Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge conflicts.
details: https://anonhg.NetBSD.org/src/rev/b5be687e25ee
branches: trunk
changeset: 450617:b5be687e25ee
user: christos <christos%NetBSD.org@localhost>
date: Sat Apr 20 17:16:40 2019 +0000
description:
merge conflicts.
diffstat:
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile | 4 +-
crypto/external/bsd/openssh/bin/sshd/Makefile | 4 +-
crypto/external/bsd/openssh/dist/OVERVIEW | 9 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 11 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 5 +-
crypto/external/bsd/openssh/dist/PROTOCOL.mux | 146 +-
crypto/external/bsd/openssh/dist/atomicio.c | 25 +-
crypto/external/bsd/openssh/dist/atomicio.h | 6 +-
crypto/external/bsd/openssh/dist/auth-krb5.c | 9 +-
crypto/external/bsd/openssh/dist/auth-options.c | 22 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 62 +-
crypto/external/bsd/openssh/dist/auth-pam.h | 4 +-
crypto/external/bsd/openssh/dist/auth.c | 56 +-
crypto/external/bsd/openssh/dist/auth.h | 26 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 24 +-
crypto/external/bsd/openssh/dist/auth2-krb5.c | 6 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 33 +-
crypto/external/bsd/openssh/dist/auth2.c | 139 +-
crypto/external/bsd/openssh/dist/authfd.c | 17 +-
crypto/external/bsd/openssh/dist/authfd.h | 2 +-
crypto/external/bsd/openssh/dist/authfile.c | 19 +-
crypto/external/bsd/openssh/dist/channels.c | 160 +-
crypto/external/bsd/openssh/dist/channels.h | 5 +-
crypto/external/bsd/openssh/dist/cipher.c | 16 +-
crypto/external/bsd/openssh/dist/cipher.h | 8 +-
crypto/external/bsd/openssh/dist/clientloop.c | 393 +-
crypto/external/bsd/openssh/dist/crypto_api.h | 20 +-
crypto/external/bsd/openssh/dist/dh.c | 95 +-
crypto/external/bsd/openssh/dist/dh.h | 6 +-
crypto/external/bsd/openssh/dist/digest-openssl.c | 22 +-
crypto/external/bsd/openssh/dist/dispatch.c | 10 +-
crypto/external/bsd/openssh/dist/dispatch.h | 11 +-
crypto/external/bsd/openssh/dist/groupaccess.c | 9 +-
crypto/external/bsd/openssh/dist/kex.c | 356 ++-
crypto/external/bsd/openssh/dist/kex.h | 83 +-
crypto/external/bsd/openssh/dist/kexc25519.c | 188 +-
crypto/external/bsd/openssh/dist/kexc25519c.c | 169 -
crypto/external/bsd/openssh/dist/kexc25519s.c | 159 -
crypto/external/bsd/openssh/dist/kexdh.c | 206 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 224 -
crypto/external/bsd/openssh/dist/kexdhs.c | 232 -
crypto/external/bsd/openssh/dist/kexecdh.c | 215 +-
crypto/external/bsd/openssh/dist/kexecdhc.c | 219 -
crypto/external/bsd/openssh/dist/kexecdhs.c | 200 -
crypto/external/bsd/openssh/dist/kexgen.c | 3 +
crypto/external/bsd/openssh/dist/kexgex.c | 34 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 143 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 157 +-
crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c | 3 +
crypto/external/bsd/openssh/dist/krl.c | 130 +-
crypto/external/bsd/openssh/dist/krl.h | 8 +-
crypto/external/bsd/openssh/dist/match.c | 15 +-
crypto/external/bsd/openssh/dist/match.h | 5 +-
crypto/external/bsd/openssh/dist/misc.c | 127 +-
crypto/external/bsd/openssh/dist/misc.h | 14 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 155 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 138 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 134 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 142 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 138 +-
crypto/external/bsd/openssh/dist/moduli.c | 25 +-
crypto/external/bsd/openssh/dist/monitor.c | 268 +-
crypto/external/bsd/openssh/dist/monitor.h | 15 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 31 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 20 +-
crypto/external/bsd/openssh/dist/mux.c | 106 +-
crypto/external/bsd/openssh/dist/myproposal.h | 27 +-
crypto/external/bsd/openssh/dist/namespace.h | 2 +-
crypto/external/bsd/openssh/dist/nchan.c | 75 +-
crypto/external/bsd/openssh/dist/opacket.c | 303 --
crypto/external/bsd/openssh/dist/opacket.h | 158 -
crypto/external/bsd/openssh/dist/packet.c | 118 +-
crypto/external/bsd/openssh/dist/packet.h | 16 +-
crypto/external/bsd/openssh/dist/pfilter.c | 11 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 64 +-
crypto/external/bsd/openssh/dist/progressmeter.h | 5 +-
crypto/external/bsd/openssh/dist/readconf.c | 106 +-
crypto/external/bsd/openssh/dist/readconf.h | 9 +-
crypto/external/bsd/openssh/dist/readpass.c | 20 +-
crypto/external/bsd/openssh/dist/scp.1 | 33 +-
crypto/external/bsd/openssh/dist/scp.c | 318 ++-
crypto/external/bsd/openssh/dist/servconf.c | 101 +-
crypto/external/bsd/openssh/dist/servconf.h | 11 +-
crypto/external/bsd/openssh/dist/serverloop.c | 381 +-
crypto/external/bsd/openssh/dist/session.c | 244 +-
crypto/external/bsd/openssh/dist/session.h | 5 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 63 +-
crypto/external/bsd/openssh/dist/sftp-client.h | 7 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 6 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 84 +-
crypto/external/bsd/openssh/dist/sftp.1 | 57 +-
crypto/external/bsd/openssh/dist/sftp.c | 122 +-
crypto/external/bsd/openssh/dist/sntrup4591761.c | 3 +
crypto/external/bsd/openssh/dist/ssh-add.1 | 25 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 128 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 29 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 41 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 46 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 71 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 412 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 28 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 169 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 | 29 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 105 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 1628 ++++++++++--
crypto/external/bsd/openssh/dist/ssh-pkcs11.h | 20 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 68 +-
crypto/external/bsd/openssh/dist/ssh.1 | 77 +-
crypto/external/bsd/openssh/dist/ssh.c | 139 +-
crypto/external/bsd/openssh/dist/ssh.h | 8 +-
crypto/external/bsd/openssh/dist/ssh2.h | 2 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 174 +-
crypto/external/bsd/openssh/dist/ssh_config | 5 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 75 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c | 65 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 19 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 9 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 299 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 18 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 445 +-
crypto/external/bsd/openssh/dist/sshd.c | 443 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 21 +-
crypto/external/bsd/openssh/dist/sshkey.c | 1122 +++-----
crypto/external/bsd/openssh/dist/sshkey.h | 13 +-
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/lib/Makefile | 28 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
128 files changed, 7378 insertions(+), 6200 deletions(-)
diffs (truncated from 23189 to 300 lines):
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Sat Apr 20 17:16:40 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.2 2015/04/03 23:58:19 christos Exp $
+# $NetBSD: Makefile,v 1.3 2019/04/20 17:16:40 christos Exp $
BINDIR= /usr/bin
PROG= ssh-keyscan
-SRCS= ssh-keyscan.c ssh_api.c kexdhs.c kexgexs.c kexecdhs.c
+SRCS= ssh-keyscan.c ssh_api.c kexgexs.c
MAN= ssh-keyscan.1
.include <bsd.prog.mk>
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Sat Apr 20 17:16:40 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.16 2018/02/25 00:16:48 mrg Exp $
+# $NetBSD: Makefile,v 1.17 2019/04/20 17:16:40 christos Exp $
.include <bsd.own.mk>
@@ -14,7 +14,7 @@
auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor.c monitor_wrap.c \
- kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
+ kexgexs.c sftp-server.c sftp-common.c \
sandbox-rlimit.c pfilter.c
COPTS.auth-options.c+= -Wno-pointer-sign
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/dist/OVERVIEW
--- a/crypto/external/bsd/openssh/dist/OVERVIEW Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/OVERVIEW Sat Apr 20 17:16:40 2019 +0000
@@ -34,11 +34,12 @@
- Ssh contains several encryption algorithms. These are all
accessed through the cipher.h interface. The interface code is
- in cipher.c, and the implementations are in libc.
+ in cipher.c, and the implementations are either in libc or
+ LibreSSL.
Multiple Precision Integer Library
- - Uses the SSLeay BIGNUM sublibrary.
+ - Uses the LibreSSL BIGNUM sublibrary.
Random Numbers
@@ -158,5 +159,5 @@
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
-$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
-$NetBSD: OVERVIEW,v 1.7 2018/08/26 07:46:36 christos Exp $
+$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $
+$NetBSD: OVERVIEW,v 1.8 2019/04/20 17:16:40 christos Exp $
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Sat Apr 20 17:16:40 2019 +0000
@@ -334,6 +334,13 @@
give clients an opportunity to learn them using this extension) before
removing the deprecated key from those offered.
+2.6. connection: SIGINFO support for "signal" channel request
+
+The SSH channels protocol (RFC4254 section 6.9) supports sending a
+signal to a session attached to a channel. OpenSSH supports one
+extension signal "INFO%openssh.com@localhost" that allows sending SIGINFO on
+BSD-derived systems.
+
3. SFTP protocol changes
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
@@ -489,5 +496,5 @@
PROTOCOL.mux over a Unix domain socket for communications between a
master instance and later clients.
-$OpenBSD: PROTOCOL,v 1.35 2018/08/10 00:44:01 djm Exp $
-$NetBSD: PROTOCOL,v 1.12 2018/08/26 07:46:36 christos Exp $
+$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $
+$NetBSD: PROTOCOL,v 1.13 2019/04/20 17:16:40 christos Exp $
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sat Apr 20 17:16:40 2019 +0000
@@ -36,6 +36,7 @@
ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost
ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost
ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost
+ ssh-ed25519-cert-v01%openssh.com@localhost
Two additional types exist for RSA certificates to force use of
SHA-2 signatures (SHA-256 and SHA-512 respectively):
@@ -303,5 +304,5 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.10 2018/08/26 07:46:36 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.11 2019/04/20 17:16:40 christos Exp $
diff -r f25d3a4e51cd -r b5be687e25ee crypto/external/bsd/openssh/dist/PROTOCOL.mux
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.mux Sat Apr 20 17:13:53 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.mux Sat Apr 20 17:16:40 2019 +0000
@@ -1,15 +1,52 @@
This document describes the multiplexing protocol used by ssh(1)'s
ControlMaster connection-sharing.
-Most messages from the client to the server contain a "request id" field.
-This field is returned in replies as "client request id" to facilitate
-matching of responses to requests.
+Multiplexing starts with a ssh(1) configured to act as a multiplexing
+master. This will cause ssh(1) to listen on a Unix domain socket for
+requests from clients. Clients communicate over this socket using a
+simple packetised protocol, where each message is proceeded with
+a length and message type in SSH uint32 wire format:
+
+ uint32 packet length
+ uint32 packet type
+ ... packet body
+
+Most messages from the client to the server contain a "request id"
+field. This field is returned in replies as "client request id" to
+facilitate matching of responses to requests.
+
+Many muliplexing (mux) client requests yield immediate responses from
+the mux process; requesting a forwarding, performing an alive check or
+requesting the master terminate itself fall in to this category.
+
+The most common use of multiplexing however is to maintain multiple
+concurrent sessions. These are supported via two separate modes:
+
+"Passenger" clients start by requesting a new session with a
+MUX_C_NEW_SESSION message and passing stdio file descriptors over the
+Unix domain control socket. The passenger client then waits until it is
+signaled or the mux server closes the session. This mode is so named as
+the client waits around while the mux server does all the driving.
+
+Stdio forwarding (requested using MUX_C_NEW_STDIO_FWD) is another
+example of passenger mode; the client passes the stdio file descriptors
+and passively waits for something to happen.
+
+"Proxy" clients, requested using MUX_C_PROXY, work quite differently. In
+this mode, the mux client/server connection socket will stop speaking
+the multiplexing protocol and start proxying SSH connection protocol
+messages between the client and server. The client therefore must
+speak a significant subset of the SSH protocol, but in return is able
+to access basically the full suite of connection protocol features.
+Moreover, as no file descriptor passing is required, the connection
+supporting a proxy client may iteself be forwarded or relayed to another
+host if necessary.
1. Connection setup
When a multiplexing connection is made to a ssh(1) operating as a
-ControlMaster from a ssh(1) in multiplex slave mode, the first
-action of each is to exchange hello messages:
+ControlMaster from a client ssh(1), the first action of each is send
+a hello messages to its peer:
uint32 MUX_MSG_HELLO
uint32 protocol version
@@ -17,16 +54,16 @@
string extension value [optional]
...
-The current version of the mux protocol is 4. A slave should refuse
+The current version of the mux protocol is 4. A client should refuse
to connect to a master that speaks an unsupported protocol version.
-Following the version identifier are zero or more extensions
-represented as a name/value pair. No extensions are currently
-defined.
+
+Following the version identifier are zero or more extensions represented
+as a name/value pair. No extensions are currently defined.
-2. Opening sessions
+2. Opening a passenger mode session
-To open a new multiplexed session, a client may send the following
-request:
+To open a new multiplexed session in passenger mode, a client sends the
+following request:
uint32 MUX_C_NEW_SESSION
uint32 request id
@@ -80,7 +117,25 @@
uint32 MUX_S_TTY_ALLOC_FAIL
uint32 session id
-3. Health checks
+3. Requesting passenger-mode stdio forwarding
+
+A client may request the master to establish a stdio forwarding:
+
+ uint32 MUX_C_NEW_STDIO_FWD
+ uint32 request id
+ string reserved
+ string connect host
+ string connect port
+
+The client then sends its standard input and output file descriptors
+(in that order) using Unix domain socket control messages.
+
+The contents of "reserved" are currently ignored.
+
+A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
+or a MUX_S_FAILURE.
+
+4. Health checks
The client may request a health check/PID report from a server:
@@ -93,7 +148,7 @@
uint32 client request id
uint32 server pid
-4. Remotely terminating a master
+5. Remotely terminating a master
A client may request that a master terminate immediately:
@@ -102,7 +157,7 @@
The server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED.
-5. Requesting establishment of port forwards
+6. Requesting establishment of port forwards
A client may request the master to establish a port forward:
@@ -131,7 +186,7 @@
uint32 client request id
uint32 allocated remote listen port
-6. Requesting closure of port forwards
+7. Requesting closure of port forwards
Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
@@ -148,24 +203,6 @@
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
-7. Requesting stdio forwarding
-
-A client may request the master to establish a stdio forwarding:
-
- uint32 MUX_C_NEW_STDIO_FWD
- uint32 request id
- string reserved
- string connect host
- string connect port
-
-The client then sends its standard input and output file descriptors
-(in that order) using Unix domain socket control messages.
-
-The contents of "reserved" are currently ignored.
-
-A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
-or a MUX_S_FAILURE.
-
8. Requesting shutdown of mux listener
A client may request the master to stop accepting new multiplexing requests
@@ -177,7 +214,34 @@
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
-9. Status messages
+9. Requesting proxy mode
+
+A client may request that the the control connection be placed in proxy
+mode:
+
+ uint32 MUX_C_PROXY
+ uint32 request id
+
+When a mux master receives this message, it will reply with a
+confirmation:
+
+ uint32 MUX_S_PROXY
+ uint32 request id
+
+And go into proxy mode. All subsequent data over the connection will
+be formatted as unencrypted, unpadded, SSH transport messages:
+
+ uint32 packet length
+ byte 0 (padding length)
+ byte packet type
+ byte[packet length - 2] ...
+
+The mux master will accept most connection messages and global requests,
+and will translate channel identifiers to ensure that the proxy client has
+globally unique channel numbers (i.e. a proxy client need not worry about
+collisions with other clients).
+
+10. Status messages
Home |
Main Index |
Thread Index |
Old Index