Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge conflicts.
details: https://anonhg.NetBSD.org/src/rev/33a26af15362
branches: trunk
changeset: 356664:33a26af15362
user: christos <christos%NetBSD.org@localhost>
date: Sat Oct 07 19:39:19 2017 +0000
description:
merge conflicts.
diffstat:
crypto/external/bsd/openssh/bin/ssh/Makefile | 5 +-
crypto/external/bsd/openssh/dist/LICENCE | 24 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 8 +-
crypto/external/bsd/openssh/dist/PROTOCOL.agent | 587 +--
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 23 +-
crypto/external/bsd/openssh/dist/auth-options.c | 15 +-
crypto/external/bsd/openssh/dist/auth-options.h | 4 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 23 +-
crypto/external/bsd/openssh/dist/auth.c | 168 +-
crypto/external/bsd/openssh/dist/auth.h | 97 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 41 +-
crypto/external/bsd/openssh/dist/auth2-gss.c | 81 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 115 +-
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 10 +-
crypto/external/bsd/openssh/dist/auth2-krb5.c | 22 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 18 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 36 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 599 +-
crypto/external/bsd/openssh/dist/auth2.c | 177 +-
crypto/external/bsd/openssh/dist/authfd.c | 179 +-
crypto/external/bsd/openssh/dist/authfd.h | 9 +-
crypto/external/bsd/openssh/dist/authfile.c | 120 +-
crypto/external/bsd/openssh/dist/bitmap.c | 11 +-
crypto/external/bsd/openssh/dist/bufbn.c | 43 +-
crypto/external/bsd/openssh/dist/buffer.h | 8 +-
crypto/external/bsd/openssh/dist/channels.c | 4048 +++++++-------
crypto/external/bsd/openssh/dist/channels.h | 231 +-
crypto/external/bsd/openssh/dist/cipher-3des1.c | 156 -
crypto/external/bsd/openssh/dist/cipher-bf1.c | 79 -
crypto/external/bsd/openssh/dist/cipher.c | 328 +-
crypto/external/bsd/openssh/dist/cipher.h | 31 +-
crypto/external/bsd/openssh/dist/clientloop.c | 867 +--
crypto/external/bsd/openssh/dist/clientloop.h | 33 +-
crypto/external/bsd/openssh/dist/compat.c | 38 +-
crypto/external/bsd/openssh/dist/compat.h | 8 +-
crypto/external/bsd/openssh/dist/deattack.c | 170 -
crypto/external/bsd/openssh/dist/deattack.h | 39 -
crypto/external/bsd/openssh/dist/digest-libc.c | 14 +-
crypto/external/bsd/openssh/dist/digest-openssl.c | 5 +-
crypto/external/bsd/openssh/dist/dispatch.c | 25 +-
crypto/external/bsd/openssh/dist/dispatch.h | 16 +-
crypto/external/bsd/openssh/dist/dns.c | 6 +-
crypto/external/bsd/openssh/dist/dns.h | 4 +-
crypto/external/bsd/openssh/dist/gss-serv.c | 15 +-
crypto/external/bsd/openssh/dist/hostfile.c | 37 +-
crypto/external/bsd/openssh/dist/kex.c | 82 +-
crypto/external/bsd/openssh/dist/kex.h | 11 +-
crypto/external/bsd/openssh/dist/kexc25519c.c | 9 +-
crypto/external/bsd/openssh/dist/kexc25519s.c | 12 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 11 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 11 +-
crypto/external/bsd/openssh/dist/kexecdhc.c | 11 +-
crypto/external/bsd/openssh/dist/kexecdhs.c | 12 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 21 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 17 +-
crypto/external/bsd/openssh/dist/key.c | 181 +-
crypto/external/bsd/openssh/dist/key.h | 38 +-
crypto/external/bsd/openssh/dist/krl.c | 6 +-
crypto/external/bsd/openssh/dist/log.c | 39 +-
crypto/external/bsd/openssh/dist/log.h | 6 +-
crypto/external/bsd/openssh/dist/mac.c | 9 +-
crypto/external/bsd/openssh/dist/misc.c | 464 +-
crypto/external/bsd/openssh/dist/misc.h | 24 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 68 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 80 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 70 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 75 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 80 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 73 +
crypto/external/bsd/openssh/dist/monitor.c | 107 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 36 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 18 +-
crypto/external/bsd/openssh/dist/mux.c | 241 +-
crypto/external/bsd/openssh/dist/myproposal.h | 7 +-
crypto/external/bsd/openssh/dist/nchan.c | 369 +-
crypto/external/bsd/openssh/dist/opacket.c | 24 +-
crypto/external/bsd/openssh/dist/opacket.h | 12 +-
crypto/external/bsd/openssh/dist/packet.c | 804 +--
crypto/external/bsd/openssh/dist/packet.h | 20 +-
crypto/external/bsd/openssh/dist/pathnames.h | 6 +-
crypto/external/bsd/openssh/dist/readconf.c | 206 +-
crypto/external/bsd/openssh/dist/readconf.h | 18 +-
crypto/external/bsd/openssh/dist/rsa.c | 188 -
crypto/external/bsd/openssh/dist/rsa.h | 27 -
crypto/external/bsd/openssh/dist/scp.1 | 21 +-
crypto/external/bsd/openssh/dist/scp.c | 45 +-
crypto/external/bsd/openssh/dist/servconf.c | 116 +-
crypto/external/bsd/openssh/dist/servconf.h | 17 +-
crypto/external/bsd/openssh/dist/serverloop.c | 138 +-
crypto/external/bsd/openssh/dist/serverloop.h | 8 +-
crypto/external/bsd/openssh/dist/session.c | 348 +-
crypto/external/bsd/openssh/dist/session.h | 20 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 8 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 30 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 11 +-
crypto/external/bsd/openssh/dist/sftp.1 | 22 +-
crypto/external/bsd/openssh/dist/sftp.c | 66 +-
crypto/external/bsd/openssh/dist/ssh-add.1 | 23 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 116 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 749 +-
crypto/external/bsd/openssh/dist/ssh-gss.h | 5 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 122 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 298 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.1 | 16 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 133 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 11 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 19 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 14 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 50 +-
crypto/external/bsd/openssh/dist/ssh.1 | 94 +-
crypto/external/bsd/openssh/dist/ssh.c | 368 +-
crypto/external/bsd/openssh/dist/ssh.h | 11 +-
crypto/external/bsd/openssh/dist/ssh1.h | 92 -
crypto/external/bsd/openssh/dist/ssh_api.c | 8 +-
crypto/external/bsd/openssh/dist/ssh_config | 12 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 139 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c | 4 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 19 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 3 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 341 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 20 +-
crypto/external/bsd/openssh/dist/sshconnect1.c | 1302 ----
crypto/external/bsd/openssh/dist/sshconnect2.c | 145 +-
crypto/external/bsd/openssh/dist/sshd.8 | 28 +-
crypto/external/bsd/openssh/dist/sshd.c | 83 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 47 +-
crypto/external/bsd/openssh/dist/ssherr.c | 8 +-
crypto/external/bsd/openssh/dist/sshkey.c | 609 +-
crypto/external/bsd/openssh/dist/sshkey.h | 19 +-
crypto/external/bsd/openssh/dist/ttymodes.c | 152 +-
crypto/external/bsd/openssh/dist/ttymodes.h | 23 +-
crypto/external/bsd/openssh/dist/umac.c | 12 +-
crypto/external/bsd/openssh/dist/utf8.c | 10 +-
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/dist/xmalloc.c | 19 +-
crypto/external/bsd/openssh/dist/xmalloc.h | 5 +-
crypto/external/bsd/openssh/lib/Makefile | 6 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
138 files changed, 6868 insertions(+), 11195 deletions(-)
diffs (truncated from 30071 to 300 lines):
diff -r d6f710c10366 -r 33a26af15362 crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile Sat Oct 07 19:38:35 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile Sat Oct 07 19:39:19 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2017/01/28 23:38:48 christos Exp $
+# $NetBSD: Makefile,v 1.12 2017/10/07 19:39:19 christos Exp $
.include <bsd.own.mk>
@@ -6,10 +6,9 @@
PROG= ssh
SRCS= ssh.c readconf.c clientloop.c sshtty.c \
- sshconnect.c sshconnect1.c sshconnect2.c mux.c auth.c
+ sshconnect.c sshconnect2.c mux.c auth.c
COPTS.auth.c= -DHOST_ONLY
-COPTS.sshconnect1.c= -fno-strict-aliasing
COPTS.mux.c= -Wno-pointer-sign
COPTS.sshconnect2.c= -Wno-pointer-sign
diff -r d6f710c10366 -r 33a26af15362 crypto/external/bsd/openssh/dist/LICENCE
--- a/crypto/external/bsd/openssh/dist/LICENCE Sat Oct 07 19:38:35 2017 +0000
+++ b/crypto/external/bsd/openssh/dist/LICENCE Sat Oct 07 19:39:19 2017 +0000
@@ -75,27 +75,6 @@
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
-2)
- The 32-bit CRC compensation attack detector in deattack.c was
- contributed by CORE SDI S.A. under a BSD-style license.
-
- * Cryptographic attack detector for ssh - source code
- *
- * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
- *
- * All rights reserved. Redistribution and use in source and binary
- * forms, with or without modification, are permitted provided that
- * this copyright notice is retained.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
- * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
- * SOFTWARE.
- *
- * Ariel Futoransky <futo%core-sdi.com@localhost>
- * <http://www.core-sdi.com>
-
3)
ssh-keyscan was contributed by David Mazieres under a BSD-style
license.
@@ -203,5 +182,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
------
+$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $
$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $
-$NetBSD: LICENCE,v 1.5 2016/12/25 00:07:46 christos Exp $
+$NetBSD: LICENCE,v 1.6 2017/10/07 19:39:19 christos Exp $
diff -r d6f710c10366 -r 33a26af15362 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Sat Oct 07 19:38:35 2017 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Sat Oct 07 19:39:19 2017 +0000
@@ -33,8 +33,8 @@
http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
-1.3. transport: New public key algorithms "ssh-rsa-cert-v00%openssh.com@localhost",
- "ssh-dsa-cert-v00%openssh.com@localhost",
+1.3. transport: New public key algorithms "ssh-rsa-cert-v01%openssh.com@localhost",
+ "ssh-dsa-cert-v01%openssh.com@localhost",
"ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost",
"ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost" and
"ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost"
@@ -454,5 +454,5 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $
-$NetBSD: PROTOCOL,v 1.9 2016/12/25 00:07:46 christos Exp $
+$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
+$NetBSD: PROTOCOL,v 1.10 2017/10/07 19:39:19 christos Exp $
diff -r d6f710c10366 -r 33a26af15362 crypto/external/bsd/openssh/dist/PROTOCOL.agent
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent Sat Oct 07 19:38:35 2017 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent Sat Oct 07 19:39:19 2017 +0000
@@ -1,583 +1,4 @@
-This describes the protocol used by OpenSSH's ssh-agent.
-
-OpenSSH's agent supports managing keys for the standard SSH protocol
-2 as well as the legacy SSH protocol 1. Support for these key types
-is almost completely disjoint - in all but a few cases, operations on
-protocol 2 keys cannot see or affect protocol 1 keys and vice-versa.
-
-Protocol 1 and protocol 2 keys are separated because of the differing
-cryptographic usage: protocol 1 private RSA keys are used to decrypt
-challenges that were encrypted with the corresponding public key,
-whereas protocol 2 RSA private keys are used to sign challenges with
-a private key for verification with the corresponding public key. It
-is considered unsound practice to use the same key for signing and
-encryption.
-
-With a couple of exceptions, the protocol message names used in this
-document indicate which type of key the message relates to. SSH_*
-messages refer to protocol 1 keys only. SSH2_* messages refer to
-protocol 2 keys. Furthermore, the names also indicate whether the
-message is a request to the agent (*_AGENTC_*) or a reply from the
-agent (*_AGENT_*). Section 3 below contains the mapping of the
-protocol message names to their integer values.
-
-1. Data types
-
-Because of support for legacy SSH protocol 1 keys, OpenSSH's agent
-protocol makes use of some data types not defined in RFC 4251.
-
-1.1 uint16
-
-The "uint16" data type is a simple MSB-first 16 bit unsigned integer
-encoded in two bytes.
-
-1.2 mpint1
-
-The "mpint1" type represents an arbitrary precision integer (bignum).
-Its format is as follows:
-
- uint16 bits
- byte[(bits + 7) / 8] bignum
-
-"bignum" contains an unsigned arbitrary precision integer encoded as
-eight bits per byte in big-endian (MSB first) format.
-
-Note the difference between the "mpint1" encoding and the "mpint"
-encoding defined in RFC 4251. Also note that the length of the encoded
-integer is specified in bits, not bytes and that the byte length of
-the integer must be calculated by rounding up the number of bits to the
-nearest eight.
-
-2. Protocol Messages
-
-All protocol messages are prefixed with their length in bytes, encoded
-as a 32 bit unsigned integer. Specifically:
-
- uint32 message_length
- byte[message_length] message
-
-The following message descriptions refer only to the content the
-"message" field.
-
-2.1 Generic server responses
-
-The following generic messages may be sent by the server in response to
-requests from the client. On success the agent may reply either with:
-
- byte SSH_AGENT_SUCCESS
-
-or a request-specific success message.
-
-On failure, the agent may reply with:
-
- byte SSH_AGENT_FAILURE
-
-SSH_AGENT_FAILURE messages are also sent in reply to unknown request
-types.
-
-2.2 Adding keys to the agent
-
-Keys are added to the agent using the SSH_AGENTC_ADD_RSA_IDENTITY and
-SSH2_AGENTC_ADD_IDENTITY requests for protocol 1 and protocol 2 keys
-respectively.
-
-Two variants of these requests are SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
-and SSH2_AGENTC_ADD_ID_CONSTRAINED - these add keys with optional
-"constraints" on their usage.
-
-OpenSSH may be built with support for keys hosted on a smartcard
-or other hardware security module. These keys may be added
-to the agent using the SSH_AGENTC_ADD_SMARTCARD_KEY and
-SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED requests.
-
-2.2.1 Key constraints
-
-The OpenSSH agent supports some basic optional constraints on key usage.
-At present there are two constraints defined.
-
-The first constraint limits the validity duration of a key. It is
-encoded as:
-
- byte SSH_AGENT_CONSTRAIN_LIFETIME
- uint32 seconds
-
-Where "seconds" contains the number of seconds that the key shall remain
-valid measured from the moment that the agent receives it. After the
-validity period has expired, OpenSSH's agent will erase these keys from
-memory.
-
-The second constraint requires the agent to seek explicit user
-confirmation before performing private key operations with the loaded
-key. This constraint is encoded as:
-
- byte SSH_AGENT_CONSTRAIN_CONFIRM
-
-Zero or more constraints may be specified when adding a key with one
-of the *_CONSTRAINED requests. Multiple constraints are appended
-consecutively to the end of the request:
-
- byte constraint1_type
- .... constraint1_data
- byte constraint2_type
- .... constraint2_data
- ....
- byte constraintN_type
- .... constraintN_data
-
-Such a sequence of zero or more constraints will be referred to below
-as "constraint[]". Agents may determine whether there are constraints
-by checking whether additional data exists in the "add key" request
-after the key data itself. OpenSSH will refuse to add a key if it
-contains unknown constraints.
-
-2.2.2 Add protocol 1 key
-
-A client may add a protocol 1 key to an agent with the following
-request:
-
- byte SSH_AGENTC_ADD_RSA_IDENTITY or
- SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
- uint32 ignored
- mpint1 rsa_n
- mpint1 rsa_e
- mpint1 rsa_d
- mpint1 rsa_iqmp
- mpint1 rsa_q
- mpint1 rsa_p
- string key_comment
- constraint[] key_constraints
-
-Note that there is some redundancy in the key parameters; a key could be
-fully specified using just rsa_q, rsa_p and rsa_e at the cost of extra
-computation.
-
-"key_constraints" may only be present if the request type is
-SSH_AGENTC_ADD_RSA_ID_CONSTRAINED.
-
-The agent will reply with a SSH_AGENT_SUCCESS if the key has been
-successfully added or a SSH_AGENT_FAILURE if an error occurred.
-
-2.2.3 Add protocol 2 key
-
-The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA
-keys may be added using the following request
-
- byte SSH2_AGENTC_ADD_IDENTITY or
- SSH2_AGENTC_ADD_ID_CONSTRAINED
- string "ssh-dss"
- mpint dsa_p
- mpint dsa_q
- mpint dsa_g
- mpint dsa_public_key
- mpint dsa_private_key
- string key_comment
- constraint[] key_constraints
-
-DSA certificates may be added with:
- byte SSH2_AGENTC_ADD_IDENTITY or
- SSH2_AGENTC_ADD_ID_CONSTRAINED
- string "ssh-dss-cert-v00%openssh.com@localhost"
- string certificate
- mpint dsa_private_key
- string key_comment
- constraint[] key_constraints
-
-ECDSA keys may be added using the following request
-
- byte SSH2_AGENTC_ADD_IDENTITY or
- SSH2_AGENTC_ADD_ID_CONSTRAINED
- string "ecdsa-sha2-nistp256" |
- "ecdsa-sha2-nistp384" |
- "ecdsa-sha2-nistp521"
- string ecdsa_curve_name
- string ecdsa_public_key
- mpint ecdsa_private
- string key_comment
- constraint[] key_constraints
-
-ECDSA certificates may be added with:
- byte SSH2_AGENTC_ADD_IDENTITY or
- SSH2_AGENTC_ADD_ID_CONSTRAINED
- string "ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost" |
- "ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost" |
- "ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost"
- string certificate
- mpint ecdsa_private_key
- string key_comment
- constraint[] key_constraints
-
-ED25519 keys may be added using the following request
- byte SSH2_AGENTC_ADD_IDENTITY or
- SSH2_AGENTC_ADD_ID_CONSTRAINED
- string "ssh-ed25519"
- string ed25519_public_key
- string ed25519_private_key || ed25519_public_key
Home |
Main Index |
Thread Index |
Old Index