return ok;
}
#endif
#ifdef USE_PAM
if (options.use_pam)
return (sshpam_auth_passwd(authctxt, password) && ok);
#endif
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
if (!expire_checked) {
expire_checked = 1;
if (auth_shadow_pwexpired(authctxt))
authctxt->force_pwchange = 1;
}
#endif
result = sys_auth_passwd(authctxt, password);
if (authctxt->force_pwchange)
disable_forwarding();
return (result && ok);
}
#ifdef BSD_AUTH
@@ -167,26 +188,29 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
return (auth_close(as));
}
}
#else
#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{
struct passwd *pw = authctxt->pw;
char *encrypted_password;
/* Just use the supplied fake password if authctxt is invalid */
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
return (1);
/* Encrypt the candidate password using the proper salt. */
encrypted_password = crypt(password,
(pw->pw_passwd[0] && pw->pw_passwd[1]) ?
pw->pw_passwd : "xx");
encrypted_password = xcrypt(password,
(pw_password[0] && pw_password[1]) ? pw_password : "xx");
/*
* Authentication is accepted if the encrypted passwords
* are identical.
*/
return (strcmp(encrypted_password, pw->pw_passwd) == 0);
return encrypted_password != NULL &&
strcmp(encrypted_password, pw_password) == 0;
}
#endif

9
crypto/external/bsd/openssh/dist/auth-rh-rsa.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-rh-rsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,7 +14,9 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-rh-rsa.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#ifdef WITH_SSH1
#include <sys/types.h>
#include <pwd.h>
@@ -77,7 +78,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
client_host_key->rsa == NULL)
return 0;
chost = __UNCONST(get_canonical_hostname(options.use_dns));
chost = (char *)get_canonical_hostname(options.use_dns);
debug("Rhosts RSA authentication: canonical host %.900s", chost);
if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
@@ -103,3 +104,5 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
packet_send_debug("Rhosts with RSA host authentication accepted.");
return 1;
}
#endif /* WITH_SSH1 */

12
crypto/external/bsd/openssh/dist/auth-rhosts.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-rhosts.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,16 +15,18 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-rhosts.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <netgroup.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include <fcntl.h>
#include <unistd.h>
#include "packet.h"
@@ -308,8 +309,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
* Check if we have been configured to ignore .rhosts
* and .shosts files.
*/
if ((pw->pw_uid == 0 && options.ignore_root_rhosts) ||
(pw->pw_uid != 0 && options.ignore_rhosts)) {
if (options.ignore_rhosts) {
auth_debug_add("Server has been configured to "
"ignore %.100s.", rhosts_files[rhosts_file_index]);
continue;

100
crypto/external/bsd/openssh/dist/auth-rsa.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,7 +15,9 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $");
#ifdef WITH_SSH1
#include <sys/types.h>
#include <sys/stat.h>
@@ -24,6 +25,7 @@ __RCSID("$NetBSD: auth-rsa.c,v 1.10 2015/04/03 23:58:19 christos Exp $");
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include "xmalloc.h"
@@ -170,8 +172,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
const BIGNUM *client_n, Key **rkey)
{
char *fp, line[SSH_MAX_PUBKEY_BYTES];
int allowed = 0;
u_int bits;
int allowed = 0, bits;
FILE *f;
u_long linenum = 0;
Key *key;
@@ -232,7 +233,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
/* check the real bits */
keybits = BN_num_bits(key->rsa->n);
if (keybits < 0 || bits != (u_int)keybits)
if (keybits < 0 || bits != keybits)
logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
@@ -284,94 +285,9 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
{
char *file;
u_int i, allowed = 0;
temporarily_use_uid(pw);
#ifdef WITH_LDAP_PUBKEY
if (options.lpk.on) {
u_int bits;
ldap_key_t *k;
/* here is the job */
Key *key = key_new(KEY_RSA1);
debug("[LDAP] trying LDAP first uid=%s", pw->pw_name);
if ( ldap_ismember(&options.lpk, pw->pw_name) > 0) {
if ( (k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) {
for (i = 0 ; i < k->num ; i++) {
char *cp, *xoptions = NULL;
for (cp = k->keys[i]->bv_val; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '\n' || *cp == '#')
continue;
/*
* Check if there are options for this key, and if so,
* save their starting address and skip the option part
* for now. If there are no options, set the starting
* address to NULL.
*/
if (*cp < '0' || *cp > '9') {
int quoted = 0;
xoptions = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
else if (*cp == '"')
quoted = !quoted;
}
} else
xoptions = NULL;
/* Parse the key from the line. */
if (hostfile_read_key(&cp, &bits, key) == 0) {
debug("[LDAP] line %d: non ssh1 key syntax", i);
continue;
}
/* cp now points to the comment part. */
/* Check if the we have found the desired key (identified by its modulus). */
if (BN_cmp(key->rsa->n, client_n) != 0)
continue;
/* check the real bits */
if (bits != (unsigned int)BN_num_bits(key->rsa->n))
logit("[LDAP] Warning: ldap, line %lu: keysize mismatch: "
"actual %d vs. announced %d.", (unsigned long)i, BN_num_bits(key->rsa->n), bits);
/* We have found the desired key. */
/*
* If our options do not allow this key to be used,
* do not send challenge.
*/
if (!auth_parse_options(pw, xoptions, "[LDAP]", (unsigned long) i))
continue;
/* break out, this key is allowed */
allowed = 1;
/* add the return stuff etc... */
/* Restore the privileged uid. */
restore_uid();
/* return key if allowed */
if (allowed && rkey != NULL)
*rkey = key;
else
key_free(key);
ldap_keys_free(k);
return (allowed);
}
} else {
logit("[LDAP] no keys found for '%s'!", pw->pw_name);
}
} else {
logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup);
}
}
#endif
for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
continue;
@@ -429,3 +345,5 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
packet_send_debug("RSA authentication accepted.");
return (1);
}
#endif /* WITH_SSH1 */

12
crypto/external/bsd/openssh/dist/auth-skey.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -23,8 +22,8 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
__RCSID("$NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#ifdef SKEY
@@ -39,12 +38,8 @@ __RCSID("$NetBSD: auth-skey.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#ifdef GSSAPI
#include "buffer.h"
#include "ssh-gss.h"
#endif
#include "log.h"
#include "monitor_wrap.h"
static void *
@@ -61,7 +56,8 @@ skey_query(void *ctx, char **name, char **infotxt,
char challenge[1024];
struct skey skey;
if (skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1)
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
sizeof(challenge)) == -1)
return -1;
*name = xstrdup("");

274
crypto/external/bsd/openssh/dist/auth.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */
/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,16 +24,27 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <login_cap.h>
#include <paths.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#include <pwd.h>
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#ifdef USE_SHADOW
#include <shadow.h>
#endif
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
#endif
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
@@ -55,6 +65,7 @@ __RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
#include "canohost.h"
#include "uidswap.h"
#include "packet.h"
#include "loginrec.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
@@ -63,15 +74,12 @@ __RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
#include "authfile.h"
#include "ssherr.h"
#include "compat.h"
#include "pfilter.h"
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
/* import */
extern ServerOptions options;
extern int use_privsep;
extern Buffer loginmsg;
extern struct passwd *privsep_pw;
/* Debugging messages */
Buffer auth_debug;
@@ -89,132 +97,68 @@ int auth_debug_init;
int
allowed_user(struct passwd * pw)
{
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
int match_name, match_ip;
char *cap_hlist, *hp;
#endif
struct stat st;
const char *hostname = NULL, *ipaddr = NULL;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
u_int i;
#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#ifdef HAVE_LOGIN_CAP
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
return 0;
#endif /* HAS_SHADOW_EXPIRE */
#endif /* USE_SHADOW */
lc = login_getclass(pw->pw_class);
/*
* Check the deny list.
*/
cap_hlist = login_getcapstr(lc, "host.deny", NULL, NULL);
if (cap_hlist != NULL) {
hp = strtok(cap_hlist, ",");
while (hp != NULL) {
match_name = match_hostname(hostname, hp);
match_ip = match_hostname(ipaddr, hp);
/*
* Only a positive match here causes a "deny".
*/
if (match_name > 0 || match_ip > 0) {
free(cap_hlist);
login_close(lc);
return 0;
}
hp = strtok(NULL, ",");
}
free(cap_hlist);
}
/*
* Check the allow list. If the allow list exists, and the
* remote host is not in it, the user is implicitly denied.
*/
cap_hlist = login_getcapstr(lc, "host.allow", NULL, NULL);
if (cap_hlist != NULL) {
hp = strtok(cap_hlist, ",");
if (hp == NULL) {
/* Just in case there's an empty string... */
free(cap_hlist);
login_close(lc);
return 0;
}
while (hp != NULL) {
match_name = match_hostname(hostname, hp);
match_ip = match_hostname(ipaddr, hp);
/*
* Negative match causes an immediate "deny".
* Positive match causes us to break out
* of the loop (allowing a fallthrough).
*/
if (match_name < 0 || match_ip < 0) {
free(cap_hlist);
login_close(lc);
return 0;
}
if (match_name > 0 || match_ip > 0)
break;
hp = strtok(NULL, ",");
}
free(cap_hlist);
if (hp == NULL) {
login_close(lc);
return 0;
}
}
login_close(lc);
/* grab passwd field for locked account check */
passwd = pw->pw_passwd;
#ifdef USE_SHADOW
if (spw != NULL)
#ifdef USE_LIBIAF
passwd = get_iaf_password(pw);
#else
passwd = spw->sp_pwdp;
#endif /* USE_LIBIAF */
#endif
#ifdef USE_PAM
if (!options.use_pam) {
#endif
/*
* password/account expiration.
*/
if (pw->pw_change || pw->pw_expire) {
struct timeval tv;
/* check for locked account */
if (!options.use_pam && passwd && *passwd) {
int locked = 0;
(void)gettimeofday(&tv, (struct timezone *)NULL);
if (pw->pw_expire) {
if (tv.tv_sec >= pw->pw_expire) {
logit("User %.100s not allowed because account has expired",
pw->pw_name);
return 0; /* expired */
}
}
#ifdef _PASSWORD_CHGNOW
if (pw->pw_change == _PASSWORD_CHGNOW) {
logit("User %.100s not allowed because password needs to be changed",
#ifdef LOCKED_PASSWD_STRING
if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_PREFIX
if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
strlen(LOCKED_PASSWD_PREFIX)) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_SUBSTR
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
locked = 1;
#endif
#ifdef USE_LIBIAF
free((void *) passwd);
#endif /* USE_LIBIAF */
if (locked) {
logit("User %.100s not allowed because account is locked",
pw->pw_name);
return 0; /* can't force password change (yet) */
}
#endif
if (pw->pw_change) {
if (tv.tv_sec >= pw->pw_change) {
logit("User %.100s not allowed because password has expired",
pw->pw_name);
return 0; /* expired */
}
return 0;
}
}
#ifdef USE_PAM
}
#endif
/*
* Deny if shell does not exist or is not executable unless we
* are chrooting.
*/
/*
* XXX Should check to see if it is executable by the
* XXX requesting user. --thorpej
*/
if (options.chroot_directory == NULL ||
strcasecmp(options.chroot_directory, "none") == 0) {
char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
@@ -235,11 +179,6 @@ allowed_user(struct passwd * pw)
}
free(shell);
}
/*
* XXX Consider nuking {Allow,Deny}{Users,Groups}. We have the
* XXX login_cap(3) mechanism which covers all other types of
* XXX logins, too.
*/
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
options.num_deny_groups > 0 || options.num_allow_groups > 0) {
@@ -304,6 +243,12 @@ allowed_user(struct passwd * pw)
}
ga_free();
}
#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
if (!sys_auth_allowed_user(pw, &loginmsg))
return 0;
#endif
/* We found no reason not to let this user try to log on... */
return 1;
}
@@ -330,7 +275,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
const char *method, const char *submethod)
{
void (*authlog) (const char *fmt,...) = verbose;
const char *authmsg;
char *authmsg;
if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
return;
@@ -360,12 +305,29 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
compat20 ? "ssh2" : "ssh1",
authctxt->info != NULL ? ": " : "",
authctxt->info != NULL ? authctxt->info : "");
if (!authctxt->postponed)
pfilter_notify(!authenticated);
free(authctxt->info);
authctxt->info = NULL;
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&
(strcmp(method, "password") == 0 ||
strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
#endif
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method));
#endif
}
void
auth_maxtries_exceeded(Authctxt *authctxt)
{
@@ -525,7 +487,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
snprintf(err, errlen, "%s is not a regular file", buf);
return -1;
}
if ((stp->st_uid != 0 && stp->st_uid != uid) ||
if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
(stp->st_mode & 022) != 0) {
snprintf(err, errlen, "bad ownership or modes for file %s",
buf);
@@ -541,7 +503,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
strlcpy(buf, cp, sizeof(buf));
if (stat(buf, &st) < 0 ||
(st.st_uid != 0 && st.st_uid != uid) ||
(!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
@@ -585,7 +547,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
static FILE *
auth_openfile(const char *file, struct passwd *pw, int strict_modes,
int log_missing, const char *file_type)
int log_missing, char *file_type)
{
char line[1024];
struct stat st;
@@ -643,9 +605,9 @@ struct passwd *
getpwnamallow(const char *user)
{
#ifdef HAVE_LOGIN_CAP
extern login_cap_t *lc;
extern login_cap_t *lc;
#ifdef BSD_AUTH
auth_session_t *as;
auth_session_t *as;
#endif
#endif
struct passwd *pw;
@@ -654,10 +616,38 @@ getpwnamallow(const char *user)
ci->user = user;
parse_server_match_config(&options, ci);
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
aix_setauthdb(user);
#endif
pw = getpwnam(user);
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
aix_restoreauthdb();
#endif
#ifdef HAVE_CYGWIN
/*
* Windows usernames are case-insensitive. To avoid later problems
* when trying to match the username, the user is only allowed to
* login if the username is given in the same case as stored in the
* user database.
*/
if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
logit("Login name %.100s does not match stored username %.100s",
user, pw->pw_name);
pw = NULL;
}
#endif
if (pw == NULL) {
logit("Invalid user %.100s from %.100s",
user, get_remote_ipaddr());
#ifdef CUSTOM_FAILED_LOGIN
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
if (!allowed_user(pw))
@@ -765,19 +755,21 @@ struct passwd *
fakepw(void)
{
static struct passwd fake;
static char nouser[] = "NOUSER";
static char nonexist[] = "/nonexist";
memset(&fake, 0, sizeof(fake));
fake.pw_name = nouser;
fake.pw_passwd = __UNCONST(
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK");
fake.pw_gecos = nouser;
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
fake.pw_class = __UNCONST("");
fake.pw_dir = nonexist;
fake.pw_shell = nonexist;
fake.pw_name = "NOUSER";
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
fake.pw_gecos = "NOUSER";
#endif
fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
fake.pw_class = "";
#endif
fake.pw_dir = "/nonexist";
fake.pw_shell = "/nonexist";
return (&fake);
}

45
crypto/external/bsd/openssh/dist/auth.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth.h,v 1.11 2015/07/03 00:59:59 christos Exp $ */
/* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */
/*
@@ -68,18 +67,16 @@ struct Authctxt {
#ifdef BSD_AUTH
auth_session_t *as;
#endif
#ifdef KRB4
char *krb4_ticket_file;
#endif
char **auth_methods; /* modified from server config */
u_int num_auth_methods;
#ifdef KRB5
krb5_context krb5_ctx;
krb5_auth_context krb5_auth_ctx;
krb5_ccache krb5_fwd_ccache;
krb5_principal krb5_user;
char *krb5_ticket_file;
char *krb5_ccname;
#endif
Buffer *loginmsg;
void *methoddata;
struct sshkey **prev_userkeys;
@@ -92,12 +89,8 @@ struct Authctxt {
* the client.
*/
#ifdef USE_PAM
#include "auth-pam.h"
#endif
struct Authmethod {
const char *name;
char *name;
int (*userauth)(Authctxt *authctxt);
int *enabled;
};
@@ -119,7 +112,6 @@ struct KbdintDevice
void (*free_ctx)(void *ctx);
};
void disable_forwarding(void);
int auth_rhosts(struct passwd *, const char *);
int
auth_rhosts2(struct passwd *, const char *, const char *, const char *);
@@ -140,20 +132,6 @@ void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
void auth2_record_userkey(Authctxt *, struct sshkey *);
int auth2_userkey_already_used(Authctxt *, struct sshkey *);
#ifdef KRB4
#include <krb.h>
int auth_krb4(Authctxt *, KTEXT, char **, KTEXT);
int auth_krb4_password(Authctxt *, const char *);
void krb4_cleanup_proc(void *);
#ifdef AFS
#include <kafs.h>
int auth_krb4_tgt(Authctxt *, const char *);
int auth_afs_token(Authctxt *, const char *);
#endif /* AFS */
#endif /* KRB4 */
struct stat;
int auth_secure_path(const char *, struct stat *, const char *, uid_t,
char *, size_t);
@@ -165,6 +143,18 @@ int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(Authctxt *authctxt);
#endif /* KRB5 */
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#include <shadow.h>
int auth_shadow_acctexpired(struct spwd *);
int auth_shadow_pwexpired(Authctxt *);
#endif
#include "auth-pam.h"
#include "audit.h"
void remove_kbdint_device(const char *);
void disable_forwarding(void);
void do_authentication(Authctxt *);
void do_authentication2(Authctxt *);
@@ -176,6 +166,8 @@ void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
void userauth_finish(Authctxt *, int, const char *, const char *);
int auth_root_allowed(const char *);
void userauth_send_banner(const char *);
char *auth2_read_banner(void);
int auth2_methods_valid(const char *, int);
int auth2_update_methods_lists(Authctxt *, const char *, const char *);
@@ -196,6 +188,7 @@ struct passwd * getpwnamallow(const char *user);
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
void abandon_challenge_response(Authctxt *);
char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
@@ -225,7 +218,7 @@ void auth_debug_reset(void);
struct passwd *fakepw(void);
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
int sys_auth_passwd(Authctxt *, const char *);
#define SKEY_PROMPT "\nS/Key Password: "

163
crypto/external/bsd/openssh/dist/auth1.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */
/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -12,15 +11,18 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
#ifdef WITH_SSH1
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
@@ -41,7 +43,6 @@ __RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
#endif
#include "monitor_wrap.h"
#include "buffer.h"
#include "pfilter.h"
/* import */
extern ServerOptions options;
@@ -52,13 +53,12 @@ static int auth1_process_rsa(Authctxt *);
static int auth1_process_rhosts_rsa(Authctxt *);
static int auth1_process_tis_challenge(Authctxt *);
static int auth1_process_tis_response(Authctxt *);
#if defined(KRB4) || defined(KRB5)
static int auth1_process_kerberos(Authctxt *);
#endif
static char *client_user = NULL; /* Used to fill in remote user for PAM */
struct AuthMethod1 {
int type;
const char *name;
char *name;
int *enabled;
int (*method)(Authctxt *);
};
@@ -86,13 +86,6 @@ const struct AuthMethod1 auth1_methods[] = {
&options.challenge_response_authentication,
auth1_process_tis_response
},
#if defined(KRB4) || defined(KRB5)
{
SSH_CMSG_AUTH_KERBEROS, "kerberos",
&options.kerberos_authentication,
auth1_process_kerberos
},
#endif /* KRB4 || KRB5 */
{ -1, NULL, NULL, NULL}
};
@@ -108,7 +101,7 @@ static const struct AuthMethod1
return (NULL);
}
static const char *
static char *
get_authname(int type)
{
const struct AuthMethod1 *a;
@@ -145,60 +138,23 @@ auth1_process_password(Authctxt *authctxt)
return (authenticated);
}
#if defined(KRB4) || defined(KRB5)
/*ARGSUSED*/
static int
auth1_process_kerberos(Authctxt *authctxt)
auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
u_int dlen;
char *client_user;
char *kdata = packet_get_string(&dlen);
BIGNUM *n;
/* RSA authentication requested. */
if ((n = BN_new()) == NULL)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
KTEXT_ST tkt, reply;
tkt.length = dlen;
if (tkt.length < MAX_KTXT_LEN)
memcpy(tkt.dat, kdata, tkt.length);
if (PRIVSEP(auth_krb4(authctxt, &tkt, &client_user, &reply))) {
authenticated = 1;
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
reply.dat, reply.length);
packet_send();
packet_write_wait();
free(client_user);
}
#endif /* KRB4 */
} else {
#ifdef KRB5
krb5_data tkt, reply;
tkt.length = dlen;
tkt.data = kdata;
if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) {
authenticated = 1;
/* Send response to client */
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)reply.data, reply.length);
packet_send();
packet_write_wait();
if (reply.length)
free(reply.data);
free(client_user);
}
#endif /* KRB5 */
}
free(kdata);
return authenticated;
return (authenticated);
}
#endif /* KRB4 || KRB5 */
/*ARGSUSED*/
static int
@@ -206,7 +162,6 @@ auth1_process_rhosts_rsa(Authctxt *authctxt)
{
int keybits, authenticated = 0;
u_int bits;
char *client_user;
Key *client_host_key;
u_int ulen;
@@ -236,25 +191,6 @@ auth1_process_rhosts_rsa(Authctxt *authctxt)
key_free(client_host_key);
auth_info(authctxt, "ruser %.100s", client_user);
free(client_user);
return (authenticated);
}
/*ARGSUSED*/
static int
auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
BIGNUM *n;
/* RSA authentication requested. */
if ((n = BN_new()) == NULL)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
return (authenticated);
}
@@ -303,7 +239,7 @@ static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
int type = 0;
int prev = 0, type = 0;
const struct AuthMethod1 *meth;
debug("Attempting authentication for %s%.100s.",
@@ -311,19 +247,18 @@ do_authloop(Authctxt *authctxt)
/* If the user has no password, accept authentication immediately. */
if (options.permit_empty_passwd && options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, __UNCONST("")))) {
PRIVSEP(auth_password(authctxt, ""))) {
#ifdef USE_PAM
if (options.use_pam && PRIVSEP(do_pam_account()))
if (options.use_pam && (PRIVSEP(do_pam_account())))
#endif
{
auth_log(authctxt, 1, 0, "without authentication",
NULL);
return;
}
return;
}
/* Indicate that authentication is needed. */
@@ -337,7 +272,20 @@ do_authloop(Authctxt *authctxt)
/* Get a packet from the client. */
prev = type;
type = packet_read();
/*
* If we started challenge-response authentication but the
* next packet is not a response to our challenge, release
* the resources allocated by get_challenge() (which would
* normally have been released by verify_response() had we
* received such a response)
*/
if (prev == SSH_CMSG_AUTH_TIS &&
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
if (authctxt->failures >= options.max_authtries)
goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
@@ -365,10 +313,23 @@ do_authloop(Authctxt *authctxt)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#endif /* _UNICOS */
#ifndef HAVE_CYGWIN
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(meth->name))
authenticated = 0;
!auth_root_allowed(meth->name)) {
authenticated = 0;
# ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
# endif
}
#endif
#ifdef USE_PAM
if (options.use_pam && authenticated &&
@@ -380,13 +341,13 @@ do_authloop(Authctxt *authctxt)
"configuration", authctxt->user);
len = buffer_len(&loginmsg);
buffer_append(&loginmsg, "\0", 1);
msg = (char *)buffer_ptr(&loginmsg);
msg = buffer_ptr(&loginmsg);
/* strip trailing newlines */
if (len > 0)
while (len > 0 && msg[--len] == '\n')
msg[len] = '\0';
else
msg = __UNCONST("Access denied.");
msg = "Access denied.";
packet_disconnect("%s", msg);
}
#endif
@@ -395,11 +356,18 @@ do_authloop(Authctxt *authctxt)
/* Log before sending the reply */
auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
free(client_user);
client_user = NULL;
if (authenticated)
return;
if (++authctxt->failures >= options.max_authtries)
if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
auth_maxtries_exceeded(authctxt);
}
packet_start(SSH_SMSG_FAILURE);
packet_send();
@@ -436,7 +404,6 @@ do_authentication(Authctxt *authctxt)
else {
debug("do_authentication: invalid user %s", user);
authctxt->pw = fakepw();
pfilter_notify(1);
}
/* Configuration may have changed as a result of Match */
@@ -456,9 +423,11 @@ do_authentication(Authctxt *authctxt)
* If we are not running as root, the user must have the same uid as
* the server.
*/
#ifndef HAVE_CYGWIN
if (!use_privsep && getuid() != 0 && authctxt->pw &&
authctxt->pw->pw_uid != getuid())
packet_disconnect("Cannot change user when server not running as root.");
#endif
/*
* Loop until the user has been authenticated or the connection is
@@ -471,3 +440,5 @@ do_authentication(Authctxt *authctxt)
packet_send();
packet_write_wait();
}
#endif /* WITH_SSH1 */

18
crypto/external/bsd/openssh/dist/auth2-chall.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -26,9 +25,10 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
@@ -44,7 +44,7 @@ __RCSID("$NetBSD: auth2-chall.c,v 1.9 2015/08/13 10:33:21 christos Exp $");
#include "misc.h"
#include "servconf.h"
/* import */
/* import */
extern ServerOptions options;
static int auth2_challenge_start(Authctxt *);
@@ -87,14 +87,13 @@ struct KbdintAuthctxt
};
#ifdef USE_PAM
void remove_kbdint_device(const char *);
void
remove_kbdint_device(const char *xdevname)
remove_kbdint_device(const char *devname)
{
int i, j;
for (i = 0; devices[i] != NULL; i++)
if (strcmp(devices[i]->name, xdevname) == 0) {
if (strcmp(devices[i]->name, devname) == 0) {
for (j = i; devices[j] != NULL; j++)
devices[j] = devices[j+1];
i--;
@@ -124,7 +123,7 @@ kbdint_alloc(const char *devs)
strlen(devices[i]->name));
}
buffer_append(&b, "\0", 1);
kbdintctxt->devices = xstrdup((const char *)buffer_ptr(&b));
kbdintctxt->devices = xstrdup(buffer_ptr(&b));
buffer_free(&b);
} else {
kbdintctxt->devices = xstrdup(devs);
@@ -368,14 +367,15 @@ privsep_challenge_enable(void)
#ifdef SKEY
extern KbdintDevice mm_skey_device;
#endif
/* As long as SSHv1 has devices[0] hard coded this is fine */
#ifdef BSD_AUTH
devices[n++] = &mm_bsdauth_device;
#endif
#else
#ifdef USE_PAM
devices[n++] = &mm_sshpam_device;
#endif
#ifdef SKEY
devices[n++] = &mm_skey_device;
#endif
#endif
}

7
crypto/external/bsd/openssh/dist/auth2-gss.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
/*
@@ -26,12 +25,13 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-gss.c,v 1.8 2015/04/03 23:58:19 christos Exp $");
#ifdef GSSAPI
#include <sys/types.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
@@ -295,4 +295,5 @@ Authmethod method_gssapi = {
userauth_gssapi,
&options.gss_authentication
};
#endif
#endif /* GSSAPI */

5
crypto/external/bsd/openssh/dist/auth2-hostbased.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-hostbased.c,v 1.8 2015/07/03 00:59:59 christos Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-hostbased.c,v 1.8 2015/07/03 00:59:59 christos Exp $");
#include <sys/types.h>
#include <pwd.h>
@@ -116,7 +115,7 @@ userauth_hostbased(Authctxt *authctxt)
goto done;
}
service = datafellows & SSH_BUG_HBSERVICE ? __UNCONST("ssh-userauth") :
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
buffer_init(&b);
buffer_put_string(&b, session_id2, session_id2_len);

5
crypto/external/bsd/openssh/dist/auth2-kbdint.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,9 +24,11 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-kbdint.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include "xmalloc.h"
#include "packet.h"
#include "key.h"

10
crypto/external/bsd/openssh/dist/auth2-none.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth2-none.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,11 +24,18 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-none.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
#include <stdio.h>
#include "atomicio.h"
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"

3
crypto/external/bsd/openssh/dist/auth2-passwd.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-passwd.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <string.h>

103
crypto/external/bsd/openssh/dist/auth2-pubkey.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,14 +24,16 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
@@ -64,12 +65,6 @@ __RCSID("$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $");
#include "monitor_wrap.h"
#include "authfile.h"
#include "match.h"
#include "digest.h"
#ifdef WITH_LDAP_PUBKEY
#include "ldapauth.h"
#endif
#include "ssherr.h"
#include "channels.h" /* XXX for session.h */
#include "session.h" /* XXX for child_set_env(); refactor? */
@@ -474,19 +469,16 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
error("%s: dup2: %s", tag, strerror(errno));
_exit(1);
}
if (closefrom(STDERR_FILENO + 1) == -1) {
error("closefrom: %s", strerror(errno));
_exit(1);
}
closefrom(STDERR_FILENO + 1);
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setgid(pw->pw_gid) == -1) {
error("setgid %u: %s", (u_int)pw->pw_gid,
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
strerror(errno));
_exit(1);
}
if (setuid(pw->pw_uid) == -1) {
error("setuid %u: %s", (u_int)pw->pw_uid,
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
strerror(errno));
_exit(1);
}
@@ -730,83 +722,6 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
u_long linenum = 0;
Key *found;
char *fp;
#ifdef WITH_LDAP_PUBKEY
ldap_key_t * k;
unsigned int i = 0;
#endif
#ifdef WITH_LDAP_PUBKEY
found_key = 0;
/* allocate a new key type */
found = key_new(key->type);
/* first check if the options is enabled, then try.. */
if (options.lpk.on) {
debug("[LDAP] trying LDAP first uid=%s",pw->pw_name);
if (ldap_ismember(&options.lpk, pw->pw_name) > 0) {
if ((k = ldap_getuserkey(&options.lpk, pw->pw_name)) != NULL) {
/* Skip leading whitespace, empty and comment lines. */
for (i = 0 ; i < k->num ; i++) {
/* dont forget if multiple keys to reset options */
char *cp, *xoptions = NULL;
for (cp = (char *)k->keys[i]->bv_val; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '\n' || *cp == '#')
continue;
if (key_read(found, &cp) != 1) {
/* no key? check if there are options for this key */
int quoted = 0;
debug2("[LDAP] user_key_allowed: check options: '%s'", cp);
xoptions = cp;
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
if (*cp == '\\' && cp[1] == '"')
cp++; /* Skip both */
else if (*cp == '"')
quoted = !quoted;
}
/* Skip remaining whitespace. */
for (; *cp == ' ' || *cp == '\t'; cp++)
;
if (key_read(found, &cp) != 1) {
debug2("[LDAP] user_key_allowed: advance: '%s'", cp);
/* still no key? advance to next line*/
continue;
}
}
if (key_equal(found, key) &&
auth_parse_options(pw, xoptions, file, linenum) == 1) {
found_key = 1;
debug("[LDAP] matching key found");
fp = sshkey_fingerprint(found, SSH_FP_HASH_DEFAULT, SSH_FP_HEX);
verbose("[LDAP] Found matching %s key: %s", key_type(found), fp);
/* restoring memory */
ldap_keys_free(k);
free(fp);
restore_uid();
key_free(found);
return found_key;
break;
}
}/* end of LDAP for() */
} else {
logit("[LDAP] no keys found for '%s'!", pw->pw_name);
}
} else {
logit("[LDAP] '%s' is not in '%s'", pw->pw_name, options.lpk.sgroup);
}
}
#endif
debug("trying public key file %s", file);
f = auth_openkeyfile(file, pw, options.strict_modes);
if (!f) {
restore_uid();
return 0;
}
found_key = 0;

73
crypto/external/bsd/openssh/dist/auth2.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/uio.h>
@@ -51,13 +50,10 @@ __RCSID("$NetBSD: auth2.c,v 1.11 2015/04/03 23:58:19 christos Exp $");
#include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
#include "canohost.h"
#include "pfilter.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
/* import */
@@ -73,15 +69,10 @@ extern Authmethod method_pubkey;
extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
#ifdef KRB5
extern Authmethod method_kerberos;
#endif
#ifdef GSSAPI
extern Authmethod method_gssapi;
#endif
static int log_flag = 0;
Authmethod *authmethods[] = {
&method_none,
&method_pubkey,
@@ -91,9 +82,6 @@ Authmethod *authmethods[] = {
&method_passwd,
&method_kbdint,
&method_hostbased,
#ifdef KRB5
&method_kerberos,
#endif
NULL
};
@@ -145,7 +133,7 @@ auth2_read_banner(void)
return (banner);
}
static void
void
userauth_send_banner(const char *msg)
{
if (datafellows & SSH_BUG_BANNER)
@@ -168,8 +156,8 @@ userauth_banner(void)
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
goto done;
userauth_send_banner(banner);
done:
free(banner);
}
@@ -236,11 +224,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
service = packet_get_cstring(NULL);
method = packet_get_cstring(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
if (!log_flag) {
logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
get_remote_ipaddr(), get_remote_port(), user);
log_flag = 1;
}
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
if ((style = strchr(user, ':')) != NULL)
@@ -256,7 +239,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
} else {
logit("input_userauth_request: invalid user %s", user);
authctxt->pw = fakepw();
pfilter_notify(1);
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_INVALID_USER));
#endif
}
#ifdef USE_PAM
if (options.use_pam)
@@ -325,21 +310,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
#endif
}
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
/* if PAM returned a message, send it to the user */
if (buffer_len(&loginmsg) > 0) {
buffer_append(&loginmsg, "\0", 1);
userauth_send_banner((const char *)buffer_ptr(&loginmsg));
packet_write_wait();
}
fatal("Access denied for user %s by PAM account "
"configuration", authctxt->user);
}
}
#endif
if (authenticated && options.num_auth_methods != 0) {
if (!auth2_update_methods_lists(authctxt, method, submethod)) {
authenticated = 0;
@@ -353,6 +323,28 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
if (authctxt->postponed)
return;
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
/* if PAM returned a message, send it to the user */
if (buffer_len(&loginmsg) > 0) {
buffer_append(&loginmsg, "\0", 1);
userauth_send_banner(buffer_ptr(&loginmsg));
packet_write_wait();
}
fatal("Access denied for user %s by PAM account "
"configuration", authctxt->user);
}
}
#endif
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.", authctxt->user);
}
#endif /* _UNICOS */
if (authenticated == 1) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
@@ -362,12 +354,17 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
/* now we can break out */
authctxt->success = 1;
} else {
/* Allow initial try of "none" auth without failure penalty */
if (!partial && !authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0))
authctxt->failures++;
if (authctxt->failures >= options.max_authtries)
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
auth_maxtries_exceeded(authctxt);
}
methods = authmethods_get(authctxt);
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
partial, methods);
@@ -428,7 +425,7 @@ authmethods_get(Authctxt *authctxt)
strlen(authmethods[i]->name));
}
buffer_append(&b, "\0", 1);
list = xstrdup((const char *)buffer_ptr(&b));
list = xstrdup(buffer_ptr(&b));
buffer_free(&b);
return list;
}

6
crypto/external/bsd/openssh/dist/authfd.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +36,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $");
#include <sys/types.h>
#include <sys/un.h>
#include <sys/socket.h>
@@ -45,6 +44,7 @@ __RCSID("$NetBSD: authfd.c,v 1.10 2015/08/13 10:33:21 christos Exp $");
#include <fcntl.h>
#include <stdlib.h>
#include <signal.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
@@ -134,7 +134,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
/* Send the length and then the packet to the agent. */
if (atomicio(vwrite, sock, buf, 4) != 4 ||
atomicio(vwrite, sock, __UNCONST(sshbuf_ptr(request)),
atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request),
sshbuf_len(request)) != sshbuf_len(request))
return SSH_ERR_AGENT_COMMUNICATION;
/*

1
crypto/external/bsd/openssh/dist/authfd.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: authfd.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */
/*

9
crypto/external/bsd/openssh/dist/authfile.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/uio.h>
@@ -33,6 +32,7 @@ __RCSID("$NetBSD: authfile.c,v 1.12 2015/08/13 10:33:21 christos Exp $");
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -60,7 +60,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
return SSH_ERR_SYSTEM_ERROR;
if (atomicio(vwrite, fd, __UNCONST(sshbuf_ptr(keybuf)),
if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf),
sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
oerrno = errno;
close(fd);
@@ -177,6 +177,9 @@ sshkey_perm_ok(int fd, const char *filename)
* permissions of the file. if the key owned by a different user,
* then we don't care.
*/
#ifdef HAVE_CYGWIN
if (check_ntsec(filename))
#endif
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");

1
crypto/external/bsd/openssh/dist/authfile.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: authfile.h,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
/*

174
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c vendored
View File

@@ -1,174 +0,0 @@
/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: bcrypt_pbkdf.c,v 1.2 2015/04/03 23:58:19 christos Exp $");
#ifndef HAVE_BCRYPT_PBKDF
#include <sys/types.h>
#include <sys/param.h>
#ifdef HAVE_STDLIB_H
# include <stdlib.h>
#endif
#include <string.h>
#ifdef HAVE_BLF_H
# include <blf.h>
#endif
#include "crypto_api.h"
#include <stdio.h>
#include <time.h>
#include "misc.h"
#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
/*
* pkcs #5 pbkdf2 implementation using the "bcrypt" hash
*
* The bcrypt hash function is derived from the bcrypt password hashing
* function with the following modifications:
* 1. The input password and salt are preprocessed with SHA512.
* 2. The output length is expanded to 256 bits.
* 3. Subsequently the magic string to be encrypted is lengthened and modifed
* to "OxychromaticBlowfishSwatDynamite"
* 4. The hash function is defined to perform 64 rounds of initial state
* expansion. (More rounds are performed by iterating the hash.)
*
* Note that this implementation pulls the SHA512 operations into the caller
* as a performance optimization.
*
* One modification from official pbkdf2. Instead of outputting key material
* linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
* generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
* attacker can merely run once through the outer loop below, but the user
* always runs it twice. Shuffling output bytes requires computing the
* entirety of the key material to assemble any subkey. This is something a
* wise caller could do; we just do it for you.
*/
#define BCRYPT_BLOCKS 8
#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
static void
bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
{
blf_ctx state;
u_int8_t ciphertext[BCRYPT_HASHSIZE] =
"OxychromaticBlowfishSwatDynamite";
uint32_t cdata[BCRYPT_BLOCKS];
int i;
uint16_t j;
size_t shalen = SHA512_DIGEST_LENGTH;
/* key expansion */
Blowfish_initstate(&state);
Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
for (i = 0; i < 64; i++) {
Blowfish_expand0state(&state, sha2salt, shalen);
Blowfish_expand0state(&state, sha2pass, shalen);
}
/* encryption */
j = 0;
for (i = 0; i < BCRYPT_BLOCKS; i++)
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
&j);
for (i = 0; i < 64; i++)
blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
/* copy out */
for (i = 0; i < BCRYPT_BLOCKS; i++) {
out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
out[4 * i + 0] = cdata[i] & 0xff;
}
/* zap */
memset(ciphertext, 0, sizeof(ciphertext));
memset(cdata, 0, sizeof(cdata));
memset(&state, 0, sizeof(state));
}
int
bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
u_int8_t *key, size_t keylen, unsigned int rounds)
{
u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
u_int8_t out[BCRYPT_HASHSIZE];
u_int8_t tmpout[BCRYPT_HASHSIZE];
u_int8_t *countsalt;
size_t i, j, amt, stride;
uint32_t count;
/* nothing crazy */
if (rounds < 1)
return -1;
if (passlen == 0 || saltlen == 0 || keylen == 0 ||
keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
return -1;
if ((countsalt = calloc(1, saltlen + 4)) == NULL)
return -1;
stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride;
memcpy(countsalt, salt, saltlen);
/* collapse password */
crypto_hash_sha512(sha2pass, (const u_char *)pass, passlen);
/* generate key, sizeof(out) at a time */
for (count = 1; keylen > 0; count++) {
countsalt[saltlen + 0] = (count >> 24) & 0xff;
countsalt[saltlen + 1] = (count >> 16) & 0xff;
countsalt[saltlen + 2] = (count >> 8) & 0xff;
countsalt[saltlen + 3] = count & 0xff;
/* first round, salt is salt */
crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
bcrypt_hash(sha2pass, sha2salt, tmpout);
memcpy(out, tmpout, sizeof(out));
for (i = 1; i < rounds; i++) {
/* subsequent rounds, salt is previous output */
crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
bcrypt_hash(sha2pass, sha2salt, tmpout);
for (j = 0; j < sizeof(out); j++)
out[j] ^= tmpout[j];
}
/*
* pbkdf2 deviation: ouput the key material non-linearly.
*/
amt = MIN(amt, keylen);
for (i = 0; i < amt; i++)
key[i * stride + (count - 1)] = out[i];
keylen -= amt;
}
/* zap */
memset(out, 0, sizeof(out));
memset(countsalt, 0, saltlen + 4);
free(countsalt);
return 0;
}
#endif /* HAVE_BCRYPT_PBKDF */

1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c vendored Symbolic link
View File

@@ -0,0 +1 @@
openbsd-compat/bcrypt_pbkdf.c

5
crypto/external/bsd/openssh/dist/bitmap.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: bitmap.c,v 1.2 2015/04/03 23:58:19 christos Exp $ */
/*
* Copyright (c) 2015 Damien Miller <djm@mindrot.org>
*
@@ -14,8 +13,8 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: bitmap.c,v 1.2 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <string.h>
@@ -189,7 +188,7 @@ bitmap_from_string(struct bitmap *b, const void *p, size_t l)
{
int r;
size_t i, offset, shift;
const u_char *s = p;
u_char *s = (u_char *)p;
if (l > BITMAP_MAX / 8)
return -1;

2
crypto/external/bsd/openssh/dist/bitmap.h vendored
View File

@@ -1,5 +1,3 @@
/* $NetBSD: bitmap.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */
/*
* Copyright (c) 2015 Damien Miller <djm@mindrot.org>
*

695
crypto/external/bsd/openssh/dist/blowfish.c vendored
View File

@@ -1,695 +0,0 @@
/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
/*
* Blowfish block cipher for OpenBSD
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
* All rights reserved.
*
* Implementation advice by David Mazieres <dm@lcs.mit.edu>.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Niels Provos.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code is derived from section 14.3 and the given source
* in section V of Applied Cryptography, second edition.
* Blowfish is an unpatented fast block cipher designed by
* Bruce Schneier.
*/
#include "includes.h"
__RCSID("$NetBSD: blowfish.c,v 1.2 2015/04/03 23:58:19 christos Exp $");
#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
!defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
#if 0
#include <stdio.h> /* used for debugging */
#include <string.h>
#endif
#include <sys/types.h>
#include <blf.h>
#undef inline
#ifdef __GNUC__
#define inline __inline
#else /* !__GNUC__ */
#define inline
#endif /* !__GNUC__ */
/* Function for Feistel Networks */
#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
+ (s)[0x100 + (((x)>>16)&0xFF)]) \
^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
+ (s)[0x300 + ( (x) &0xFF)])
#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
void
Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
{
u_int32_t Xl;
u_int32_t Xr;
u_int32_t *s = c->S[0];
u_int32_t *p = c->P;
Xl = *xl;
Xr = *xr;
Xl ^= p[0];
BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
*xl = Xr ^ p[17];
*xr = Xl;
}
void
Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
{
u_int32_t Xl;
u_int32_t Xr;
u_int32_t *s = c->S[0];
u_int32_t *p = c->P;
Xl = *xl;
Xr = *xr;
Xl ^= p[17];
BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
*xl = Xr ^ p[0];
*xr = Xl;
}
void
Blowfish_initstate(blf_ctx *c)
{
/* P-box and S-box tables initialized with digits of Pi */
static const blf_ctx initstate =
{ {
{
0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
{
0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
{
0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
{
0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
},
{
0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
0x9216d5d9, 0x8979fb1b
} };
*c = initstate;
}
u_int32_t
Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
u_int16_t *current)
{
u_int8_t i;
u_int16_t j;
u_int32_t temp;
temp = 0x00000000;
j = *current;
for (i = 0; i < 4; i++, j++) {
if (j >= databytes)
j = 0;
temp = (temp << 8) | data[j];
}
*current = j;
return temp;
}
void
Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
{
u_int16_t i;
u_int16_t j;
u_int16_t k;
u_int32_t temp;
u_int32_t datal;
u_int32_t datar;
j = 0;
for (i = 0; i < BLF_N + 2; i++) {
/* Extract 4 int8 to 1 int32 from keystream */
temp = Blowfish_stream2word(key, keybytes, &j);
c->P[i] = c->P[i] ^ temp;
}
j = 0;
datal = 0x00000000;
datar = 0x00000000;
for (i = 0; i < BLF_N + 2; i += 2) {
Blowfish_encipher(c, &datal, &datar);
c->P[i] = datal;
c->P[i + 1] = datar;
}
for (i = 0; i < 4; i++) {
for (k = 0; k < 256; k += 2) {
Blowfish_encipher(c, &datal, &datar);
c->S[i][k] = datal;
c->S[i][k + 1] = datar;
}
}
}
void
Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
const u_int8_t *key, u_int16_t keybytes)
{
u_int16_t i;
u_int16_t j;
u_int16_t k;
u_int32_t temp;
u_int32_t datal;
u_int32_t datar;
j = 0;
for (i = 0; i < BLF_N + 2; i++) {
/* Extract 4 int8 to 1 int32 from keystream */
temp = Blowfish_stream2word(key, keybytes, &j);
c->P[i] = c->P[i] ^ temp;
}
j = 0;
datal = 0x00000000;
datar = 0x00000000;
for (i = 0; i < BLF_N + 2; i += 2) {
datal ^= Blowfish_stream2word(data, databytes, &j);
datar ^= Blowfish_stream2word(data, databytes, &j);
Blowfish_encipher(c, &datal, &datar);
c->P[i] = datal;
c->P[i + 1] = datar;
}
for (i = 0; i < 4; i++) {
for (k = 0; k < 256; k += 2) {
datal ^= Blowfish_stream2word(data, databytes, &j);
datar ^= Blowfish_stream2word(data, databytes, &j);
Blowfish_encipher(c, &datal, &datar);
c->S[i][k] = datal;
c->S[i][k + 1] = datar;
}
}
}
void
blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
{
/* Initialize S-boxes and subkeys with Pi */
Blowfish_initstate(c);
/* Transform S-boxes and subkeys with key */
Blowfish_expand0state(c, k, len);
}
void
blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
{
u_int32_t *d;
u_int16_t i;
d = data;
for (i = 0; i < blocks; i++) {
Blowfish_encipher(c, d, d + 1);
d += 2;
}
}
void
blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
{
u_int32_t *d;
u_int16_t i;
d = data;
for (i = 0; i < blocks; i++) {
Blowfish_decipher(c, d, d + 1);
d += 2;
}
}
void
blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
{
u_int32_t l, r;
u_int32_t i;
for (i = 0; i < len; i += 8) {
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
Blowfish_encipher(c, &l, &r);
data[0] = l >> 24 & 0xff;
data[1] = l >> 16 & 0xff;
data[2] = l >> 8 & 0xff;
data[3] = l & 0xff;
data[4] = r >> 24 & 0xff;
data[5] = r >> 16 & 0xff;
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
data += 8;
}
}
void
blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
{
u_int32_t l, r;
u_int32_t i;
for (i = 0; i < len; i += 8) {
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
Blowfish_decipher(c, &l, &r);
data[0] = l >> 24 & 0xff;
data[1] = l >> 16 & 0xff;
data[2] = l >> 8 & 0xff;
data[3] = l & 0xff;
data[4] = r >> 24 & 0xff;
data[5] = r >> 16 & 0xff;
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
data += 8;
}
}
void
blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
{
u_int32_t l, r;
u_int32_t i, j;
for (i = 0; i < len; i += 8) {
for (j = 0; j < 8; j++)
data[j] ^= iv[j];
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
Blowfish_encipher(c, &l, &r);
data[0] = l >> 24 & 0xff;
data[1] = l >> 16 & 0xff;
data[2] = l >> 8 & 0xff;
data[3] = l & 0xff;
data[4] = r >> 24 & 0xff;
data[5] = r >> 16 & 0xff;
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
iv = data;
data += 8;
}
}
void
blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
{
u_int32_t l, r;
u_int8_t *iv;
u_int32_t i, j;
iv = data + len - 16;
data = data + len - 8;
for (i = len - 8; i >= 8; i -= 8) {
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
Blowfish_decipher(c, &l, &r);
data[0] = l >> 24 & 0xff;
data[1] = l >> 16 & 0xff;
data[2] = l >> 8 & 0xff;
data[3] = l & 0xff;
data[4] = r >> 24 & 0xff;
data[5] = r >> 16 & 0xff;
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
for (j = 0; j < 8; j++)
data[j] ^= iv[j];
iv -= 8;
data -= 8;
}
l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
Blowfish_decipher(c, &l, &r);
data[0] = l >> 24 & 0xff;
data[1] = l >> 16 & 0xff;
data[2] = l >> 8 & 0xff;
data[3] = l & 0xff;
data[4] = r >> 24 & 0xff;
data[5] = r >> 16 & 0xff;
data[6] = r >> 8 & 0xff;
data[7] = r & 0xff;
for (j = 0; j < 8; j++)
data[j] ^= iva[j];
}
#if 0
void
report(u_int32_t data[], u_int16_t len)
{
u_int16_t i;
for (i = 0; i < len; i += 2)
printf("Block %0hd: %08lx %08lx.\n",
i / 2, data[i], data[i + 1]);
}
void
main(void)
{
blf_ctx c;
char key[] = "AAAAA";
char key2[] = "abcdefghijklmnopqrstuvwxyz";
u_int32_t data[10];
u_int32_t data2[] =
{0x424c4f57l, 0x46495348l};
u_int16_t i;
/* First test */
for (i = 0; i < 10; i++)
data[i] = i;
blf_key(&c, (u_int8_t *) key, 5);
blf_enc(&c, data, 5);
blf_dec(&c, data, 1);
blf_dec(&c, data + 2, 4);
printf("Should read as 0 - 9.\n");
report(data, 10);
/* Second test */
blf_key(&c, (u_int8_t *) key2, strlen(key2));
blf_enc(&c, data2, 1);
printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
report(data2, 2);
blf_dec(&c, data2, 1);
report(data2, 2);
}
#endif
#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
!defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */

1
crypto/external/bsd/openssh/dist/blowfish.c vendored Symbolic link
View File

@@ -0,0 +1 @@
openbsd-compat/blowfish.c

11
crypto/external/bsd/openssh/dist/bufaux.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */
/*
* Copyright (c) 2012 Damien Miller <djm@mindrot.org>
@@ -16,10 +15,10 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: bufaux.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
#include "includes.h"
#include <sys/types.h>
#include "buffer.h"
@@ -41,7 +40,7 @@ buffer_get_short_ret(u_short *v, Buffer *buffer)
u_short
buffer_get_short(Buffer *buffer)
{
u_short ret = 0; /* XXX: GCC */
u_short ret;
if (buffer_get_short_ret(&ret, buffer) == -1)
fatal("%s: buffer error", __func__);
@@ -64,7 +63,7 @@ buffer_get_int_ret(u_int *v, Buffer *buffer)
u_int
buffer_get_int(Buffer *buffer)
{
u_int ret = 0; /* XXX: GCC */
u_int ret;
if (buffer_get_int_ret(&ret, buffer) == -1)
fatal("%s: buffer error", __func__);
@@ -87,7 +86,7 @@ buffer_get_int64_ret(u_int64_t *v, Buffer *buffer)
u_int64_t
buffer_get_int64(Buffer *buffer)
{
u_int64_t ret = 0; /* XXX: GCC */
u_int64_t ret;
if (buffer_get_int64_ret(&ret, buffer) == -1)
fatal("%s: buffer error", __func__);

11
crypto/external/bsd/openssh/dist/bufbn.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: bufbn.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: bufbn.c,v 1.12 2014/04/30 05:29:56 djm Exp $ */
/*
@@ -17,14 +16,19 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
#include "includes.h"
__RCSID("$NetBSD: bufbn.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#ifdef WITH_OPENSSL
#include <sys/types.h>
#include "buffer.h"
#include "log.h"
#include "ssherr.h"
#ifdef WITH_SSH1
int
buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
{
@@ -62,6 +66,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
if (buffer_get_bignum_ret(buffer, value) == -1)
fatal("%s: buffer error", __func__);
}
#endif /* WITH_SSH1 */
int
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
@@ -100,3 +105,5 @@ buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
if (buffer_get_bignum2_ret(buffer, value) == -1)
fatal("%s: buffer error", __func__);
}
#endif /* WITH_OPENSSL */

9
crypto/external/bsd/openssh/dist/bufec.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */
/*
@@ -16,18 +15,19 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: bufec.c,v 1.5 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
#include "includes.h"
#include <sys/types.h>
#include "buffer.h"
#include "log.h"
#include "ssherr.h"
#ifdef OPENSSL_HAS_ECC
int
buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
const EC_POINT *point)
@@ -70,4 +70,5 @@ buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve,
fatal("%s: buffer error", __func__);
}
#endif /* OPENSSL_HAS_ECC */

6
crypto/external/bsd/openssh/dist/buffer.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */
/*
@@ -17,11 +16,10 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: buffer.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#include <sys/param.h>
/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
#include "includes.h"
#include <sys/types.h>
#include "buffer.h"

9
crypto/external/bsd/openssh/dist/buffer.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: buffer.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: buffer.h,v 1.25 2014/04/30 05:29:56 djm Exp $ */
/*
@@ -24,9 +23,6 @@
#include "sshbuf.h"
/* move the following to a more appropriate place and name */
#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
typedef struct sshbuf Buffer;
#define buffer_init(b) sshbuf_init(b)
@@ -51,6 +47,8 @@ int buffer_get_ret(Buffer *, void *, u_int);
int buffer_consume_ret(Buffer *, u_int);
int buffer_consume_end_ret(Buffer *, u_int);
#include <openssl/objects.h>
#include <openssl/bn.h>
void buffer_put_bignum(Buffer *, const BIGNUM *);
void buffer_put_bignum2(Buffer *, const BIGNUM *);
void buffer_get_bignum(Buffer *, BIGNUM *);
@@ -89,10 +87,13 @@ char *buffer_get_cstring_ret(Buffer *, u_int *);
const void *buffer_get_string_ptr_ret(Buffer *, u_int *);
int buffer_get_char_ret(char *, Buffer *);
#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *);
void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *);
int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *);
void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *);
#endif
#endif /* BUFFER_H */

55
crypto/external/bsd/openssh/dist/canohost.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: canohost.c,v 1.72 2015/03/01 15:44:40 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,12 +13,13 @@
*/
#include "includes.h"
__RCSID("$NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <netdb.h>
@@ -27,7 +27,6 @@ __RCSID("$NetBSD: canohost.c,v 1.8 2015/04/03 23:58:19 christos Exp $");
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
#include <unistd.h>
#include "xmalloc.h"
@@ -61,13 +60,18 @@ get_remote_hostname(int sock, int use_dns)
cleanup_exit(255);
}
if (from.ss_family == AF_INET)
check_ip_options(sock, ntop);
ipv64_normalise_mapped(&from, &fromlen);
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
if (from.ss_family == AF_INET)
check_ip_options(sock, ntop);
if (!use_dns)
return xstrdup(ntop);
@@ -148,6 +152,7 @@ get_remote_hostname(int sock, int use_dns)
static void
check_ip_options(int sock, char *ipaddr)
{
#ifdef IP_OPTIONS
u_char options[200];
char text[sizeof(options) * 3 + 1];
socklen_t option_size, i;
@@ -168,6 +173,32 @@ check_ip_options(int sock, char *ipaddr)
fatal("Connection from %.100s with IP options:%.800s",
ipaddr, text);
}
#endif /* IP_OPTIONS */
}
void
ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
{
struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr;
struct sockaddr_in *a4 = (struct sockaddr_in *)addr;
struct in_addr inaddr;
u_int16_t port;
if (addr->ss_family != AF_INET6 ||
!IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr))
return;
debug3("Normalising mapped IPv4 in IPv6 address");
memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr));
port = a6->sin6_port;
memset(a4, 0, sizeof(*a4));
a4->sin_family = AF_INET;
*len = sizeof(*a4);
memcpy(&a4->sin_addr, &inaddr, sizeof(inaddr));
a4->sin_port = port;
}
/*
@@ -193,7 +224,7 @@ get_canonical_hostname(int use_dns)
if (packet_connection_is_on_socket())
host = get_remote_hostname(packet_get_connection_in(), use_dns);
else
host = __UNCONST("UNKNOWN");
host = "UNKNOWN";
if (use_dns)
canonical_host_name = host;
@@ -228,6 +259,12 @@ get_socket_address(int sock, int remote, int flags)
return NULL;
}
/* Work around Linux IPv6 weirdness */
if (addr.ss_family == AF_INET6) {
addrlen = sizeof(struct sockaddr_in6);
ipv64_normalise_mapped(&addr, &addrlen);
}
switch (addr.ss_family) {
case AF_INET:
case AF_INET6:
@@ -354,6 +391,10 @@ get_sock_port(int sock, int local)
}
}
/* Work around Linux IPv6 weirdness */
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);
/* Non-inet sockets don't have a port number. */
if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
return 0;

3
crypto/external/bsd/openssh/dist/canohost.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: canohost.h,v 1.5 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */
/*
@@ -26,3 +25,5 @@ int get_remote_port(void);
int get_local_port(void);
int get_sock_port(int, int);
void clear_cached_addr(void);
void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);

2
crypto/external/bsd/openssh/dist/chacha.c vendored
View File

@@ -5,9 +5,7 @@ Public domain.
*/
#include "includes.h"
__RCSID("$NetBSD: chacha.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include <stdio.h> /* for NULL */
#include "chacha.h"
/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */

202
crypto/external/bsd/openssh/dist/channels.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $ */
/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,16 +40,16 @@
*/
#include "includes.h"
__RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/param.h> /* MIN MAX */
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/un.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/queue.h>
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -58,7 +57,9 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $");
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -66,6 +67,7 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $");
#include <unistd.h>
#include <stdarg.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -81,10 +83,6 @@ __RCSID("$NetBSD: channels.c,v 1.14 2015/07/03 00:59:59 christos Exp $");
#include "authfd.h"
#include "pathnames.h"
static int hpn_disabled = 0;
static int hpn_buffer_size = 2 * 1024 * 1024;
/* -- channel core */
/*
@@ -182,7 +180,7 @@ static u_int x11_fake_data_len;
static int IPv4or6 = AF_UNSPEC;
/* helper */
static void port_open_helper(Channel *c, const char *rtype);
static void port_open_helper(Channel *c, char *rtype);
/* non-blocking connect helpers */
static int connect_next(struct channel_connect *);
@@ -263,6 +261,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
if ((c->isatty = is_tty) != 0)
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
#ifdef _AIX
/* XXX: Later AIX versions can't push as much data to tty */
c->wfd_isatty = is_tty || isatty(c->wfd);
#endif
/* enable nonblocking mode */
if (nonblock) {
@@ -280,9 +282,8 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
* remote_name to be freed.
*/
Channel *
channel_new(const char *ctype, int type, int rfd, int wfd, int efd,
u_int window, u_int maxpack, int extusage, const char *remote_name,
int nonblock)
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
{
int found;
u_int i;
@@ -330,12 +331,11 @@ channel_new(const char *ctype, int type, int rfd, int wfd, int efd,
c->notbefore = 0;
c->self = found;
c->type = type;
c->ctype = __UNCONST(ctype);
c->ctype = ctype;
c->local_window = window;
c->local_window_max = window;
c->local_consumed = 0;
c->local_maxpacket = maxpack;
c->dynamic_window = 0;
c->remote_id = -1;
c->remote_name = xstrdup(remote_name);
c->remote_window = 0;
@@ -700,7 +700,7 @@ channel_send_open(int id)
}
void
channel_request_start(int id, const char *service, int wantconfirm)
channel_request_start(int id, char *service, int wantconfirm)
{
Channel *c = channel_lookup(id);
@@ -831,26 +831,6 @@ channel_pre_connecting(Channel *c, fd_set *readset, fd_set *writeset)
FD_SET(c->sock, writeset);
}
static
int channel_tcpwinsz(void)
{
u_int32_t tcpwinsz = 0;
socklen_t optsz = sizeof(tcpwinsz);
int ret = -1;
/* if we aren't on a socket return 128KB*/
if(!packet_connection_is_on_socket())
return(128*1024);
ret = getsockopt(packet_get_connection_in(),
SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
/* return no more than 64MB */
if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
tcpwinsz = BUFFER_MAX_LEN_HPN;
debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
packet_get_connection_in());
return(tcpwinsz);
}
static void
channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
{
@@ -865,12 +845,6 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
/* check buffer limits */
if ((!c->tcpwinsz) || (c->dynamic_window > 0))
c->tcpwinsz = channel_tcpwinsz();
limit = MIN(limit, 2 * c->tcpwinsz);
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit &&
@@ -1438,7 +1412,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
}
static void
port_open_helper(Channel *c, const char *rtype)
port_open_helper(Channel *c, char *rtype)
{
char buf[1024];
char *local_ipaddr = get_local_ipaddr(c->sock);
@@ -1536,7 +1510,7 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
struct sockaddr_storage addr;
int newsock, nextstate;
socklen_t addrlen;
const char *rtype;
char *rtype;
if (FD_ISSET(c->sock, readset)) {
debug("Connection to port %d forwarding "
@@ -1694,10 +1668,17 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
errno = 0;
len = read(c->rfd, buf, sizeof(buf));
if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force)))
if (len < 0 && (errno == EINTR ||
((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
return 1;
#ifndef PTY_ZEROREAD
if (len <= 0) {
#else
if ((!c->isatty && len <= 0) ||
(c->isatty && (len < 0 || (len == 0 && errno != 0)))) {
#endif
debug2("channel %d: read<=0 rfd %d len %d",
c->self, c->rfd, len);
if (c->type != SSH_CHANNEL_OPEN) {
@@ -1761,7 +1742,8 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
/* ignore truncated writes, datagrams might get lost */
len = write(c->wfd, buf, dlen);
free(data);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN)
@@ -1772,9 +1754,15 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
}
goto out;
}
#ifdef _AIX
/* XXX: Later AIX versions can't push as much data to tty */
if (compat20 && c->wfd_isatty)
dlen = MIN(dlen, 8*1024);
#endif
len = write(c->wfd, buf, dlen);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
if (len < 0 &&
(errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN) {
@@ -1790,6 +1778,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
}
return -1;
}
#ifndef BROKEN_TCGETATTR_ICANON
if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') {
if (tcgetattr(c->wfd, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
@@ -1803,6 +1792,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
packet_send();
}
}
#endif
buffer_consume(&c->output, len);
}
out:
@@ -1826,7 +1816,8 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
buffer_len(&c->extended));
debug2("channel %d: written %d to efd %d",
c->self, len, c->efd);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
debug2("channel %d: closing write-efd %d",
@@ -1839,11 +1830,12 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
} else if (c->efd != -1 &&
(c->extended_usage == CHAN_EXTENDED_READ ||
c->extended_usage == CHAN_EXTENDED_IGNORE) &&
FD_ISSET(c->efd, readset)) {
(c->detach_close || FD_ISSET(c->efd, readset))) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
c->self, len, c->efd);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
errno == EWOULDBLOCK) && !c->detach_close)))
return 1;
if (len <= 0) {
debug2("channel %d: closing read-efd %d",
@@ -1861,7 +1853,6 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
return 1;
}
/* ARGSUSED */
static int
channel_check_window(Channel *c)
{
@@ -1871,21 +1862,14 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
u_int addition = 0;
/* adjust max window size if we are in a dynamic environment */
if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
/* grow the window somewhat aggressively to maintain pressure */
addition = 1.5*(c->tcpwinsz - c->local_window_max);
c->local_window_max += addition;
}
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
packet_put_int(c->remote_id);
packet_put_int(c->local_consumed + addition);
packet_put_int(c->local_consumed);
packet_send();
debug2("channel %d: window %d sent adjust %d",
c->self, c->local_window,
c->local_consumed);
c->local_window += c->local_consumed + addition;
c->local_window += c->local_consumed;
c->local_consumed = 0;
}
return 1;
@@ -2249,12 +2233,11 @@ channel_after_select(fd_set *readset, fd_set *writeset)
/* If there is data to send to the connection, enqueue some of it now. */
int
void
channel_output_poll(void)
{
Channel *c;
u_int i, len;
int packet_length = 0;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
@@ -2302,7 +2285,7 @@ channel_output_poll(void)
packet_start(SSH2_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(data, dlen);
packet_length = packet_sendx();
packet_send();
c->remote_window -= dlen;
free(data);
}
@@ -2332,7 +2315,7 @@ channel_output_poll(void)
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(buffer_ptr(&c->input), len);
packet_length = packet_sendx();
packet_send();
buffer_consume(&c->input, len);
c->remote_window -= len;
}
@@ -2367,13 +2350,12 @@ channel_output_poll(void)
packet_put_int(c->remote_id);
packet_put_int(SSH2_EXTENDED_DATA_STDERR);
packet_put_string(buffer_ptr(&c->extended), len);
packet_length = packet_sendx();
packet_send();
buffer_consume(&c->extended, len);
c->remote_window -= len;
debug2("channel %d: sent ext data %d", c->self, len);
}
}
return (packet_length);
}
@@ -2617,7 +2599,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
return 0;
}
static const char *
static char *
reason2txt(int reason)
{
switch (reason) {
@@ -2767,13 +2749,6 @@ channel_set_af(int af)
IPv4or6 = af;
}
void
channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
{
hpn_disabled = external_hpn_disabled;
hpn_buffer_size = external_hpn_buffer_size;
debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
}
/*
* Determine whether or not a port forward listens to loopback, the
@@ -2929,6 +2904,8 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
}
channel_set_reuseaddr(sock);
if (ai->ai_family == AF_INET6)
sock_set_v6only(sock);
debug("Local forwarding listening on %s port %s.",
ntop, strport);
@@ -2936,7 +2913,11 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
/* Bind the socket to the address. */
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
/* address can be in use ipv6 address is already bound */
verbose("bind: %.100s", strerror(errno));
if (!ai->ai_next)
error("bind: %.100s", strerror(errno));
else
verbose("bind: %.100s", strerror(errno));
close(sock);
continue;
}
@@ -2960,15 +2941,9 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
}
/* Allocate a channel number for the socket. */
/* explicitly test for hpn disabled option. if true use smaller window size */
if (hpn_disabled)
c = channel_new("port listener", type, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
else
c = channel_new("port listener", type, sock, sock, -1,
hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
c->path = xstrdup(host);
c->host_port = fwd->connect_port;
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@@ -3444,7 +3419,7 @@ channel_request_rforward_cancel_streamlocal(const char *path)
return 0;
}
/*
* Request cancellation of remote forwarding of a connection from local side.
*/
@@ -3477,6 +3452,7 @@ channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts)
fwd.connect_host = packet_get_string(NULL);
fwd.connect_port = packet_get_int();
#ifndef HAVE_CYGWIN
/*
* Check that an unprivileged user is not trying to forward a
* privileged port.
@@ -3487,6 +3463,7 @@ channel_input_port_forward_request(int is_root, struct ForwardOptions *fwd_opts)
fwd.listen_port);
if (fwd.connect_port == 0)
packet_disconnect("Dynamic forwarding denied.");
#endif
/* Initiate forwarding */
success = channel_setup_local_fwd_listener(&fwd, fwd_opts);
@@ -3719,7 +3696,7 @@ channel_connect_ctx_free(struct channel_connect *cctx)
/* Return CONNECTING channel to remote host:port or local socket path */
static Channel *
connect_to(const char *name, int port, const char *ctype, const char *rname)
connect_to(const char *name, int port, char *ctype, char *rname)
{
struct addrinfo hints;
int gaierr;
@@ -3785,7 +3762,7 @@ connect_to(const char *name, int port, const char *ctype, const char *rname)
Channel *
channel_connect_by_listen_address(const char *listen_host,
u_short listen_port, const char *ctype, char *rname)
u_short listen_port, char *ctype, char *rname)
{
int i;
@@ -3803,7 +3780,7 @@ channel_connect_by_listen_address(const char *listen_host,
}
Channel *
channel_connect_by_listen_path(const char *path, const char *ctype, const char *rname)
channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
{
int i;
@@ -3821,7 +3798,7 @@ channel_connect_by_listen_path(const char *path, const char *ctype, const char *
/* Check if connecting to that port is permitted and connect. */
Channel *
channel_connect_to_port(const char *host, u_short port, const char *ctype, const char *rname)
channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname)
{
int i, permit, permit_adm = 1;
@@ -3853,7 +3830,7 @@ channel_connect_to_port(const char *host, u_short port, const char *ctype, const
/* Check if connecting to that path is permitted and connect. */
Channel *
channel_connect_to_path(const char *path, const char *ctype, const char *rname)
channel_connect_to_path(const char *path, char *ctype, char *rname)
{
int i, permit, permit_adm = 1;
@@ -3944,11 +3921,24 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (sock < 0) {
error("socket: %.100s", strerror(errno));
freeaddrinfo(aitop);
return -1;
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
#ifdef EPFNOSUPPORT
&& (errno != EPFNOSUPPORT)
#endif
) {
error("socket: %.100s", strerror(errno));
freeaddrinfo(aitop);
return -1;
} else {
debug("x11_create_display_inet: Socket family %d not supported",
ai->ai_family);
continue;
}
}
channel_set_reuseaddr(sock);
if (ai->ai_family == AF_INET6)
sock_set_v6only(sock);
if (x11_use_localhost)
channel_set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
@@ -3985,17 +3975,10 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
/* Is this really necassary? */
if (hpn_disabled)
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
else
nc = channel_new("x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
0, "X11 inet listener", 1);
nc->single_connection = single_connection;
(*chanids)[n] = nc->self;
}
@@ -4007,7 +3990,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
}
static int
connect_local_xsocket(u_int dnr)
connect_local_xsocket_path(const char *pathname)
{
int sock;
struct sockaddr_un addr;
@@ -4017,7 +4000,7 @@ connect_local_xsocket(u_int dnr)
error("socket: %.100s", strerror(errno));
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr);
strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
return sock;
close(sock);
@@ -4025,6 +4008,14 @@ connect_local_xsocket(u_int dnr)
return -1;
}
static int
connect_local_xsocket(u_int dnr)
{
char buf[1024];
snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
return connect_local_xsocket_path(buf);
}
int
x11_connect_display(void)
{
@@ -4046,6 +4037,17 @@ x11_connect_display(void)
* connection to the real X server.
*/
/* Check if the display is from launchd. */
#ifdef __APPLE__
if (strncmp(display, "/tmp/launch", 11) == 0) {
sock = connect_local_xsocket_path(display);
if (sock < 0)
return -1;
/* OK, we now have a connection to the display. */
return sock;
}
#endif
/*
* Check if it is a unix domain socket. Unix domain displays are in
* one of the following formats: unix:d[.s], :d[.s], ::d[.s]

32
crypto/external/bsd/openssh/dist/channels.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: channels.h,v 1.11 2015/07/03 00:59:59 christos Exp $ */
/* $OpenBSD: channels.h,v 1.118 2015/07/01 02:26:31 djm Exp $ */
/*
@@ -68,7 +67,7 @@ typedef struct Channel Channel;
typedef void channel_open_fn(int, int, void *);
typedef void channel_callback_fn(int, void *);
typedef int channel_infilter_fn(struct Channel *, const char *, int);
typedef int channel_infilter_fn(struct Channel *, char *, int);
typedef void channel_filter_cleanup_fn(int, void *);
typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *);
@@ -106,6 +105,9 @@ struct Channel {
int sock; /* sock fd */
int ctl_chan; /* control channel (multiplexed connections) */
int isatty; /* rfd is a tty */
#ifdef _AIX
int wfd_isatty; /* wfd is a tty */
#endif
int client_tty; /* (client) TTY has been requested */
int force_drain; /* force close on iEOF */
time_t notbefore; /* Pause IO until deadline (time_t) */
@@ -132,10 +134,8 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
int dynamic_window;
int extended_usage;
int single_connection;
u_int tcpwinsz;
char *ctype; /* type */
@@ -170,11 +170,9 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
@@ -212,15 +210,14 @@ struct Channel {
Channel *channel_by_id(int);
Channel *channel_lookup(int);
Channel *channel_new(const char *, int, int, int, int, u_int, u_int, int,
const char *, int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
void channel_set_fds(int, int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
void channel_stop_listening(void);
void channel_send_open(int);
void channel_request_start(int, const char *, int);
void channel_request_start(int, char *, int);
void channel_register_cleanup(int, channel_callback_fn *, int);
void channel_register_open_confirm(int, channel_open_fn *, void *);
void channel_register_filter(int, channel_infilter_fn *,
@@ -250,7 +247,7 @@ int channel_input_status_confirm(int, u_int32_t, void *);
void channel_prepare_select(fd_set **, fd_set **, int *, u_int*,
time_t*, int);
void channel_after_select(fd_set *, fd_set *);
int channel_output_poll(void);
void channel_output_poll(void);
int channel_not_very_much_buffered_data(void);
void channel_close_all(void);
@@ -271,12 +268,12 @@ void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
void channel_print_adm_permitted_opens(void);
int channel_input_port_forward_request(int, struct ForwardOptions *);
Channel *channel_connect_to_port(const char *, u_short, const char *, const char *);
Channel *channel_connect_to_path(const char *, const char *, const char *);
Channel *channel_connect_to_port(const char *, u_short, char *, char *);
Channel *channel_connect_to_path(const char *, char *, char *);
Channel *channel_connect_stdio_fwd(const char*, u_short, int, int);
Channel *channel_connect_by_listen_address(const char *, u_short,
const char *, char *);
Channel *channel_connect_by_listen_path(const char *, const char *, const char *);
char *, char *);
Channel *channel_connect_by_listen_path(const char *, char *, char *);
int channel_request_remote_forwarding(struct Forward *);
int channel_setup_local_fwd_listener(struct Forward *, struct ForwardOptions *);
int channel_request_rforward_cancel(struct Forward *);
@@ -315,7 +312,4 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
/* hpn handler */
void channel_set_hpn(int, int);
#endif

7
crypto/external/bsd/openssh/dist/cipher-3des1.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
@@ -20,7 +19,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: cipher-3des1.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <string.h>
#include <openssl/evp.h>
@@ -65,7 +64,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
return 1;
if (enc == -1)
enc = ctx->encrypt;
k1 = k2 = k3 = __UNCONST(key);
k1 = k2 = k3 = (u_char *) key;
k2 += 8;
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
if (enc)
@@ -94,7 +93,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len)
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
return 0;
if (EVP_Cipher(&c->k1, dest, __UNCONST(src), len) == 0 ||
if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
EVP_Cipher(&c->k3, dest, dest, len) == 0)
return 0;

7
crypto/external/bsd/openssh/dist/cipher-aesctr.c vendored
View File

@@ -15,9 +15,13 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <sys/types.h>
#include <string.h>
#ifndef WITH_OPENSSL
#include "cipher-aesctr.h"
/*
@@ -25,7 +29,7 @@
* the counter is of size 'len' bytes and stored in network-byte-order.
* (LSB at ctr[len-1], MSB at ctr[0])
*/
static __inline__ void
static inline void
aesctr_inc(u8 *ctr, u32 len)
{
ssize_t i;
@@ -76,3 +80,4 @@ aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes)
n = (n + 1) % AES_BLOCK_SIZE;
}
}
#endif /* !WITH_OPENSSL */

32
crypto/external/bsd/openssh/dist/cipher-bf1.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
@@ -20,11 +19,18 @@
*/
#include "includes.h"
__RCSID("$NetBSD: cipher-bf1.c,v 1.6 2015/04/03 23:58:19 christos Exp $");
#ifdef WITH_OPENSSL
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include <openssl/evp.h>
#include "openbsd-compat/openssl-compat.h"
/*
* SSH1 uses a variation on Blowfish, all bytes must be swapped before
* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
@@ -51,11 +57,25 @@ swap_bytes(const u_char *src, u_char *dst, int n)
}
}
#ifdef SSH_OLD_EVP
static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (iv != NULL)
memcpy (&(ctx->oiv[0]), iv, 8);
memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
if (key != NULL)
BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx),
key);
}
#endif
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *,
const u_char *, size_t) = NULL;
const u_char *, LIBCRYPTO_EVP_INL_TYPE) = NULL;
static int
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, size_t len)
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in,
LIBCRYPTO_EVP_INL_TYPE len)
{
int ret;
@@ -73,7 +93,11 @@ evp_ssh1_bf(void)
memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
orig_bf = ssh1_bf.do_cipher;
ssh1_bf.nid = NID_undef;
#ifdef SSH_OLD_EVP
ssh1_bf.init = bf_ssh1_init;
#endif
ssh1_bf.do_cipher = bf_ssh1_cipher;
ssh1_bf.key_len = 32;
return (&ssh1_bf);
}
#endif /* WITH_OPENSSL */

3
crypto/external/bsd/openssh/dist/cipher-chachapoly.c vendored
View File

@@ -14,10 +14,9 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $OpenBSD: cipher-chachapoly.c,v 1.6 2014/07/03 12:42:16 jsing Exp $ */
/* $OpenBSD: cipher-chachapoly.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */
#include "includes.h"
__RCSID("$NetBSD: cipher-chachapoly.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <stdarg.h> /* needed for log.h */

49
crypto/external/bsd/openssh/dist/cipher.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +36,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <string.h>
@@ -50,6 +49,8 @@ __RCSID("$NetBSD: cipher.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
#include "ssherr.h"
#include "digest.h"
#include "openbsd-compat/openssl-compat.h"
#ifdef WITH_SSH1
extern const EVP_CIPHER *evp_ssh1_bf(void);
extern const EVP_CIPHER *evp_ssh1_3des(void);
@@ -57,7 +58,7 @@ extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
#endif
struct sshcipher {
const char *name;
char *name;
int number; /* for ssh1 only */
u_int block_size;
u_int key_len;
@@ -81,7 +82,7 @@ static const struct sshcipher ciphers[] = {
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
#endif
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
@@ -97,25 +98,21 @@ static const struct sshcipher ciphers[] = {
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
{ "rijndael-cbc@lysator.liu.se",
SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
#ifdef AES_CTR_MT
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, evp_aes_ctr_mt },
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, evp_aes_ctr_mt },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, evp_aes_ctr_mt },
#else
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
#endif
# ifdef OPENSSL_HAVE_EVPGCM
{ "aes128-gcm@openssh.com",
SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
{ "aes256-gcm@openssh.com",
SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
#else
# endif /* OPENSSL_HAVE_EVPGCM */
#else /* WITH_OPENSSL */
{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
#endif
#endif /* WITH_OPENSSL */
{ "chacha20-poly1305@openssh.com",
SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
@@ -247,8 +244,7 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
c->number != SSH_CIPHER_NONE)) {
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
free(cipher_list);
return 0;
}
@@ -274,7 +270,7 @@ cipher_number(const char *name)
return -1;
}
const char *
char *
cipher_name(int id)
{
const struct sshcipher *c = cipher_by_number(id);
@@ -331,14 +327,14 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
#else
type = (*cipher->evptype)();
EVP_CIPHER_CTX_init(&cc->evp);
if (EVP_CipherInit(&cc->evp, type, NULL, __UNCONST(iv),
if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
(do_encrypt == CIPHER_ENCRYPT)) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
if (cipher_authlen(cipher) &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-1, __UNCONST(iv))) {
-1, (u_char *)iv)) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
@@ -349,7 +345,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher,
goto bad;
}
}
if (EVP_CipherInit(&cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) {
if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
@@ -421,18 +417,18 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
/* set tag on decyption */
if (!cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, __UNCONST(src + aadlen + len)))
authlen, (u_char *)src + aadlen + len))
return SSH_ERR_LIBCRYPTO_ERROR;
}
if (aadlen) {
if (authlen &&
EVP_Cipher(&cc->evp, NULL, (const u_char *)src, aadlen) < 0)
EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)
return SSH_ERR_LIBCRYPTO_ERROR;
memcpy(dest, src, aadlen);
}
if (len % cc->cipher->block_size)
return SSH_ERR_INVALID_ARGUMENT;
if (EVP_Cipher(&cc->evp, dest + aadlen, (const u_char *)src + aadlen,
if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,
len) < 0)
return SSH_ERR_LIBCRYPTO_ERROR;
if (authlen) {
@@ -549,7 +545,6 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_NONE:
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -560,6 +555,11 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
return SSH_ERR_LIBCRYPTO_ERROR;
if ((u_int)evplen != len)
return SSH_ERR_INVALID_ARGUMENT;
#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr)
ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
else
#endif
if (cipher_authlen(c)) {
if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
len, iv))
@@ -593,7 +593,6 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_NONE:
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -603,7 +602,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
if (cipher_authlen(c)) {
/* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */
if (!EVP_CIPHER_CTX_ctrl(&cc->evp,
EVP_CTRL_GCM_SET_IV_FIXED, -1, __UNCONST(iv)))
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
memcpy(cc->evp.iv, iv, evplen);
@@ -611,7 +610,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
#endif
#ifdef WITH_SSH1
case SSH_CIPHER_3DES:
return ssh1_3des_iv(&cc->evp, 1, __UNCONST(iv), 24);
return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;

3
crypto/external/bsd/openssh/dist/cipher.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: cipher.h,v 1.8 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: cipher.h,v 1.48 2015/07/08 19:09:25 markus Exp $ */
/*
@@ -77,7 +76,7 @@ u_int cipher_mask_ssh1(int);
const struct sshcipher *cipher_by_name(const char *);
const struct sshcipher *cipher_by_number(int);
int cipher_number(const char *);
const char *cipher_name(int);
char *cipher_name(int);
const char *cipher_warning_message(const struct sshcipher_ctx *);
int ciphers_valid(const char *);
char *cipher_alg_list(char, int);

3
crypto/external/bsd/openssh/dist/cleanup.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: cleanup.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
@@ -16,6 +15,8 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
#include <sys/types.h>
#include <unistd.h>

173
crypto/external/bsd/openssh/dist/clientloop.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $ */
/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -61,20 +60,25 @@
*/
#include "includes.h"
__RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $");
#include <sys/param.h> /* MIN MAX */
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/queue.h>
#include <ctype.h>
#include <errno.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -83,6 +87,7 @@ __RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $");
#include <unistd.h>
#include <limits.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -107,7 +112,6 @@ __RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $");
#include "match.h"
#include "msg.h"
#include "roaming.h"
#include "getpeereid.h"
#include "ssherr.h"
#include "hostfile.h"
@@ -610,16 +614,13 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
* buffered data to send to the server.
*/
if (!stdin_eof && packet_not_very_much_data_to_write())
if ((ret = fileno(stdin)) != -1)
FD_SET(ret, *readsetp);
FD_SET(fileno(stdin), *readsetp);
/* Select stdout/stderr if have data in buffer. */
if (buffer_len(&stdout_buffer) > 0)
if ((ret = fileno(stdout)) != -1)
FD_SET(ret, *writesetp);
FD_SET(fileno(stdout), *writesetp);
if (buffer_len(&stderr_buffer) > 0)
if ((ret = fileno(stderr)) != -1)
FD_SET(ret, *writesetp);
FD_SET(fileno(stderr), *writesetp);
} else {
/* channel_prepare_select could have closed the last channel */
if (session_closed && !channel_still_open() &&
@@ -735,7 +736,7 @@ static void
client_process_net_input(fd_set *readset)
{
int len, cont = 0;
char buf[8192];
char buf[SSH_IOBUFSZ];
/*
* Read input from the server, and add any such data to the buffer of
@@ -760,7 +761,8 @@ client_process_net_input(fd_set *readset)
* There is a kernel bug on Solaris that causes select to
* sometimes wake up even though there is no data available.
*/
if (len < 0 && (errno == EAGAIN || errno == EINTR))
if (len < 0 &&
(errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
len = 0;
if (len < 0) {
@@ -949,9 +951,8 @@ process_cmdline(void)
goto out;
}
s++;
while (isspace((u_char)*s))
s++;
while (isspace((u_char)*++s))
;
/* XXX update list of forwards in options */
if (delete) {
@@ -1066,7 +1067,7 @@ print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client,
*/
static int
process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
const char *buf, int len)
char *buf, int len)
{
char string[1024];
pid_t pid;
@@ -1307,71 +1308,73 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
static void
client_process_input(fd_set *readset)
{
int len, fd;
char buf[8192];
int len;
char buf[SSH_IOBUFSZ];
/* Read input from stdin. */
if ((fd = fileno(stdin)) == -1 || !FD_ISSET(fd, readset))
return;
/* Read as much as possible. */
len = read(fd, buf, sizeof(buf));
if (len < 0 && (errno == EAGAIN || errno == EINTR))
return; /* we'll try again later */
if (len <= 0) {
/*
* Received EOF or error. They are treated
* similarly, except that an error message is printed
* if it was an error condition.
*/
if (len < 0) {
snprintf(buf, sizeof buf, "read: %.100s\r\n",
strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
if (FD_ISSET(fileno(stdin), readset)) {
/* Read as much as possible. */
len = read(fileno(stdin), buf, sizeof(buf));
if (len < 0 &&
(errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
return; /* we'll try again later */
if (len <= 0) {
/*
* Received EOF or error. They are treated
* similarly, except that an error message is printed
* if it was an error condition.
*/
if (len < 0) {
snprintf(buf, sizeof buf, "read: %.100s\r\n",
strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
}
/* Mark that we have seen EOF. */
stdin_eof = 1;
/*
* Send an EOF message to the server unless there is
* data in the buffer. If there is data in the
* buffer, no message will be sent now. Code
* elsewhere will send the EOF when the buffer
* becomes empty if stdin_eof is set.
*/
if (buffer_len(&stdin_buffer) == 0) {
packet_start(SSH_CMSG_EOF);
packet_send();
}
} else if (escape_char1 == SSH_ESCAPECHAR_NONE) {
/*
* Normal successful read, and no escape character.
* Just append the data to buffer.
*/
buffer_append(&stdin_buffer, buf, len);
} else {
/*
* Normal, successful read. But we have an escape
* character and have to process the characters one
* by one.
*/
if (process_escapes(NULL, &stdin_buffer,
&stdout_buffer, &stderr_buffer, buf, len) == -1)
return;
}
/* Mark that we have seen EOF. */
stdin_eof = 1;
/*
* Send an EOF message to the server unless there is
* data in the buffer. If there is data in the
* buffer, no message will be sent now. Code
* elsewhere will send the EOF when the buffer
* becomes empty if stdin_eof is set.
*/
if (buffer_len(&stdin_buffer) == 0) {
packet_start(SSH_CMSG_EOF);
packet_send();
}
} else if (escape_char1 == SSH_ESCAPECHAR_NONE) {
/*
* Normal successful read, and no escape character.
* Just append the data to buffer.
*/
buffer_append(&stdin_buffer, buf, len);
} else {
/*
* Normal, successful read. But we have an escape
* character and have to process the characters one
* by one.
*/
if (process_escapes(NULL, &stdin_buffer,
&stdout_buffer, &stderr_buffer, buf, len) == -1)
return;
}
}
static void
client_process_output(fd_set *writeset)
{
int len, fd;
int len;
char buf[100];
/* Write buffered output to stdout. */
if ((fd = fileno(stdout)) != -1 && FD_ISSET(fd, writeset)) {
if (FD_ISSET(fileno(stdout), writeset)) {
/* Write as much data as possible. */
len = write(fd, buffer_ptr(&stdout_buffer),
len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
buffer_len(&stdout_buffer));
if (len <= 0) {
if (errno == EINTR || errno == EAGAIN)
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
len = 0;
else {
/*
@@ -1389,12 +1392,13 @@ client_process_output(fd_set *writeset)
buffer_consume(&stdout_buffer, len);
}
/* Write buffered output to stderr. */
if ((fd = fileno(stderr)) != -1 && FD_ISSET(fd, writeset)) {
if (FD_ISSET(fileno(stderr), writeset)) {
/* Write as much data as possible. */
len = write(fd, buffer_ptr(&stderr_buffer),
len = write(fileno(stderr), buffer_ptr(&stderr_buffer),
buffer_len(&stderr_buffer));
if (len <= 0) {
if (errno == EINTR || errno == EAGAIN)
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
len = 0;
else {
/*
@@ -1450,7 +1454,7 @@ client_filter_cleanup(int cid, void *ctx)
}
int
client_simple_escape_filter(Channel *c, const char *buf, int len)
client_simple_escape_filter(Channel *c, char *buf, int len)
{
if (c->extended_usage != CHAN_EXTENDED_WRITE)
return 0;
@@ -1608,8 +1612,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
channel_after_select(readset, writeset);
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");
if (active_state->kex != NULL)
active_state->kex->done = 0;
active_state->kex->done = 0;
if ((r = kex_send_kexinit(active_state)) != 0)
fatal("%s: kex_send_kexinit: %s",
__func__, ssh_err(r));
@@ -1920,15 +1923,9 @@ client_request_x11(const char *request_type, int rchan)
sock = x11_connect_display();
if (sock < 0)
return NULL;
/* again is this really necessary for X11? */
if (options.hpn_disabled)
c = channel_new("x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
else
c = channel_new("x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
c->force_drain = 1;
return c;
}
@@ -1951,16 +1948,10 @@ client_request_agent(const char *request_type, int rchan)
__func__, ssh_err(r));
return NULL;
}
if (options.hpn_disabled)
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
"authentication agent connection", 1);
else
c = channel_new("authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
options.hpn_buffer_size, options.hpn_buffer_size, 0,
"authentication agent connection", 1);
c->force_drain = 1;
return c;
}
@@ -1987,14 +1978,16 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
return -1;
}
if(options.hpn_disabled)
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
else
c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
sys_tun_outfilter, NULL, NULL);
#endif
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring("tun@openssh.com");
packet_put_int(c->self);

3
crypto/external/bsd/openssh/dist/clientloop.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: clientloop.h,v 1.10 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
/*
@@ -51,7 +50,7 @@ void client_stop_mux(void);
/* Escape filter for protocol 2 sessions */
void *client_new_escape_filter_ctx(int);
void client_filter_cleanup(int, void *);
int client_simple_escape_filter(Channel *, const char *, int);
int client_simple_escape_filter(Channel *, char *, int);
/* Global request confirmation callbacks */
typedef void global_confirm_cb(int, u_int32_t seq, void *);

24
crypto/external/bsd/openssh/dist/compat.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */
/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $");
#include <sys/types.h>
#include <stdlib.h>
@@ -63,7 +62,7 @@ compat_datafellows(const char *version)
{
int i;
static struct {
const char *pat;
char *pat;
int bugs;
} check[] = {
{ "OpenSSH-2.0*,"
@@ -211,15 +210,6 @@ compat_datafellows(const char *version)
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs);
datafellows = check[i].bugs; /* XXX for now */
/* Check to see if the remote side is OpenSSH and not HPN */
if(strstr(version,"OpenSSH") != NULL)
{
if (strstr(version,"hpn") == NULL)
{
datafellows |= SSH_BUG_LARGEWINDOW;
debug("Remote is NON-HPN aware");
}
}
return check[i].bugs;
}
}
@@ -265,7 +255,7 @@ proto_spec(const char *spec)
* pattern list.
*/
static char *
filter_proposal(const char *proposal, const char *filter)
filter_proposal(char *proposal, const char *filter)
{
Buffer b;
char *orig_prop, *fix_prop;
@@ -289,8 +279,8 @@ filter_proposal(const char *proposal, const char *filter)
return fix_prop;
}
const char *
compat_cipher_proposal(const char *cipher_prop)
char *
compat_cipher_proposal(char *cipher_prop)
{
if (!(datafellows & SSH_BUG_BIGENDIANAES))
return cipher_prop;
@@ -315,8 +305,8 @@ compat_pkalg_proposal(char *pkalg_prop)
return pkalg_prop;
}
const char *
compat_kex_proposal(const char *p)
char *
compat_kex_proposal(char *p)
{
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
return p;

6
crypto/external/bsd/openssh/dist/compat.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: compat.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: compat.h,v 1.48 2015/05/26 23:23:40 dtucker Exp $ */
/*
@@ -63,15 +62,14 @@
#define SSH_BUG_CURVE25519PAD 0x10000000
#define SSH_BUG_HOSTKEYS 0x20000000
#define SSH_BUG_DHGEX_LARGE 0x40000000
#define SSH_BUG_LARGEWINDOW 0x80000000
void enable_compat13(void);
void enable_compat20(void);
u_int compat_datafellows(const char *);
int proto_spec(const char *);
const char *compat_cipher_proposal(const char *);
char *compat_cipher_proposal(char *);
char *compat_pkalg_proposal(char *);
const char *compat_kex_proposal(const char *);
char *compat_kex_proposal(char *);
extern int compat13;
extern int compat20;

4
crypto/external/bsd/openssh/dist/crc32.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
/*
@@ -24,10 +23,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
__RCSID("$NetBSD: crc32.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include "crc32.h"
static const u_int32_t crc32tab[] = {

1
crypto/external/bsd/openssh/dist/crc32.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: crc32.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
/*

4
crypto/external/bsd/openssh/dist/crypto_api.h vendored
View File

@@ -8,7 +8,9 @@
#ifndef crypto_api_h
#define crypto_api_h
#include <stdint.h>
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
#include <stdlib.h>
typedef int32_t crypto_int32;

5
crypto/external/bsd/openssh/dist/deattack.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: deattack.c,v 1.32 2015/01/20 23:14:00 deraadt Exp $ */
/*
* Cryptographic attack detector for ssh - source code
@@ -20,13 +19,9 @@
*/
#include "includes.h"
__RCSID("$NetBSD: deattack.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include <time.h>
#include <stdlib.h>
#include "deattack.h"

1
crypto/external/bsd/openssh/dist/deattack.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: deattack.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */
/*

13
crypto/external/bsd/openssh/dist/dh.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dh.c,v 1.9 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -25,24 +24,22 @@
*/
#include "includes.h"
__RCSID("$NetBSD: dh.c,v 1.9 2015/07/03 01:00:00 christos Exp $");
#include <sys/param.h>
#include <sys/param.h> /* MIN */
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <limits.h>
#include "dh.h"
#include "pathnames.h"
#include "log.h"
#include "misc.h"
#include "random.h"
#include "ssherr.h"
static int
@@ -311,7 +308,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
DH *
dh_new_group1(void)
{
static const char *gen = "2", *group1 =
static char *gen = "2", *group1 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
@@ -325,7 +322,7 @@ dh_new_group1(void)
DH *
dh_new_group14(void)
{
static const char *gen = "2", *group14 =
static char *gen = "2", *group14 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
@@ -348,7 +345,7 @@ dh_new_group14(void)
DH *
dh_new_group_fallback(int max)
{
static const char *gen = "2", *group16 =
static char *gen = "2", *group16 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"

1
crypto/external/bsd/openssh/dist/dh.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dh.h,v 1.5 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */
/*

31
crypto/external/bsd/openssh/dist/digest-libc.c vendored
View File

@@ -15,18 +15,22 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: digest-libc.c,v 1.4 2015/07/03 01:00:00 christos Exp $");
#ifndef WITH_OPENSSL
#include <sys/types.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#if 0
#include <md5.h>
#include <rmd160.h>
#include <sha1.h>
#include <sha2.h>
#endif
#include "ssherr.h"
#include "sshbuf.h"
@@ -89,30 +93,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = {
"SHA256",
SHA256_BLOCK_LENGTH,
SHA256_DIGEST_LENGTH,
sizeof(SHA2_CTX),
(md_init_fn *) SHA256Init,
(md_update_fn *) SHA256Update,
(md_final_fn *) SHA256Final
sizeof(SHA256_CTX),
(md_init_fn *) SHA256_Init,
(md_update_fn *) SHA256_Update,
(md_final_fn *) SHA256_Final
},
{
SSH_DIGEST_SHA384,
"SHA384",
SHA384_BLOCK_LENGTH,
SHA384_DIGEST_LENGTH,
sizeof(SHA2_CTX),
(md_init_fn *) SHA384Init,
(md_update_fn *) SHA384Update,
(md_final_fn *) SHA384Final
sizeof(SHA384_CTX),
(md_init_fn *) SHA384_Init,
(md_update_fn *) SHA384_Update,
(md_final_fn *) SHA384_Final
},
{
SSH_DIGEST_SHA512,
"SHA512",
SHA512_BLOCK_LENGTH,
SHA512_DIGEST_LENGTH,
sizeof(SHA2_CTX),
(md_init_fn *) SHA512Init,
(md_update_fn *) SHA512Update,
(md_final_fn *) SHA512Final
sizeof(SHA512_CTX),
(md_init_fn *) SHA512_Init,
(md_update_fn *) SHA512_Update,
(md_final_fn *) SHA512_Final
}
};
@@ -257,3 +261,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
{
return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
}
#endif /* !WITH_OPENSSL */

18
crypto/external/bsd/openssh/dist/digest-openssl.c vendored
View File

@@ -14,8 +14,10 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: digest-openssl.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#ifdef WITH_OPENSSL
#include <sys/types.h>
#include <limits.h>
@@ -24,10 +26,21 @@ __RCSID("$NetBSD: digest-openssl.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include <openssl/evp.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshbuf.h"
#include "digest.h"
#include "ssherr.h"
#ifndef HAVE_EVP_RIPEMD160
# define EVP_ripemd160 NULL
#endif /* HAVE_EVP_RIPEMD160 */
#ifndef HAVE_EVP_SHA256
# define EVP_sha256 NULL
# define EVP_sha384 NULL
# define EVP_sha512 NULL
#endif /* HAVE_EVP_SHA256 */
struct ssh_digest_ctx {
int alg;
EVP_MD_CTX mdctx;
@@ -58,6 +71,8 @@ ssh_digest_by_alg(int alg)
return NULL;
if (digests[alg].id != alg) /* sanity */
return NULL;
if (digests[alg].mdfunc == NULL)
return NULL;
return &(digests[alg]);
}
@@ -187,3 +202,4 @@ ssh_digest_buffer(int alg, const struct sshbuf *b, u_char *d, size_t dlen)
{
return ssh_digest_memory(alg, sshbuf_ptr(b), sshbuf_len(b), d, dlen);
}
#endif /* WITH_OPENSSL */

5
crypto/external/bsd/openssh/dist/dispatch.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: dispatch.c,v 1.27 2015/05/01 07:10:01 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: dispatch.c,v 1.6 2015/07/03 01:00:00 christos Exp $");
#include <sys/types.h>
#include <signal.h>
@@ -51,7 +50,7 @@ dispatch_protocol_error(int type, u_int32_t seq, void *ctx)
if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
(r = sshpkt_put_u32(ssh, seq)) != 0 ||
(r = sshpkt_send(ssh)) != 0 ||
(r = ssh_packet_write_wait(ssh)) < 0)
(r = ssh_packet_write_wait(ssh)) != 0)
sshpkt_fatal(ssh, __func__, r);
return 0;
}

1
crypto/external/bsd/openssh/dist/dispatch.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dispatch.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: dispatch.h,v 1.12 2015/01/19 20:07:45 markus Exp $ */
/*

9
crypto/external/bsd/openssh/dist/dns.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $ */
/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
/*
@@ -27,11 +26,12 @@
*/
#include "includes.h"
__RCSID("$NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
@@ -42,7 +42,6 @@ __RCSID("$NetBSD: dns.c,v 1.12 2015/08/21 08:20:59 christos Exp $");
#include "ssherr.h"
#include "dns.h"
#include "log.h"
#include "getrrsetbyname.h"
#include "digest.h"
static const char *errset_text[] = {
@@ -288,8 +287,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
if (hostkey_algorithm == dnskey_algorithm &&
hostkey_digest_type == dnskey_digest_type) {
if (hostkey_digest_len == dnskey_digest_len &&
consttime_memequal(hostkey_digest, dnskey_digest,
hostkey_digest_len))
timingsafe_bcmp(hostkey_digest, dnskey_digest,
hostkey_digest_len) == 0)
*flags |= DNS_VERIFY_MATCH;
}
free(dnskey_digest);

1
crypto/external/bsd/openssh/dist/dns.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: dns.h,v 1.7 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: dns.h,v 1.15 2015/05/08 06:45:13 djm Exp $ */
/*

3
crypto/external/bsd/openssh/dist/ed25519.c vendored
View File

@@ -5,9 +5,8 @@
* Peter Schwabe, Bo-Yin Yang.
* Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
*/
#include "includes.h"
__RCSID("$NetBSD: ed25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include "includes.h"
#include "crypto_api.h"
#include "ge25519.h"

3
crypto/external/bsd/openssh/dist/fatal.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: fatal.c,v 1.4 2015/04/03 23:58:19 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>

2
crypto/external/bsd/openssh/dist/fe25519.c vendored
View File

@@ -5,8 +5,8 @@
* Peter Schwabe, Bo-Yin Yang.
* Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c
*/
#include "includes.h"
__RCSID("$NetBSD: fe25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#define WINDOWSIZE 1 /* Should be 1,2, or 4 */
#define WINDOWMASK ((1<<WINDOWSIZE)-1)

276
crypto/external/bsd/openssh/dist/fmt_scaled.c vendored
View File

@@ -1,276 +0,0 @@
/* $NetBSD: fmt_scaled.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */
/*
* Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* OPENBSD ORIGINAL: lib/libutil/fmt_scaled.c */
/*
* fmt_scaled: Format numbers scaled for human comprehension
* scan_scaled: Scan numbers in this format.
*
* "Human-readable" output uses 4 digits max, and puts a unit suffix at
* the end. Makes output compact and easy-to-read esp. on huge disks.
* Formatting code was originally in OpenBSD "df", converted to library routine.
* Scanning code written for OpenBSD libutil.
*/
#include "includes.h"
#ifndef HAVE_FMT_SCALED
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <ctype.h>
#include <limits.h>
#include "fmt_scaled.h"
typedef enum {
NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6
} unit_type;
/* These three arrays MUST be in sync! XXX make a struct */
static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
static char scale_chars[] = "BKMGTPE";
static long long scale_factors[] = {
1LL,
1024LL,
1024LL*1024,
1024LL*1024*1024,
1024LL*1024*1024*1024,
1024LL*1024*1024*1024*1024,
1024LL*1024*1024*1024*1024*1024,
};
#define SCALE_LENGTH (sizeof(units)/sizeof(units[0]))
#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */
/** Convert the given input string "scaled" into numeric in "result".
* Return 0 on success, -1 and errno set on error.
*/
int
scan_scaled(const char *scaled, long long *result)
{
const char *p = scaled;
int sign = 0;
unsigned int i, ndigits = 0, fract_digits = 0;
long long scale_fact = 1, whole = 0, fpart = 0;
/* Skip leading whitespace */
while (isascii((unsigned char)*p) && isspace((unsigned char)*p))
++p;
/* Then at most one leading + or - */
while (*p == '-' || *p == '+') {
if (*p == '-') {
if (sign) {
errno = EINVAL;
return -1;
}
sign = -1;
++p;
} else if (*p == '+') {
if (sign) {
errno = EINVAL;
return -1;
}
sign = +1;
++p;
}
}
/* Main loop: Scan digits, find decimal point, if present.
* We don't allow exponentials, so no scientific notation
* (but note that E for Exa might look like e to some!).
* Advance 'p' to end, to get scale factor.
*/
for (; isascii((unsigned char)*p) && (isdigit((unsigned char)*p) || *p=='.'); ++p) {
if (*p == '.') {
if (fract_digits > 0) { /* oops, more than one '.' */
errno = EINVAL;
return -1;
}
fract_digits = 1;
continue;
}
i = (*p) - '0'; /* whew! finally a digit we can use */
if (fract_digits > 0) {
if (fract_digits >= MAX_DIGITS-1)
/* ignore extra fractional digits */
continue;
fract_digits++; /* for later scaling */
fpart *= 10;
fpart += i;
} else { /* normal digit */
if (++ndigits >= MAX_DIGITS) {
errno = ERANGE;
return -1;
}
whole *= 10;
whole += i;
}
}
if (sign) {
whole *= sign;
fpart *= sign;
}
/* If no scale factor given, we're done. fraction is discarded. */
if (!*p) {
*result = whole;
return 0;
}
/* Validate scale factor, and scale whole and fraction by it. */
for (i = 0; i < SCALE_LENGTH; i++) {
/** Are we there yet? */
if (*p == scale_chars[i] ||
*p == tolower((unsigned char)scale_chars[i])) {
/* If it ends with alphanumerics after the scale char, bad. */
if (isalnum((unsigned char)*(p+1))) {
errno = EINVAL;
return -1;
}
scale_fact = scale_factors[i];
/* scale whole part */
whole *= scale_fact;
/* truncate fpart so it does't overflow.
* then scale fractional part.
*/
while (fpart >= LLONG_MAX / scale_fact) {
fpart /= 10;
fract_digits--;
}
fpart *= scale_fact;
if (fract_digits > 0) {
for (i = 0; i < fract_digits -1; i++)
fpart /= 10;
}
whole += fpart;
*result = whole;
return 0;
}
}
errno = ERANGE;
return -1;
}
/* Format the given "number" into human-readable form in "result".
* Result must point to an allocated buffer of length FMT_SCALED_STRSIZE.
* Return 0 on success, -1 and errno set if error.
*/
int
fmt_scaled(long long number, char *result)
{
long long abval, fract = 0;
unsigned int i;
unit_type unit = NONE;
abval = (number < 0LL) ? -number : number; /* no long long_abs yet */
/* Not every negative long long has a positive representation.
* Also check for numbers that are just too darned big to format
*/
if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
errno = ERANGE;
return -1;
}
/* scale whole part; get unscaled fraction */
for (i = 0; i < SCALE_LENGTH; i++) {
if (abval/1024 < scale_factors[i]) {
unit = units[i];
fract = (i == 0) ? 0 : abval % scale_factors[i];
number /= scale_factors[i];
if (i > 0)
fract /= scale_factors[i - 1];
break;
}
}
fract = (10 * fract + 512) / 1024;
/* if the result would be >= 10, round main number */
if (fract == 10) {
if (number >= 0)
number++;
else
number--;
fract = 0;
}
if (number == 0)
strlcpy(result, "0B", FMT_SCALED_STRSIZE);
else if (unit == NONE || number >= 100 || number <= -100) {
if (fract >= 5) {
if (number >= 0)
number++;
else
number--;
}
(void)snprintf(result, FMT_SCALED_STRSIZE, "%lld%c",
number, scale_chars[unit]);
} else
(void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
number, fract, scale_chars[unit]);
return 0;
}
#ifdef MAIN
/*
* This is the original version of the program in the man page.
* Copy-and-paste whatever you need from it.
*/
int
main(int argc, char **argv)
{
char *cinput = "1.5K", buf[FMT_SCALED_STRSIZE];
long long ninput = 10483892, result;
if (scan_scaled(cinput, &result) == 0)
printf("\"%s\" -> %lld\n", cinput, result);
else
perror(cinput);
if (fmt_scaled(ninput, buf) == 0)
printf("%lld -> \"%s\"\n", ninput, buf);
else
fprintf(stderr, "%lld invalid (%s)\n", ninput, strerror(errno));
return 0;
}
#endif
#endif /* HAVE_FMT_SCALED */

1
crypto/external/bsd/openssh/dist/fmt_scaled.c vendored Symbolic link
View File

@@ -0,0 +1 @@
openbsd-compat/fmt_scaled.c

6
crypto/external/bsd/openssh/dist/ge25519.c vendored
View File

@@ -5,8 +5,8 @@
* Peter Schwabe, Bo-Yin Yang.
* Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c
*/
#include "includes.h"
__RCSID("$NetBSD: ge25519.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include "fe25519.h"
#include "sc25519.h"
@@ -269,13 +269,13 @@ void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, cons
/* precomputation s2 s1 */
setneutral(pre); /* 00 00 */
pre[1] = *p1; /* 00 01 */
dbl_p1p1(&tp1p1,(const ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */
dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */
add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */
pre[4] = *p2; /* 01 00 */
add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */
add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */
add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */
dbl_p1p1(&tp1p1,(const ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */
dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */
add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */
dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */
add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */

610
crypto/external/bsd/openssh/dist/getrrsetbyname.c vendored
View File

@@ -1,610 +0,0 @@
/* $NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Portions Copyright (c) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
#include "includes.h"
__RCSID("$NetBSD: getrrsetbyname.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#ifndef HAVE_GETRRSETBYNAME
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include "getrrsetbyname.h"
#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
extern int h_errno;
#endif
/* We don't need multithread support here */
#ifdef _THREAD_PRIVATE
# undef _THREAD_PRIVATE
#endif
#define _THREAD_PRIVATE(a,b,c) (c)
#ifndef __NetBSD__
struct __res_state _res;
#else
#define HAVE__GETSHORT
#define HAVE__GETLONG
#endif
/* Necessary functions and macros */
/*
* Inline versions of get/put short/long. Pointer is advanced.
*
* These macros demonstrate the property of C whereby it can be
* portable or it can be elegant but rarely both.
*/
#ifndef INT32SZ
# define INT32SZ 4
#endif
#ifndef INT16SZ
# define INT16SZ 2
#endif
#ifndef GETSHORT
#define GETSHORT(s, cp) { \
register u_char *t_cp = (u_char *)(cp); \
(s) = ((u_int16_t)t_cp[0] << 8) \
| ((u_int16_t)t_cp[1]) \
; \
(cp) += INT16SZ; \
}
#endif
#ifndef GETLONG
#define GETLONG(l, cp) { \
register u_char *t_cp = (u_char *)(cp); \
(l) = ((u_int32_t)t_cp[0] << 24) \
| ((u_int32_t)t_cp[1] << 16) \
| ((u_int32_t)t_cp[2] << 8) \
| ((u_int32_t)t_cp[3]) \
; \
(cp) += INT32SZ; \
}
#endif
/*
* Routines to insert/extract short/long's.
*/
#ifndef HAVE__GETSHORT
static u_int16_t
_getshort(msgp)
register const u_char *msgp;
{
register u_int16_t u;
GETSHORT(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
u_int16_t _getshort(register const u_char *);
#endif
#ifndef HAVE__GETLONG
static u_int32_t
_getlong(msgp)
register const u_char *msgp;
{
register u_int32_t u;
GETLONG(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
u_int32_t _getlong(register const u_char *);
#endif
/* ************** */
#define ANSWER_BUFFER_SIZE 1024*64
struct dns_query {
char *name;
u_int16_t type;
u_int16_t class;
struct dns_query *next;
};
struct dns_rr {
char *name;
u_int16_t type;
u_int16_t class;
u_int16_t ttl;
u_int16_t size;
void *rdata;
struct dns_rr *next;
};
struct dns_response {
HEADER header;
struct dns_query *query;
struct dns_rr *answer;
struct dns_rr *authority;
struct dns_rr *additional;
};
static struct dns_response *parse_dns_response(const u_char *, int);
static struct dns_query *parse_dns_qsection(const u_char *, int,
const u_char **, int);
static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
int);
static void free_dns_query(struct dns_query *);
static void free_dns_rr(struct dns_rr *);
static void free_dns_response(struct dns_response *);
static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
int result;
struct rrsetinfo *rrset = NULL;
struct dns_response *response = NULL;
struct dns_rr *rr;
struct rdatainfo *rdata;
int length;
unsigned int index_ans, index_sig;
u_char answer[ANSWER_BUFFER_SIZE];
/* check for invalid class and type */
if (rdclass > 0xffff || rdtype > 0xffff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow queries of class or type ANY */
if (rdclass == 0xff || rdtype == 0xff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow flags yet, unimplemented */
if (flags) {
result = ERRSET_INVAL;
goto fail;
}
/* initialize resolver */
if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef DEBUG
_resp->options |= RES_DEBUG;
#endif /* DEBUG */
#ifdef RES_USE_DNSSEC
/* turn on DNSSEC if EDNS0 is configured */
if (_resp->options & RES_USE_EDNS0)
_resp->options |= RES_USE_DNSSEC;
#endif /* RES_USE_DNSEC */
/* make query */
length = res_query(hostname, (signed int) rdclass, (signed int) rdtype,
answer, sizeof(answer));
if (length < 0) {
switch(h_errno) {
case HOST_NOT_FOUND:
result = ERRSET_NONAME;
goto fail;
case NO_DATA:
result = ERRSET_NODATA;
goto fail;
default:
result = ERRSET_FAIL;
goto fail;
}
}
/* parse result */
response = parse_dns_response(answer, length);
if (response == NULL) {
result = ERRSET_FAIL;
goto fail;
}
if (response->header.qdcount != 1) {
result = ERRSET_FAIL;
goto fail;
}
/* initialize rrset */
rrset = calloc(1, sizeof(struct rrsetinfo));
if (rrset == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
rrset->rri_rdclass = response->query->class;
rrset->rri_rdtype = response->query->type;
rrset->rri_ttl = response->answer->ttl;
rrset->rri_nrdatas = response->header.ancount;
#ifdef HAVE_HEADER_AD
/* check for authenticated data */
if (response->header.ad == 1)
rrset->rri_flags |= RRSET_VALIDATED;
#endif
/* copy name from answer section */
rrset->rri_name = strdup(response->answer->name);
if (rrset->rri_name == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* count answers */
rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
rrset->rri_rdtype);
rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass,
T_SIG);
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
sizeof(struct rdatainfo));
if (rrset->rri_rdatas == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* allocate memory for signatures */
rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* copy answers & signatures */
for (rr = response->answer, index_ans = 0, index_sig = 0;
rr; rr = rr->next) {
rdata = NULL;
if (rr->class == rrset->rri_rdclass &&
rr->type == rrset->rri_rdtype)
rdata = &rrset->rri_rdatas[index_ans++];
if (rr->class == rrset->rri_rdclass &&
rr->type == T_SIG)
rdata = &rrset->rri_sigs[index_sig++];
if (rdata) {
rdata->rdi_length = rr->size;
rdata->rdi_data = malloc(rr->size);
if (rdata->rdi_data == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
memcpy(rdata->rdi_data, rr->rdata, rr->size);
}
}
free_dns_response(response);
*res = rrset;
return (ERRSET_SUCCESS);
fail:
if (rrset != NULL)
freerrset(rrset);
if (response != NULL)
free_dns_response(response);
return (result);
}
void
freerrset(struct rrsetinfo *rrset)
{
u_int16_t i;
if (rrset == NULL)
return;
if (rrset->rri_rdatas) {
for (i = 0; i < rrset->rri_nrdatas; i++) {
if (rrset->rri_rdatas[i].rdi_data == NULL)
break;
free(rrset->rri_rdatas[i].rdi_data);
}
free(rrset->rri_rdatas);
}
if (rrset->rri_sigs) {
for (i = 0; i < rrset->rri_nsigs; i++) {
if (rrset->rri_sigs[i].rdi_data == NULL)
break;
free(rrset->rri_sigs[i].rdi_data);
}
free(rrset->rri_sigs);
}
if (rrset->rri_name)
free(rrset->rri_name);
free(rrset);
}
/*
* DNS response parsing routines
*/
static struct dns_response *
parse_dns_response(const u_char *answer, int size)
{
struct dns_response *resp;
const u_char *cp;
/* allocate memory for the response */
resp = calloc(1, sizeof(*resp));
if (resp == NULL)
return (NULL);
/* initialize current pointer */
cp = answer;
/* copy header */
memcpy(&resp->header, cp, HFIXEDSZ);
cp += HFIXEDSZ;
/* fix header byte order */
resp->header.qdcount = ntohs(resp->header.qdcount);
resp->header.ancount = ntohs(resp->header.ancount);
resp->header.nscount = ntohs(resp->header.nscount);
resp->header.arcount = ntohs(resp->header.arcount);
/* there must be at least one query */
if (resp->header.qdcount < 1) {
free_dns_response(resp);
return (NULL);
}
/* parse query section */
resp->query = parse_dns_qsection(answer, size, &cp,
resp->header.qdcount);
if (resp->header.qdcount && resp->query == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse answer section */
resp->answer = parse_dns_rrsection(answer, size, &cp,
resp->header.ancount);
if (resp->header.ancount && resp->answer == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse authority section */
resp->authority = parse_dns_rrsection(answer, size, &cp,
resp->header.nscount);
if (resp->header.nscount && resp->authority == NULL) {
free_dns_response(resp);
return (NULL);
}
/* parse additional section */
resp->additional = parse_dns_rrsection(answer, size, &cp,
resp->header.arcount);
if (resp->header.arcount && resp->additional == NULL) {
free_dns_response(resp);
return (NULL);
}
return (resp);
}
static struct dns_query *
parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
{
struct dns_query *head, *curr, *prev;
int i, length;
char name[MAXDNAME];
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
/* allocate and initialize struct */
curr = calloc(1, sizeof(struct dns_query));
if (curr == NULL) {
free_dns_query(head);
return (NULL);
}
if (head == NULL)
head = curr;
if (prev != NULL)
prev->next = curr;
/* name */
length = dn_expand(answer, answer + size, *cp, name,
sizeof(name));
if (length < 0) {
free_dns_query(head);
return (NULL);
}
curr->name = strdup(name);
if (curr->name == NULL) {
free_dns_query(head);
return (NULL);
}
*cp += length;
/* type */
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
curr->class = _getshort(*cp);
*cp += INT16SZ;
}
return (head);
}
static struct dns_rr *
parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
int count)
{
struct dns_rr *head, *curr, *prev;
int i, length;
char name[MAXDNAME];
for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
/* allocate and initialize struct */
curr = calloc(1, sizeof(struct dns_rr));
if (curr == NULL) {
free_dns_rr(head);
return (NULL);
}
if (head == NULL)
head = curr;
if (prev != NULL)
prev->next = curr;
/* name */
length = dn_expand(answer, answer + size, *cp, name,
sizeof(name));
if (length < 0) {
free_dns_rr(head);
return (NULL);
}
curr->name = strdup(name);
if (curr->name == NULL) {
free_dns_rr(head);
return (NULL);
}
*cp += length;
/* type */
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
curr->class = _getshort(*cp);
*cp += INT16SZ;
/* ttl */
curr->ttl = _getlong(*cp);
*cp += INT32SZ;
/* rdata size */
curr->size = _getshort(*cp);
*cp += INT16SZ;
/* rdata itself */
curr->rdata = malloc(curr->size);
if (curr->rdata == NULL) {
free_dns_rr(head);
return (NULL);
}
memcpy(curr->rdata, *cp, curr->size);
*cp += curr->size;
}
return (head);
}
static void
free_dns_query(struct dns_query *p)
{
if (p == NULL)
return;
if (p->name)
free(p->name);
free_dns_query(p->next);
free(p);
}
static void
free_dns_rr(struct dns_rr *p)
{
if (p == NULL)
return;
if (p->name)
free(p->name);
if (p->rdata)
free(p->rdata);
free_dns_rr(p->next);
free(p);
}
static void
free_dns_response(struct dns_response *p)
{
if (p == NULL)
return;
free_dns_query(p->query);
free_dns_rr(p->answer);
free_dns_rr(p->authority);
free_dns_rr(p->additional);
free(p);
}
static int
count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
{
int n = 0;
while(p) {
if (p->class == class && p->type == type)
n++;
p = p->next;
}
return (n);
}
#endif /* !defined(HAVE_GETRRSETBYNAME) */

1
crypto/external/bsd/openssh/dist/getrrsetbyname.c vendored Symbolic link
View File

@@ -0,0 +1 @@
openbsd-compat/getrrsetbyname.c

111
crypto/external/bsd/openssh/dist/getrrsetbyname.h vendored
View File

@@ -1,111 +0,0 @@
/* OPENBSD BASED ON : include/netdb.h */
/* $NetBSD: getrrsetbyname.h,v 1.3 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Portions Copyright (c) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _GETRRSETBYNAME_H
#define _GETRRSETBYNAME_H
#include "includes.h"
#ifndef HAVE_GETRRSETBYNAME
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
#ifndef HFIXEDSZ
#define HFIXEDSZ 12
#endif
#ifndef T_SIG
#define T_SIG 24
#endif
/*
* Flags for getrrsetbyname()
*/
#ifndef RRSET_VALIDATED
# define RRSET_VALIDATED 1
#endif
/*
* Return codes for getrrsetbyname()
*/
#ifndef ERRSET_SUCCESS
# define ERRSET_SUCCESS 0
# define ERRSET_NOMEMORY 1
# define ERRSET_FAIL 2
# define ERRSET_INVAL 3
# define ERRSET_NONAME 4
# define ERRSET_NODATA 5
#endif
struct rdatainfo {
unsigned int rdi_length; /* length of data */
unsigned char *rdi_data; /* record data */
};
struct rrsetinfo {
unsigned int rri_flags; /* RRSET_VALIDATED ... */
unsigned int rri_rdclass; /* class number */
unsigned int rri_rdtype; /* RR type number */
unsigned int rri_ttl; /* time to live */
unsigned int rri_nrdatas; /* size of rdatas array */
unsigned int rri_nsigs; /* size of sigs array */
char *rri_name; /* canonical name */
struct rdatainfo *rri_rdatas; /* individual records */
struct rdatainfo *rri_sigs; /* individual signatures */
};
int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **);
void freerrset(struct rrsetinfo *);
#endif /* !defined(HAVE_GETRRSETBYNAME) */
#endif /* _GETRRSETBYNAME_H */

1
crypto/external/bsd/openssh/dist/getrrsetbyname.h vendored Symbolic link
View File

@@ -0,0 +1 @@
openbsd-compat/getrrsetbyname.h

18
crypto/external/bsd/openssh/dist/groupaccess.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
@@ -25,7 +24,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $");
#include <sys/types.h>
#include <grp.h>
@@ -41,7 +40,7 @@ __RCSID("$NetBSD: groupaccess.c,v 1.6 2015/07/03 01:00:00 christos Exp $");
#include "log.h"
static int ngroups;
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
static char **groups_byname;
/*
* Initialize group access list for user with primary (base) and
@@ -50,19 +49,27 @@ static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
int
ga_init(const char *user, gid_t base)
{
gid_t groups_bygid[NGROUPS_MAX + 1];
gid_t *groups_bygid;
int i, j;
struct group *gr;
if (ngroups > 0)
ga_free();
ngroups = sizeof(groups_bygid) / sizeof(gid_t);
ngroups = NGROUPS_MAX;
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
#endif
groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
logit("getgrouplist: groups list too small");
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
free(groups_bygid);
return (ngroups = j);
}
@@ -116,5 +123,6 @@ ga_free(void)
for (i = 0; i < ngroups; i++)
free(groups_byname[i]);
ngroups = 0;
free(groups_byname);
}
}

1
crypto/external/bsd/openssh/dist/groupaccess.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: groupaccess.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */
/*

10
crypto/external/bsd/openssh/dist/gss-genr.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: gss-genr.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
/*
@@ -26,16 +25,17 @@
*/
#include "includes.h"
__RCSID("$NetBSD");
#ifdef GSSAPI
#include <sys/types.h>
#include <sys/param.h>
#include <limits.h>
#include <stdarg.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <stdarg.h>
#include <limits.h>
#include "xmalloc.h"
#include "buffer.h"
@@ -255,7 +255,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
{
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
OM_uint32 major, minor;
gss_OID_desc spnego_oid = {6, __UNCONST("\x2B\x06\x01\x05\x05\x02")};
gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
/* RFC 4462 says we MUST NOT do SPNEGO */
if (oid->length == spnego_oid.length &&

42
crypto/external/bsd/openssh/dist/gss-serv-krb5.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
/*
@@ -26,7 +25,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $");
#ifdef GSSAPI
#ifdef KRB5
@@ -40,16 +39,22 @@ __RCSID("$NetBSD: gss-serv-krb5.c,v 1.8 2015/04/03 23:58:19 christos Exp $");
#include "hostfile.h"
#include "auth.h"
#include "log.h"
#include "buffer.h"
#include "misc.h"
#include "servconf.h"
#include "buffer.h"
#include "ssh-gss.h"
extern ServerOptions options;
#include <krb5.h>
#include <gssapi/gssapi_krb5.h>
#ifdef HEIMDAL
# include <krb5.h>
#endif
#ifdef HAVE_GSSAPI_KRB5_H
# include <gssapi_krb5.h>
#elif HAVE_GSSAPI_GSSAPI_KRB5_H
# include <gssapi/gssapi_krb5.h>
#endif
static krb5_context krb_context = NULL;
@@ -68,9 +73,6 @@ ssh_gssapi_krb5_init(void)
logit("Cannot initialize krb5 context");
return 0;
}
#ifdef isneeded
krb5_init_ets(krb_context);
#endif
return 1;
}
@@ -119,7 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
krb5_error_code problem;
krb5_principal princ;
OM_uint32 maj_status, min_status;
size_t len;
int len;
const char *errmsg;
if (client->creds == NULL) {
@@ -130,20 +132,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
if (ssh_gssapi_krb5_init() == 0)
return;
#ifdef HEIMDAL
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
NULL, &ccache)) != 0) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_new_unique(): %.100s", errmsg);
# else
if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
logit("krb5_cc_gen_new(): %.100s",
krb5_get_err_text(krb_context, problem));
# endif
krb5_free_error_message(krb_context, errmsg);
return;
}
#else
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("ssh_krb5_cc_gen(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
return;
}
#endif /* #ifdef HEIMDAL */
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_parse_name(): %.100s", errmsg);
krb5_free_error_message(krb_context, errmsg);
krb5_cc_destroy(krb_context, ccache);
return;
}
@@ -166,7 +182,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
}
client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
client->store.envvar = __UNCONST("KRB5CCNAME");
client->store.envvar = "KRB5CCNAME";
len = strlen(client->store.filename) + 6;
client->store.envval = xmalloc(len);
snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
@@ -184,7 +200,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
ssh_gssapi_mech gssapi_kerberos_mech = {
"toWM5Slw5Ew8Mqkay+al2g==",
"Kerberos",
{9, __UNCONST("\x2A\x86\x48\x86\xF7\x12\x01\x02\x02")},
{9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
NULL,
&ssh_gssapi_krb5_userok,
NULL,

12
crypto/external/bsd/openssh/dist/gss-serv.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */
/*
@@ -26,19 +25,16 @@
*/
#include "includes.h"
__RCSID("$NetBSD: gss-serv.c,v 1.8 2015/07/03 01:00:00 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/queue.h>
#ifdef GSSAPI
#include <sys/types.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <limits.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"

2
crypto/external/bsd/openssh/dist/hash.c vendored
View File

@@ -7,8 +7,8 @@
D. J. Bernstein
Public domain.
*/
#include "includes.h"
__RCSID("$NetBSD: hash.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
#include "crypto_api.h"

2
crypto/external/bsd/openssh/dist/hmac.c vendored
View File

@@ -14,8 +14,8 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
__RCSID("$NetBSD: hmac.c,v 1.4 2015/07/03 01:00:00 christos Exp $");
#include <sys/types.h>
#include <string.h>

5
crypto/external/bsd/openssh/dist/hostfile.c vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $ */
/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,7 +37,7 @@
*/
#include "includes.h"
__RCSID("$NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -46,11 +45,11 @@ __RCSID("$NetBSD: hostfile.c,v 1.8 2015/07/03 01:00:00 christos Exp $");
#include <errno.h>
#include <resolv.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
#include <unistd.h>
#include "xmalloc.h"

1
crypto/external/bsd/openssh/dist/hostfile.h vendored
View File

@@ -1,4 +1,3 @@
/* $NetBSD: hostfile.h,v 1.7 2015/04/03 23:58:19 christos Exp $ */
/* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */
/*

187
crypto/external/bsd/openssh/dist/includes.h vendored
View File

@@ -1,9 +1,182 @@
/* $NetBSD: includes.h,v 1.4 2015/04/03 23:58:19 christos Exp $ */
#include <sys/cdefs.h>
#ifndef __OpenBSD__
#define __bounded__(a, b, c)
#define explicit_bzero(a, b) explicit_memset((a), 0, (b))
#define timingsafe_bcmp(a, b, c) (!consttime_memequal((a), (b), (c)))
/* $OpenBSD: includes.h,v 1.54 2006/07/22 20:48:23 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* This file includes most of the needed system headers.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef INCLUDES_H
#define INCLUDES_H
#include "config.h"
#ifndef _GNU_SOURCE
#define _GNU_SOURCE /* activate extra prototypes for glibc */
#endif
#include "namespace.h"
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h> /* For CMSG_* */
#ifdef HAVE_LIMITS_H
# include <limits.h> /* For PATH_MAX, _POSIX_HOST_NAME_MAX */
#endif
#ifdef HAVE_BSTRING_H
# include <bstring.h>
#endif
#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \
defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \
defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \
!defined(BROKEN_GLOB)
# include <glob.h>
#endif
#ifdef HAVE_ENDIAN_H
# include <endian.h>
#endif
#ifdef HAVE_TTYENT_H
# include <ttyent.h>
#endif
#ifdef HAVE_UTIME_H
# include <utime.h>
#endif
#ifdef HAVE_MAILLOCK_H
# include <maillock.h> /* For _PATH_MAILDIR */
#endif
#ifdef HAVE_NEXT
# include <libc.h>
#endif
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
/*
*-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
*/
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif
#ifdef HAVE_LOGIN_H
# include <login.h>
#endif
#ifdef HAVE_UTMP_H
# include <utmp.h>
#endif
#ifdef HAVE_UTMPX_H
# include <utmpx.h>
#endif
#ifdef HAVE_LASTLOG_H
# include <lastlog.h>
#endif
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
#ifdef HAVE_SYS_BSDTTY_H
# include <sys/bsdtty.h>
#endif
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
#include <termios.h>
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h> /* For u_intXX_t */
#endif
#ifdef HAVE_SYS_CDEFS_H
# include <sys/cdefs.h> /* For __P() */
#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h> /* For S_* constants and macros */
#endif
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* For MIN, MAX, etc */
#endif
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h> /* for MAP_ANONYMOUS */
#endif
#ifdef HAVE_SYS_STRTIO_H
#include <sys/strtio.h> /* for TIOCCBRK on HP-UX */
#endif
#if defined(HAVE_SYS_PTMS_H) && defined(HAVE_DEV_PTMX)
# if defined(HAVE_SYS_STREAM_H)
# include <sys/stream.h> /* reqd for queue_t on Solaris 2.5.1 */
# endif
#include <sys/ptms.h> /* for grantpt() and friends */
#endif
#include <netinet/in.h>
#include <netinet/in_systm.h> /* For typedefs */
#ifdef HAVE_RPC_TYPES_H
# include <rpc/types.h> /* For INADDR_LOOPBACK */
#endif
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
# include <security/pam_appl.h>
#elif defined (HAVE_PAM_PAM_APPL_H)
# include <pam/pam_appl.h>
#endif
#endif
#ifdef HAVE_READPASSPHRASE_H
# include <readpassphrase.h>
#endif
#ifdef HAVE_IA_H
# include <ia.h>
#endif
#ifdef HAVE_IAF_H
# include <iaf.h>
#endif
#ifdef HAVE_TMPDIR_H
# include <tmpdir.h>
#endif
#if defined(HAVE_BSD_LIBUTIL_H)
# include <bsd/libutil.h>
#elif defined(HAVE_LIBUTIL_H)
# include <libutil.h>
#endif
#if defined(KRB5) && defined(USE_AFS)
# include <krb5.h>
# include <kafs.h>
#endif
#if defined(HAVE_SYS_SYSLOG_H)
# include <sys/syslog.h>
#endif
#include <errno.h>
/*
* On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
* of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
*/
#ifdef GETSPNAM_CONFLICTING_DEFS
# ifdef _INCLUDE__STDC__
# undef _INCLUDE__STDC__
# endif
#endif
#ifdef WITH_OPENSSL
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
#endif
#include "defines.h"
#include "platform.h"
#include "openbsd-compat/openbsd-compat.h"
#include "openbsd-compat/bsd-nextstep.h"
#include "entropy.h"
#endif /* INCLUDES_H */

Some files were not shown because too many files have changed in this diff Show More