svn commit: r294693 - in stable/10: . crypto/openssh secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options
Dag-Erling Smørgrav
des at FreeBSD.org
Sun Jan 24 22:28:22 UTC 2016
Author: des
Date: Sun Jan 24 22:28:18 2016
New Revision: 294693
URL: https://svnweb.freebsd.org/changeset/base/294693
Log:
MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)
Remove the HPN and None cipher patches.
Deleted:
stable/10/crypto/openssh/README.hpn
stable/10/tools/build/options/WITH_OPENSSH_NONE_CIPHER
Modified:
stable/10/UPDATING
stable/10/crypto/openssh/auth-pam.c (contents, props changed)
stable/10/crypto/openssh/auth2-chall.c (contents, props changed)
stable/10/crypto/openssh/bufaux.c (contents, props changed)
stable/10/crypto/openssh/buffer.c (contents, props changed)
stable/10/crypto/openssh/buffer.h (contents, props changed)
stable/10/crypto/openssh/channels.c (contents, props changed)
stable/10/crypto/openssh/channels.h (contents, props changed)
stable/10/crypto/openssh/cipher.c (contents, props changed)
stable/10/crypto/openssh/clientloop.c (contents, props changed)
stable/10/crypto/openssh/compat.c (contents, props changed)
stable/10/crypto/openssh/compat.h (contents, props changed)
stable/10/crypto/openssh/configure.ac (contents, props changed)
stable/10/crypto/openssh/digest-libc.c (contents, props changed)
stable/10/crypto/openssh/freebsd-post-merge.sh (contents, props changed)
stable/10/crypto/openssh/freebsd-pre-merge.sh (contents, props changed)
stable/10/crypto/openssh/kex.c (contents, props changed)
stable/10/crypto/openssh/kex.h (contents, props changed)
stable/10/crypto/openssh/misc.c (contents, props changed)
stable/10/crypto/openssh/misc.h (contents, props changed)
stable/10/crypto/openssh/monitor.c (contents, props changed)
stable/10/crypto/openssh/monitor_wrap.c (contents, props changed)
stable/10/crypto/openssh/myproposal.h
stable/10/crypto/openssh/packet.c
stable/10/crypto/openssh/packet.h (contents, props changed)
stable/10/crypto/openssh/readconf.c
stable/10/crypto/openssh/readconf.h
stable/10/crypto/openssh/servconf.c
stable/10/crypto/openssh/servconf.h (contents, props changed)
stable/10/crypto/openssh/serverloop.c (contents, props changed)
stable/10/crypto/openssh/session.c
stable/10/crypto/openssh/sftp.1 (contents, props changed)
stable/10/crypto/openssh/sftp.c (contents, props changed)
stable/10/crypto/openssh/ssh-agent.1
stable/10/crypto/openssh/ssh.c
stable/10/crypto/openssh/ssh_config (contents, props changed)
stable/10/crypto/openssh/ssh_config.5
stable/10/crypto/openssh/ssh_namespace.h
stable/10/crypto/openssh/sshconnect.c
stable/10/crypto/openssh/sshconnect2.c (contents, props changed)
stable/10/crypto/openssh/sshd.c
stable/10/crypto/openssh/sshd_config (contents, props changed)
stable/10/crypto/openssh/sshd_config.5
stable/10/crypto/openssh/version.h
stable/10/secure/lib/libssh/Makefile
stable/10/secure/usr.bin/ssh/Makefile
stable/10/secure/usr.sbin/sshd/Makefile
stable/10/share/mk/bsd.own.mk
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/UPDATING
==============================================================================
--- stable/10/UPDATING Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/UPDATING Sun Jan 24 22:28:18 2016 (r294693)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160124:
+ The NONE and HPN patches has been removed from OpenSSH. They are
+ still available in the security/openssh-portable port.
+
20151214:
r292223 changed the internal interface between the nfsd.ko and
nfscommon.ko modules. As such, they must both be upgraded to-gether.
Modified: stable/10/crypto/openssh/auth-pam.c
==============================================================================
--- stable/10/crypto/openssh/auth-pam.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/auth-pam.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -45,7 +45,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* Based on $FreeBSD$ */
+/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
#include <sys/types.h>
Modified: stable/10/crypto/openssh/auth2-chall.c
==============================================================================
--- stable/10/crypto/openssh/auth2-chall.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/auth2-chall.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -25,7 +25,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
Modified: stable/10/crypto/openssh/bufaux.c
==============================================================================
--- stable/10/crypto/openssh/bufaux.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/bufaux.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -38,7 +38,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
Modified: stable/10/crypto/openssh/buffer.c
==============================================================================
--- stable/10/crypto/openssh/buffer.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/buffer.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -13,7 +13,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/param.h>
@@ -27,7 +26,7 @@ __RCSID("$FreeBSD$");
#include "log.h"
#define BUFFER_MAX_CHUNK 0x100000
-#define BUFFER_MAX_LEN 0x4000000 /* 64MB */
+#define BUFFER_MAX_LEN 0xa00000
#define BUFFER_ALLOCSZ 0x008000
/* Initializes the buffer structure. */
@@ -167,13 +166,6 @@ buffer_len(const Buffer *buffer)
return buffer->end - buffer->offset;
}
-/* Returns the maximum number of bytes of data that may be in the buffer. */
-u_int
-buffer_get_max_len(void)
-{
- return (BUFFER_MAX_LEN);
-}
-
/* Gets data from the beginning of the buffer. */
int
Modified: stable/10/crypto/openssh/buffer.h
==============================================================================
--- stable/10/crypto/openssh/buffer.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/buffer.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -47,8 +46,6 @@ int buffer_get_ret(Buffer *, void *, u_
int buffer_consume_ret(Buffer *, u_int);
int buffer_consume_end_ret(Buffer *, u_int);
-u_int buffer_get_max_len(void);
-
#include <openssl/bn.h>
void buffer_put_bignum(Buffer *, const BIGNUM *);
Modified: stable/10/crypto/openssh/channels.c
==============================================================================
--- stable/10/crypto/openssh/channels.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/channels.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -40,7 +40,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -174,11 +173,6 @@ static void port_open_helper(Channel *c,
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
-/* -- HPN */
-
-static int hpn_disabled = 0;
-static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
-
/* -- channel core */
Channel *
@@ -325,7 +319,6 @@ channel_new(char *ctype, int type, int r
c->self = found;
c->type = type;
c->ctype = ctype;
- c->dynamic_window = 0;
c->local_window = window;
c->local_window_max = window;
c->local_consumed = 0;
@@ -826,45 +819,10 @@ channel_pre_open_13(Channel *c, fd_set *
FD_SET(c->sock, writeset);
}
-static u_int
-channel_tcpwinsz(void)
-{
- u_int32_t tcpwinsz;
- socklen_t optsz;
- int ret, sd;
- u_int maxlen;
-
- /* If we are not on a socket return 128KB. */
- if (!packet_connection_is_on_socket())
- return (128 * 1024);
-
- tcpwinsz = 0;
- optsz = sizeof(tcpwinsz);
- sd = packet_get_connection_in();
- ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-
- /* Return no more than the maximum buffer size. */
- maxlen = buffer_get_max_len();
- if ((ret == 0) && tcpwinsz > maxlen)
- tcpwinsz = maxlen;
- /* In case getsockopt() failed return a minimum. */
- if (tcpwinsz == 0)
- tcpwinsz = CHAN_TCP_WINDOW_DEFAULT;
- debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd);
- return (tcpwinsz);
-}
-
static void
channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
{
- u_int limit;
-
- /* Check buffer limits. */
- if (!c->tcpwinsz || c->dynamic_window > 0)
- c->tcpwinsz = channel_tcpwinsz();
-
- limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(),
- 2 * c->tcpwinsz);
+ u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
@@ -1857,25 +1815,14 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
- u_int addition = 0;
-
- /* Adjust max window size if we are in a dynamic environment. */
- if (c->dynamic_window && c->tcpwinsz > c->local_window_max) {
- /*
- * Grow the window somewhat aggressively to maintain
- * pressure.
- */
- addition = 1.5 * (c->tcpwinsz - c->local_window_max);
- c->local_window_max += addition;
- }
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
packet_put_int(c->remote_id);
- packet_put_int(c->local_consumed + addition);
+ packet_put_int(c->local_consumed);
packet_send();
debug2("channel %d: window %d sent adjust %d",
c->self, c->local_window,
c->local_consumed);
- c->local_window += c->local_consumed + addition;
+ c->local_window += c->local_consumed;
c->local_consumed = 0;
}
return 1;
@@ -2739,14 +2686,6 @@ channel_set_af(int af)
IPv4or6 = af;
}
-void
-channel_set_hpn(int disabled, u_int buf_size)
-{
- hpn_disabled = disabled;
- buffer_size = buf_size;
- debug("HPN Disabled: %d, HPN Buffer Size: %d",
- hpn_disabled, buffer_size);
-}
/*
* Determine whether or not a port forward listens to loopback, the
@@ -2924,18 +2863,10 @@ channel_setup_fwd_listener(int type, con
*allocated_listen_port);
}
- /*
- * Allocate a channel number for the socket. Explicitly test
- * for hpn disabled option. If true use smaller window size.
- */
- if (hpn_disabled)
- c = channel_new("port listener", type, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, "port listener", 1);
- else
- c = channel_new("port listener", type, sock, sock, -1,
- buffer_size, CHAN_TCP_PACKET_DEFAULT,
- 0, "port listener", 1);
+ /* Allocate a channel number for the socket. */
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
c->path = xstrdup(host);
c->host_port = port_to_connect;
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@@ -3583,16 +3514,10 @@ x11_create_display_inet(int x11_display_
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
- if (hpn_disabled)
- nc = channel_new("x11 listener",
- SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, "X11 inet listener", 1);
- else
- nc = channel_new("x11 listener",
- SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
- buffer_size, CHAN_X11_PACKET_DEFAULT,
- 0, "X11 inet listener", 1);
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
nc->single_connection = single_connection;
(*chanids)[n] = nc->self;
}
Modified: stable/10/crypto/openssh/channels.h
==============================================================================
--- stable/10/crypto/openssh/channels.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/channels.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -133,8 +132,6 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
- u_int tcpwinsz;
- int dynamic_window;
int extended_usage;
int single_connection;
@@ -176,7 +173,6 @@ struct Channel {
#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
-#define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024)
/* possible input states */
#define CHAN_INPUT_OPEN 0
@@ -310,8 +306,4 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
-/* hpn handler */
-
-void channel_set_hpn(int, u_int);
-
#endif
Modified: stable/10/crypto/openssh/cipher.c
==============================================================================
--- stable/10/crypto/openssh/cipher.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/cipher.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -36,7 +36,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
@@ -225,12 +224,7 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
-#ifdef NONE_CIPHER_ENABLED
- if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
- c->number != SSH_CIPHER_NONE)) {
-#else
- if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
-#endif
+ if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
free(cipher_list);
return 0;
@@ -485,9 +479,6 @@ cipher_get_keyiv(CipherContext *cc, u_ch
}
switch (c->number) {
-#ifdef NONE_CIPHER_ENABLED
- case SSH_CIPHER_NONE:
-#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -527,9 +518,6 @@ cipher_set_keyiv(CipherContext *cc, u_ch
return;
switch (c->number) {
-#ifdef NONE_CIPHER_ENABLED
- case SSH_CIPHER_NONE:
-#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
Modified: stable/10/crypto/openssh/clientloop.c
==============================================================================
--- stable/10/crypto/openssh/clientloop.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/clientloop.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -60,7 +60,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -1892,14 +1891,9 @@ client_request_x11(const char *request_t
sock = x11_connect_display();
if (sock < 0)
return NULL;
- if (options.hpn_disabled)
- c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, "x11", 1);
- else
- c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
- options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
- 0, "x11", 1);
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
c->force_drain = 1;
return c;
}
@@ -1919,16 +1913,10 @@ client_request_agent(const char *request
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
- if (options.hpn_disabled)
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- "authentication agent connection", 1);
- else
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
- options.hpn_buffer_size, options.hpn_buffer_size, 0,
- "authentication agent connection", 1);
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ "authentication agent connection", 1);
c->force_drain = 1;
return c;
}
@@ -1955,14 +1943,8 @@ client_request_tun_fwd(int tun_mode, int
return -1;
}
- if (options.hpn_disabled)
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
- 0, "tun", 1);
- else
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
- options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
- 0, "tun", 1);
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
Modified: stable/10/crypto/openssh/compat.c
==============================================================================
--- stable/10/crypto/openssh/compat.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/compat.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -24,7 +24,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
@@ -178,16 +177,6 @@ compat_datafellows(const char *version)
datafellows = check[i].bugs;
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, datafellows);
- /*
- * Check to see if the remote side is OpenSSH and not
- * HPN. It is utterly strange to check it from the
- * version string and expose the option that way.
- */
- if (strstr(version,"OpenSSH") != NULL &&
- strstr(version,"hpn") == NULL) {
- datafellows |= SSH_BUG_LARGEWINDOW;
- debug("Remote is not HPN-aware");
- }
return;
}
}
Modified: stable/10/crypto/openssh/compat.h
==============================================================================
--- stable/10/crypto/openssh/compat.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/compat.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */
-/* $FreeBSD$ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -62,8 +61,6 @@
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000
-#define SSH_BUG_LARGEWINDOW 0x80000000
-
void enable_compat13(void);
void enable_compat20(void);
void compat_datafellows(const char *);
Modified: stable/10/crypto/openssh/configure.ac
==============================================================================
--- stable/10/crypto/openssh/configure.ac Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/configure.ac Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,4 +1,5 @@
# $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $
+# $FreeBSD$
#
# Copyright (c) 1999-2004 Damien Miller
#
Modified: stable/10/crypto/openssh/digest-libc.c
==============================================================================
--- stable/10/crypto/openssh/digest-libc.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/digest-libc.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -17,7 +17,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <limits.h>
Modified: stable/10/crypto/openssh/freebsd-post-merge.sh
==============================================================================
--- stable/10/crypto/openssh/freebsd-post-merge.sh Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/freebsd-post-merge.sh Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: stable/10/crypto/openssh/freebsd-post-merge.sh 263691 2014-03-24 19:15:13Z des $
+# $FreeBSD$
#
xargs perl -n -i -e '
Modified: stable/10/crypto/openssh/freebsd-pre-merge.sh
==============================================================================
--- stable/10/crypto/openssh/freebsd-pre-merge.sh Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/freebsd-pre-merge.sh Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: stable/10/crypto/openssh/freebsd-pre-merge.sh 263691 2014-03-24 19:15:13Z des $
+# $FreeBSD$
#
:>keywords
Modified: stable/10/crypto/openssh/kex.c
==============================================================================
--- stable/10/crypto/openssh/kex.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/kex.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -24,7 +24,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/param.h>
@@ -146,13 +145,8 @@ kex_names_valid(const char *names)
return 1;
}
-/* put algorithm proposal into buffer. */
-#ifndef NONE_CIPHER_ENABLED
+/* put algorithm proposal into buffer */
static void
-#else
-/* Also used in sshconnect2.c. */
-void
-#endif
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int i;
@@ -466,9 +460,6 @@ kex_choose_conf(Kex *kex)
int nenc, nmac, ncomp;
u_int mode, ctos, need, dh_need, authlen;
int first_kex_follows, type;
-#ifdef NONE_CIPHER_ENABLED
- int auth_flag;
-#endif
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -492,10 +483,6 @@ kex_choose_conf(Kex *kex)
}
/* Algorithm Negotiation */
-#ifdef NONE_CIPHER_ENABLED
- auth_flag = packet_get_authentication_state();
- debug ("AUTH STATE is %d", auth_flag);
-#endif
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
@@ -510,17 +497,6 @@ kex_choose_conf(Kex *kex)
if (authlen == 0)
choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
-#ifdef NONE_CIPHER_ENABLED
- debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
- if (strcmp(newkeys->enc.name, "none") == 0) {
- debug("Requesting NONE. Authflag is %d", auth_flag);
- if (auth_flag == 1)
- debug("None requested post authentication.");
- else
- fatal("Pre-authentication none cipher requests "
- "are not allowed.");
- }
-#endif
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
Modified: stable/10/crypto/openssh/kex.h
==============================================================================
--- stable/10/crypto/openssh/kex.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/kex.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
-/* $FreeBSD$ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -149,10 +148,6 @@ struct Kex {
int kex_names_valid(const char *);
char *kex_alg_list(char);
-#ifdef NONE_CIPHER_ENABLED
-void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
-#endif
-
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
Modified: stable/10/crypto/openssh/misc.c
==============================================================================
--- stable/10/crypto/openssh/misc.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/misc.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -25,7 +25,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -1037,34 +1036,3 @@ sock_set_v6only(int s)
error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
#endif
}
-
-void
-sock_get_rcvbuf(int *size, int rcvbuf)
-{
- int sock, socksize;
- socklen_t socksizelen = sizeof(socksize);
-
- /*
- * Create a socket but do not connect it. We use it
- * only to get the rcv socket size.
- */
- sock = socket(AF_INET6, SOCK_STREAM, 0);
- if (sock < 0)
- sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0)
- return;
-
- /*
- * If the tcp_rcv_buf option is set and passed in, attempt to set the
- * buffer size to its value.
- */
- if (rcvbuf)
- setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf,
- sizeof(rcvbuf));
-
- if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
- &socksize, &socksizelen) == 0)
- if (size != NULL)
- *size = socksize;
- close(sock);
-}
Modified: stable/10/crypto/openssh/misc.h
==============================================================================
--- stable/10/crypto/openssh/misc.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/misc.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: misc.h,v 1.50 2013/10/14 23:28:23 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -40,7 +39,6 @@ time_t monotime(void);
void lowercase(char *s);
void sock_set_v6only(int);
-void sock_get_rcvbuf(int *, int);
struct passwd *pwcopy(struct passwd *);
const char *ssh_gai_strerror(int);
Modified: stable/10/crypto/openssh/monitor.c
==============================================================================
--- stable/10/crypto/openssh/monitor.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/monitor.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -26,7 +26,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
Modified: stable/10/crypto/openssh/monitor_wrap.c
==============================================================================
--- stable/10/crypto/openssh/monitor_wrap.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/monitor_wrap.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -26,7 +26,6 @@
*/
#include "includes.h"
-__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/uio.h>
Modified: stable/10/crypto/openssh/myproposal.h
==============================================================================
--- stable/10/crypto/openssh/myproposal.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/myproposal.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -110,10 +110,6 @@
"chacha20-poly1305 at openssh.com," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
-#ifdef NONE_CIPHER_ENABLED
-#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
- ",none"
-#endif
#define KEX_DEFAULT_MAC \
"hmac-md5-etm at openssh.com," \
Modified: stable/10/crypto/openssh/packet.c
==============================================================================
--- stable/10/crypto/openssh/packet.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/packet.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -202,9 +202,6 @@ struct session_state {
};
static struct session_state *active_state, *backup_state;
-#ifdef NONE_CIPHER_ENABLED
-static int rekey_requested = 0;
-#endif
static struct session_state *
alloc_session_state(void)
@@ -1316,7 +1313,6 @@ packet_read_poll2(u_int32_t *seqnr_p)
buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
fatal("Decryption integrity check failed");
cp = buffer_ptr(&active_state->incoming_packet);
-
active_state->packlen = get_u32(cp);
if (active_state->packlen < 1 + 4 ||
active_state->packlen > PACKET_MAX_SIZE) {
@@ -1943,26 +1939,12 @@ packet_send_ignore(int nbytes)
}
}
-#ifdef NONE_CIPHER_ENABLED
-void
-packet_request_rekeying(void)
-{
- rekey_requested = 1;
-}
-#endif
-
#define MAX_PACKETS (1U<<31)
int
packet_need_rekeying(void)
{
if (datafellows & SSH_BUG_NOREKEY)
return 0;
-#ifdef NONE_CIPHER_ENABLED
- if (rekey_requested == 1) {
- rekey_requested = 0;
- return 1;
- }
-#endif
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
@@ -2074,11 +2056,3 @@ packet_restore_state(void)
add_recv_bytes(len);
}
}
-
-#ifdef NONE_CIPHER_ENABLED
-int
-packet_get_authentication_state(void)
-{
- return (active_state->after_authentication);
-}
-#endif
Modified: stable/10/crypto/openssh/packet.h
==============================================================================
--- stable/10/crypto/openssh/packet.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/packet.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -1,5 +1,4 @@
/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
-/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -39,9 +38,6 @@ void packet_set_interactive(int, int
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
-#ifdef NONE_CIPHER_ENABLED
-int packet_get_authentication_state(void);
-#endif
void packet_start(u_char);
void packet_put_char(int ch);
@@ -119,9 +115,6 @@ do { \
} while (0)
int packet_need_rekeying(void);
-#ifdef NONE_CIPHER_ENABLED
-void packet_request_rekeying(void);
-#endif
void packet_set_rekey_limits(u_int32_t, time_t);
time_t packet_get_rekey_timeout(void);
Modified: stable/10/crypto/openssh/readconf.c
==============================================================================
--- stable/10/crypto/openssh/readconf.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/readconf.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -152,12 +152,8 @@ typedef enum {
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
- oIgnoredUnknownOption,
- oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
-#ifdef NONE_CIPHER_ENABLED
- oNoneEnabled, oNoneSwitch,
-#endif
- oVersionAddendum, oDeprecated, oUnsupported
+ oVersionAddendum,
+ oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@@ -270,14 +266,10 @@ static struct {
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
{ "ignoreunknown", oIgnoreUnknown },
- { "hpndisabled", oHPNDisabled },
- { "hpnbuffersize", oHPNBufferSize },
- { "tcprcvbufpoll", oTcpRcvBufPoll },
- { "tcprcvbuf", oTcpRcvBuf },
-#ifdef NONE_CIPHER_ENABLED
- { "noneenabled", oNoneEnabled },
- { "noneswitch", oNoneSwitch },
-#endif
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
+ { "tcprcvbuf", oDeprecated },
{ "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
@@ -1359,47 +1351,6 @@ parse_int:
multistate_ptr = multistate_requesttty;
goto parse_multistate;
- case oHPNDisabled:
- intptr = &options->hpn_disabled;
- goto parse_flag;
-
- case oHPNBufferSize:
- intptr = &options->hpn_buffer_size;
- goto parse_int;
-
- case oTcpRcvBufPoll:
- intptr = &options->tcp_rcv_buf_poll;
- goto parse_flag;
-
- case oTcpRcvBuf:
- intptr = &options->tcp_rcv_buf;
- goto parse_int;
-
-#ifdef NONE_CIPHER_ENABLED
- case oNoneEnabled:
- intptr = &options->none_enabled;
- goto parse_flag;
-
- /*
- * We check to see if the command comes from the command line or not.
- * If it does then enable it otherwise fail. NONE must never be a
- * default configuration.
- */
- case oNoneSwitch:
- if (strcmp(filename,"command-line") == 0) {
- intptr = &options->none_switch;
- goto parse_flag;
- } else {
- debug("NoneSwitch directive found in %.200s.",
- filename);
- error("NoneSwitch is found in %.200s.\n"
- "You may only use this configuration option "
- "from the command line", filename);
- error("Continuing...");
- return 0;
- }
-#endif
-
case oVersionAddendum:
if (s == NULL)
fatal("%.200s line %d: Missing argument.", filename,
@@ -1655,14 +1606,6 @@ initialize_options(Options * options)
options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1;
options->version_addendum = NULL;
- options->hpn_disabled = -1;
- options->hpn_buffer_size = -1;
- options->tcp_rcv_buf_poll = -1;
- options->tcp_rcv_buf = -1;
-#ifdef NONE_CIPHER_ENABLED
- options->none_enabled = -1;
- options->none_switch = -1;
-#endif
}
/*
@@ -1857,36 +1800,6 @@ fill_default_options(Options * options)
/* options->preferred_authentications will be set in ssh */
if (options->version_addendum == NULL)
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
- if (options->hpn_disabled == -1)
- options->hpn_disabled = 0;
- if (options->hpn_buffer_size > -1)
- {
- u_int maxlen;
-
- /* If a user tries to set the size to 0 set it to 1KB. */
- if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1024;
- /* Limit the buffer to BUFFER_MAX_LEN. */
- maxlen = buffer_get_max_len();
- if (options->hpn_buffer_size > (maxlen / 1024)) {
- debug("User requested buffer larger than %ub: %ub. "
- "Request reverted to %ub", maxlen,
- options->hpn_buffer_size * 1024, maxlen);
- options->hpn_buffer_size = maxlen;
- }
- debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
- }
- if (options->tcp_rcv_buf == 0)
- options->tcp_rcv_buf = 1;
- if (options->tcp_rcv_buf > -1)
- options->tcp_rcv_buf *= 1024;
- if (options->tcp_rcv_buf_poll == -1)
- options->tcp_rcv_buf_poll = 1;
-#ifdef NONE_CIPHER_ENABLED
- /* options->none_enabled must not be set by default */
- if (options->none_switch == -1)
- options->none_switch = 0;
-#endif
}
/*
Modified: stable/10/crypto/openssh/readconf.h
==============================================================================
--- stable/10/crypto/openssh/readconf.h Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/readconf.h Sun Jan 24 22:28:18 2016 (r294693)
@@ -154,21 +154,9 @@ typedef struct {
int num_permitted_cnames;
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
- char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
-
char *version_addendum; /* Appended to SSH banner */
- int hpn_disabled; /* Switch to disable HPN buffer management. */
- int hpn_buffer_size; /* User definable size for HPN buffer
- * window. */
- int tcp_rcv_buf_poll; /* Option to poll recv buf every window
- * transfer. */
- int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
-
-#ifdef NONE_CIPHER_ENABLED
- int none_enabled; /* Allow none to be used */
- int none_switch; /* Use none cipher */
-#endif
+ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
#define SSH_CANONICALISE_NO 0
Modified: stable/10/crypto/openssh/servconf.c
==============================================================================
--- stable/10/crypto/openssh/servconf.c Sun Jan 24 22:26:25 2016 (r294692)
+++ stable/10/crypto/openssh/servconf.c Sun Jan 24 22:28:18 2016 (r294693)
@@ -155,12 +155,6 @@ initialize_server_options(ServerOptions
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
- options->hpn_disabled = -1;
- options->hpn_buffer_size = -1;
- options->tcp_rcv_buf_poll = -1;
-#ifdef NONE_CIPHER_ENABLED
- options->none_enabled = -1;
-#endif
}
void
@@ -321,38 +315,6 @@ fill_default_server_options(ServerOption
}
#endif
- if (options->hpn_disabled == -1)
- options->hpn_disabled = 0;
- if (options->hpn_buffer_size == -1) {
- /*
- * HPN buffer size option not explicitly set. Try to figure
- * out what value to use or resort to default.
- */
- options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
- if (!options->hpn_disabled) {
- sock_get_rcvbuf(&options->hpn_buffer_size, 0);
- debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
- }
- } else {
- /*
- * In the case that the user sets both values in a
- * contradictory manner hpn_disabled overrrides hpn_buffer_size.
- */
- if (options->hpn_disabled <= 0) {
- u_int maxlen;
-
- maxlen = buffer_get_max_len();
- if (options->hpn_buffer_size == 0)
- options->hpn_buffer_size = 1;
- /* Limit the maximum buffer to BUFFER_MAX_LEN. */
- if (options->hpn_buffer_size > maxlen / 1024)
- options->hpn_buffer_size = maxlen;
- else
- options->hpn_buffer_size *= 1024;
- } else {
- options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- }
- }
}
/* Keyword tokens. */
@@ -388,10 +350,6 @@ typedef enum {
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent,
- sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
-#ifdef NONE_CIPHER_ENABLED
- sNoneEnabled,
-#endif
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -518,12 +476,10 @@ static struct {
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
- { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
- { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
- { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
-#ifdef NONE_CIPHER_ENABLED
- { "noneenabled", sNoneEnabled, SSHCFG_ALL },
-#endif
+ { "noneenabled", sUnsupported, SSHCFG_ALL },
+ { "hpndisabled", sDeprecated, SSHCFG_ALL },
+ { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
+ { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -1670,24 +1626,6 @@ process_server_config_line(ServerOptions
}
return 0;
- case sHPNDisabled:
- intptr = &options->hpn_disabled;
- goto parse_flag;
-
- case sHPNBufferSize:
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable-10
mailing list