Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh - remove some more jpake remnants.
details: https://anonhg.NetBSD.org/src/rev/27d0d7103a96
branches: trunk
changeset: 333126:27d0d7103a96
user: christos <christos%NetBSD.org@localhost>
date: Mon Oct 20 03:05:13 2014 +0000
description:
- remove some more jpake remnants.
- try to fix umac; probably still broken on hosts that require strict
alignment, but it is still a start.
diffstat:
crypto/external/bsd/openssh/dist/auth.h | 3 +-
crypto/external/bsd/openssh/dist/compat.c | 5 +-
crypto/external/bsd/openssh/dist/mac.c | 15 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 166 +-----------------------
crypto/external/bsd/openssh/dist/monitor_wrap.h | 21 +--
crypto/external/bsd/openssh/dist/packet.c | 5 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 80 +-----------
crypto/external/bsd/openssh/dist/umac.c | 65 +++++----
crypto/external/bsd/openssh/dist/umac128.c | 6 +
crypto/external/bsd/openssh/lib/Makefile | 5 +-
10 files changed, 61 insertions(+), 310 deletions(-)
diffs (truncated from 649 to 300 lines):
diff -r 81e2e1a51349 -r 27d0d7103a96 crypto/external/bsd/openssh/dist/auth.h
--- a/crypto/external/bsd/openssh/dist/auth.h Sun Oct 19 23:18:22 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.h Mon Oct 20 03:05:13 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.h,v 1.8 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: auth.h,v 1.9 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
/*
@@ -62,7 +62,6 @@
char *style;
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
- void *jpake_ctx;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
diff -r 81e2e1a51349 -r 27d0d7103a96 crypto/external/bsd/openssh/dist/compat.c
--- a/crypto/external/bsd/openssh/dist/compat.c Sun Oct 19 23:18:22 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/compat.c Mon Oct 20 03:05:13 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: compat.c,v 1.85 2014/04/20 02:49:32 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <stdlib.h>
@@ -179,6 +179,7 @@
if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
datafellows = check[i].bugs;
+ /* Check to see if the remote side is OpenSSH and not HPN */
if(strstr(version,"OpenSSH") != NULL)
{
if (strstr(version,"hpn") == NULL)
diff -r 81e2e1a51349 -r 27d0d7103a96 crypto/external/bsd/openssh/dist/mac.c
--- a/crypto/external/bsd/openssh/dist/mac.c Sun Oct 19 23:18:22 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/mac.c Mon Oct 20 03:05:13 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <openssl/hmac.h>
@@ -153,14 +153,12 @@
ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
return -1;
return 0;
-#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key);
return 0;
case SSH_UMAC128:
mac->umac_ctx = umac128_new(mac->key);
return 0;
-#endif
default:
return -1;
}
@@ -174,9 +172,7 @@
u_int64_t for_align;
} u;
u_char b[4];
-#ifdef UMAC_HAS_BEEN_UNBROKEN
u_char nonce[8];
-#endif
if (mac->mac_len > sizeof(u))
fatal("mac_compute: mac too long %u %zu",
@@ -192,7 +188,6 @@
ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
fatal("ssh_hmac failed");
break;
-#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
put_u64(nonce, seqno);
umac_update(mac->umac_ctx, data, datalen);
@@ -203,7 +198,6 @@
umac128_update(mac->umac_ctx, data, datalen);
umac128_final(mac->umac_ctx, u.m, nonce);
break;
-#endif
default:
fatal("mac_compute: unknown MAC type");
}
@@ -213,16 +207,13 @@
void
mac_clear(Mac *mac)
{
-#ifdef UMAC_HAS_BEEN_UNBROKEN
if (mac->type == SSH_UMAC) {
if (mac->umac_ctx != NULL)
umac_delete(mac->umac_ctx);
} else if (mac->type == SSH_UMAC128) {
if (mac->umac_ctx != NULL)
umac128_delete(mac->umac_ctx);
- } else
-#endif
- if (mac->hmac_ctx != NULL)
+ } else if (mac->hmac_ctx != NULL)
ssh_hmac_free(mac->hmac_ctx);
mac->hmac_ctx = NULL;
mac->umac_ctx = NULL;
diff -r 81e2e1a51349 -r 27d0d7103a96 crypto/external/bsd/openssh/dist/monitor_wrap.c
--- a/crypto/external/bsd/openssh/dist/monitor_wrap.c Sun Oct 19 23:18:22 2014 +0000
+++ b/crypto/external/bsd/openssh/dist/monitor_wrap.c Mon Oct 20 03:05:13 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/queue.h>
@@ -1268,168 +1268,6 @@
}
#endif /* GSSAPI */
-#ifdef JPAKE
-void
-mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
- char **hash_scheme, char **salt)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_GET_PWDATA, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_GET_PWDATA, &m);
-
- *hash_scheme = buffer_get_string(&m, NULL);
- *salt = buffer_get_string(&m, NULL);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step1(struct modp_group *grp,
- u_char **id, u_int *id_len,
- BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
- u_char **priv1_proof, u_int *priv1_proof_len,
- u_char **priv2_proof, u_int *priv2_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP1, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP1, &m);
-
- if ((*priv1 = BN_new()) == NULL ||
- (*priv2 = BN_new()) == NULL ||
- (*g_priv1 = BN_new()) == NULL ||
- (*g_priv2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- *id = buffer_get_string(&m, id_len);
- /* priv1 and priv2 are, well, private */
- buffer_get_bignum2(&m, *g_priv1);
- buffer_get_bignum2(&m, *g_priv2);
- *priv1_proof = buffer_get_string(&m, priv1_proof_len);
- *priv2_proof = buffer_get_string(&m, priv2_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
- BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
- const u_char *theirid, u_int theirid_len,
- const u_char *myid, u_int myid_len,
- const u_char *theirpub1_proof, u_int theirpub1_proof_len,
- const u_char *theirpub2_proof, u_int theirpub2_proof_len,
- BIGNUM **newpub,
- u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except theirpub1, theirpub2 */
- buffer_put_bignum2(&m, theirpub1);
- buffer_put_bignum2(&m, theirpub2);
- /* monitor already knows our id */
- buffer_put_string(&m, theirid, theirid_len);
- buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
- buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP2, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP2, &m);
-
- if ((*newpub = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- buffer_get_bignum2(&m, *newpub);
- *newpub_exponent_proof = buffer_get_string(&m,
- newpub_exponent_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
- BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
- BIGNUM *theirpub1, BIGNUM *theirpub2,
- const u_char *my_id, u_int my_id_len,
- const u_char *their_id, u_int their_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
- BIGNUM **k,
- u_char **confirm_hash, u_int *confirm_hash_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except step2_val */
- buffer_put_bignum2(&m, step2_val);
- /* monitor already knows all the ids */
- buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
-
- /* 'k' is sensitive and stays in the monitor */
- *confirm_hash = buffer_get_string(&m, confirm_hash_len);
-
- buffer_free(&m);
-}
-
-int
-mm_jpake_check_confirm(const BIGNUM *k,
- const u_char *peer_id, u_int peer_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
-{
- Buffer m;
- int success = 0;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* k is dummy in slave, ignored */
- /* monitor knows all the ids */
- buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
-
- success = buffer_get_int(&m);
- buffer_free(&m);
-
- debug3("%s: success = %d", __func__, success);
Home |
Main Index |
Thread Index |
Old Index