Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ssh OpenSSH 2.3.2 as of 2001/2/14
details: https://anonhg.NetBSD.org/src/rev/386ba8fa2fae
branches: trunk
changeset: 503797:386ba8fa2fae
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Feb 14 00:53:01 2001 +0000
description:
OpenSSH 2.3.2 as of 2001/2/14
diffstat:
crypto/dist/ssh/LICENCE | 8 +-
crypto/dist/ssh/auth-options.c | 7 +-
crypto/dist/ssh/auth-passwd.c | 4 +-
crypto/dist/ssh/auth.h | 4 +-
crypto/dist/ssh/kex.h | 6 +-
crypto/dist/ssh/mac.c | 114 +++++++++++++++++++++++++++++++++++++++++
crypto/dist/ssh/mac.h | 28 ++++++++++
crypto/dist/ssh/myproposal.h | 7 +-
crypto/dist/ssh/readconf.h | 3 +-
crypto/dist/ssh/sftp.1 | 5 +-
10 files changed, 168 insertions(+), 18 deletions(-)
diffs (truncated from 325 to 300 lines):
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/LICENCE
--- a/crypto/dist/ssh/LICENCE Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/LICENCE Wed Feb 14 00:53:01 2001 +0000
@@ -1,7 +1,7 @@
-This file is part of the ssh software.
+This file is part of the OpenSSH software.
-The licences which components of this software falls under are as
-follows. First, we will summarize and say that that all components
+The licences which components of this software fall under are as
+follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.
OpenSSH contains no GPL code.
@@ -29,7 +29,7 @@
have been removed from OpenSSH, ie.
- RSA is no longer included, found in the OpenSSL library
- - IDEA is no longer included, it's use is depricated
+ - IDEA is no longer included, its use is deprecated
- DES is now external, in the OpenSSL library
- GMP is no longer used, and instead we call BN code from OpenSSL
- Zlib is now external, in a library
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/auth-options.c
--- a/crypto/dist/ssh/auth-options.c Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/auth-options.c Wed Feb 14 00:53:01 2001 +0000
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.12 2001/02/03 10:08:36 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.13 2001/02/09 13:38:07 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -61,12 +61,13 @@
auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
{
const char *cp;
- if (!opts)
- return 1;
/* reset options */
auth_clear_options();
+ if (!opts)
+ return 1;
+
while (*opts && *opts != ' ' && *opts != '\t') {
cp = "no-port-forwarding";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/auth-passwd.c
--- a/crypto/dist/ssh/auth-passwd.c Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/auth-passwd.c Wed Feb 14 00:53:01 2001 +0000
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.21 2001/02/12 16:16:23 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -57,7 +57,7 @@
/* deny if no user. */
if (pw == NULL)
return 0;
- if (pw->pw_uid == 0 && options.permit_root_login == 2)
+ if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/auth.h
--- a/crypto/dist/ssh/auth.h Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/auth.h Wed Feb 14 00:53:01 2001 +0000
@@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
+ * $OpenBSD: auth.h,v 1.11 2001/02/12 16:16:23 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
@@ -109,7 +109,7 @@
Authctxt *authctxt_new(void);
void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info);
void userauth_reply(Authctxt *authctxt, int authenticated);
-int auth_root_allowed(void);
+int auth_root_allowed(char *method);
int auth2_challenge(Authctxt *authctxt, char *devs);
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/kex.h
--- a/crypto/dist/ssh/kex.h Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/kex.h Wed Feb 14 00:53:01 2001 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.13 2001/02/04 15:32:24 stevesk Exp $ */
+/* $OpenBSD: kex.h,v 1.14 2001/02/11 12:59:24 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,9 +26,11 @@
#ifndef KEX_H
#define KEX_H
+#include <openssl/evp.h>
+#include "buffer.h"
+
#define KEX_DH1 "diffie-hellman-group1-sha1"
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
-#define KEX_DSS "ssh-dss"
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/mac.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/mac.c Wed Feb 14 00:53:01 2001 +0000
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: mac.c,v 1.1 2001/02/11 12:59:24 markus Exp $");
+
+#include <openssl/hmac.h>
+
+#include "xmalloc.h"
+#include "getput.h"
+#include "log.h"
+#include "cipher.h"
+#include "kex.h"
+#include "mac.h"
+
+struct {
+ char *name;
+ EVP_MD * (*mdfunc)(void);
+ int truncatebits; /* truncate digest if != 0 */
+} macs[] = {
+ { "hmac-sha1", EVP_sha1, 0, },
+ { "hmac-sha1-96", EVP_sha1, 96 },
+ { "hmac-md5", EVP_md5, 0 },
+ { "hmac-md5-96", EVP_md5, 96 },
+ { "hmac-ripemd160", EVP_ripemd160, 0 },
+ { "hmac-ripemd160%openssh.com@localhost", EVP_ripemd160, 0 },
+ { NULL, NULL, 0 }
+};
+
+int
+mac_init(Mac *mac, char *name)
+{
+ int i;
+ for (i = 0; macs[i].name; i++) {
+ if (strcmp(name, macs[i].name) == 0) {
+ if (mac != NULL) {
+ mac->md = (*macs[i].mdfunc)();
+ mac->key_len = mac->mac_len = mac->md->md_size;
+ if (macs[i].truncatebits != 0)
+ mac->mac_len = macs[i].truncatebits/8;
+ }
+ debug2("mac_init: found %s", name);
+ return (0);
+ }
+ }
+ debug2("mac_init: unknown %s", name);
+ return (-1);
+}
+
+u_char *
+mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
+{
+ HMAC_CTX c;
+ static u_char m[EVP_MAX_MD_SIZE];
+ u_char b[4];
+
+ if (mac->key == NULL)
+ fatal("mac_compute: no key");
+ if (mac->mac_len > sizeof(m))
+ fatal("mac_compute: mac too long");
+ HMAC_Init(&c, mac->key, mac->key_len, mac->md);
+ PUT_32BIT(b, seqno);
+ HMAC_Update(&c, b, sizeof(b));
+ HMAC_Update(&c, data, datalen);
+ HMAC_Final(&c, m, NULL);
+ HMAC_cleanup(&c);
+ return (m);
+}
+
+/* XXX copied from ciphers_valid */
+#define MAC_SEP ","
+int
+mac_valid(const char *names)
+{
+ char *maclist, *cp, *p;
+
+ if (names == NULL || strcmp(names, "") == 0)
+ return (0);
+ maclist = cp = xstrdup(names);
+ for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
+ (p = strsep(&cp, MAC_SEP))) {
+ if (mac_init(NULL, p) < 0) {
+ debug("bad mac %s [%s]", p, names);
+ xfree(maclist);
+ return (0);
+ } else {
+ debug3("mac ok: %s [%s]", p, names);
+ }
+ }
+ debug3("macs ok: [%s]", names);
+ xfree(maclist);
+ return (1);
+}
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/mac.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/mac.h Wed Feb 14 00:53:01 2001 +0000
@@ -0,0 +1,28 @@
+/* $OpenBSD: mac.h,v 1.1 2001/02/11 12:59:24 markus Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+int mac_valid(const char *names);
+int mac_init(Mac *mac, char *name);
+u_char *mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen);
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/myproposal.h
--- a/crypto/dist/ssh/myproposal.h Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/myproposal.h Wed Feb 14 00:53:01 2001 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.10 2001/01/29 01:58:17 niklas Exp $ */
+/* $OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -30,7 +30,10 @@
"aes128-cbc,aes192-cbc,aes256-cbc," \
"rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
"rijndael-cbc%lysator.liu.se@localhost"
-#define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5,hmac-ripemd160%openssh.com@localhost"
+#define KEX_DEFAULT_MAC \
+ "hmac-sha1,hmac-md5,hmac-ripemd160," \
+ "hmac-ripemd160%openssh.com@localhost," \
+ "hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib"
#define KEX_DEFAULT_LANG ""
diff -r 47b5b35f4ffe -r 386ba8fa2fae crypto/dist/ssh/readconf.h
--- a/crypto/dist/ssh/readconf.h Tue Feb 13 23:56:13 2001 +0000
+++ b/crypto/dist/ssh/readconf.h Wed Feb 14 00:53:01 2001 +0000
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.25 2001/01/22 23:06:39 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.26 2001/02/11 12:59:25 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -68,6 +68,7 @@
* prompts. */
Home |
Main Index |
Thread Index |
Old Index