[Midnightbsd-cvs] src [6863] vendor-crypto/openssh/dist: openssh 6.6p1
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Oct 11 12:33:20 EDT 2014
Revision: 6863
http://svnweb.midnightbsd.org/src/?rev=6863
Author: laffer1
Date: 2014-10-11 12:33:18 -0400 (Sat, 11 Oct 2014)
Log Message:
-----------
openssh 6.6p1
Modified Paths:
--------------
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/Makefile.in
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/aclocal.m4
vendor-crypto/openssh/dist/addrmatch.c
vendor-crypto/openssh/dist/atomicio.c
vendor-crypto/openssh/dist/auth-krb5.c
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-pam.c
vendor-crypto/openssh/dist/auth-rsa.c
vendor-crypto/openssh/dist/auth.h
vendor-crypto/openssh/dist/auth1.c
vendor-crypto/openssh/dist/auth2-chall.c
vendor-crypto/openssh/dist/auth2-gss.c
vendor-crypto/openssh/dist/auth2-hostbased.c
vendor-crypto/openssh/dist/auth2-passwd.c
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/auth2.c
vendor-crypto/openssh/dist/authfd.c
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/authfile.h
vendor-crypto/openssh/dist/bufaux.c
vendor-crypto/openssh/dist/bufbn.c
vendor-crypto/openssh/dist/bufec.c
vendor-crypto/openssh/dist/buffer.c
vendor-crypto/openssh/dist/buffer.h
vendor-crypto/openssh/dist/canohost.c
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/cipher-3des1.c
vendor-crypto/openssh/dist/cipher.c
vendor-crypto/openssh/dist/cipher.h
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/compat.c
vendor-crypto/openssh/dist/compat.h
vendor-crypto/openssh/dist/config.h.in
vendor-crypto/openssh/dist/configure
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/contrib/caldera/openssh.spec
vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/defines.h
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/dh.h
vendor-crypto/openssh/dist/gss-serv-krb5.c
vendor-crypto/openssh/dist/gss-serv.c
vendor-crypto/openssh/dist/hostfile.c
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/kex.h
vendor-crypto/openssh/dist/kexdh.c
vendor-crypto/openssh/dist/kexdhc.c
vendor-crypto/openssh/dist/kexdhs.c
vendor-crypto/openssh/dist/kexecdh.c
vendor-crypto/openssh/dist/kexecdhc.c
vendor-crypto/openssh/dist/kexecdhs.c
vendor-crypto/openssh/dist/kexgex.c
vendor-crypto/openssh/dist/kexgexc.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/key.c
vendor-crypto/openssh/dist/key.h
vendor-crypto/openssh/dist/krl.c
vendor-crypto/openssh/dist/loginrec.c
vendor-crypto/openssh/dist/mac.c
vendor-crypto/openssh/dist/mac.h
vendor-crypto/openssh/dist/match.c
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/misc.h
vendor-crypto/openssh/dist/moduli.0
vendor-crypto/openssh/dist/moduli.c
vendor-crypto/openssh/dist/monitor.c
vendor-crypto/openssh/dist/monitor.h
vendor-crypto/openssh/dist/monitor_mm.c
vendor-crypto/openssh/dist/monitor_mm.h
vendor-crypto/openssh/dist/monitor_wrap.c
vendor-crypto/openssh/dist/monitor_wrap.h
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/pathnames.h
vendor-crypto/openssh/dist/pkcs11.h
vendor-crypto/openssh/dist/platform.c
vendor-crypto/openssh/dist/platform.h
vendor-crypto/openssh/dist/progressmeter.c
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/readconf.h
vendor-crypto/openssh/dist/readpass.c
vendor-crypto/openssh/dist/regress/Makefile
vendor-crypto/openssh/dist/regress/agent-ptrace.sh
vendor-crypto/openssh/dist/regress/agent.sh
vendor-crypto/openssh/dist/regress/cert-hostkey.sh
vendor-crypto/openssh/dist/regress/cert-userkey.sh
vendor-crypto/openssh/dist/regress/cipher-speed.sh
vendor-crypto/openssh/dist/regress/forward-control.sh
vendor-crypto/openssh/dist/regress/host-expand.sh
vendor-crypto/openssh/dist/regress/integrity.sh
vendor-crypto/openssh/dist/regress/kextype.sh
vendor-crypto/openssh/dist/regress/keytype.sh
vendor-crypto/openssh/dist/regress/krl.sh
vendor-crypto/openssh/dist/regress/login-timeout.sh
vendor-crypto/openssh/dist/regress/modpipe.c
vendor-crypto/openssh/dist/regress/rekey.sh
vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh
vendor-crypto/openssh/dist/regress/scp.sh
vendor-crypto/openssh/dist/regress/sftp-chroot.sh
vendor-crypto/openssh/dist/regress/test-exec.sh
vendor-crypto/openssh/dist/regress/try-ciphers.sh
vendor-crypto/openssh/dist/roaming_client.c
vendor-crypto/openssh/dist/roaming_common.c
vendor-crypto/openssh/dist/rsa.c
vendor-crypto/openssh/dist/sandbox-darwin.c
vendor-crypto/openssh/dist/sandbox-null.c
vendor-crypto/openssh/dist/sandbox-rlimit.c
vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
vendor-crypto/openssh/dist/sandbox-systrace.c
vendor-crypto/openssh/dist/scp.0
vendor-crypto/openssh/dist/scp.1
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/serverloop.c
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/session.h
vendor-crypto/openssh/dist/sftp-client.c
vendor-crypto/openssh/dist/sftp-client.h
vendor-crypto/openssh/dist/sftp-common.c
vendor-crypto/openssh/dist/sftp-glob.c
vendor-crypto/openssh/dist/sftp-server.0
vendor-crypto/openssh/dist/sftp-server.8
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/sftp.0
vendor-crypto/openssh/dist/sftp.1
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/ssh-add.0
vendor-crypto/openssh/dist/ssh-add.1
vendor-crypto/openssh/dist/ssh-add.c
vendor-crypto/openssh/dist/ssh-agent.0
vendor-crypto/openssh/dist/ssh-agent.1
vendor-crypto/openssh/dist/ssh-agent.c
vendor-crypto/openssh/dist/ssh-dss.c
vendor-crypto/openssh/dist/ssh-ecdsa.c
vendor-crypto/openssh/dist/ssh-gss.h
vendor-crypto/openssh/dist/ssh-keygen.0
vendor-crypto/openssh/dist/ssh-keygen.1
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-keyscan.0
vendor-crypto/openssh/dist/ssh-keyscan.1
vendor-crypto/openssh/dist/ssh-keyscan.c
vendor-crypto/openssh/dist/ssh-keysign.0
vendor-crypto/openssh/dist/ssh-keysign.8
vendor-crypto/openssh/dist/ssh-keysign.c
vendor-crypto/openssh/dist/ssh-pkcs11-helper.0
vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
vendor-crypto/openssh/dist/ssh-pkcs11.c
vendor-crypto/openssh/dist/ssh-rsa.c
vendor-crypto/openssh/dist/ssh-sandbox.h
vendor-crypto/openssh/dist/ssh.0
vendor-crypto/openssh/dist/ssh.1
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh2.h
vendor-crypto/openssh/dist/ssh_config
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect.h
vendor-crypto/openssh/dist/sshconnect1.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.0
vendor-crypto/openssh/dist/sshd.8
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config
vendor-crypto/openssh/dist/sshd_config.0
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshlogin.c
vendor-crypto/openssh/dist/uidswap.c
vendor-crypto/openssh/dist/version.h
vendor-crypto/openssh/dist/xmalloc.c
Added Paths:
-----------
vendor-crypto/openssh/dist/PROTOCOL.chacha20poly1305
vendor-crypto/openssh/dist/PROTOCOL.key
vendor-crypto/openssh/dist/blocks.c
vendor-crypto/openssh/dist/chacha.c
vendor-crypto/openssh/dist/chacha.h
vendor-crypto/openssh/dist/cipher-chachapoly.c
vendor-crypto/openssh/dist/cipher-chachapoly.h
vendor-crypto/openssh/dist/crypto_api.h
vendor-crypto/openssh/dist/digest-libc.c
vendor-crypto/openssh/dist/digest-openssl.c
vendor-crypto/openssh/dist/digest.h
vendor-crypto/openssh/dist/ed25519.c
vendor-crypto/openssh/dist/fe25519.c
vendor-crypto/openssh/dist/fe25519.h
vendor-crypto/openssh/dist/ge25519.c
vendor-crypto/openssh/dist/ge25519.h
vendor-crypto/openssh/dist/ge25519_base.data
vendor-crypto/openssh/dist/hash.c
vendor-crypto/openssh/dist/hmac.c
vendor-crypto/openssh/dist/hmac.h
vendor-crypto/openssh/dist/kexc25519.c
vendor-crypto/openssh/dist/kexc25519c.c
vendor-crypto/openssh/dist/kexc25519s.c
vendor-crypto/openssh/dist/openbsd-compat/arc4random.c
vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c
vendor-crypto/openssh/dist/openbsd-compat/blf.h
vendor-crypto/openssh/dist/openbsd-compat/blowfish.c
vendor-crypto/openssh/dist/openbsd-compat/chacha_private.h
vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c
vendor-crypto/openssh/dist/poly1305.c
vendor-crypto/openssh/dist/poly1305.h
vendor-crypto/openssh/dist/regress/dhgex.sh
vendor-crypto/openssh/dist/regress/setuid-allowed.c
vendor-crypto/openssh/dist/regress/sftp-perm.sh
vendor-crypto/openssh/dist/sandbox-capsicum.c
vendor-crypto/openssh/dist/sc25519.c
vendor-crypto/openssh/dist/sc25519.h
vendor-crypto/openssh/dist/smult_curve25519_ref.c
vendor-crypto/openssh/dist/ssh-ed25519.c
vendor-crypto/openssh/dist/verify.c
Removed Paths:
-------------
vendor-crypto/openssh/dist/auth2-jpake.c
vendor-crypto/openssh/dist/jpake.c
vendor-crypto/openssh/dist/jpake.h
vendor-crypto/openssh/dist/schnorr.c
vendor-crypto/openssh/dist/schnorr.h
Modified: vendor-crypto/openssh/dist/ChangeLog
===================================================================
--- vendor-crypto/openssh/dist/ChangeLog 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ChangeLog 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,26 +1,1264 @@
+20140313
+ - (djm) Release OpenSSH 6.6
+
+20140304
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/03/03 22:22:30
+ [session.c]
+ ignore enviornment variables with embedded '=' or '\0' characters;
+ spotted by Jann Horn; ok deraadt@
+
+20140301
+ - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
+ no moduli file exists at the expected location.
+
+20140228
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/27 00:41:49
+ [bufbn.c]
+ fix unsigned overflow that could lead to reading a short ssh protocol
+ 1 bignum value; found by Ben Hawkes; ok deraadt@
+ - djm at cvs.openbsd.org 2014/02/27 08:25:09
+ [bufbn.c]
+ off by one in range check
+ - djm at cvs.openbsd.org 2014/02/27 22:47:07
+ [sshd_config.5]
+ bz#2184 clarify behaviour of a keyword that appears in multiple
+ matching Match blocks; ok dtucker@
+ - djm at cvs.openbsd.org 2014/02/27 22:57:40
+ [version.h]
+ openssh-6.6
+ - dtucker at cvs.openbsd.org 2014/01/19 23:43:02
+ [regress/sftp-chroot.sh]
+ Don't use -q on sftp as it suppresses logging, instead redirect the
+ output to the regress logfile.
+ - dtucker at cvs.openbsd.org 2014/01/20 00:00:30
+ [sregress/ftp-chroot.sh]
+ append to rather than truncating the log file
+ - dtucker at cvs.openbsd.org 2014/01/25 04:35:32
+ [regress/Makefile regress/dhgex.sh]
+ Add a test for DH GEX sizes
+ - djm at cvs.openbsd.org 2014/01/26 10:22:10
+ [regress/cert-hostkey.sh]
+ automatically generate revoked keys from listed keys rather than
+ manually specifying each type; from portable
+ (Id sync only)
+ - djm at cvs.openbsd.org 2014/01/26 10:49:17
+ [scp-ssh-wrapper.sh scp.sh]
+ make sure $SCP is tested on the remote end rather than whichever one
+ happens to be in $PATH; from portable
+ (Id sync only)
+ - djm at cvs.openbsd.org 2014/02/27 20:04:16
+ [login-timeout.sh]
+ remove any existing LoginGraceTime from sshd_config before adding
+ a specific one for the test back in
+ - djm at cvs.openbsd.org 2014/02/27 21:21:25
+ [agent-ptrace.sh agent.sh]
+ keep return values that are printed in error messages;
+ from portable
+ (Id sync only)
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+ - (djm) [regress/host-expand.sh] Add RCS Id
+
+20140227
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/26 20:18:37
+ [ssh.c]
+ bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
+ ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2014/02/26 20:28:44
+ [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
+ bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
+ sandboxing, as running this code in the sandbox can cause violations;
+ ok markus@
+ - djm at cvs.openbsd.org 2014/02/26 20:29:29
+ [channels.c]
+ don't assume that the socks4 username is \0 terminated;
+ spotted by Ben Hawkes; ok markus@
+ - markus at cvs.openbsd.org 2014/02/26 21:53:37
+ [sshd.c]
+ ssh_gssapi_prepare_supported_oids needs GSSAPI
+
+20140224
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/02/07 06:55:54
+ [cipher.c mac.c]
+ remove some logging that makes ssh debugging output very verbose;
+ ok markus
+ - djm at cvs.openbsd.org 2014/02/15 23:05:36
+ [channels.c]
+ avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
+ bz#2200, debian#738692 via Colin Watson; ok dtucker@
+ - djm at cvs.openbsd.org 2014/02/22 01:32:19
+ [readconf.c]
+ when processing Match blocks, skip 'exec' clauses if previous predicates
+ failed to match; ok markus@
+ - djm at cvs.openbsd.org 2014/02/23 20:03:42
+ [ssh-ed25519.c]
+ check for unsigned overflow; not reachable in OpenSSH but others might
+ copy our code...
+ - djm at cvs.openbsd.org 2014/02/23 20:11:36
+ [readconf.c readconf.h ssh.c ssh_config.5]
+ reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
+ the hostname. This allows users to write configurations that always
+ refer to canonical hostnames, e.g.
+
+ CanonicalizeHostname yes
+ CanonicalDomains int.example.org example.org
+ CanonicalizeFallbackLocal no
+
+ Host *.int.example.org
+ Compression off
+ Host *.example.org
+ User djm
+
+ ok markus@
+
+20140213
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
+ code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
+
+20140207
+ - OpenBSD CVS Sync
+ - naddy at cvs.openbsd.org 2014/02/05 20:13:25
+ [ssh-keygen.1 ssh-keygen.c]
+ tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
+ while here, fix ordering in usage(); requested by jmc@
+ - djm at cvs.openbsd.org 2014/02/06 22:21:01
+ [sshconnect.c]
+ in ssh_create_socket(), only do the getaddrinfo for BindAddress when
+ BindAddress is actually specified. Fixes regression in 6.5 for
+ UsePrivilegedPort=yes; patch from Corinna Vinschen
+
+20140206
+ - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
+ before freeing since free(NULL) is a no-op. ok djm.
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+ __NR_shutdown; some go via the socketcall(2) multiplexer.
+
+20140205
+ - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
+ headers/libc but not supported by the kernel. Patch from Loganaden
+ Velvindron @ AfriNIC
+
+20140204
+ - OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2014/01/27 18:58:14
+ [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
+ replace openssl HMAC with an implementation based on our ssh_digest_*
+ ok and feedback djm@
+ - markus at cvs.openbsd.org 2014/01/27 19:18:54
+ [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
+ replace openssl MD5 with our ssh_digest_*; ok djm@
+ - markus at cvs.openbsd.org 2014/01/27 20:13:46
+ [digest.c digest-openssl.c digest-libc.c Makefile.in]
+ rename digest.c to digest-openssl.c and add libc variant; ok djm@
+ - jmc at cvs.openbsd.org 2014/01/28 14:13:39
+ [ssh-keyscan.1]
+ kill some bad Pa;
+ From: Jan Stary
+ - djm at cvs.openbsd.org 2014/01/29 00:19:26
+ [sshd.c]
+ use kill(0, ...) instead of killpg(0, ...); on most operating systems
+ they are equivalent, but SUSv2 describes the latter as having undefined
+ behaviour; from portable; ok dtucker
+ (Id sync only; change is already in portable)
+ - djm at cvs.openbsd.org 2014/01/29 06:18:35
+ [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
+ [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
+ [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
+ remove experimental, never-enabled JPAKE code; ok markus@
+ - jmc at cvs.openbsd.org 2014/01/29 14:04:51
+ [sshd_config.5]
+ document kbdinteractiveauthentication;
+ requested From: Ross L Richardson
+
+ dtucker/markus helped explain its workings;
+ - djm at cvs.openbsd.org 2014/01/30 22:26:14
+ [sandbox-systrace.c]
+ allow shutdown(2) syscall in sandbox - it may be called by packet_close()
+ from portable
+ (Id sync only; change is already in portable)
+ - tedu at cvs.openbsd.org 2014/01/31 16:39:19
+ [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
+ [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
+ [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
+ [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
+ [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
+ replace most bzero with explicit_bzero, except a few that cna be memset
+ ok djm dtucker
+ - djm at cvs.openbsd.org 2014/02/02 03:44:32
+ [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
+ [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
+ [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
+ [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
+ [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
+ [sshd.c]
+ convert memset of potentially-private data to explicit_bzero()
+ - djm at cvs.openbsd.org 2014/02/03 23:28:00
+ [ssh-ecdsa.c]
+ fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
+ DSA_SIG_new. Reported by Batz Spear; ok markus@
+ - djm at cvs.openbsd.org 2014/02/02 03:44:31
+ [digest-libc.c digest-openssl.c]
+ convert memset of potentially-private data to explicit_bzero()
+ - djm at cvs.openbsd.org 2014/02/04 00:24:29
+ [ssh.c]
+ delay lowercasing of hostname until right before hostname
+ canonicalisation to unbreak case-sensitive matching of ssh_config;
+ reported by Ike Devolder; ok markus@
+ - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
+ - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
+
+20140131
+ - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
+ syscall from sandboxes; it may be called by packet_close.
+ - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
+ build with HP-UX's compiler. Patch from Kevin Brott.
+ - (tim) [Makefile.in] build regress/setuid-allow.
+
+20140130
+ - (djm) [configure.ac] Only check for width-specified integer types
+ in headers that actually exist. patch from Tom G. Christensen;
+ ok dtucker@
+ - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
+ different symbols for 'read' when various compiler flags are
+ in use, causing atomicio.c comparisons against it to break and
+ read/write operations to hang; ok dtucker
+ - (djm) Release openssh-6.5p1
+
+20140129
+ - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
+ Tom G. Christensen
+
+20140128
+ - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
+ ok dtucker
+ - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
+ latter being specified to have undefined behaviour in SUSv3;
+ ok dtucker
+ - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
+ when used as an error message inside an if statement so we display the
+ correct into. agent.sh patch from Petr Lautrbach.
+
+20140127
+ - (dtucker) [Makefile.in] Remove trailing backslash which some make
+ implementations (eg older Solaris) do not cope with.
+
+20140126
+ - OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2014/01/25 10:12:50
+ [cipher.c cipher.h kex.c kex.h kexgexc.c]
+ Add a special case for the DH group size for 3des-cbc, which has an
+ effective strength much lower than the key size. This causes problems
+ with some cryptlib implementations, which don't support group sizes larger
+ than 4k but also don't use the largest group size it does support as
+ specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
+ reduced by me with input from Markus. ok djm@ markus@
+ - markus at cvs.openbsd.org 2014/01/25 20:35:37
+ [kex.c]
+ dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
+ ok dtucker@, noted by mancha
+ - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
+ RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
+ libc will attempt to open additional file descriptors for crypto
+ offload and crash if they cannot be opened.
+ - (djm) [configure.ac] correct AC_DEFINE for previous.
+
+20140125
+ - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
+ - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
+ sys/capability.h exists and cap_rights_limit is in libc. Fixes
+ build on FreeBSD9x which provides the header but not the libc
+ support.
+ - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
+ against the correct thing.
+
+20140124
+ - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
+ the scp regress test actually test the built scp rather than the one
+ in $PATH. ok dtucker@
+
+20140123
+ - (tim) [session.c] Improve error reporting on set_id().
+ - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
+ incompatible with OpenBSD's despite post-dating it by more than a decade.
+ Declare it as broken, and document FreeBSD's as the same. ok djm@
+
+20140122
+ - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
+ platform that is expected to use the reuse-argv style setproctitle
+ hack surprises us by providing a setproctitle in libc; ok dtucker
+ - (djm) [configure.ac] Unless specifically requested, only attempt
+ to build Position Independent Executables on gcc >= 4.x; ok dtucker
+ - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
+ platform hardening options: include some long long int arithmatic
+ to detect missing support functions for -ftrapv in libgcc and
+ equivalents, actually test linking when -ftrapv is supplied and
+ set either both -pie/-fPIE or neither. feedback and ok dtucker@
+
+20140121
+ - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
+ to on platforms where it's known to be reliably detected and off elsewhere.
+ Works around platforms such as FreeBSD 9.1 where it does not interop with
+ -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
+ - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
+ tests in the configure output. ok djm.
+ - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
+ with sftp chroot support. Move set_id call after chroot.
+ - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
+ and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
+ detecting toolchain-related problems; ok dtucker
+
+20140120
+ - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
+ implementation does not have krb5_cc_new_unique, similar to what we do
+ in auth-krb5.c.
+ - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
+ skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/20 00:08:48
+ [digest.c]
+ memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
+
+20140119
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2014/01/17 06:23:24
+ [sftp-server.c]
+ fix log message statvfs. ok djm
+ - dtucker at cvs.openbsd.org 2014/01/18 09:36:26
+ [session.c]
+ explicitly define USE_PIPES to 1 to prevent redefinition warnings in
+ portable on platforms that use pipes for everything. From vinschen at
+ redhat.
+ - dtucker at cvs.openbsd.org 2014/01/19 04:17:29
+ [canohost.c addrmatch.c]
+ Cast socklen_t when comparing to size_t and use socklen_t to iterate over
+ the ip options, both to prevent signed/unsigned comparison warnings.
+ Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
+ - djm at cvs.openbsd.org 2014/01/19 04:48:08
+ [ssh_config.5]
+ fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
+ - dtucker at cvs.openbsd.org 2014/01/19 11:21:51
+ [addrmatch.c]
+ Cast the sizeof to socklen_t so it'll work even if the supplied len is
+ negative. Suggested by and ok djm, ok deraadt.
+
+20140118
+ - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
+ from vinschen at redhat.com
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
+ declarations that stopped being included when we stopped including
+ <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
+ redhat.com.
+ - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
+ optind) are defined in getopt.h already. Unfortunately they are defined as
+ "declspec(dllimport)" for historical reasons, because the GNU linker didn't
+ allow auto-import on PE/COFF targets way back when. The problem is the
+ dllexport attributes collide with the definitions in the various source
+ files in OpenSSH, which obviousy define the variables without
+ declspec(dllimport). The least intrusive way to get rid of these warnings
+ is to disable warnings for GCC compiler attributes when building on Cygwin.
+ Patch from vinschen at redhat.com.
+ - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
+ return value check for cap_enter() consistent with the other uses in
+ FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
+
+20140117
+ - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
+ hardening flags including -fstack-protector-strong. These default to on
+ if the toolchain supports them, but there is a configure-time knob
+ (--without-hardening) to disable them if necessary. ok djm@
+ - (djm) [sftp-client.c] signed/unsigned comparison fix
+ - (dtucker) [loginrec.c] Cast to the types specfied in the format
+ specification to prevent warnings.
+ - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+ - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
+ - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
+ includes.h to pull in all of the compatibility stuff.
+ - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
+ #ifdef HAVE_STDINT_H.
+ - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
+ don't have them.
+ - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
+ separate lines and alphabetize for easier diffing of changes.
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/17 00:21:06
+ [sftp-client.c]
+ signed/unsigned comparison warning fix; from portable (Id sync only)
+ - dtucker at cvs.openbsd.org 2014/01/17 05:26:41
+ [digest.c]
+ remove unused includes. ok djm@
+ - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
+ [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
+ [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
+ using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
+ Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
+ - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
+ openbsd-compat/openssl-compat.h] Add compatibility layer for older
+ openssl versions. ok djm@
+ - (dtucker) Fix typo in #ifndef.
+ - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
+ openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
+ to be useful (and for the regression tests to pass) on platforms that
+ have statfs and fstatfs. ok djm@
+ - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
+ need them to cut down on the name collisions.
+ - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
+ - (dtucker) [configure.ac] Have --without-hardening not turn off
+ stack-protector since that has a separate flag that's been around a while.
+ - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
+ Solaris.
+ - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
+ they're defined if we have to define them ourselves. Fixes builds on old
+ AIX.
+
+20140118
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/16 07:31:09
+ [sftp-client.c]
+ needless and incorrect cast to size_t can break resumption of
+ large download; patch from tobias@
+ - djm at cvs.openbsd.org 2014/01/16 07:32:00
+ [version.h]
+ openssh-6.5
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank RPM spec version numbers.
+ - (djm) [README] update release notes URL.
+
+20140112
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/01/10 05:59:19
+ [sshd_config]
+ the /etc/ssh/ssh_host_ed25519_key is loaded by default too
+ - djm at cvs.openbsd.org 2014/01/12 08:13:13
+ [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
+ avoid use of OpenSSL BIGNUM type and functions for KEX with
+ Curve25519 by adding a buffer_put_bignum2_from_string() that stores
+ a string using the bignum encoding rules. Will make it easier to
+ build a reduced-feature OpenSSH without OpenSSL in the future;
+ ok markus@
+
+20140110
+ - (djm) OpenBSD CVS Sync
+ - tedu at cvs.openbsd.org 2014/01/04 17:50:55
+ [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
+ use standard types and formats for size_t like variables. ok dtucker
+ - guenther at cvs.openbsd.org 2014/01/09 03:26:00
+ [sftp-common.c]
+ When formating the time for "ls -l"-style output, show dates in the future
+ with the year, and rearrange a comparison to avoid a potentional signed
+ arithmetic overflow that would give the wrong result.
+ ok djm@
+ - djm at cvs.openbsd.org 2014/01/09 23:20:00
+ [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
+ [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
+ [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
+ [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
+ Introduce digest API and use it to perform all hashing operations
+ rather than calling OpenSSL EVP_Digest* directly. Will make it easier
+ to build a reduced-feature OpenSSH without OpenSSL in future;
+ feedback, ok markus@
+ - djm at cvs.openbsd.org 2014/01/09 23:26:48
+ [sshconnect.c sshd.c]
+ ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
+ deranged and might make some attacks on KEX easier; ok markus@
+
+20140108
+ - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
+
+20131231
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/30 23:52:28
+ [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
+ [sshconnect.c sshconnect2.c sshd.c]
+ refuse RSA keys from old proprietary clients/servers that use the
+ obsolete RSA+MD5 signature scheme. it will still be possible to connect
+ with these clients/servers but only DSA keys will be accepted, and we'll
+ deprecate them entirely in a future release. ok markus@
+
+20131229
+ - (djm) [loginrec.c] Check for username truncation when looking up lastlog
+ entries
+ - (djm) [regress/Makefile] Add some generated files for cleaning
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/19 00:10:30
+ [ssh-add.c]
+ skip requesting smartcard PIN when removing keys from agent; bz#2187
+ patch from jay AT slushpupie.com; ok dtucker
+ - dtucker at cvs.openbsd.org 2013/12/19 00:19:12
+ [serverloop.c]
+ Cast client_alive_interval to u_int64_t before assinging to
+ max_time_milliseconds to avoid potential integer overflow in the timeout.
+ bz#2170, patch from Loganaden Velvindron, ok djm@
+ - djm at cvs.openbsd.org 2013/12/19 00:27:57
+ [auth-options.c]
+ simplify freeing of source-address certificate restriction
+ - djm at cvs.openbsd.org 2013/12/19 01:04:36
+ [channels.c]
+ bz#2147: fix multiple remote forwardings with dynamically assigned
+ listen ports. In the s->c message to open the channel we were sending
+ zero (the magic number to request a dynamic port) instead of the actual
+ listen port. The client therefore had no way of discriminating between
+ them.
+
+ Diagnosis and fix by ronf AT timeheart.net
+ - djm at cvs.openbsd.org 2013/12/19 01:19:41
+ [ssh-agent.c]
+ bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
+ that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
+ ok dtucker
+ - djm at cvs.openbsd.org 2013/12/19 22:57:13
+ [poly1305.c poly1305.h]
+ use full name for author, with his permission
+ - tedu at cvs.openbsd.org 2013/12/21 07:10:47
+ [ssh-keygen.1]
+ small typo
+ - djm at cvs.openbsd.org 2013/12/27 22:30:17
+ [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
+ make the original RSA and DSA signing/verification code look more like
+ the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
+ rather than tediously listing all variants, use __func__ for debug/
+ error messages
+ - djm at cvs.openbsd.org 2013/12/27 22:37:18
+ [ssh-rsa.c]
+ correct comment
+ - djm at cvs.openbsd.org 2013/12/29 02:28:10
+ [key.c]
+ allow ed25519 keys to appear as certificate authorities
+ - djm at cvs.openbsd.org 2013/12/29 02:37:04
+ [key.c]
+ correct comment for key_to_certified()
+ - djm at cvs.openbsd.org 2013/12/29 02:49:52
+ [key.c]
+ correct comment for key_drop_cert()
+ - djm at cvs.openbsd.org 2013/12/29 04:20:04
+ [key.c]
+ to make sure we don't omit any key types as valid CA keys again,
+ factor the valid key type check into a key_type_is_valid_ca()
+ function
+ - djm at cvs.openbsd.org 2013/12/29 04:29:25
+ [authfd.c]
+ allow deletion of ed25519 keys from the agent
+ - djm at cvs.openbsd.org 2013/12/29 04:35:50
+ [authfile.c]
+ don't refuse to load Ed25519 certificates
+ - djm at cvs.openbsd.org 2013/12/29 05:42:16
+ [ssh.c]
+ don't forget to load Ed25519 certs too
+ - djm at cvs.openbsd.org 2013/12/29 05:57:02
+ [sshconnect.c]
+ when showing other hostkeys, don't forget Ed25519 keys
+
+20131221
+ - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
+
+20131219
+ - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
+ greater than 11 either rather than just 11. Patch from Tomas Kuthan.
+ - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
+ Patch from Loganaden Velvindron.
+
+20131218
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/07 08:08:26
+ [ssh-keygen.1]
+ document -a and -o wrt new key format
+ - naddy at cvs.openbsd.org 2013/12/07 11:58:46
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
+ [ssh_config.5 sshd.8 sshd_config.5]
+ add missing mentions of ed25519; ok djm@
+ - dtucker at cvs.openbsd.org 2013/12/08 09:53:27
+ [sshd_config.5]
+ Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
+ - markus at cvs.openbsd.org 2013/12/09 11:03:45
+ [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
+ Add Authors for the public domain ed25519/nacl code.
+ see also http://nacl.cr.yp.to/features.html
+ All of the NaCl software is in the public domain.
+ and http://ed25519.cr.yp.to/software.html
+ The Ed25519 software is in the public domain.
+ - markus at cvs.openbsd.org 2013/12/09 11:08:17
+ [crypto_api.h]
+ remove unused defines
+ - pascal at cvs.openbsd.org 2013/12/15 18:17:26
+ [ssh-add.c]
+ Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
+ ok markus@
+ - djm at cvs.openbsd.org 2013/12/15 21:42:35
+ [cipher-chachapoly.c]
+ add some comments and constify a constant
+ - markus at cvs.openbsd.org 2013/12/17 10:36:38
+ [crypto_api.h]
+ I've assempled the header file by cut&pasting from generated headers
+ and the source files.
+
+20131208
+ - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
+ Vinschen
+ - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
+ [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
+ filesystem before running agent-ptrace.sh; ok dtucker
+
+20131207
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/12/05 22:59:45
+ [sftp-client.c]
+ fix memory leak in error path in do_readdir(); pointed out by
+ Loganaden Velvindron @ AfriNIC in bz#2163
+ - djm at cvs.openbsd.org 2013/12/06 03:40:51
+ [ssh-keygen.c]
+ remove duplicated character ('g') in getopt() string;
+ document the (few) remaining option characters so we don't have to
+ rummage next time.
+ - markus at cvs.openbsd.org 2013/12/06 13:30:08
+ [authfd.c key.c key.h ssh-agent.c]
+ move private key (de)serialization to key.c; ok djm
+ - markus at cvs.openbsd.org 2013/12/06 13:34:54
+ [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
+ [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
+ default; details in PROTOCOL.key; feedback and lots help from djm;
+ ok djm@
+ - markus at cvs.openbsd.org 2013/12/06 13:39:49
+ [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
+ [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
+ [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
+ [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
+ [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
+ support ed25519 keys (hostkeys and user identities) using the public
+ domain ed25519 reference code from SUPERCOP, see
+ http://ed25519.cr.yp.to/software.html
+ feedback, help & ok djm@
+ - jmc at cvs.openbsd.org 2013/12/06 15:29:07
+ [sshd.8]
+ missing comma;
+ - djm at cvs.openbsd.org 2013/12/07 00:19:15
+ [key.c]
+ set k->cert = NULL after freeing it
+ - markus at cvs.openbsd.org 2013/12/06 13:52:46
+ [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
+ [regress/cert-userkey.sh regress/keytype.sh]
+ test ed25519 support; from djm@
+ - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
+ - (djm) [Makefile.in] Add ed25519 sources
+ - (djm) [authfile.c] Conditionalise inclusion of util.h
+ - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
+ [openbsd-compat/blf.h openbsd-compat/blowfish.c]
+ [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
+ portable.
+ - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
+ [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
+ Linux
+ - (djm) [regress/cert-hostkey.sh] Fix merge botch
+ - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
+ Loganaden Velvindron @ AfriNIC in bz#2179
+
+20131205
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2013/11/21 08:05:09
+ [ssh_config.5 sshd_config.5]
+ no need for .Pp before displays;
+ - deraadt at cvs.openbsd.org 2013/11/25 18:04:21
+ [ssh.1 ssh.c]
+ improve -Q usage and such. One usage change is that the option is now
+ case-sensitive
+ ok dtucker markus djm
+ - jmc at cvs.openbsd.org 2013/11/26 12:14:54
+ [ssh.1 ssh.c]
+ - put -Q in the right place
+ - Ar was a poor choice for the arguments to -Q. i've chosen an
+ admittedly equally poor Cm, at least consistent with the rest
+ of the docs. also no need for multiple instances
+ - zap a now redundant Nm
+ - usage() sync
+ - deraadt at cvs.openbsd.org 2013/11/26 19:15:09
+ [pkcs11.h]
+ cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
+ Eitan Adler ok markus for ssh, implies same change in kerberosV
+ - djm at cvs.openbsd.org 2013/12/01 23:19:05
+ [PROTOCOL]
+ mention curve25519-sha256 at libssh.org key exchange algorithm
+ - djm at cvs.openbsd.org 2013/12/02 02:50:27
+ [PROTOCOL.chacha20poly1305]
+ typo; from Jon Cave
+ - djm at cvs.openbsd.org 2013/12/02 02:56:17
+ [ssh-pkcs11-helper.c]
+ use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/02 03:09:22
+ [key.c]
+ make key_to_blob() return a NULL blob on failure; part of
+ bz#2175 from Loganaden Velvindron @ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/02 03:13:14
+ [cipher.c]
+ correct bzero of chacha20+poly1305 key context. bz#2177 from
+ Loganaden Velvindron @ AfriNIC
+
+ Also make it a memset for consistency with the rest of cipher.c
+ - djm at cvs.openbsd.org 2013/12/04 04:20:01
+ [sftp-client.c]
+ bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
+ AfriNIC
+ - djm at cvs.openbsd.org 2013/12/05 01:16:41
+ [servconf.c servconf.h]
+ bz#2161 - fix AuthorizedKeysCommand inside a Match block and
+ rearrange things so the same error is harder to make next time;
+ with and ok dtucker@
+ - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
+ -L location for libedit. Patch from Serge van den Boom.
+
+20131121
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/11/08 11:15:19
+ [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
+ [uidswap.c] Include stdlib.h for free() as per the man page.
+ - markus at cvs.openbsd.org 2013/11/13 13:48:20
+ [ssh-pkcs11.c]
+ add missing braces found by pedro
+ - djm at cvs.openbsd.org 2013/11/20 02:19:01
+ [sshd.c]
+ delay closure of in/out fds until after "Bad protocol version
+ identification..." message, as get_remote_ipaddr/get_remote_port
+ require them open.
+ - deraadt at cvs.openbsd.org 2013/11/20 20:53:10
+ [scp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+ - deraadt at cvs.openbsd.org 2013/11/20 20:54:10
+ [canohost.c clientloop.c match.c readconf.c sftp.c]
+ unsigned casts for ctype macros where neccessary
+ ok guenther millert markus
+ - djm at cvs.openbsd.org 2013/11/21 00:45:44
+ [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
+ [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
+ [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
+ [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
+ cipher "chacha20-poly1305 at openssh.com" that combines Daniel
+ Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
+ authenticated encryption mode.
+
+ Inspired by and similar to Adam Langley's proposal for TLS:
+ http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
+ but differs in layout used for the MAC calculation and the use of a
+ second ChaCha20 instance to separately encrypt packet lengths.
+ Details are in the PROTOCOL.chacha20poly1305 file.
+
+ Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
+ ok markus@ naddy@
+ - naddy at cvs.openbsd.org 2013/11/18 05:09:32
+ [regress/forward-control.sh]
+ bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
+ to successfully run this; ok djm@
+ - djm at cvs.openbsd.org 2013/11/21 03:15:46
+ [regress/krl.sh]
+ add some reminders for additional tests that I'd like to implement
+ - djm at cvs.openbsd.org 2013/11/21 03:16:47
+ [regress/modpipe.c]
+ use unsigned long long instead of u_int64_t here to avoid warnings
+ on some systems portable OpenSSH is built on.
+ - djm at cvs.openbsd.org 2013/11/21 03:18:51
+ [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
+ [regress/try-ciphers.sh]
+ use new "ssh -Q cipher-auth" query to obtain lists of authenticated
+ encryption ciphers instead of specifying them manually; ensures that
+ the new chacha20poly1305 at openssh.com mode is tested;
+
+ ok markus@ and naddy@ as part of the diff to add
+ chacha20poly1305 at openssh.com
+
+20131110
+ - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
+ querying the ones that are compiled in.
+
+20131109
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/11/09 05:41:34
+ [regress/test-exec.sh regress/rekey.sh]
+ Use smaller test data files to speed up tests. Grow test datafiles
+ where necessary for a specific test.
+ - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
+ NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
+ latter actually works before using it. Fedora (at least) has NID_secp521r1
+ that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
+ - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
+ - (dtucker) [configure.ac] Add missing "test".
+ - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
+
20131108
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/11/08 01:06:14
+ [regress/rekey.sh]
+ Rekey less frequently during tests to speed them up
- (djm) OpenBSD CVS Sync
- - markus at cvs.openbsd.org 2013/11/06 16:52:11
- [monitor_wrap.c]
- fix rekeying for AES-GCM modes; ok deraadt
+ - dtucker at cvs.openbsd.org 2013/11/07 11:58:27
+ [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
+ Output the effective values of Ciphers, MACs and KexAlgorithms when
+ the default has not been overridden. ok markus@
- djm at cvs.openbsd.org 2013/11/08 00:39:15
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
[clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
[sftp-client.c sftp-glob.c]
use calloc for all structure allocations; from markus@
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] update version numbers
- djm at cvs.openbsd.org 2013/11/08 01:38:11
[version.h]
openssh-6.4
- - (djm) Release 6.4p1
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers following release.
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
+ arc4random_stir for platforms that have arc4random but don't have
+ arc4random_stir (right now this is only OpenBSD -current).
+ - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
+ EVP_sha256.
+ - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
+ - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
+ warnings.
+ - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
+ and pass in TEST_ENV. use stderr to get polluted
+ and the stderr-data test to fail.
+ - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
+ rather than testing and generating each key, call ssh-keygen -A.
+ Patch from vinschen at redhat.com.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/11/09 05:41:34
+ [regress/test-exec.sh regress/rekey.sh]
+ Use smaller test data files to speed up tests. Grow test datafiles
+ where necessary for a specific test.
-20130913
- - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code;
- ok dtucker@
- - (djm) [channels.c] sigh, typo s/buffet_/buffer_/
- - (djm) Release 6.3p1
+20131107
+ - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
+ that got lost in recent merge.
+ - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
+ - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
+ - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
+ that lack it but have arc4random_uniform()
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2013/11/04 11:51:16
+ [monitor.c]
+ fix rekeying for KEX_C25519_SHA256; noted by dtucker@
+ RCSID sync only; I thought this was a merge botch and fixed it already
+ - markus at cvs.openbsd.org 2013/11/06 16:52:11
+ [monitor_wrap.c]
+ fix rekeying for AES-GCM modes; ok deraadt
+ - djm at cvs.openbsd.org 2013/11/06 23:05:59
+ [ssh-pkcs11.c]
+ from portable: s/true/true_val/ to avoid name collisions on dump platforms
+ RCSID sync only
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/09 23:44:14
+ [regress/Makefile] (ID sync only)
+ regression test for sftp request white/blacklisting and readonly mode.
+ - markus at cvs.openbsd.org 2013/11/02 22:39:53
+ [regress/kextype.sh]
+ add curve25519-sha256 at libssh.org
+ - dtucker at cvs.openbsd.org 2013/11/04 12:27:42
+ [regress/rekey.sh]
+ Test rekeying with all KexAlgorithms.
+ - dtucker at cvs.openbsd.org 2013/11/07 00:12:05
+ [regress/rekey.sh]
+ Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
+ the GCM ciphers.
+ - dtucker at cvs.openbsd.org 2013/11/07 01:12:51
+ [regress/rekey.sh]
+ Factor out the data transfer rekey tests
+ - dtucker at cvs.openbsd.org 2013/11/07 02:48:38
+ [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
+ Use ssh -Q instead of hardcoding lists of ciphers or MACs.
+ - dtucker at cvs.openbsd.org 2013/11/07 03:55:41
+ [regress/kextype.sh]
+ Use ssh -Q to get kex types instead of a static list.
+ - dtucker at cvs.openbsd.org 2013/11/07 04:26:56
+ [regress/kextype.sh]
+ trailing space
+ - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
+ variable. It's no longer used now that we get the supported MACs from
+ ssh -Q.
+20131104
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2013/11/02 20:03:54
+ [ssh-pkcs11.c]
+ support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
+ fixes bz#1908; based on patch from Laurent Barbe; ok djm
+ - markus at cvs.openbsd.org 2013/11/02 21:59:15
+ [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+ use curve25519 for default key exchange (curve25519-sha256 at libssh.org);
+ initial patch from Aris Adamantiadis; ok djm@
+ - markus at cvs.openbsd.org 2013/11/02 22:10:15
+ [kexdhs.c kexecdhs.c]
+ no need to include monitor_wrap.h
+ - markus at cvs.openbsd.org 2013/11/02 22:24:24
+ [kexdhs.c kexecdhs.c]
+ no need to include ssh-gss.h
+ - markus at cvs.openbsd.org 2013/11/02 22:34:01
+ [auth-options.c]
+ no need to include monitor_wrap.h and ssh-gss.h
+ - markus at cvs.openbsd.org 2013/11/02 22:39:19
+ [ssh_config.5 sshd_config.5]
+ the default kex is now curve25519-sha256 at libssh.org
+ - djm at cvs.openbsd.org 2013/11/03 10:37:19
+ [roaming_common.c]
+ fix a couple of function definitions foo() -> foo(void)
+ (-Wold-style-definition)
+ - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
+ KEX/curve25519 change
+
+20131103
+ - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
+ From OpenSMTPD where it prevents "implicit declaration" warnings (it's
+ a no-op in OpenSSH). From chl at openbsd.
+ - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
+ vsnprintf. From eric at openbsd via chl at .
+ - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
+ for platforms that don't have them.
+
+20131030
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/29 09:42:11
+ [key.c key.h]
+ fix potential stack exhaustion caused by nested certificates;
+ report by Mateusz Kocielski; ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2013/10/29 09:48:02
+ [servconf.c servconf.h session.c sshd_config sshd_config.5]
+ shd_config PermitTTY to disallow TTY allocation, mirroring the
+ longstanding no-pty authorized_keys option;
+ bz#2070, patch from Teran McKinney; ok markus@
+ - jmc at cvs.openbsd.org 2013/10/29 18:49:32
+ [sshd_config.5]
+ pty(4), not pty(7);
+
+20131026
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/25 23:04:51
+ [ssh.c]
+ fix crash when using ProxyCommand caused by previous commit - was calling
+ freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
+
+20131025
+ - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
+ unnecessary arc4random_stir() calls. The only ones left are to ensure
+ that the PRNG gets a different state after fork() for platforms that
+ have broken the API.
+
+20131024
+ - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
+ rather than full client name which may be of form user at REALM;
+ patch from Miguel Sanders; ok dtucker@
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/10/23 05:40:58
+ [servconf.c]
+ fix comment
+ - djm at cvs.openbsd.org 2013/10/23 23:35:32
+ [sshd.c]
+ include local address and port in "Connection from ..." message (only
+ shown at loglevel>=verbose)
+ - dtucker at cvs.openbsd.org 2013/10/24 00:49:49
+ [moduli.c]
+ Periodically print progress and, if possible, expected time to completion
+ when screening moduli for DH groups. ok deraadt djm
+ - dtucker at cvs.openbsd.org 2013/10/24 00:51:48
+ [readconf.c servconf.c ssh_config.5 sshd_config.5]
+ Disallow empty Match statements and add "Match all" which matches
+ everything. ok djm, man page help jmc@
+ - djm at cvs.openbsd.org 2013/10/24 08:19:36
+ [ssh.c]
+ fix bug introduced in hostname canonicalisation commit: don't try to
+ resolve hostnames when a ProxyCommand is set unless the user has forced
+ canonicalisation; spotted by Iain Morgan
+ - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
+
+20131023
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/20 04:39:28
+ [ssh_config.5]
+ document % expansions performed by "Match command ..."
+ - djm at cvs.openbsd.org 2013/10/20 06:19:28
+ [readconf.c ssh_config.5]
+ rename "command" subclause of the recently-added "Match" keyword to
+ "exec"; it's shorter, clearer in intent and we might want to add the
+ ability to match against the command being executed at the remote end in
+ the future.
+ - djm at cvs.openbsd.org 2013/10/20 09:51:26
+ [scp.1 sftp.1]
+ add canonicalisation options to -o lists
+ - jmc at cvs.openbsd.org 2013/10/20 18:00:13
+ [ssh_config.5]
+ tweak the "exec" description, as worded by djm;
+ - djm at cvs.openbsd.org 2013/10/23 03:03:07
+ [readconf.c]
+ Hostname may have %h sequences that should be expanded prior to Match
+ evaluation; spotted by Iain Morgan
+ - djm at cvs.openbsd.org 2013/10/23 03:05:19
+ [readconf.c ssh.c]
+ comment
+ - djm at cvs.openbsd.org 2013/10/23 04:16:22
+ [ssh-keygen.c]
+ Make code match documentation: relative-specified certificate expiry time
+ should be relative to current time and not the validity start time.
+ Reported by Petr Lautrbach; ok deraadt@
+
+20131018
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/09 23:44:14
+ [regress/Makefile regress/sftp-perm.sh]
+ regression test for sftp request white/blacklisting and readonly mode.
+ - jmc at cvs.openbsd.org 2013/10/17 07:35:48
+ [sftp.1 sftp.c]
+ tweak previous;
+ - djm at cvs.openbsd.org 2013/10/17 22:08:04
+ [sshd.c]
+ include remote port in bad banner message; bz#2162
+
+20131017
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2013/10/15 14:10:25
+ [ssh.1 ssh_config.5]
+ tweak previous;
+ - djm at cvs.openbsd.org 2013/10/16 02:31:47
+ [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
+ [sshconnect.c sshconnect.h]
+ Implement client-side hostname canonicalisation to allow an explicit
+ search path of domain suffixes to use to convert unqualified host names
+ to fully-qualified ones for host key matching.
+ This is particularly useful for host certificates, which would otherwise
+ need to list unqualified names alongside fully-qualified ones (and this
+ causes a number of problems).
+ "looks fine" markus@
+ - jmc at cvs.openbsd.org 2013/10/16 06:42:25
+ [ssh_config.5]
+ tweak previous;
+ - djm at cvs.openbsd.org 2013/10/16 22:49:39
+ [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
+ s/canonicalise/canonicalize/ for consistency with existing spelling,
+ e.g. authorized_keys; pointed out by naddy@
+ - djm at cvs.openbsd.org 2013/10/16 22:58:01
+ [ssh.c ssh_config.5]
+ one I missed in previous: s/isation/ization/
+ - djm at cvs.openbsd.org 2013/10/17 00:30:13
+ [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
+ fsync at openssh.com protocol extension for sftp-server
+ client support to allow calling fsync() faster successful transfer
+ patch mostly by imorgan AT nas.nasa.gov; bz#1798
+ "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
+ - djm at cvs.openbsd.org 2013/10/17 00:46:49
+ [ssh.c]
+ rearrange check to reduce diff against -portable
+ (Id sync only)
+
+20131015
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/10/09 23:42:17
+ [sftp-server.8 sftp-server.c]
+ Add ability to whitelist and/or blacklist sftp protocol requests by name.
+ Refactor dispatch loop and consolidate read-only mode checks.
+ Make global variables static, since sftp-server is linked into sshd(8).
+ ok dtucker@
+ - djm at cvs.openbsd.org 2013/10/10 00:53:25
+ [sftp-server.c]
+ add -Q, -P and -p to usage() before jmc@ catches me
+ - djm at cvs.openbsd.org 2013/10/10 01:43:03
+ [sshd.c]
+ bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
+ updated; ok dtucker@
+ - djm at cvs.openbsd.org 2013/10/11 02:45:36
+ [sftp-client.c]
+ rename flag arguments to be more clear and consistent.
+ reorder some internal function arguments to make adding additional flags
+ easier.
+ no functional change
+ - djm at cvs.openbsd.org 2013/10/11 02:52:23
+ [sftp-client.c]
+ missed one arg reorder
+ - djm at cvs.openbsd.org 2013/10/11 02:53:45
+ [sftp-client.h]
+ obsolete comment
+ - jmc at cvs.openbsd.org 2013/10/14 14:18:56
+ [sftp-server.8 sftp-server.c]
+ tweak previous;
+ ok djm
+ - djm at cvs.openbsd.org 2013/10/14 21:20:52
+ [session.c session.h]
+ Add logging of session starts in a useful format; ok markus@ feedback and
+ ok dtucker@
+ - djm at cvs.openbsd.org 2013/10/14 22:22:05
+ [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
+ add a "Match" keyword to ssh_config that allows matching on hostname,
+ user and result of arbitrary commands. "nice work" markus@
+ - djm at cvs.openbsd.org 2013/10/14 23:28:23
+ [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
+ refactor client config code a little:
+ add multistate option partsing to readconf.c, similar to servconf.c's
+ existing code.
+ move checking of options that accept "none" as an argument to readconf.c
+ add a lowercase() function and use it instead of explicit tolower() in
+ loops
+ part of a larger diff that was ok markus@
+ - djm at cvs.openbsd.org 2013/10/14 23:31:01
+ [ssh.c]
+ whitespace at EOL; pointed out by markus@
+ - [ssh.c] g/c unused variable.
+
+20131010
+ - (dtucker) OpenBSD CVS Sync
+ - sthen at cvs.openbsd.org 2013/09/16 11:35:43
+ [ssh_config]
+ Remove gssapi config parts from ssh_config, as was already done for
+ sshd_config. Req by/ok ajacoutot@
+ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
+ - djm at cvs.openbsd.org 2013/09/19 00:24:52
+ [progressmeter.c]
+ store the initial file offset so the progress meter doesn't freak out
+ when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@`
+ - djm at cvs.openbsd.org 2013/09/19 00:49:12
+ [sftp-client.c]
+ fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
+ - djm at cvs.openbsd.org 2013/09/19 01:24:46
+ [channels.c]
+ bz#1297 - tell the client (via packet_send_debug) when their preferred
+ listen address has been overridden by the server's GatewayPorts;
+ ok dtucker@
+ - djm at cvs.openbsd.org 2013/09/19 01:26:29
+ [sshconnect.c]
+ bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
+ swp AT swp.pp.ru; ok dtucker@
+ - dtucker at cvs.openbsd.org 2013/10/08 11:42:13
+ [dh.c dh.h]
+ Increase the size of the Diffie-Hellman groups requested for a each
+ symmetric key size. New values from NIST Special Publication 800-57 with
+ the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
+ djm at .
+
+20131009
+ - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
+ in OpenBSD implementation of arc4random, shortly to replace the existing
+ bsd-arc4random.c
+ - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
+ [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
+ implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
+ tested tim@
+
+20130922
+ - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
+ setting when handling SIGHUP to maintain behaviour over retart. Patch
+ from Matthew Ife.
+
+20130918
+ - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
+
+20130914
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/08/22 19:02:21
+ [sshd.c]
+ Stir PRNG after post-accept fork. The child gets a different PRNG state
+ anyway via rexec and explicit privsep reseeds, but it's good to be sure.
+ ok markus@
+ - mikeb at cvs.openbsd.org 2013/08/28 12:34:27
+ [ssh-keygen.c]
+ improve batch processing a bit by making use of the quite flag a bit
+ more often and exit with a non zero code if asked to find a hostname
+ in a known_hosts file and it wasn't there;
+ originally from reyk@, ok djm
+ - djm at cvs.openbsd.org 2013/08/31 00:13:54
+ [sftp.c]
+ make ^w match ksh behaviour (delete previous word instead of entire line)
+ - deraadt at cvs.openbsd.org 2013/09/02 22:00:34
+ [ssh-keygen.c sshconnect1.c sshd.c]
+ All the instances of arc4random_stir() are bogus, since arc4random()
+ does this itself, inside itself, and has for a very long time.. Actually,
+ this was probably reducing the entropy available.
+ ok djm
+ ID SYNC ONLY for portable; we don't trust other arc4random implementations
+ to do this right.
+ - sthen at cvs.openbsd.org 2013/09/07 13:53:11
+ [sshd_config]
+ Remove commented-out kerberos/gssapi config options from sample config,
+ kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
+ various people; ok deraadt@
+ ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
+ - djm at cvs.openbsd.org 2013/09/12 01:41:12
+ [clientloop.c]
+ fix connection crash when sending break (~B) on ControlPersist'd session;
+ ok dtucker@
+ - djm at cvs.openbsd.org 2013/09/13 06:54:34
+ [channels.c]
+ avoid unaligned access in code that reused a buffer to send a
+ struct in_addr in a reply; simpler just use use buffer_put_int();
+ from portable; spotted by and ok dtucker@
+
+20130828
+ - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
+ 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
+ start to use them in the future.
+ - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
+ until we have configure support.
+
+20130821
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/08/06 23:03:49
+ [sftp.c]
+ fix some whitespace at EOL
+ make list of commands an enum rather than a long list of defines
+ add -a to usage()
+ - djm at cvs.openbsd.org 2013/08/06 23:05:01
+ [sftp.1]
+ document top-level -a option (the -a option to 'get' was already
+ documented)
+ - djm at cvs.openbsd.org 2013/08/06 23:06:01
+ [servconf.c]
+ add cast to avoid format warning; from portable
+ - jmc at cvs.openbsd.org 2013/08/07 06:24:51
+ [sftp.1 sftp.c]
+ sort -a;
+ - djm at cvs.openbsd.org 2013/08/08 04:52:04
+ [sftp.c]
+ fix two year old regression: symlinking a file would incorrectly
+ canonicalise the target path. bz#2129 report from delphij AT freebsd.org
+ - djm at cvs.openbsd.org 2013/08/08 05:04:03
+ [sftp-client.c sftp-client.h sftp.c]
+ add a "-l" flag for the rename command to force it to use the silly
+ standard SSH_FXP_RENAME command instead of the POSIX-rename- like
+ posix-rename at openssh.com extension.
+
+ intended for use in regress tests, so no documentation.
+ - djm at cvs.openbsd.org 2013/08/09 03:37:25
+ [sftp.c]
+ do getopt parsing for all sftp commands (with an empty optstring for
+ commands without arguments) to ensure consistent behaviour
+ - djm at cvs.openbsd.org 2013/08/09 03:39:13
+ [sftp-client.c]
+ two problems found by a to-be-committed regress test: 1) msg_id was not
+ being initialised so was starting at a random value from the heap
+ (harmless, but confusing). 2) some error conditions were not being
+ propagated back to the caller
+ - djm at cvs.openbsd.org 2013/08/09 03:56:42
+ [sftp.c]
+ enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
+ matching ksh's relatively recent change.
+ - djm at cvs.openbsd.org 2013/08/13 18:32:08
+ [ssh-keygen.c]
+ typo in error message; from Stephan Rickauer
+ - djm at cvs.openbsd.org 2013/08/13 18:33:08
+ [ssh-keygen.c]
+ another of the same typo
+ - jmc at cvs.openbsd.org 2013/08/14 08:39:27
+ [scp.1 ssh.1]
+ some Bx/Ox conversion;
+ From: Jan Stary
+ - djm at cvs.openbsd.org 2013/08/20 00:11:38
+ [readconf.c readconf.h ssh_config.5 sshconnect.c]
+ Add a ssh_config ProxyUseFDPass option that supports the use of
+ ProxyCommands that establish a connection and then pass a connected
+ file descriptor back to ssh(1). This allows the ProxyCommand to exit
+ rather than have to shuffle data back and forth and enables ssh to use
+ getpeername, etc. to obtain address information just like it does with
+ regular directly-connected sockets. ok markus@
+ - jmc at cvs.openbsd.org 2013/08/20 06:56:07
+ [ssh.1 ssh_config.5]
+ some proxyusefdpass tweaks;
+
20130808
- (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
since some platforms (eg really old FreeBSD) don't have it. Instead,
@@ -34,6 +1272,7 @@
- (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
removal. The "make clean" removes modpipe which is built by the top-level
directory before running the tests. Spotted by tim@
+ - (djm) Release 6.3p1
20130804
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
@@ -668,10 +1907,10 @@
to avoid conflicting definitions of __int64, adding the required bits.
Patch from Corinna Vinschen.
-20120323
+20130323
- (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
-20120322
+20130322
- (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
Hands' greatly revised version.
- (djm) Release 6.2p1
@@ -679,16 +1918,16 @@
- (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
-20120318
+20130318
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
-20120317
+20130317
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
of the bits the configure test looks for.
-20120316
+20130316
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
is unable to successfully compile them. Based on patch from des AT
des.no
@@ -698,7 +1937,7 @@
occur after UID switch; patch from John Marshall via des AT des.no;
ok dtucker@
-20120312
+20130312
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
Improve portability of cipher-speed test, based mostly on a patch from
Iain Morgan.
@@ -1646,2051 +2885,3 @@
- (djm) [README] Update URL to release notes.
- (djm) Release openssh-6.0
-20120419
- - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
- contains openpty() but not login()
-
-20120404
- - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
- mode for Linux's new seccomp filter; patch from Will Drewry; feedback
- and ok dtucker@
-
-20120330
- - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
- file from spec file. From crighter at nuclioss com.
- - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
- openssh binaries on a newer fix release than they were compiled on.
- with and ok dtucker@
- - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
- assumptions when building on Cygwin; patch from Corinna Vinschen
-
-20120309
- - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
- systems where sshd is run in te wrong context. Patch from Sven
- Vermeulen; ok dtucker@
- - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
- addressed connections. ok dtucker@
-
-20120224
- - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
- audit breakage in Solaris 11. Patch from Magnus Johansson.
-
-20120215
- - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
- unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
- ok dtucker@
- - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
- it actually works.
- - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
- to work. Spotted by Angel Gonzalez
-
-20120214
- - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
- preserved Cygwin environment variables; from Corinna Vinschen
-
-20120211
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2012/01/05 00:16:56
- [monitor.c]
- memleak on error path
- - djm at cvs.openbsd.org 2012/01/07 21:11:36
- [mux.c]
- fix double-free in new session handler
- - miod at cvs.openbsd.org 2012/01/08 13:17:11
- [ssh-ecdsa.c]
- Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
- ok markus@
- - miod at cvs.openbsd.org 2012/01/16 20:34:09
- [ssh-pkcs11-client.c]
- Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
- While there, be sure to buffer_clear() between send_msg() and recv_msg().
- ok markus@
- - dtucker at cvs.openbsd.org 2012/01/18 21:46:43
- [clientloop.c]
- Ensure that $DISPLAY contains only valid characters before using it to
- extract xauth data so that it can't be used to play local shell
- metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
- - markus at cvs.openbsd.org 2012/01/25 19:26:43
- [packet.c]
- do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
- ok dtucker@, djm@
- - markus at cvs.openbsd.org 2012/01/25 19:36:31
- [authfile.c]
- memleak in key_load_file(); from Jan Klemkow
- - markus at cvs.openbsd.org 2012/01/25 19:40:09
- [packet.c packet.h]
- packet_read_poll() is not used anymore.
- - markus at cvs.openbsd.org 2012/02/09 20:00:18
- [version.h]
- move from 6.0-beta to 6.0
-
-20120206
- - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
- that don't support ECC. Patch from Phil Oleson
-
-20111219
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/12/02 00:41:56
- [mux.c]
- fix bz#1948: ssh -f doesn't fork for multiplexed connection.
- ok dtucker@
- - djm at cvs.openbsd.org 2011/12/02 00:43:57
- [mac.c]
- fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
- HMAC_init (this change in policy seems insane to me)
- ok dtucker@
- - djm at cvs.openbsd.org 2011/12/04 23:16:12
- [mux.c]
- revert:
- > revision 1.32
- > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
- > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
- > ok dtucker@
- it interacts badly with ControlPersist
- - djm at cvs.openbsd.org 2011/12/07 05:44:38
- [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
- fix some harmless and/or unreachable int overflows;
- reported Xi Wang, ok markus@
-
-20111125
- - OpenBSD CVS Sync
- - oga at cvs.openbsd.org 2011/11/16 12:24:28
- [sftp.c]
- Don't leak list in complete_cmd_parse if there are no commands found.
- Discovered when I was ``borrowing'' this code for something else.
- ok djm@
-
-20111121
- - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
-
-20111104
- - (dtucker) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/10/18 05:15:28
- [ssh.c]
- ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
- - djm at cvs.openbsd.org 2011/10/18 23:37:42
- [ssh-add.c]
- add -k to usage(); reminded by jmc@
- - djm at cvs.openbsd.org 2011/10/19 00:06:10
- [moduli.c]
- s/tmpfile/tmp/ to make this -Wshadow clean
- - djm at cvs.openbsd.org 2011/10/19 10:39:48
- [umac.c]
- typo in comment; patch from Michael W. Bombardieri
- - djm at cvs.openbsd.org 2011/10/24 02:10:46
- [ssh.c]
- bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
- was incorrectly requesting the forward in both the control master and
- slave. skip requesting it in the master to fix. ok markus@
- - djm at cvs.openbsd.org 2011/10/24 02:13:13
- [session.c]
- bz#1859: send tty break to pty master instead of (probably already
- closed) slave side; "looks good" markus@
- - dtucker at cvs.openbsd.org 011/11/04 00:09:39
- [moduli]
- regenerated moduli file; ok deraadt
- - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
- openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
- bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
- which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
- with some rework from myself and djm. ok djm.
-
-20111025
- - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
- fails. Patch from Corinna Vinschen.
-
-20111018
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/10/04 14:17:32
- [sftp-glob.c]
- silence error spam for "ls */foo" in directory with files; bz#1683
- - dtucker at cvs.openbsd.org 2011/10/16 11:02:46
- [moduli.c ssh-keygen.1 ssh-keygen.c]
- Add optional checkpoints for moduli screening. feedback & ok deraadt
- - jmc at cvs.openbsd.org 2011/10/16 15:02:41
- [ssh-keygen.c]
- put -K in the right place (usage());
- - stsp at cvs.openbsd.org 2011/10/16 15:51:39
- [moduli.c]
- add missing includes to unbreak tree; fix from rpointel
- - djm at cvs.openbsd.org 2011/10/18 04:58:26
- [auth-options.c key.c]
- remove explict search for \0 in packet strings, this job is now done
- implicitly by buffer_get_cstring; ok markus
- - djm at cvs.openbsd.org 2011/10/18 05:00:48
- [ssh-add.1 ssh-add.c]
- new "ssh-add -k" option to load plain keys (skipping certificates);
- "looks ok" markus@
-
-20111001
- - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
- - (dtucker) OpenBSD CVS Sync
- - dtucker at cvs.openbsd.org 2011/09/23 00:22:04
- [channels.c auth-options.c servconf.c channels.h sshd.8]
- Add wildcard support to PermitOpen, allowing things like "PermitOpen
- localhost:*". bz #1857, ok djm markus.
- - markus at cvs.openbsd.org 2011/09/23 07:45:05
- [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
- version.h]
- unbreak remote portforwarding with dynamic allocated listen ports:
- 1) send the actual listen port in the open message (instead of 0).
- this allows multiple forwardings with a dynamic listen port
- 2) update the matching permit-open entry, so we can identify where
- to connect to
- report: den at skbkontur.ru and P. Szczygielski
- feedback and ok djm@
- - djm at cvs.openbsd.org 2011/09/25 05:44:47
- [auth2-pubkey.c]
- improve the AuthorizedPrincipalsFile debug log message to include
- file and line number
- - dtucker at cvs.openbsd.org 2011/09/30 00:47:37
- [sshd.c]
- don't attempt privsep cleanup when not using privsep; ok markus@
- - djm at cvs.openbsd.org 2011/09/30 21:22:49
- [sshd.c]
- fix inverted test that caused logspam; spotted by henning@
-
-20110929
- - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
- from des AT des.no
- - (dtucker) [configure.ac openbsd-compat/Makefile.in
- openbsd-compat/strnlen.c] Add strnlen to the compat library.
-
-20110923
- - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
- longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
- want this longhand version)
- - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
- upstream version is YPified and we don't want this
- - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
- The file was totally rewritten between what we had in tree and -current.
- - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
- marker. The upstream API has changed (function and structure names)
- enough to put it out of sync with other providers of this interface.
- - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
- of static __findenv() function from upstream setenv.c
- - OpenBSD CVS Sync
- - millert at cvs.openbsd.org 2006/05/05 15:27:38
- [openbsd-compat/strlcpy.c]
- Convert do {} while loop -> while {} for clarity. No binary change
- on most architectures. From Oliver Smith. OK deraadt@ and henning@
- - tobias at cvs.openbsd.org 2007/10/21 11:09:30
- [openbsd-compat/mktemp.c]
- Comment fix about time consumption of _gettemp.
- FreeBSD did this in revision 1.20.
- OK deraadt@, krw@
- - deraadt at cvs.openbsd.org 2008/07/22 21:47:45
- [openbsd-compat/mktemp.c]
- use arc4random_uniform(); ok djm millert
- - millert at cvs.openbsd.org 2008/08/21 16:54:44
- [openbsd-compat/mktemp.c]
- Remove useless code, the kernel will set errno appropriately if an
- element in the path does not exist. OK deraadt@ pvalchev@
- - otto at cvs.openbsd.org 2008/12/09 19:38:38
- [openbsd-compat/inet_ntop.c]
- fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
-
-20110922
- - OpenBSD CVS Sync
- - pyr at cvs.openbsd.org 2011/05/12 07:15:10
- [openbsd-compat/glob.c]
- When the max number of items for a directory has reached GLOB_LIMIT_READDIR
- an error is returned but closedir() is not called.
- spotted and fix provided by Frank Denis obsd-tech at pureftpd.org
- ok otto@, millert@
- - stsp at cvs.openbsd.org 2011/09/20 10:18:46
- [glob.c]
- In glob(3), limit recursion during matching attempts. Similar to
- fnmatch fix. Also collapse consecutive '*' (from NetBSD).
- ok miod deraadt
- - djm at cvs.openbsd.org 2011/09/22 06:27:29
- [glob.c]
- fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
- applied only to the gl_pathv vector and not the corresponding gl_statv
- array. reported in OpenSSH bz#1935; feedback and okay matthew@
- - djm at cvs.openbsd.org 2011/08/26 01:45:15
- [ssh.1]
- Add some missing ssh_config(5) options that can be used in ssh(1)'s
- -o argument. Patch from duclare AT guu.fi
- - djm at cvs.openbsd.org 2011/09/05 05:56:13
- [scp.1 sftp.1]
- mention ControlPersist and KbdInteractiveAuthentication in the -o
- verbiage in these pages too (prompted by jmc@)
- - djm at cvs.openbsd.org 2011/09/05 05:59:08
- [misc.c]
- fix typo in IPQoS parsing: there is no "AF14" class, but there is
- an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
- - jmc at cvs.openbsd.org 2011/09/05 07:01:44
- [scp.1]
- knock out a useless Ns;
- - deraadt at cvs.openbsd.org 2011/09/07 02:18:31
- [ssh-keygen.1]
- typo (they vs the) found by Lawrence Teo
- - djm at cvs.openbsd.org 2011/09/09 00:43:00
- [ssh_config.5 sshd_config.5]
- fix typo in IPQoS parsing: there is no "AF14" class, but there is
- an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
- - djm at cvs.openbsd.org 2011/09/09 00:44:07
- [PROTOCOL.mux]
- MUX_C_CLOSE_FWD includes forward type in message (though it isn't
- implemented anyway)
- - djm at cvs.openbsd.org 2011/09/09 22:37:01
- [scp.c]
- suppress adding '--' to remote commandlines when the first argument
- does not start with '-'. saves breakage on some difficult-to-upgrade
- embedded/router platforms; feedback & ok dtucker ok markus
- - djm at cvs.openbsd.org 2011/09/09 22:38:21
- [sshd.c]
- kill the preauth privsep child on fatal errors in the monitor;
- ok markus@
- - djm at cvs.openbsd.org 2011/09/09 22:46:44
- [channels.c channels.h clientloop.h mux.c ssh.c]
- support for cancelling local and remote port forwards via the multiplex
- socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user at host" to request
- the cancellation of the specified forwardings; ok markus@
- - markus at cvs.openbsd.org 2011/09/10 22:26:34
- [channels.c channels.h clientloop.c ssh.1]
- support cancellation of local/dynamic forwardings from ~C commandline;
- ok & feedback djm@
- - okan at cvs.openbsd.org 2011/09/11 06:59:05
- [ssh.1]
- document new -O cancel command; ok djm@
- - markus at cvs.openbsd.org 2011/09/11 16:07:26
- [sftp-client.c]
- fix leaks in do_hardlink() and do_readlink(); bz#1921
- from Loganaden Velvindron
- - markus at cvs.openbsd.org 2011/09/12 08:46:15
- [sftp-client.c]
- fix leak in do_lsreaddir(); ok djm
- - djm at cvs.openbsd.org 2011/09/22 06:29:03
- [sftp.c]
- don't let remote_glob() implicitly sort its results in do_globbed_ls() -
- in all likelihood, they will be resorted anyway
-
-20110909
- - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
- Colin Watson.
-
-20110906
- - (djm) [README version.h] Correct version
- - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
- - (djm) Respin OpenSSH-5.9p1 release
-
-20110905
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Update version numbers.
-
-20110904
- - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
- regress errors for the sandbox to warnings. ok tim dtucker
- - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
- ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
- support.
-
-20110829
- - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
- to switch SELinux context away from unconfined_t, based on patch from
- Jan Chadima; bz#1919 ok dtucker@
-
-20110827
- - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
-
-20110818
- - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
-
-20110817
- - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
- OpenSSL 0.9.7. ok djm
- - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
- binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
- - (djm) [configure.ac] error out if the host lacks the necessary bits for
- an explicitly requested sandbox type
- - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
- bisson AT archlinux.org
- - (djm) OpenBSD CVS Sync
- - dtucker at cvs.openbsd.org 2011/06/03 05:35:10
- [regress/cfgmatch.sh]
- use OBJ to find test configs, patch from Tim Rice
- - markus at cvs.openbsd.org 2011/06/30 22:44:43
- [regress/connect-privsep.sh]
- test with sandbox enabled; ok djm@
- - djm at cvs.openbsd.org 2011/08/02 01:23:41
- [regress/cipher-speed.sh regress/try-ciphers.sh]
- add SHA256/SHA512 based HMAC modes
- - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
- MAC tests for platforms that hack EVP_SHA2 support
-
-20110812
- - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
- change error by reporting old and new context names Patch from
- jchadima at redhat.
- - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
- [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
- init scrips from imorgan AT nas.nasa.gov; bz#1920
- - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
- identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
- AT gmail.com; ok dtucker@
-
-20110807
- - (dtucker) OpenBSD CVS Sync
- - jmc at cvs.openbsd.org 2008/06/26 06:59:39
- [moduli.5]
- tweak previous;
- - sobrado at cvs.openbsd.org 2009/10/28 08:56:54
- [moduli.5]
- "Diffie-Hellman" is the usual spelling for the cryptographic protocol
- first published by Whitfield Diffie and Martin Hellman in 1976.
- ok jmc@
- - jmc at cvs.openbsd.org 2010/10/14 20:41:28
- [moduli.5]
- probabalistic -> probabilistic; from naddy
- - dtucker at cvs.openbsd.org 2011/08/07 12:55:30
- [sftp.1]
- typo, fix from Laurent Gautrot
-
-20110805
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/06/23 23:35:42
- [monitor.c]
- ignore EINTR errors from poll()
- - tedu at cvs.openbsd.org 2011/07/06 18:09:21
- [authfd.c]
- bzero the agent address. the kernel was for a while very cranky about
- these things. evne though that's fixed, always good to initialize
- memory. ok deraadt djm
- - djm at cvs.openbsd.org 2011/07/29 14:42:45
- [sandbox-systrace.c]
- fail open(2) with EPERM rather than SIGKILLing the whole process. libc
- will call open() to do strerror() when NLS is enabled;
- feedback and ok markus@
- - markus at cvs.openbsd.org 2011/08/01 19:18:15
- [gss-serv.c]
- prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
- report Adam Zabrock; ok djm@, deraadt@
- - djm at cvs.openbsd.org 2011/08/02 01:22:11
- [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
- Add new SHA256 and SHA512 based HMAC modes from
- http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
- Patch from mdb AT juniper.net; feedback and ok markus@
- - djm at cvs.openbsd.org 2011/08/02 23:13:01
- [version.h]
- crank now, release later
- - djm at cvs.openbsd.org 2011/08/02 23:15:03
- [ssh.c]
- typo in comment
-
-20110624
- - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
- Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
- markus@
-
-20110623
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/06/22 21:47:28
- [servconf.c]
- reuse the multistate option arrays to pretty-print options for "sshd -T"
- - djm at cvs.openbsd.org 2011/06/22 21:57:01
- [servconf.c servconf.h sshd.c sshd_config.5]
- [configure.ac Makefile.in]
- introduce sandboxing of the pre-auth privsep child using systrace(4).
-
- This introduces a new "UsePrivilegeSeparation=sandbox" option for
- sshd_config that applies mandatory restrictions on the syscalls the
- privsep child can perform. This prevents a compromised privsep child
- from being used to attack other hosts (by opening sockets and proxying)
- or probing local kernel attack surface.
-
- The sandbox is implemented using systrace(4) in unsupervised "fast-path"
- mode, where a list of permitted syscalls is supplied. Any syscall not
- on the list results in SIGKILL being sent to the privsep child. Note
- that this requires a kernel with the new SYSTR_POLICY_KILL option.
-
- UsePrivilegeSeparation=sandbox will become the default in the future
- so please start testing it now.
-
- feedback dtucker@; ok markus@
- - djm at cvs.openbsd.org 2011/06/22 22:08:42
- [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
- hook up a channel confirm callback to warn the user then requested X11
- forwarding was refused by the server; ok markus@
- - djm at cvs.openbsd.org 2011/06/23 09:34:13
- [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
- [sandbox-null.c]
- rename sandbox.h => ssh-sandbox.h to make things easier for portable
- - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
- setrlimit(2)
-
-20110620
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/06/04 00:10:26
- [ssh_config.5]
- explain IdentifyFile's semantics a little better, prompted by bz#1898
- ok dtucker jmc
- - markus at cvs.openbsd.org 2011/06/14 22:49:18
- [authfile.c]
- make sure key_parse_public/private_rsa1() no longer consumes its input
- buffer. fixes ssh-add for passphrase-protected ssh1-keys;
- noted by naddy@; ok djm@
- - djm at cvs.openbsd.org 2011/06/17 21:44:31
- [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
- make the pre-auth privsep slave log via a socketpair shared with the
- monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
- - djm at cvs.openbsd.org 2011/06/17 21:46:16
- [sftp-server.c]
- the protocol version should be unsigned; bz#1913 reported by mb AT
- smartftp.com
- - djm at cvs.openbsd.org 2011/06/17 21:47:35
- [servconf.c]
- factor out multi-choice option parsing into a parse_multistate label
- and some support structures; ok dtucker@
- - djm at cvs.openbsd.org 2011/06/17 21:57:25
- [clientloop.c]
- setproctitle for a mux master that has been gracefully stopped;
- bz#1911 from Bert.Wesarg AT googlemail.com
-
-20110603
- - (dtucker) [README version.h contrib/caldera/openssh.spec
- contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
- bumps from the 5.8p2 branch into HEAD. ok djm.
- - (tim) [configure.ac defines.h] Run test program to detect system mail
- directory. Add --with-maildir option to override. Fixed OpenServer 6
- getting it wrong. Fixed many systems having MAIL=/var/mail//username
- ok dtucker
- - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
- unconditionally in other places and the survey data we have does not show
- any systems that use it. "nuke it" djm@
- - (djm) [configure.ac] enable setproctitle emulation for OS X
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/06/03 00:54:38
- [ssh.c]
- bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
- AT googlemail.com; ok dtucker@
- NB. includes additional portability code to enable setproctitle emulation
- on platforms that don't support it.
- - dtucker at cvs.openbsd.org 2011/06/03 01:37:40
- [ssh-agent.c]
- Check current parent process ID against saved one to determine if the parent
- has exited, rather than attempting to send a zero signal, since the latter
- won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
- Gillmor, ok djm@
- - dtucker at cvs.openbsd.org 2011/05/31 02:01:58
- [regress/dynamic-forward.sh]
- back out revs 1.6 and 1.5 since it's not reliable
- - dtucker at cvs.openbsd.org 2011/05/31 02:03:34
- [regress/dynamic-forward.sh]
- work around startup and teardown races; caught by deraadt
- - dtucker at cvs.openbsd.org 2011/06/03 00:29:52
- [regress/dynamic-forward.sh]
- Retry establishing the port forwarding after a small delay, should make
- the tests less flaky when the previous test is slow to shut down and free
- up the port.
- - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
-
-20110529
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/05/23 03:30:07
- [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
- [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
- allow AuthorizedKeysFile to specify multiple files, separated by spaces.
- Bring back authorized_keys2 as a default search path (to avoid breaking
- existing users of this file), but override this in sshd_config so it will
- be no longer used on fresh installs. Maybe in 2015 we can remove it
- entierly :)
-
- feedback and ok markus@ dtucker@
- - djm at cvs.openbsd.org 2011/05/23 03:33:38
- [auth.c]
- make secure_filename() spam debug logs less
- - djm at cvs.openbsd.org 2011/05/23 03:52:55
- [sshconnect.c]
- remove extra newline
- - jmc at cvs.openbsd.org 2011/05/23 07:10:21
- [sshd.8 sshd_config.5]
- tweak previous; ok djm
- - djm at cvs.openbsd.org 2011/05/23 07:24:57
- [authfile.c]
- read in key comments for v.2 keys (though note that these are not
- passed over the agent protocol); bz#439, based on patch from binder
- AT arago.de; ok markus@
- - djm at cvs.openbsd.org 2011/05/24 07:15:47
- [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
- Remove undocumented legacy options UserKnownHostsFile2 and
- GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
- accept multiple paths per line and making their defaults include
- known_hosts2; ok markus
- - djm at cvs.openbsd.org 2011/05/23 03:31:31
- [regress/cfgmatch.sh]
- include testing of multiple/overridden AuthorizedKeysFiles
- refactor to simply daemon start/stop and get rid of racy constructs
-
-20110520
- - (djm) [session.c] call setexeccon() before executing passwd for pw
- changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
- - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
- options, we should corresponding -W-option when trying to determine
- whether it is accepted. Also includes a warning fix on the program
- fragment uses (bad main() return type).
- bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
- - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/05/15 08:09:01
- [authfd.c monitor.c serverloop.c]
- use FD_CLOEXEC consistently; patch from zion AT x96.org
- - djm at cvs.openbsd.org 2011/05/17 07:13:31
- [key.c]
- fatal() if asked to generate a legacy ECDSA cert (these don't exist)
- and fix the regress test that was trying to generate them :)
- - djm at cvs.openbsd.org 2011/05/20 00:55:02
- [servconf.c]
- the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
- and AuthorizedPrincipalsFile were not being correctly applied in
- Match blocks, despite being overridable there; ok dtucker@
- - dtucker at cvs.openbsd.org 2011/05/20 02:00:19
- [servconf.c]
- Add comment documenting what should be after the preauth check. ok djm
- - djm at cvs.openbsd.org 2011/05/20 03:25:45
- [monitor.c monitor_wrap.c servconf.c servconf.h]
- use a macro to define which string options to copy between configs
- for Match. This avoids problems caused by forgetting to keep three
- code locations in perfect sync and ordering
-
- "this is at once beautiful and horrible" + ok dtucker@
- - djm at cvs.openbsd.org 2011/05/17 07:13:31
- [regress/cert-userkey.sh]
- fatal() if asked to generate a legacy ECDSA cert (these don't exist)
- and fix the regress test that was trying to generate them :)
- - djm at cvs.openbsd.org 2011/05/20 02:43:36
- [cert-hostkey.sh]
- another attempt to generate a v00 ECDSA key that broke the test
- ID sync only - portable already had this somehow
- - dtucker at cvs.openbsd.org 2011/05/20 05:19:50
- [dynamic-forward.sh]
- Prevent races in dynamic forwarding test; ok djm
- - dtucker at cvs.openbsd.org 2011/05/20 06:32:30
- [dynamic-forward.sh]
- fix dumb error in dynamic-forward test
-
-20110515
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/05/05 05:12:08
- [mux.c]
- gracefully fall back when ControlPath is too large for a
- sockaddr_un. ok markus@ as part of a larger diff
- - dtucker at cvs.openbsd.org 2011/05/06 01:03:35
- [sshd_config]
- clarify language about overriding defaults. bz#1892, from Petr Cerny
- - djm at cvs.openbsd.org 2011/05/06 01:09:53
- [sftp.1]
- mention that IPv6 addresses must be enclosed in square brackets;
- bz#1845
- - djm at cvs.openbsd.org 2011/05/06 02:05:41
- [sshconnect2.c]
- fix memory leak; bz#1849 ok dtucker@
- - djm at cvs.openbsd.org 2011/05/06 21:14:05
- [packet.c packet.h]
- set traffic class for IPv6 traffic as we do for IPv4 TOS;
- patch from lionel AT mamane.lu via Colin Watson in bz#1855;
- ok markus@
- - djm at cvs.openbsd.org 2011/05/06 21:18:02
- [ssh.c ssh_config.5]
- add a %L expansion (short-form of the local host name) for ControlPath;
- sync some more expansions with LocalCommand; ok markus@
- - djm at cvs.openbsd.org 2011/05/06 21:31:38
- [readconf.c ssh_config.5]
- support negated Host matching, e.g.
-
- Host *.example.org !c.example.org
- User mekmitasdigoat
-
- Will match "a.example.org", "b.example.org", but not "c.example.org"
- ok markus@
- - djm at cvs.openbsd.org 2011/05/06 21:34:32
- [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
- Add a RequestTTY ssh_config option to allow configuration-based
- control over tty allocation (like -t/-T); ok markus@
- - djm at cvs.openbsd.org 2011/05/06 21:38:58
- [ssh.c]
- fix dropping from previous diff
- - djm at cvs.openbsd.org 2011/05/06 22:20:10
- [PROTOCOL.mux]
- fix numbering; from bert.wesarg AT googlemail.com
- - jmc at cvs.openbsd.org 2011/05/07 23:19:39
- [ssh_config.5]
- - tweak previous
- - come consistency fixes
- ok djm
- - jmc at cvs.openbsd.org 2011/05/07 23:20:25
- [ssh.1]
- +.It RequestTTY
- - djm at cvs.openbsd.org 2011/05/08 12:52:01
- [PROTOCOL.mux clientloop.c clientloop.h mux.c]
- improve our behaviour when TTY allocation fails: if we are in
- RequestTTY=auto mode (the default), then do not treat at TTY
- allocation error as fatal but rather just restore the local TTY
- to cooked mode and continue. This is more graceful on devices that
- never allocate TTYs.
-
- If RequestTTY is set to "yes" or "force", then failure to allocate
- a TTY is fatal.
-
- ok markus@
- - djm at cvs.openbsd.org 2011/05/10 05:46:46
- [authfile.c]
- despam debug() logs by detecting that we are trying to load a private key
- in key_try_load_public() and returning early; ok markus@
- - djm at cvs.openbsd.org 2011/05/11 04:47:06
- [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
- remove support for authorized_keys2; it is a relic from the early days
- of protocol v.2 support and has been undocumented for many years;
- ok markus@
- - djm at cvs.openbsd.org 2011/05/13 00:05:36
- [authfile.c]
- warn on unexpected key type in key_parse_private_type()
- - (djm) [packet.c] unbreak portability #endif
-
-20110510
- - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
- --with-ssl-engine which was broken with the change from deprecated
- SSLeay_add_all_algorithms(). ok djm
-
-20110506
- - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
- for closefrom() in test code. Report from Dan Wallis via Gentoo.
-
-20110505
- - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
- definitions. From des AT des.no
- - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
- [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
- [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
- [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
- [regress/README.regress] Remove ssh-rand-helper and all its
- tentacles. PRNGd seeding has been rolled into entropy.c directly.
- Thanks to tim@ for testing on affected platforms.
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/03/10 02:52:57
- [auth2-gss.c auth2.c auth.h]
- allow GSSAPI authentication to detect when a server-side failure causes
- authentication failure and don't count such failures against MaxAuthTries;
- bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
- - okan at cvs.openbsd.org 2011/03/15 10:36:02
- [ssh-keyscan.c]
- use timerclear macro
- ok djm@
- - stevesk at cvs.openbsd.org 2011/03/23 15:16:22
- [ssh-keygen.1 ssh-keygen.c]
- Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
- for which host keys do not exist, generate the host keys with the
- default key file path, an empty passphrase, default bits for the key
- type, and default comment. This will be used by /etc/rc to generate
- new host keys. Idea from deraadt.
- ok deraadt
- - stevesk at cvs.openbsd.org 2011/03/23 16:24:56
- [ssh-keygen.1]
- -q not used in /etc/rc now so remove statement.
- - stevesk at cvs.openbsd.org 2011/03/23 16:50:04
- [ssh-keygen.c]
- remove -d, documentation removed >10 years ago; ok markus
- - jmc at cvs.openbsd.org 2011/03/24 15:29:30
- [ssh-keygen.1]
- zap trailing whitespace;
- - stevesk at cvs.openbsd.org 2011/03/24 22:14:54
- [ssh-keygen.c]
- use strcasecmp() for "clear" cert permission option also; ok djm
- - stevesk at cvs.openbsd.org 2011/03/29 18:54:17
- [misc.c misc.h servconf.c]
- print ipqos friendly string for sshd -T; ok markus
- # sshd -Tf sshd_config|grep ipqos
- ipqos lowdelay throughput
- - djm at cvs.openbsd.org 2011/04/12 04:23:50
- [ssh-keygen.c]
- fix -Wshadow
- - djm at cvs.openbsd.org 2011/04/12 05:32:49
- [sshd.c]
- exit with 0 status on SIGTERM; bz#1879
- - djm at cvs.openbsd.org 2011/04/13 04:02:48
- [ssh-keygen.1]
- improve wording; bz#1861
- - djm at cvs.openbsd.org 2011/04/13 04:09:37
- [ssh-keygen.1]
- mention valid -b sizes for ECDSA keys; bz#1862
- - djm at cvs.openbsd.org 2011/04/17 22:42:42
- [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
- allow graceful shutdown of multiplexing: request that a mux server
- removes its listener socket and refuse future multiplexing requests;
- ok markus@
- - djm at cvs.openbsd.org 2011/04/18 00:46:05
- [ssh-keygen.c]
- certificate options are supposed to be packed in lexical order of
- option name (though we don't actually enforce this at present).
- Move one up that was out of sequence
- - djm at cvs.openbsd.org 2011/05/04 21:15:29
- [authfile.c authfile.h ssh-add.c]
- allow "ssh-add - < key"; feedback and ok markus@
- - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
- so autoreconf 2.68 is happy.
- - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
-
-20110221
- - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
- Cygwin-specific service installer script ssh-host-config. The actual
- functionality is the same, the revisited version is just more
- exact when it comes to check for problems which disallow to run
- certain aspects of the script. So, part of this script and the also
- rearranged service helper script library "csih" is to check if all
- the tools required to run the script are available on the system.
- The new script also is more thorough to inform the user why the
- script failed. Patch from vinschen at redhat com.
-
-20110218
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/02/16 00:31:14
- [ssh-keysign.c]
- make hostbased auth with ECDSA keys work correctly. Based on patch
- by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
-
-20110206
- - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
- selinux code. Patch from Leonardo Chiquitto
- - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
- generation and simplify. Patch from Corinna Vinschen.
-
-20110204
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/01/31 21:42:15
- [PROTOCOL.mux]
- cut'n'pasto; from bert.wesarg AT googlemail.com
- - djm at cvs.openbsd.org 2011/02/04 00:44:21
- [key.c]
- fix uninitialised nonce variable; reported by Mateusz Kocielski
- - djm at cvs.openbsd.org 2011/02/04 00:44:43
- [version.h]
- openssh-5.8
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] update versions in docs and spec files.
- - Release OpenSSH 5.8p1
-
-20110128
- - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
- before attempting setfscreatecon(). Check whether matchpathcon()
- succeeded before using its result. Patch from cjwatson AT debian.org;
- bz#1851
-
-20110127
- - (tim) [config.guess config.sub] Sync with upstream.
- - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
- AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
- AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
- space changes for consistency/readability. Makes autoconf 2.68 happy.
- "Nice work" djm
-
-20110125
- - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
- openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
- port-linux.c to avoid compilation errors. Add -lselinux to ssh when
- building with SELinux support to avoid linking failure; report from
- amk AT spamfence.net; ok dtucker
-
-20110122
- - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
- RSA_get_default_method() for the benefit of openssl versions that don't
- have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
- ok djm at .
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/01/22 09:18:53
- [version.h]
- crank to OpenSSH-5.7
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] update versions in docs and spec files.
- - (djm) Release 5.7p1
-
-20110119
- - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
- of RPM so build completes. Signatures were changed to .asc since 4.1p1.
- - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
- 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
- release testing (random crashes and failure to load ECC keys).
- ok dtucker@
-
-20110117
- - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
- $PATH, fix cleanup of droppings; reported by openssh AT
- roumenpetrov.info; ok dtucker@
- - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
- its unique snowflake of a gdb error to the ones we look for.
- - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
- ssh-add to avoid $SUDO failures on Linux
- - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
- Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
- to the old values. Feedback from vapier at gentoo org and djm, ok djm.
- - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
- [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
- disabled on platforms that do not support them; add a "config_defined()"
- shell function that greps for defines in config.h and use them to decide
- on feature tests.
- Convert a couple of existing grep's over config.h to use the new function
- Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
- backslash characters in filenames, enable it for Cygwin and use it to turn
- of tests for quotes backslashes in sftp-glob.sh.
- based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
- - (tim) [regress/agent-getpeereid.sh] shell portability fix.
- - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
- the tinderbox.
- - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
- configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
- support, based on patches from Tomas Mraz and jchadima at redhat.
-
-20110116
- - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
- on configurations that don't have it.
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/01/16 11:50:05
- [clientloop.c]
- Use atomicio when flushing protocol 1 std{out,err} buffers at
- session close. This was a latent bug exposed by setting a SIGCHLD
- handler and spotted by kevin.brott AT gmail.com; ok dtucker@
- - djm at cvs.openbsd.org 2011/01/16 11:50:36
- [sshconnect.c]
- reset the SIGPIPE handler when forking to execute child processes;
- ok dtucker@
- - djm at cvs.openbsd.org 2011/01/16 12:05:59
- [clientloop.c]
- a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
- now that we use atomicio(), convert them from while loops to if statements
- add test and cast to compile cleanly with -Wsigned
-
-20110114
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/01/13 21:54:53
- [mux.c]
- correct error messages; patch from bert.wesarg AT googlemail.com
- - djm at cvs.openbsd.org 2011/01/13 21:55:25
- [PROTOCOL.mux]
- correct protocol names and add a couple of missing protocol number
- defines; patch from bert.wesarg AT googlemail.com
- - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
- host-key-force target rather than a substitution that is replaced with a
- comment so that the Makefile.in is still a syntactically valid Makefile
- (useful to run the distprep target)
- - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
- - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
- ecdsa bits.
-
-20110113
- - (djm) [misc.c] include time.h for nanosleep() prototype
- - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
- - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
- ecdsa keys. ok djm.
- - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
- gcc warning on platforms where it defaults to int
- - (djm) [regress/Makefile] add a few more generated files to the clean
- target
- - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
- #define that was causing diffie-hellman-group-exchange-sha256 to be
- incorrectly disabled
- - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
- should not depend on ECC support
-
-20110112
- - OpenBSD CVS Sync
- - nicm at cvs.openbsd.org 2010/10/08 21:48:42
- [openbsd-compat/glob.c]
- Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
- from ARG_MAX to 64K.
- Fixes glob-using programs (notably ftp) able to be triggered to hit
- resource limits.
- Idea from a similar NetBSD change, original problem reported by jasper at .
- ok millert tedu jasper
- - djm at cvs.openbsd.org 2011/01/12 01:53:14
- avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
- and sanity check arguments (these will be unnecessary when we switch
- struct glob members from being type into to size_t in the future);
- "looks ok" tedu@ feedback guenther@
- - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
- silly warnings on write() calls we don't care succeed or not.
- - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
- flag tests that don't depend on gcc version at all; suggested by and
- ok dtucker@
-
-20110111
- - (tim) [regress/host-expand.sh] Fix for building outside of read only
- source tree.
- - (djm) [platform.c] Some missing includes that show up under -Werror
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2011/01/08 10:51:51
- [clientloop.c]
- use host and not options.hostname, as the latter may have unescaped
- substitution characters
- - djm at cvs.openbsd.org 2011/01/11 06:06:09
- [sshlogin.c]
- fd leak on error paths; from zinovik@
- NB. Id sync only; we use loginrec.c that was also audited and fixed
- recently
- - djm at cvs.openbsd.org 2011/01/11 06:13:10
- [clientloop.c ssh-keygen.c sshd.c]
- some unsigned long long casts that make things a bit easier for
- portable without resorting to dropping PRIu64 formats everywhere
-
-20110109
- - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
- openssh AT roumenpetrov.info
-
-20110108
- - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
- test on OSX and others. Reported by imorgan AT nas.nasa.gov
-
-20110107
- - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
- for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
- - djm at cvs.openbsd.org 2011/01/06 22:23:53
- [ssh.c]
- unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
- googlemail.com; ok markus@
- - djm at cvs.openbsd.org 2011/01/06 22:23:02
- [clientloop.c]
- when exiting due to ServerAliveTimeout, mention the hostname that caused
- it (useful with backgrounded controlmaster)
- - djm at cvs.openbsd.org 2011/01/06 22:46:21
- [regress/Makefile regress/host-expand.sh]
- regress test for LocalCommand %n expansion from bert.wesarg AT
- googlemail.com; ok markus@
- - djm at cvs.openbsd.org 2011/01/06 23:01:35
- [sshconnect.c]
- reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
- ok markus@
-
-20110106
- - (djm) OpenBSD CVS Sync
- - markus at cvs.openbsd.org 2010/12/08 22:46:03
- [scp.1 scp.c]
- add a new -3 option to scp: Copies between two remote hosts are
- transferred through the local host. Without this option the data
- is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
- - jmc at cvs.openbsd.org 2010/12/09 14:13:33
- [scp.1 scp.c]
- scp.1: grammer fix
- scp.c: add -3 to usage()
- - markus at cvs.openbsd.org 2010/12/14 11:59:06
- [sshconnect.c]
- don't mention key type in key-changed-warning, since we also print
- this warning if a new key type appears. ok djm@
- - djm at cvs.openbsd.org 2010/12/15 00:49:27
- [readpass.c]
- fix ControlMaster=ask regression
- reset SIGCHLD handler before fork (and restore it after) so we don't miss
- the the askpass child's exit status. Correct test for exit status/signal to
- account for waitpid() failure; with claudio@ ok claudio@ markus@
- - djm at cvs.openbsd.org 2010/12/24 21:41:48
- [auth-options.c]
- don't send the actual forced command in a debug message; ok markus deraadt
- - otto at cvs.openbsd.org 2011/01/04 20:44:13
- [ssh-keyscan.c]
- handle ecdsa-sha2 with various key lengths; hint and ok djm@
-
-20110104
- - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
- formatter if it is present, followed by nroff and groff respectively.
- Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
- in favour of mandoc). feedback and ok tim
-
-20110103
- - (djm) [Makefile.in] revert local hack I didn't intend to commit
-
-20110102
- - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
- - (djm) [configure.ac] Check whether libdes is needed when building
- with Heimdal krb5 support. On OpenBSD this library no longer exists,
- so linking it unconditionally causes a build failure; ok dtucker
-
-20101226
- - (dtucker) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/12/08 04:02:47
- [ssh_config.5 sshd_config.5]
- explain that IPQoS arguments are separated by whitespace; iirc requested
- by jmc@ a while back
-
-20101205
- - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
- debugging. Spotted by djm.
- - (dtucker) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/12/03 23:49:26
- [schnorr.c]
- check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
- (this code is still disabled, but apprently people are treating it as
- a reference implementation)
- - djm at cvs.openbsd.org 2010/12/03 23:55:27
- [auth-rsa.c]
- move check for revoked keys to run earlier (in auth_rsa_key_allowed)
- bz#1829; patch from ldv AT altlinux.org; ok markus@
- - djm at cvs.openbsd.org 2010/12/04 00:18:01
- [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
- add a protocol extension to support a hard link operation. It is
- available through the "ln" command in the client. The old "ln"
- behaviour of creating a symlink is available using its "-s" option
- or through the preexisting "symlink" command; based on a patch from
- miklos AT szeredi.hu in bz#1555; ok markus@
- - djm at cvs.openbsd.org 2010/12/04 13:31:37
- [hostfile.c]
- fix fd leak; spotted and ok dtucker
- - djm at cvs.openbsd.org 2010/12/04 00:21:19
- [regress/sftp-cmds.sh]
- adjust for hard-link support
- - (dtucker) [regress/Makefile] Id sync.
-
-20101204
- - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
- instead of (arc4random() % range)
- - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
- shims for the new, non-deprecated OpenSSL key generation functions for
- platforms that don't have the new interfaces.
-
-20101201
- - OpenBSD CVS Sync
- - deraadt at cvs.openbsd.org 2010/11/20 05:12:38
- [auth2-pubkey.c]
- clean up cases of ;;
- - djm at cvs.openbsd.org 2010/11/21 01:01:13
- [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
- honour $TMPDIR for client xauth and ssh-agent temporary directories;
- feedback and ok markus@
- - djm at cvs.openbsd.org 2010/11/21 10:57:07
- [authfile.c]
- Refactor internals of private key loading and saving to work on memory
- buffers rather than directly on files. This will make a few things
- easier to do in the future; ok markus@
- - djm at cvs.openbsd.org 2010/11/23 02:35:50
- [auth.c]
- use strict_modes already passed as function argument over referencing
- global options.strict_modes
- - djm at cvs.openbsd.org 2010/11/23 23:57:24
- [clientloop.c]
- avoid NULL deref on receiving a channel request on an unknown or invalid
- channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
- - djm at cvs.openbsd.org 2010/11/24 01:24:14
- [channels.c]
- remove a debug() that pollutes stderr on client connecting to a server
- in debug mode (channel_close_fds is called transitively from the session
- code post-fork); bz#1719, ok dtucker
- - djm at cvs.openbsd.org 2010/11/25 04:10:09
- [session.c]
- replace close() loop for fds 3->64 with closefrom();
- ok markus deraadt dtucker
- - djm at cvs.openbsd.org 2010/11/26 05:52:49
- [scp.c]
- Pass through ssh command-line flags and options when doing remote-remote
- transfers, e.g. to enable agent forwarding which is particularly useful
- in this case; bz#1837 ok dtucker@
- - markus at cvs.openbsd.org 2010/11/29 18:57:04
- [authfile.c]
- correctly load comment for encrypted rsa1 keys;
- report/fix Joachim Schipper; ok djm@
- - djm at cvs.openbsd.org 2010/11/29 23:45:51
- [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
- [sshconnect.h sshconnect2.c]
- automatically order the hostkeys requested by the client based on
- which hostkeys are already recorded in known_hosts. This avoids
- hostkey warnings when connecting to servers with new ECDSA keys
- that are preferred by default; with markus@
-
-20101124
- - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
- into the platform-specific code Only affects SCO, tested by and ok tim at .
- - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
- group read/write. ok dtucker@
- - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
- - (djm) [defines.h] Add IP DSCP defines
-
-20101122
- - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
- from vapier at gentoo org.
-
-20101120
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/11/05 02:46:47
- [packet.c]
- whitespace KNF
- - djm at cvs.openbsd.org 2010/11/10 01:33:07
- [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
- use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
- these have been around for years by this time. ok markus
- - djm at cvs.openbsd.org 2010/11/13 23:27:51
- [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
- [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
- allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
- hardcoding lowdelay/throughput.
-
- bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
- - jmc at cvs.openbsd.org 2010/11/15 07:40:14
- [ssh_config.5]
- libary -> library;
- - jmc at cvs.openbsd.org 2010/11/18 15:01:00
- [scp.1 sftp.1 ssh.1 sshd_config.5]
- add IPQoS to the various -o lists, and zap some trailing whitespace;
-
-20101111
- - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
- platforms that don't support ECC. Fixes some spurious warnings reported
- by tim@
-
-20101109
- - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
- Feedback from dtucker@
- - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
- support for platforms missing isblank(). ok djm@
-
-20101108
- - (tim) [regress/Makefile] Fixes to allow building/testing outside source
- tree.
- - (tim) [regress/kextype.sh] Shell portability fix.
-
-20101107
- - (dtucker) [platform.c] includes.h instead of defines.h so that we get
- the correct typedefs.
-
-20101105
- - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
- int. Should fix bz#1817 cleanly; ok dtucker@
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/09/22 12:26:05
- [regress/Makefile regress/kextype.sh]
- regress test for each of the key exchange algorithms that we support
- - djm at cvs.openbsd.org 2010/10/28 11:22:09
- [authfile.c key.c key.h ssh-keygen.c]
- fix a possible NULL deref on loading a corrupt ECDH key
-
- store ECDH group information in private keys files as "named groups"
- rather than as a set of explicit group parameters (by setting
- the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
- retrieves the group's OpenSSL NID that we need for various things.
- - jmc at cvs.openbsd.org 2010/10/28 18:33:28
- [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
- knock out some "-*- nroff -*-" lines;
- - djm at cvs.openbsd.org 2010/11/04 02:45:34
- [sftp-server.c]
- umask should be parsed as octal. reported by candland AT xmission.com;
- ok markus@
- - (dtucker) [configure.ac platform.{c,h} session.c
- openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
- Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
- ok djm@
- - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
- after the user's groups are established and move the selinux calls into it.
- - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
- platform.c
- - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
- - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
- retain previous behavior.
- - (dtucker) [platform.c session.c] Move the PAM credential establishment for
- the LOGIN_CAP case into platform.c.
- - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
- platform.c
- - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
- - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
- platform.c.
- - (dtucker) [platform.c session.c] Move PAM credential establishment for the
- non-LOGIN_CAP case into platform.c.
- - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
- check into platform.c
- - (dtucker) [regress/keytype.sh] Import new test.
- - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
- Import recent changes to regress/Makefile, pass a flag to enable ECC tests
- from configure through to regress/Makefile and use it in the tests.
- - (dtucker) [regress/kextype.sh] Add missing "test".
- - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
- strictly correct since while ECC requires sha256 the reverse is not true
- however it does prevent spurious test failures.
- - (dtucker) [platform.c] Need servconf.h and extern options.
-
-20101025
- - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
- 1.12 to unbreak Solaris build.
- ok djm@
- - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
- native one.
-
-20101024
- - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
- - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
- which don't have ECC support in libcrypto.
- - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
- which don't have ECC support in libcrypto.
- - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
- have it.
- - (dtucker) OpenBSD CVS Sync
- - sthen at cvs.openbsd.org 2010/10/23 22:06:12
- [sftp.c]
- escape '[' in filename tab-completion; fix a type while there.
- ok djm@
-
-20101021
- - OpenBSD CVS Sync
- - dtucker at cvs.openbsd.org 2010/10/12 02:22:24
- [mux.c]
- Typo in confirmation message. bz#1827, patch from imorgan at
- nas nasa gov
- - djm at cvs.openbsd.org 2010/08/31 12:24:09
- [regress/cert-hostkey.sh regress/cert-userkey.sh]
- tests for ECDSA certificates
-
-20101011
- - (djm) [canohost.c] Zero a4 instead of addr to better match type.
- bz#1825, reported by foo AT mailinator.com
- - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
-
-20101011
- - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
- dr AT vasco.com
-
-20101007
- - (djm) [ssh-agent.c] Fix type for curve name.
- - (djm) OpenBSD CVS Sync
- - matthew at cvs.openbsd.org 2010/09/24 13:33:00
- [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
- [openbsd-compat/timingsafe_bcmp.c]
- Add timingsafe_bcmp(3) to libc, mention that it's already in the
- kernel in kern(9), and remove it from OpenSSH.
- ok deraadt@, djm@
- NB. re-added under openbsd-compat/ for portable OpenSSH
- - djm at cvs.openbsd.org 2010/09/25 09:30:16
- [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
- make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
- rountrips to fetch per-file stat(2) information.
- NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
- match.
- - djm at cvs.openbsd.org 2010/09/26 22:26:33
- [sftp.c]
- when performing an "ls" in columnated (short) mode, only call
- ioctl(TIOCGWINSZ) once to get the window width instead of per-
- filename
- - djm at cvs.openbsd.org 2010/09/30 11:04:51
- [servconf.c]
- prevent free() of string in .rodata when overriding AuthorizedKeys in
- a Match block; patch from rein AT basefarm.no
- - djm at cvs.openbsd.org 2010/10/01 23:05:32
- [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
- adapt to API changes in openssl-1.0.0a
- NB. contains compat code to select correct API for older OpenSSL
- - djm at cvs.openbsd.org 2010/10/05 05:13:18
- [sftp.c sshconnect.c]
- use default shell /bin/sh if $SHELL is ""; ok markus@
- - djm at cvs.openbsd.org 2010/10/06 06:39:28
- [clientloop.c ssh.c sshconnect.c sshconnect.h]
- kill proxy command on fatal() (we already kill it on clean exit);
- ok markus@
- - djm at cvs.openbsd.org 2010/10/06 21:10:21
- [sshconnect.c]
- swapped args to kill(2)
- - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
- - (djm) [cipher-acss.c] Add missing header.
- - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
-
-20100924
- - (djm) OpenBSD CVS Sync
- - naddy at cvs.openbsd.org 2010/09/10 15:19:29
- [ssh-keygen.1]
- * mention ECDSA in more places
- * less repetition in FILES section
- * SSHv1 keys are still encrypted with 3DES
- help and ok jmc@
- - djm at cvs.openbsd.org 2010/09/11 21:44:20
- [ssh.1]
- mention RFC 5656 for ECC stuff
- - jmc at cvs.openbsd.org 2010/09/19 21:30:05
- [sftp.1]
- more wacky macro fixing;
- - djm at cvs.openbsd.org 2010/09/20 04:41:47
- [ssh.c]
- install a SIGCHLD handler to reap expiried child process; ok markus@
- - djm at cvs.openbsd.org 2010/09/20 04:50:53
- [jpake.c schnorr.c]
- check that received values are smaller than the group size in the
- disabled and unfinished J-PAKE code.
- avoids catastrophic security failure found by Sebastien Martini
- - djm at cvs.openbsd.org 2010/09/20 04:54:07
- [jpake.c]
- missing #include
- - djm at cvs.openbsd.org 2010/09/20 07:19:27
- [mux.c]
- "atomically" create the listening mux socket by binding it on a temorary
- name and then linking it into position after listen() has succeeded.
- this allows the mux clients to determine that the server socket is
- either ready or stale without races. stale server sockets are now
- automatically removed
- ok deraadt
- - djm at cvs.openbsd.org 2010/09/22 05:01:30
- [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
- [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
- add a KexAlgorithms knob to the client and server configuration to allow
- selection of which key exchange methods are used by ssh(1) and sshd(8)
- and their order of preference.
- ok markus@
- - jmc at cvs.openbsd.org 2010/09/22 08:30:08
- [ssh.1 ssh_config.5]
- ssh.1: add kexalgorithms to the -o list
- ssh_config.5: format the kexalgorithms in a more consistent
- (prettier!) way
- ok djm
- - djm at cvs.openbsd.org 2010/09/22 22:58:51
- [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
- [sftp-client.h sftp.1 sftp.c]
- add an option per-read/write callback to atomicio
-
- factor out bandwidth limiting code from scp(1) into a generic bandwidth
- limiter that can be attached using the atomicio callback mechanism
-
- add a bandwidth limit option to sftp(1) using the above
- "very nice" markus@
- - jmc at cvs.openbsd.org 2010/09/23 13:34:43
- [sftp.c]
- add [-l limit] to usage();
- - jmc at cvs.openbsd.org 2010/09/23 13:36:46
- [scp.1 sftp.1]
- add KexAlgorithms to the -o list;
-
-20100910
- - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
- return code since it can apparently return -1 under some conditions. From
- openssh bugs werbittewas de, ok djm@
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/08/31 12:33:38
- [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
- reintroduce commit from tedu@, which I pulled out for release
- engineering:
- OpenSSL_add_all_algorithms is the name of the function we have a
- man page for, so use that. ok djm
- - jmc at cvs.openbsd.org 2010/08/31 17:40:54
- [ssh-agent.1]
- fix some macro abuse;
- - jmc at cvs.openbsd.org 2010/08/31 21:14:58
- [ssh.1]
- small text tweak to accommodate previous;
- - naddy at cvs.openbsd.org 2010/09/01 15:21:35
- [servconf.c]
- pick up ECDSA host key by default; ok djm@
- - markus at cvs.openbsd.org 2010/09/02 16:07:25
- [ssh-keygen.c]
- permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
- - markus at cvs.openbsd.org 2010/09/02 16:08:39
- [ssh.c]
- unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
- - naddy at cvs.openbsd.org 2010/09/02 17:21:50
- [ssh-keygen.c]
- Switch ECDSA default key size to 256 bits, which according to RFC5656
- should still be better than our current RSA-2048 default.
- ok djm@, markus@
- - jmc at cvs.openbsd.org 2010/09/03 11:09:29
- [scp.1]
- add an EXIT STATUS section for /usr/bin;
- - jmc at cvs.openbsd.org 2010/09/04 09:38:34
- [ssh-add.1 ssh.1]
- two more EXIT STATUS sections;
- - naddy at cvs.openbsd.org 2010/09/06 17:10:19
- [sshd_config]
- add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
- <mattieu.b at gmail.com>
- ok deraadt@
- - djm at cvs.openbsd.org 2010/09/08 03:54:36
- [authfile.c]
- typo
- - deraadt at cvs.openbsd.org 2010/09/08 04:13:31
- [compress.c]
- work around name-space collisions some buggy compilers (looking at you
- gcc, at least in earlier versions, but this does not forgive your current
- transgressions) seen between zlib and openssl
- ok djm
- - djm at cvs.openbsd.org 2010/09/09 10:45:45
- [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
- ECDH/ECDSA compliance fix: these methods vary the hash function they use
- (SHA256/384/512) depending on the length of the curve in use. The previous
- code incorrectly used SHA256 in all cases.
-
- This fix will cause authentication failure when using 384 or 521-bit curve
- keys if one peer hasn't been upgraded and the other has. (256-bit curve
- keys work ok). In particular you may need to specify HostkeyAlgorithms
- when connecting to a server that has not been upgraded from an upgraded
- client.
-
- ok naddy@
- - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
- [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
- [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
- platforms that don't have the requisite OpenSSL support. ok dtucker@
- - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
- for missing headers and compiler warnings.
-
-20100831
- - OpenBSD CVS Sync
- - jmc at cvs.openbsd.org 2010/08/08 19:36:30
- [ssh-keysign.8 ssh.1 sshd.8]
- use the same template for all FILES sections; i.e. -compact/.Pp where we
- have multiple items, and .Pa for path names;
- - tedu at cvs.openbsd.org 2010/08/12 23:34:39
- [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
- OpenSSL_add_all_algorithms is the name of the function we have a man page
- for, so use that. ok djm
- - djm at cvs.openbsd.org 2010/08/16 04:06:06
- [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
- backout previous temporarily; discussed with deraadt@
- - djm at cvs.openbsd.org 2010/08/31 09:58:37
- [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
- [packet.h ssh-dss.c ssh-rsa.c]
- Add buffer_get_cstring() and related functions that verify that the
- string extracted from the buffer contains no embedded \0 characters*
- This prevents random (possibly malicious) crap from being appended to
- strings where it would not be noticed if the string is used with
- a string(3) function.
-
- Use the new API in a few sensitive places.
-
- * actually, we allow a single one at the end of the string for now because
- we don't know how many deployed implementations get this wrong, but don't
- count on this to remain indefinitely.
- - djm at cvs.openbsd.org 2010/08/31 11:54:45
- [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
- [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
- [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
- [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
- [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
- [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
- [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
- host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
- better performance than plain DH and DSA at the same equivalent symmetric
- key length, as well as much shorter keys.
-
- Only the mandatory sections of RFC5656 are implemented, specifically the
- three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
- ECDSA. Point compression (optional in RFC5656 is NOT implemented).
-
- Certificate host and user keys using the new ECDSA key types are supported.
-
- Note that this code has not been tested for interoperability and may be
- subject to change.
-
- feedback and ok markus@
- - (djm) [Makefile.in] Add new ECC files
- - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
- includes.h
-
-20100827
- - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
- remove. Patch from martynas at venck us
-
-20100823
- - (djm) Release OpenSSH-5.6p1
-
-20100816
- - (dtucker) [configure.ac openbsd-compat/Makefile.in
- openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
- the compat library which helps on platforms like old IRIX. Based on work
- by djm, tested by Tom Christensen.
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/08/12 21:49:44
- [ssh.c]
- close any extra file descriptors inherited from parent at start and
- reopen stdin/stdout to /dev/null when forking for ControlPersist.
-
- prevents tools that fork and run a captive ssh for communication from
- failing to exit when the ssh completes while they wait for these fds to
- close. The inherited fds may persist arbitrarily long if a background
- mux master has been started by ControlPersist. cvs and scp were effected
- by this.
-
- "please commit" markus@
- - (djm) [regress/README.regress] typo
-
-20100812
- - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
- regress/test-exec.sh] Under certain conditions when testing with sudo
- tests would fail because the pidfile could not be read by a regular user.
- "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
- Make sure cat is run by $SUDO. no objection from me. djm@
- - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
-
-20100809
- - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
- already set. Makes FreeBSD user openable tunnels useful; patch from
- richard.burakowski+ossh AT mrburak.net, ok dtucker@
- - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
- based in part on a patch from Colin Watson, ok djm@
-
-20100809
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/08/08 16:26:42
- [version.h]
- crank to 5.6
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Crank version numbers
-
-20100805
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/08/04 05:37:01
- [ssh.1 ssh_config.5 sshd.8]
- Remove mentions of weird "addr/port" alternate address format for IPv6
- addresses combinations. It hasn't worked for ages and we have supported
- the more commen "[addr]:port" format for a long time. ok jmc@ markus@
- - djm at cvs.openbsd.org 2010/08/04 05:40:39
- [PROTOCOL.certkeys ssh-keygen.c]
- tighten the rules for certificate encoding by requiring that options
- appear in lexical order and make our ssh-keygen comply. ok markus@
- - djm at cvs.openbsd.org 2010/08/04 05:42:47
- [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
- [ssh-keysign.c ssh.c]
- enable certificates for hostbased authentication, from Iain Morgan;
- "looks ok" markus@
- - djm at cvs.openbsd.org 2010/08/04 05:49:22
- [authfile.c]
- commited the wrong version of the hostbased certificate diff; this
- version replaces some strlc{py,at} verbosity with xasprintf() at
- the request of markus@
- - djm at cvs.openbsd.org 2010/08/04 06:07:11
- [ssh-keygen.1 ssh-keygen.c]
- Support CA keys in PKCS#11 tokens; feedback and ok markus@
- - djm at cvs.openbsd.org 2010/08/04 06:08:40
- [ssh-keysign.c]
- clean for -Wuninitialized (Id sync only; portable had this change)
- - djm at cvs.openbsd.org 2010/08/05 13:08:42
- [channels.c]
- Fix a trio of bugs in the local/remote window calculation for datagram
- data channels (i.e. TunnelForward):
-
- Calculate local_consumed correctly in channel_handle_wfd() by measuring
- the delta to buffer_len(c->output) from when we start to when we finish.
- The proximal problem here is that the output_filter we use in portable
- modified the length of the dequeued datagram (to futz with the headers
- for !OpenBSD).
-
- In channel_output_poll(), don't enqueue datagrams that won't fit in the
- peer's advertised packet size (highly unlikely to ever occur) or which
- won't fit in the peer's remaining window (more likely).
-
- In channel_input_data(), account for the 4-byte string header in
- datagram packets that we accept from the peer and enqueue in c->output.
-
- report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
- "looks good" markus@
-
-20100803
- - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
- PAM to sane values in case the PAM method doesn't write to them. Spotted by
- Bitman Zhou, ok djm at .
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/07/16 04:45:30
- [ssh-keygen.c]
- avoid bogus compiler warning
- - djm at cvs.openbsd.org 2010/07/16 14:07:35
- [ssh-rsa.c]
- more timing paranoia - compare all parts of the expected decrypted
- data before returning. AFAIK not exploitable in the SSH protocol.
- "groovy" deraadt@
- - djm at cvs.openbsd.org 2010/07/19 03:16:33
- [sftp-client.c]
- bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
- upload depth checks and causing verbose printing of transfers to always
- be turned on; patch from imorgan AT nas.nasa.gov
- - djm at cvs.openbsd.org 2010/07/19 09:15:12
- [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
- add a "ControlPersist" option that automatically starts a background
- ssh(1) multiplex master when connecting. This connection can stay alive
- indefinitely, or can be set to automatically close after a user-specified
- duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
- further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
- martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
- - djm at cvs.openbsd.org 2010/07/21 02:10:58
- [misc.c]
- sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
- - dtucker at cvs.openbsd.org 2010/07/23 08:49:25
- [ssh.1]
- Ciphers is documented in ssh_config(5) these days
-
-20100819
- - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
- details about its behaviour WRT existing directories. Patch from
- asguthrie at gmail com, ok djm.
-
-20100716
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/07/02 04:32:44
- [misc.c]
- unbreak strdelim() skipping past quoted strings, e.g.
- AllowUsers "blah blah" blah
- was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
- ok dtucker;
- - djm at cvs.openbsd.org 2010/07/12 22:38:52
- [ssh.c]
- Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
- for protocol 2. ok markus@
- - djm at cvs.openbsd.org 2010/07/12 22:41:13
- [ssh.c ssh_config.5]
- expand %h to the hostname in ssh_config Hostname options. While this
- sounds useless, it is actually handy for working with unqualified
- hostnames:
-
- Host *.*
- Hostname %h
- Host *
- Hostname %h.example.org
-
- "I like it" markus@
- - djm at cvs.openbsd.org 2010/07/13 11:52:06
- [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
- [packet.c ssh-rsa.c]
- implement a timing_safe_cmp() function to compare memory without leaking
- timing information by short-circuiting like memcmp() and use it for
- some of the more sensitive comparisons (though nothing high-value was
- readily attackable anyway); "looks ok" markus@
- - djm at cvs.openbsd.org 2010/07/13 23:13:16
- [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
- [ssh-rsa.c]
- s/timing_safe_cmp/timingsafe_bcmp/g
- - jmc at cvs.openbsd.org 2010/07/14 17:06:58
- [ssh.1]
- finally ssh synopsis looks nice again! this commit just removes a ton of
- hacks we had in place to make it work with old groff;
- - schwarze at cvs.openbsd.org 2010/07/15 21:20:38
- [ssh-keygen.1]
- repair incorrect block nesting, which screwed up indentation;
- problem reported and fix OK by jmc@
-
-20100714
- - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
- (line 77) should have been for no_x11_askpass.
-
-20100702
- - (djm) OpenBSD CVS Sync
- - jmc at cvs.openbsd.org 2010/06/26 00:57:07
- [ssh_config.5]
- tweak previous;
- - djm at cvs.openbsd.org 2010/06/26 23:04:04
- [ssh.c]
- oops, forgot to #include <canohost.h>; spotted and patch from chl@
- - djm at cvs.openbsd.org 2010/06/29 23:15:30
- [ssh-keygen.1 ssh-keygen.c]
- allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
- bz#1749; ok markus@
- - djm at cvs.openbsd.org 2010/06/29 23:16:46
- [auth2-pubkey.c sshd_config.5]
- allow key options (command="..." and friends) in AuthorizedPrincipals;
- ok markus@
- - jmc at cvs.openbsd.org 2010/06/30 07:24:25
- [ssh-keygen.1]
- tweak previous;
- - jmc at cvs.openbsd.org 2010/06/30 07:26:03
- [ssh-keygen.c]
- sort usage();
- - jmc at cvs.openbsd.org 2010/06/30 07:28:34
- [sshd_config.5]
- tweak previous;
- - millert at cvs.openbsd.org 2010/07/01 13:06:59
- [scp.c]
- Fix a longstanding problem where if you suspend scp at the
- password/passphrase prompt the terminal mode is not restored.
- OK djm@
- - phessler at cvs.openbsd.org 2010/06/27 19:19:56
- [regress/Makefile]
- fix how we run the tests so we can successfully use SUDO='sudo -E'
- in our env
- - djm at cvs.openbsd.org 2010/06/29 23:59:54
- [cert-userkey.sh]
- regress tests for key options in AuthorizedPrincipals
-
-20100627
- - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
- key.h.
-
-20100626
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/05/21 05:00:36
- [misc.c]
- colon() returns char*, so s/return (0)/return NULL/
- - markus at cvs.openbsd.org 2010/06/08 21:32:19
- [ssh-pkcs11.c]
- check length of value returned C_GetAttributValue for != 0
- from mdrtbugzilla at codefive.co.uk; bugzilla #1773; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/17 07:07:30
- [mux.c]
- Correct sizing of object to be allocated by calloc(), replacing
- sizeof(state) with sizeof(*state). This worked by accident since
- the struct contained a single int at present, but could have broken
- in the future. patch from hyc AT symas.com
- - djm at cvs.openbsd.org 2010/06/18 00:58:39
- [sftp.c]
- unbreak ls in working directories that contains globbing characters in
- their pathnames. bz#1655 reported by vgiffin AT apple.com
- - djm at cvs.openbsd.org 2010/06/18 03:16:03
- [session.c]
- Missing check for chroot_director == "none" (we already checked against
- NULL); bz#1564 from Jan.Pechanec AT Sun.COM
- - djm at cvs.openbsd.org 2010/06/18 04:43:08
- [sftp-client.c]
- fix memory leak in do_realpath() error path; bz#1771, patch from
- anicka AT suse.cz
- - djm at cvs.openbsd.org 2010/06/22 04:22:59
- [servconf.c sshd_config.5]
- expose some more sshd_config options inside Match blocks:
- AuthorizedKeysFile AuthorizedPrincipalsFile
- HostbasedUsesNameFromPacketOnly PermitTunnel
- bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/22 04:32:06
- [ssh-keygen.c]
- standardise error messages when attempting to open private key
- files to include "progname: filename: error reason"
- bz#1783; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/22 04:49:47
- [auth.c]
- queue auth debug messages for bad ownership or permissions on the user's
- keyfiles. These messages will be sent after the user has successfully
- authenticated (where our client will display them with LogLevel=debug).
- bz#1554; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/22 04:54:30
- [ssh-keyscan.c]
- replace verbose and overflow-prone Linebuf code with read_keyfile_line()
- based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/22 04:59:12
- [session.c]
- include the user name on "subsystem request for ..." log messages;
- bz#1571; ok dtucker@
- - djm at cvs.openbsd.org 2010/06/23 02:59:02
- [ssh-keygen.c]
- fix printing of extensions in v01 certificates that I broke in r1.190
- - djm at cvs.openbsd.org 2010/06/25 07:14:46
- [channels.c mux.c readconf.c readconf.h ssh.h]
- bz#1327: remove hardcoded limit of 100 permitopen clauses and port
- forwards per direction; ok markus@ stevesk@
- - djm at cvs.openbsd.org 2010/06/25 07:20:04
- [channels.c session.c]
- bz#1750: fix requirement for /dev/null inside ChrootDirectory for
- internal-sftp accidentally introduced in r1.253 by removing the code
- that opens and dup /dev/null to stderr and modifying the channels code
- to read stderr but discard it instead; ok markus@
- - djm at cvs.openbsd.org 2010/06/25 08:46:17
- [auth1.c auth2-none.c]
- skip the initial check for access with an empty password when
- PermitEmptyPasswords=no; bz#1638; ok markus@
- - djm at cvs.openbsd.org 2010/06/25 23:10:30
- [ssh.c]
- log the hostname and address that we connected to at LogLevel=verbose
- after authentication is successful to mitigate "phishing" attacks by
- servers with trusted keys that accept authentication silently and
- automatically before presenting fake password/passphrase prompts;
- "nice!" markus@
- - djm at cvs.openbsd.org 2010/06/25 23:10:30
- [ssh.c]
- log the hostname and address that we connected to at LogLevel=verbose
- after authentication is successful to mitigate "phishing" attacks by
- servers with trusted keys that accept authentication silently and
- automatically before presenting fake password/passphrase prompts;
- "nice!" markus@
-
-20100622
- - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
- bz#1579; ok dtucker
-
-20100618
- - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
- rather than assuming that $CWD == $HOME. bz#1500, patch from
- timothy AT gelter.com
-
-20100617
- - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
- minires-devel package, and to add the reference to the libedit-devel
- package since CYgwin now provides libedit. Patch from Corinna Vinschen.
-
-20100521
- - (djm) OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/05/07 11:31:26
- [regress/Makefile regress/cert-userkey.sh]
- regress tests for AuthorizedPrincipalsFile and "principals=" key option.
- feedback and ok markus@
- - djm at cvs.openbsd.org 2010/05/11 02:58:04
- [auth-rsa.c]
- don't accept certificates marked as "cert-authority" here; ok markus@
- - djm at cvs.openbsd.org 2010/05/14 00:47:22
- [ssh-add.c]
- check that the certificate matches the corresponding private key before
- grafting it on
- - djm at cvs.openbsd.org 2010/05/14 23:29:23
- [channels.c channels.h mux.c ssh.c]
- Pause the mux channel while waiting for reply from aynch callbacks.
- Prevents misordering of replies if new requests arrive while waiting.
-
- Extend channel open confirm callback to allow signalling failure
- conditions as well as success. Use this to 1) fix a memory leak, 2)
- start using the above pause mechanism and 3) delay sending a success/
- failure message on mux slave session open until we receive a reply from
- the server.
-
- motivated by and with feedback from markus@
- - markus at cvs.openbsd.org 2010/05/16 12:55:51
- [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
- mux support for remote forwarding with dynamic port allocation,
- use with
- LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
- feedback and ok djm@
- - djm at cvs.openbsd.org 2010/05/20 11:25:26
- [auth2-pubkey.c]
- fix logspam when key options (from="..." especially) deny non-matching
- keys; reported by henning@ also bz#1765; ok markus@ dtucker@
- - djm at cvs.openbsd.org 2010/05/20 23:46:02
- [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
- Move the permit-* options to the non-critical "extensions" field for v01
- certificates. The logic is that if another implementation fails to
- implement them then the connection just loses features rather than fails
- outright.
-
- ok markus@
-
-20100511
- - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
- circular dependency problem on old or odd platforms. From Tom Lane, ok
- djm at .
- - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
- libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
- already. ok dtucker@
-
-20100510
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/04/23 01:47:41
- [ssh-keygen.c]
- bz#1740: display a more helpful error message when $HOME is
- inaccessible while trying to create .ssh directory. Based on patch
- from jchadima AT redhat.com; ok dtucker@
- - djm at cvs.openbsd.org 2010/04/23 22:27:38
- [mux.c]
- set "detach_close" flag when registering channel cleanup callbacks.
- This causes the channel to close normally when its fds close and
- hangs when terminating a mux slave using ~. bz#1758; ok markus@
- - djm at cvs.openbsd.org 2010/04/23 22:42:05
- [session.c]
- set stderr to /dev/null for subsystems rather than just closing it.
- avoids hangs if a subsystem or shell initialisation writes to stderr.
- bz#1750; ok markus@
- - djm at cvs.openbsd.org 2010/04/23 22:48:31
- [ssh-keygen.c]
- refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
- since we would refuse to use them anyway. bz#1516; ok dtucker@
- - djm at cvs.openbsd.org 2010/04/26 22:28:24
- [sshconnect2.c]
- bz#1502: authctxt.success is declared as an int, but passed by
- reference to function that accepts sig_atomic_t*. Convert it to
- the latter; ok markus@ dtucker@
- - djm at cvs.openbsd.org 2010/05/01 02:50:50
- [PROTOCOL.certkeys]
- typo; jmeltzer@
- - dtucker at cvs.openbsd.org 2010/05/05 04:22:09
- [sftp.c]
- restore mput and mget which got lost in the tab-completion changes.
- found by Kenneth Whitaker, ok djm@
- - djm at cvs.openbsd.org 2010/05/07 11:30:30
- [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
- [key.c servconf.c servconf.h sshd.8 sshd_config.5]
- add some optional indirection to matching of principal names listed
- in certificates. Currently, a certificate must include the a user's name
- to be accepted for authentication. This change adds the ability to
- specify a list of certificate principal names that are acceptable.
-
- When authenticating using a CA trusted through ~/.ssh/authorized_keys,
- this adds a new principals="name1[,name2,...]" key option.
-
- For CAs listed through sshd_config's TrustedCAKeys option, a new config
- option "AuthorizedPrincipalsFile" specifies a per-user file containing
- the list of acceptable names.
-
- If either option is absent, the current behaviour of requiring the
- username to appear in principals continues to apply.
-
- These options are useful for role accounts, disjoint account namespaces
- and "user at realm"-style naming policies in certificates.
-
- feedback and ok markus@
- - jmc at cvs.openbsd.org 2010/05/07 12:49:17
- [sshd_config.5]
- tweak previous;
-
-20100423
- - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
- in the openssl install directory (some newer openssl versions do this on at
- least some amd64 platforms).
-
-20100418
- - OpenBSD CVS Sync
- - jmc at cvs.openbsd.org 2010/04/16 06:45:01
- [ssh_config.5]
- tweak previous; ok djm
- - jmc at cvs.openbsd.org 2010/04/16 06:47:04
- [ssh-keygen.1 ssh-keygen.c]
- tweak previous; ok djm
- - djm at cvs.openbsd.org 2010/04/16 21:14:27
- [sshconnect.c]
- oops, %r => remote username, not %u
- - djm at cvs.openbsd.org 2010/04/16 01:58:45
- [regress/cert-hostkey.sh regress/cert-userkey.sh]
- regression tests for v01 certificate format
- includes interop tests for v00 certs
- - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
- file.
-
-20100416
- - (djm) Release openssh-5.5p1
- - OpenBSD CVS Sync
- - djm at cvs.openbsd.org 2010/03/26 03:13:17
- [bufaux.c]
- allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
- argument to allow skipping past values in a buffer
- - jmc at cvs.openbsd.org 2010/03/26 06:54:36
- [ssh.1]
- tweak previous;
- - jmc at cvs.openbsd.org 2010/03/27 14:26:55
- [ssh_config.5]
- tweak previous; ok dtucker
- - djm at cvs.openbsd.org 2010/04/10 00:00:16
- [ssh.c]
- bz#1746 - suppress spurious tty warning when using -O and stdin
- is not a tty; ok dtucker@ markus@
- - djm at cvs.openbsd.org 2010/04/10 00:04:30
- [sshconnect.c]
- fix terminology: we didn't find a certificate in known_hosts, we found
- a CA key
- - djm at cvs.openbsd.org 2010/04/10 02:08:44
- [clientloop.c]
- bz#1698: kill channel when pty allocation requests fail. Fixed
- stuck client if the server refuses pty allocation.
- ok dtucker@ "think so" markus@
- - djm at cvs.openbsd.org 2010/04/10 02:10:56
- [sshconnect2.c]
- show the key type that we are offering in debug(), helps distinguish
- between certs and plain keys as the path to the private key is usually
- the same.
- - djm at cvs.openbsd.org 2010/04/10 05:48:16
- [mux.c]
- fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
- - djm at cvs.openbsd.org 2010/04/14 22:27:42
- [ssh_config.5 sshconnect.c]
- expand %r => remote username in ssh_config:ProxyCommand;
- ok deraadt markus
- - markus at cvs.openbsd.org 2010/04/15 20:32:55
- [ssh-pkcs11.c]
- retry lookup for private key if there's no matching key with CKA_SIGN
- attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
- ok djm@
- - djm at cvs.openbsd.org 2010/04/16 01:47:26
- [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
- [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
- [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
- [sshconnect.c sshconnect2.c sshd.c]
- revised certificate format ssh-{dss,rsa}-cert-v01 at openssh.com with the
- following changes:
-
- move the nonce field to the beginning of the certificate where it can
- better protect against chosen-prefix attacks on the signature hash
-
- Rename "constraints" field to "critical options"
-
- Add a new non-critical "extensions" field
-
- Add a serial number
-
- The older format is still support for authentication and cert generation
- (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
-
- ok markus@
Modified: vendor-crypto/openssh/dist/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/Makefile.in 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/Makefile.in 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $
+# $Id: Makefile.in,v 1.356 2014/02/04 00:12:56 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -73,7 +73,10 @@
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
- jpake.o schnorr.o ssh-pkcs11.o krl.o
+ ssh-pkcs11.o krl.o smult_curve25519_ref.o \
+ kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
+ ssh-ed25519.o digest-openssl.o hmac.o \
+ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
@@ -85,15 +88,15 @@
auth.o auth1.o auth2.o auth-options.o session.o \
auth-chall.o auth2-chall.o groupaccess.o \
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
- auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
- auth-krb5.o \
+ kexc25519s.o auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
roaming_common.o roaming_serv.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
- sandbox-seccomp-filter.o
+ sandbox-seccomp-filter.o sandbox-capsicum.o
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -112,6 +115,7 @@
-e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
-e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
@@ -332,6 +336,11 @@
else \
./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \
fi ; \
+ if [ -f $(sysconfdir)/ssh_host_ed25519_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_ed25519_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t ed25519 -f $(sysconfdir)/ssh_host_ed25519_key -N "" ; \
+ fi ; \
if [ -z "@COMMENT_OUT_ECC@" ] ; then \
if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \
echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \
@@ -345,6 +354,7 @@
./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+ ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""
uninstallall: uninstall
@@ -391,9 +401,17 @@
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT)
+regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+ [ -f `pwd`/regress/Makefile ] || \
+ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT) regress/setuid-allowed$(EXEEXT)
BUILDDIR=`pwd`; \
TEST_SHELL="@TEST_SHELL@"; \
+ TEST_SSH_SCP="$${BUILDDIR}/scp"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@@ -408,7 +426,6 @@
TEST_SSH_CONCH="conch"; \
TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
- TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
@@ -416,7 +433,9 @@
BUILDDIR="$${BUILDDIR}" \
OBJ="$${BUILDDIR}/regress/" \
PATH="$${BUILDDIR}:$${PATH}" \
+ TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
TEST_SHELL="$${TEST_SHELL}" \
+ TEST_SSH_SCP="$${TEST_SSH_SCP}" \
TEST_SSH_SSH="$${TEST_SSH_SSH}" \
TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
@@ -431,7 +450,6 @@
TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
- TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
EXEEXT="$(EXEEXT)" \
$@ && echo all tests passed
@@ -456,4 +474,3 @@
if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
sh buildpkg.sh; \
fi
-
Modified: vendor-crypto/openssh/dist/PROTOCOL
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/PROTOCOL 2014-10-11 16:33:18 UTC (rev 6863)
@@ -91,6 +91,17 @@
the exchanged MAC algorithms are ignored and there doesn't have to be
a matching MAC.
+1.7 transport: chacha20-poly1305 at openssh.com authenticated encryption
+
+OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
+as described in PROTOCOL.chacha20poly1305.
+
+1.8 transport: curve25519-sha256 at libssh.org key exchange algorithm
+
+OpenSSH supports the use of ECDH in Curve25519 for key exchange as
+described at:
+http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
+
2. Connection protocol changes
2.1. connection: Channel write close extension "eow at openssh.com"
@@ -331,4 +342,18 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.20 2013/01/08 18:49:04 markus Exp $
+10. sftp: Extension request "fsync at openssh.com"
+
+This request asks the server to call fsync(2) on an open file handle.
+
+ uint32 id
+ string "fsync at openssh.com"
+ string handle
+
+One receiving this request, a server will call fsync(handle_fd) and will
+respond with a SSH_FXP_STATUS message.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+$OpenBSD: PROTOCOL,v 1.23 2013/12/01 23:19:05 djm Exp $
Added: vendor-crypto/openssh/dist/PROTOCOL.chacha20poly1305
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.chacha20poly1305 (rev 0)
+++ vendor-crypto/openssh/dist/PROTOCOL.chacha20poly1305 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,105 @@
+This document describes the chacha20-poly1305 at openssh.com authenticated
+encryption cipher supported by OpenSSH.
+
+Background
+----------
+
+ChaCha20 is a stream cipher designed by Daniel Bernstein and described
+in [1]. It operates by permuting 128 fixed bits, 128 or 256 bits of key,
+a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output
+is used as a keystream, with any unused bytes simply discarded.
+
+Poly1305[2], also by Daniel Bernstein, is a one-time Carter-Wegman MAC
+that computes a 128 bit integrity tag given a message and a single-use
+256 bit secret key.
+
+The chacha20-poly1305 at openssh.com combines these two primitives into an
+authenticated encryption mode. The construction used is based on that
+proposed for TLS by Adam Langley in [3], but differs in the layout of
+data passed to the MAC and in the addition of encyption of the packet
+lengths.
+
+Negotiation
+-----------
+
+The chacha20-poly1305 at openssh.com offers both encryption and
+authentication. As such, no separate MAC is required. If the
+chacha20-poly1305 at openssh.com cipher is selected in key exchange,
+the offered MAC algorithms are ignored and no MAC is required to be
+negotiated.
+
+Detailed Construction
+---------------------
+
+The chacha20-poly1305 at openssh.com cipher requires 512 bits of key
+material as output from the SSH key exchange. This forms two 256 bit
+keys (K_1 and K_2), used by two separate instances of chacha20.
+
+The instance keyed by K_1 is a stream cipher that is used only
+to encrypt the 4 byte packet length field. The second instance,
+keyed by K_2, is used in conjunction with poly1305 to build an AEAD
+(Authenticated Encryption with Associated Data) that is used to encrypt
+and authenticate the entire packet.
+
+Two separate cipher instances are used here so as to keep the packet
+lengths confidential but not create an oracle for the packet payload
+cipher by decrypting and using the packet length prior to checking
+the MAC. By using an independently-keyed cipher instance to encrypt the
+length, an active attacker seeking to exploit the packet input handling
+as a decryption oracle can learn nothing about the payload contents or
+its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure).
+
+The AEAD is constructed as follows: for each packet, generate a Poly1305
+key by taking the first 256 bits of ChaCha20 stream output generated
+using K_2, an IV consisting of the packet sequence number encoded as an
+uint64 under the SSH wire encoding rules and a ChaCha20 block counter of
+zero. The K_2 ChaCha20 block counter is then set to the little-endian
+encoding of 1 (i.e. {1, 0, 0, 0, 0, 0, 0, 0}) and this instance is used
+for encryption of the packet payload.
+
+Packet Handling
+---------------
+
+When receiving a packet, the length must be decrypted first. When 4
+bytes of ciphertext length have been received, they may be decrypted
+using the K_1 key, a nonce consisting of the packet sequence number
+encoded as a uint64 under the usual SSH wire encoding and a zero block
+counter to obtain the plaintext length.
+
+Once the entire packet has been received, the MAC MUST be checked
+before decryption. A per-packet Poly1305 key is generated as described
+above and the MAC tag calculated using Poly1305 with this key over the
+ciphertext of the packet length and the payload together. The calculated
+MAC is then compared in constant time with the one appended to the
+packet and the packet decrypted using ChaCha20 as described above (with
+K_2, the packet sequence number as nonce and a starting block counter of
+1).
+
+To send a packet, first encode the 4 byte length and encrypt it using
+K_1. Encrypt the packet payload (using K_2) and append it to the
+encrypted length. Finally, calculate a MAC tag and append it.
+
+Rekeying
+--------
+
+ChaCha20 must never reuse a {key, nonce} for encryption nor may it be
+used to encrypt more than 2^70 bytes under the same {key, nonce}. The
+SSH Transport protocol (RFC4253) recommends a far more conservative
+rekeying every 1GB of data sent or received. If this recommendation
+is followed, then chacha20-poly1305 at openssh.com requires no special
+handling in this area.
+
+References
+----------
+
+[1] "ChaCha, a variant of Salsa20", Daniel Bernstein
+ http://cr.yp.to/chacha/chacha-20080128.pdf
+
+[2] "The Poly1305-AES message-authentication code", Daniel Bernstein
+ http://cr.yp.to/mac/poly1305-20050329.pdf
+
+[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
+ http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
+
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $
+
Added: vendor-crypto/openssh/dist/PROTOCOL.key
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.key (rev 0)
+++ vendor-crypto/openssh/dist/PROTOCOL.key 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,68 @@
+This document describes the private key format for OpenSSH.
+
+1. Overall format
+
+The key consists of a header, a list of public keys, and
+an encrypted list of matching private keys.
+
+#define AUTH_MAGIC "openssh-key-v1"
+
+ byte[] AUTH_MAGIC
+ string ciphername
+ string kdfname
+ string kdfoptions
+ int number of keys N
+ string publickey1
+ string publickey2
+ ...
+ string publickeyN
+ string encrypted, padded list of private keys
+
+2. KDF options for kdfname "bcrypt"
+
+The options:
+
+ string salt
+ uint32 rounds
+
+are concatenated and represented as a string.
+
+3. Unencrypted list of N private keys
+
+The list of privatekey/comment pairs is padded with the
+bytes 1, 2, 3, ... until the total length is a multiple
+of the cipher block size.
+
+ uint32 checkint
+ uint32 checkint
+ string privatekey1
+ string comment1
+ string privatekey2
+ string comment2
+ ...
+ string privatekeyN
+ string commentN
+ char 1
+ char 2
+ char 3
+ ...
+ char padlen % 255
+
+Before the key is encrypted, a random integer is assigned
+to both checkint fields so successful decryption can be
+quickly checked by verifying that both checkint fields
+hold the same value.
+
+4. Encryption
+
+The KDF is used to derive a key, IV (and other values required by
+the cipher) from the passphrase. These values are then used to
+encrypt the unencrypted list of private keys.
+
+5. No encryption
+
+For unencrypted keys the cipher "none" and the KDF "none"
+are used with empty passphrases. The options if the KDF "none"
+are the empty string.
+
+$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $
Modified: vendor-crypto/openssh/dist/README
===================================================================
--- vendor-crypto/openssh/dist/README 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/README 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-6.4 for the release notes.
+See http://www.openssh.com/txt/release-6.6 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.83.4.1 2013/11/08 01:36:17 djm Exp $
+$Id: README,v 1.86 2014/02/27 23:03:53 djm Exp $
Modified: vendor-crypto/openssh/dist/aclocal.m4
===================================================================
--- vendor-crypto/openssh/dist/aclocal.m4 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/aclocal.m4 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-dnl $Id: aclocal.m4,v 1.9 2013/06/02 21:31:27 tim Exp $
+dnl $Id: aclocal.m4,v 1.13 2014/01/22 10:30:12 djm Exp $
dnl
dnl OpenSSH-specific autoconf macros
dnl
@@ -8,12 +8,24 @@
dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
dnl 'check_flag'.
AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
- AC_MSG_CHECKING([if $CC supports $1])
+ AC_MSG_CHECKING([if $CC supports compile flag $1])
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $1"
+ CFLAGS="$CFLAGS $WERROR $1"
_define_flag="$2"
test "x$_define_flag" = "x" && _define_flag="$1"
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+ ]])],
[
if `grep -i "unrecognized option" conftest.err >/dev/null`
then
@@ -28,7 +40,73 @@
)
}])
+dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag])
+dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
+dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
+dnl 'check_flag'.
+AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{
+ AC_MSG_CHECKING([if $CC supports compile flag $1 and linking succeeds])
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $WERROR $1"
+ _define_flag="$2"
+ test "x$_define_flag" = "x" && _define_flag="$1"
+ AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+ ]])],
+ [
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS"
+else
+ AC_MSG_RESULT([yes])
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi],
+ [ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS" ]
+ )
+}])
+dnl OSSH_CHECK_LDFLAG_LINK(check_flag[, define_flag])
+dnl Check that $LD accepts a flag 'check_flag'. If it is supported append
+dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append
+dnl 'check_flag'.
+AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{
+ AC_MSG_CHECKING([if $LD supports link flag $1])
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $WERROR $1"
+ _define_flag="$2"
+ test "x$_define_flag" = "x" && _define_flag="$1"
+ AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ LDFLAGS="$saved_LDFLAGS $_define_flag"],
+ [ AC_MSG_RESULT([no])
+ LDFLAGS="$saved_LDFLAGS" ]
+ )
+}])
+
dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
dnl If found, set 'symbol' to be defined. Cache the result.
Modified: vendor-crypto/openssh/dist/addrmatch.c
===================================================================
--- vendor-crypto/openssh/dist/addrmatch.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/addrmatch.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.9 2014/01/19 11:21:51 dtucker Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm at mindrot.org>
@@ -88,13 +88,13 @@
switch (sa->sa_family) {
case AF_INET:
- if (slen < sizeof(*in4))
+ if (slen < (socklen_t)sizeof(*in4))
return -1;
xa->af = AF_INET;
memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
break;
case AF_INET6:
- if (slen < sizeof(*in6))
+ if (slen < (socklen_t)sizeof(*in6))
return -1;
xa->af = AF_INET6;
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
Modified: vendor-crypto/openssh/dist/atomicio.c
===================================================================
--- vendor-crypto/openssh/dist/atomicio.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/atomicio.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -56,8 +56,10 @@
ssize_t res;
struct pollfd pfd;
+#ifndef BROKEN_READ_COMPARISON
pfd.fd = fd;
pfd.events = f == read ? POLLIN : POLLOUT;
+#endif
while (n > pos) {
res = (f) (fd, s + pos, n - pos);
switch (res) {
@@ -65,7 +67,9 @@
if (errno == EINTR)
continue;
if (errno == EAGAIN || errno == EWOULDBLOCK) {
+#ifndef BROKEN_READ_COMPARISON
(void)poll(&pfd, 1, -1);
+#endif
continue;
}
return 0;
Modified: vendor-crypto/openssh/dist/auth-krb5.c
===================================================================
--- vendor-crypto/openssh/dist/auth-krb5.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth-krb5.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -157,7 +157,8 @@
if (problem)
goto out;
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
+ authctxt->pw->pw_name)) {
problem = -1;
goto out;
}
Modified: vendor-crypto/openssh/dist/auth-options.c
===================================================================
--- vendor-crypto/openssh/dist/auth-options.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth-options.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -33,10 +33,6 @@
#include "auth-options.h"
#include "hostfile.h"
#include "auth.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@@ -436,7 +432,7 @@
u_char *data_blob = NULL;
u_int nlen, dlen, clen;
Buffer c, data;
- int ret = -1, found;
+ int ret = -1, result, found;
buffer_init(&data);
@@ -505,11 +501,12 @@
goto out;
}
remote_ip = get_remote_ipaddr();
- switch (addr_match_cidr_list(remote_ip,
- allowed)) {
+ result = addr_match_cidr_list(remote_ip,
+ allowed);
+ free(allowed);
+ switch (result) {
case 1:
/* accepted */
- free(allowed);
break;
case 0:
/* no match */
@@ -522,12 +519,11 @@
"is not permitted to use this "
"certificate for login.",
remote_ip);
- free(allowed);
goto out;
case -1:
+ default:
error("Certificate source-address "
"contents invalid");
- free(allowed);
goto out;
}
found = 1;
Modified: vendor-crypto/openssh/dist/auth-pam.c
===================================================================
--- vendor-crypto/openssh/dist/auth-pam.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth-pam.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -438,8 +438,10 @@
const char **ptr_pam_user = &pam_user;
char *tz = getenv("TZ");
- pam_get_item(sshpam_handle, PAM_USER,
+ sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
(sshpam_const void **)ptr_pam_user);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
environ[0] = NULL;
if (tz != NULL)
Modified: vendor-crypto/openssh/dist/auth-rsa.c
===================================================================
--- vendor-crypto/openssh/dist/auth-rsa.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth-rsa.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.86 2014/01/27 19:18:54 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -20,7 +20,6 @@
#include <sys/stat.h>
#include <openssl/rsa.h>
-#include <openssl/md5.h>
#include <pwd.h>
#include <stdio.h>
@@ -48,6 +47,8 @@
#include "ssh.h"
#include "misc.h"
+#include "digest.h"
+
/* import */
extern ServerOptions options;
@@ -91,12 +92,13 @@
auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
{
u_char buf[32], mdbuf[16];
- MD5_CTX md;
+ struct ssh_digest_ctx *md;
int len;
/* don't allow short keys */
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits",
+ error("%s: RSA modulus too small: %d < minimum %d bits",
+ __func__,
BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
return (0);
}
@@ -104,13 +106,15 @@
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
if (len <= 0 || len > 32)
- fatal("auth_rsa_verify_response: bad challenge length %d", len);
+ fatal("%s: bad challenge length %d", __func__, len);
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
- MD5_Init(&md);
- MD5_Update(&md, buf, 32);
- MD5_Update(&md, session_id, 16);
- MD5_Final(mdbuf, &md);
+ if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+ ssh_digest_update(md, buf, 32) < 0 ||
+ ssh_digest_update(md, session_id, 16) < 0 ||
+ ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0)
+ fatal("%s: md5 failed", __func__);
+ ssh_digest_free(md);
/* Verify that the response is the original challenge. */
if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
Modified: vendor-crypto/openssh/dist/auth.h
===================================================================
--- vendor-crypto/openssh/dist/auth.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -61,7 +61,6 @@
char *style;
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
- void *jpake_ctx;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
@@ -175,9 +174,6 @@
int skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int skey_respond(void *, u_int, char **);
-void auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **);
-void auth2_jpake_stop(Authctxt *);
-
int allowed_user(struct passwd *);
struct passwd * getpwnamallow(const char *user);
Modified: vendor-crypto/openssh/dist/auth1.c
===================================================================
--- vendor-crypto/openssh/dist/auth1.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth1.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -129,7 +129,7 @@
/* Try authentication with the password. */
authenticated = PRIVSEP(auth_password(authctxt, password));
- memset(password, 0, dlen);
+ explicit_bzero(password, dlen);
free(password);
return (authenticated);
@@ -222,7 +222,7 @@
response = packet_get_string(&dlen);
packet_check_eom();
authenticated = verify_response(authctxt, response);
- memset(response, 'r', dlen);
+ explicit_bzero(response, dlen);
free(response);
return (authenticated);
Modified: vendor-crypto/openssh/dist/auth2-chall.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-chall.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-chall.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.39 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -148,7 +148,7 @@
if (kbdintctxt->device)
kbdint_reset_device(kbdintctxt);
free(kbdintctxt->devices);
- bzero(kbdintctxt, sizeof(*kbdintctxt));
+ explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
free(kbdintctxt);
}
/* get next device */
@@ -312,7 +312,7 @@
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
- memset(response[i], 'r', strlen(response[i]));
+ explicit_bzero(response[i], strlen(response[i]));
free(response[i]);
}
free(response);
Modified: vendor-crypto/openssh/dist/auth2-gss.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-gss.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-gss.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -62,7 +62,6 @@
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
- gss_OID_set supported;
int present;
OM_uint32 ms;
u_int len;
@@ -77,7 +76,6 @@
return (0);
}
- ssh_gssapi_supported_oids(&supported);
do {
mechs--;
@@ -90,15 +88,12 @@
doid[1] == len - 2) {
goid.elements = doid + 2;
goid.length = len - 2;
- gss_test_oid_set_member(&ms, &goid, supported,
- &present);
+ ssh_gssapi_test_oid_supported(&ms, &goid, &present);
} else {
logit("Badly formed OID received");
}
} while (mechs > 0 && !present);
- gss_release_oid_set(&ms, &supported);
-
if (!present) {
free(doid);
authctxt->server_caused_failure = 1;
Modified: vendor-crypto/openssh/dist/auth2-hostbased.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-hostbased.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-hostbased.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.17 2013/12/30 23:52:27 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -100,6 +100,12 @@
"(received %d, expected %d)", key->type, pktype);
goto done;
}
+ if (key_type_plain(key->type) == KEY_RSA &&
+ (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ error("Refusing RSA key because peer uses unsafe "
+ "signature format");
+ goto done;
+ }
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
buffer_init(&b);
Deleted: vendor-crypto/openssh/dist/auth2-jpake.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-jpake.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-jpake.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,563 +0,0 @@
-/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
-/*
- * Copyright (c) 2008 Damien Miller. All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Server side of zero-knowledge password auth using J-PAKE protocol
- * as described in:
- *
- * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
- * 16th Workshop on Security Protocols, Cambridge, April 2008
- *
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- */
-
-#ifdef JPAKE
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <pwd.h>
-#include <stdio.h>
-#include <string.h>
-#include <login_cap.h>
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-
-#include "xmalloc.h"
-#include "ssh2.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "buffer.h"
-#include "packet.h"
-#include "dispatch.h"
-#include "log.h"
-#include "servconf.h"
-#include "auth-options.h"
-#include "canohost.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-
-#include "schnorr.h"
-#include "jpake.h"
-
-/*
- * XXX options->permit_empty_passwd (at the moment, they will be refused
- * anyway because they will mismatch on fake salt.
- */
-
-/* Dispatch handlers */
-static void input_userauth_jpake_client_step1(int, u_int32_t, void *);
-static void input_userauth_jpake_client_step2(int, u_int32_t, void *);
-static void input_userauth_jpake_client_confirm(int, u_int32_t, void *);
-
-static int auth2_jpake_start(Authctxt *);
-
-/* import */
-extern ServerOptions options;
-extern u_char *session_id2;
-extern u_int session_id2_len;
-
-/*
- * Attempt J-PAKE authentication.
- */
-static int
-userauth_jpake(Authctxt *authctxt)
-{
- int authenticated = 0;
-
- packet_check_eom();
-
- debug("jpake-01 at openssh.com requested");
-
- if (authctxt->user != NULL) {
- if (authctxt->jpake_ctx == NULL)
- authctxt->jpake_ctx = jpake_new();
- if (options.zero_knowledge_password_authentication)
- authenticated = auth2_jpake_start(authctxt);
- }
-
- return authenticated;
-}
-
-Authmethod method_jpake = {
- "jpake-01 at openssh.com",
- userauth_jpake,
- &options.zero_knowledge_password_authentication
-};
-
-/* Clear context and callbacks */
-void
-auth2_jpake_stop(Authctxt *authctxt)
-{
- /* unregister callbacks */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
- if (authctxt->jpake_ctx != NULL) {
- jpake_free(authctxt->jpake_ctx);
- authctxt->jpake_ctx = NULL;
- }
-}
-
-/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */
-static int
-valid_crypt_salt(int c)
-{
- if (c >= 'A' && c <= 'Z')
- return 1;
- if (c >= 'a' && c <= 'z')
- return 1;
- if (c >= '.' && c <= '9')
- return 1;
- return 0;
-}
-
-/*
- * Derive fake salt as H(username || first_private_host_key)
- * This provides relatively stable fake salts for non-existent
- * users and avoids the jpake method becoming an account validity
- * oracle.
- */
-static void
-derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
-{
- u_char *digest;
- u_int digest_len;
- Buffer b;
- Key *k;
-
- buffer_init(&b);
- buffer_put_cstring(&b, username);
- if ((k = get_hostkey_by_index(0)) == NULL ||
- (k->flags & KEY_FLAG_EXT))
- fatal("%s: no hostkeys", __func__);
- switch (k->type) {
- case KEY_RSA1:
- case KEY_RSA:
- if (k->rsa->p == NULL || k->rsa->q == NULL)
- fatal("%s: RSA key missing p and/or q", __func__);
- buffer_put_bignum2(&b, k->rsa->p);
- buffer_put_bignum2(&b, k->rsa->q);
- break;
- case KEY_DSA:
- if (k->dsa->priv_key == NULL)
- fatal("%s: DSA key missing priv_key", __func__);
- buffer_put_bignum2(&b, k->dsa->priv_key);
- break;
- case KEY_ECDSA:
- if (EC_KEY_get0_private_key(k->ecdsa) == NULL)
- fatal("%s: ECDSA key missing priv_key", __func__);
- buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa));
- break;
- default:
- fatal("%s: unknown key type %d", __func__, k->type);
- }
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
- &digest, &digest_len) != 0)
- fatal("%s: hash_buffer", __func__);
- buffer_free(&b);
- if (len > digest_len)
- fatal("%s: not enough bytes for rawsalt (want %u have %u)",
- __func__, len, digest_len);
- memcpy(rawsalt, digest, len);
- bzero(digest, digest_len);
- free(digest);
-}
-
-/* ASCII an integer [0, 64) for inclusion in a password/salt */
-static char
-pw_encode64(u_int i64)
-{
- const u_char e64[] =
- "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
- return e64[i64 % 64];
-}
-
-/* Generate ASCII salt bytes for user */
-static char *
-makesalt(u_int want, const char *user)
-{
- u_char rawsalt[32];
- static char ret[33];
- u_int i;
-
- if (want > sizeof(ret) - 1)
- fatal("%s: want %u", __func__, want);
-
- derive_rawsalt(user, rawsalt, sizeof(rawsalt));
- bzero(ret, sizeof(ret));
- for (i = 0; i < want; i++)
- ret[i] = pw_encode64(rawsalt[i]);
- bzero(rawsalt, sizeof(rawsalt));
-
- return ret;
-}
-
-/*
- * Select the system's default password hashing scheme and generate
- * a stable fake salt under it for use by a non-existent account.
- * Prevents jpake method being used to infer the validity of accounts.
- */
-static void
-fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
-{
- char *rounds_s, *style;
- long long rounds;
- login_cap_t *lc;
-
-
- if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL &&
- (lc = login_getclass(NULL)) == NULL)
- fatal("%s: login_getclass failed", __func__);
- style = login_getcapstr(lc, "localcipher", NULL, NULL);
- if (style == NULL)
- style = xstrdup("blowfish,6");
- login_close(lc);
-
- if ((rounds_s = strchr(style, ',')) != NULL)
- *rounds_s++ = '\0';
- rounds = strtonum(rounds_s, 1, 1<<31, NULL);
-
- if (strcmp(style, "md5") == 0) {
- xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user));
- *scheme = xstrdup("md5");
- } else if (strcmp(style, "old") == 0) {
- *salt = xstrdup(makesalt(2, authctxt->user));
- *scheme = xstrdup("crypt");
- } else if (strcmp(style, "newsalt") == 0) {
- rounds = MAX(rounds, 7250);
- rounds = MIN(rounds, (1<<24) - 1);
- xasprintf(salt, "_%c%c%c%c%s",
- pw_encode64(rounds), pw_encode64(rounds >> 6),
- pw_encode64(rounds >> 12), pw_encode64(rounds >> 18),
- makesalt(4, authctxt->user));
- *scheme = xstrdup("crypt-extended");
- } else {
- /* Default to blowfish */
- rounds = MAX(rounds, 3);
- rounds = MIN(rounds, 31);
- xasprintf(salt, "$2a$%02lld$%s", rounds,
- makesalt(22, authctxt->user));
- *scheme = xstrdup("bcrypt");
- }
- free(style);
- debug3("%s: fake %s salt for user %s: %s",
- __func__, *scheme, authctxt->user, *salt);
-}
-
-/*
- * Fetch password hashing scheme, password salt and derive shared secret
- * for user. If user does not exist, a fake but stable and user-unique
- * salt will be returned.
- */
-void
-auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
- char **hash_scheme, char **salt)
-{
- char *cp;
- u_char *secret;
- u_int secret_len, salt_len;
-
-#ifdef JPAKE_DEBUG
- debug3("%s: valid %d pw %.5s...", __func__,
- authctxt->valid, authctxt->pw->pw_passwd);
-#endif
-
- *salt = NULL;
- *hash_scheme = NULL;
- if (authctxt->valid) {
- if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 &&
- strlen(authctxt->pw->pw_passwd) > 28) {
- /*
- * old-variant bcrypt:
- * "$2$", 2 digit rounds, "$", 22 bytes salt
- */
- salt_len = 3 + 2 + 1 + 22 + 1;
- *salt = xmalloc(salt_len);
- strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
- *hash_scheme = xstrdup("bcrypt");
- } else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 &&
- strlen(authctxt->pw->pw_passwd) > 29) {
- /*
- * current-variant bcrypt:
- * "$2a$", 2 digit rounds, "$", 22 bytes salt
- */
- salt_len = 4 + 2 + 1 + 22 + 1;
- *salt = xmalloc(salt_len);
- strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
- *hash_scheme = xstrdup("bcrypt");
- } else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 &&
- strlen(authctxt->pw->pw_passwd) > 5) {
- /*
- * md5crypt:
- * "$1$", salt until "$"
- */
- cp = strchr(authctxt->pw->pw_passwd + 3, '$');
- if (cp != NULL) {
- salt_len = (cp - authctxt->pw->pw_passwd) + 1;
- *salt = xmalloc(salt_len);
- strlcpy(*salt, authctxt->pw->pw_passwd,
- salt_len);
- *hash_scheme = xstrdup("md5crypt");
- }
- } else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 &&
- strlen(authctxt->pw->pw_passwd) > 9) {
- /*
- * BSDI extended crypt:
- * "_", 4 digits count, 4 chars salt
- */
- salt_len = 1 + 4 + 4 + 1;
- *salt = xmalloc(salt_len);
- strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
- *hash_scheme = xstrdup("crypt-extended");
- } else if (strlen(authctxt->pw->pw_passwd) == 13 &&
- valid_crypt_salt(authctxt->pw->pw_passwd[0]) &&
- valid_crypt_salt(authctxt->pw->pw_passwd[1])) {
- /*
- * traditional crypt:
- * 2 chars salt
- */
- salt_len = 2 + 1;
- *salt = xmalloc(salt_len);
- strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
- *hash_scheme = xstrdup("crypt");
- }
- if (*salt == NULL) {
- debug("%s: unrecognised crypt scheme for user %s",
- __func__, authctxt->pw->pw_name);
- }
- }
- if (*salt == NULL)
- fake_salt_and_scheme(authctxt, salt, hash_scheme);
-
- if (hash_buffer(authctxt->pw->pw_passwd,
- strlen(authctxt->pw->pw_passwd), EVP_sha256(),
- &secret, &secret_len) != 0)
- fatal("%s: hash_buffer", __func__);
- if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
- fatal("%s: BN_bin2bn (secret)", __func__);
-#ifdef JPAKE_DEBUG
- debug3("%s: salt = %s (len %u)", __func__,
- *salt, (u_int)strlen(*salt));
- debug3("%s: scheme = %s", __func__, *hash_scheme);
- JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
-#endif
- bzero(secret, secret_len);
- free(secret);
-}
-
-/*
- * Begin authentication attempt.
- * Note, sets authctxt->postponed while in subprotocol
- */
-static int
-auth2_jpake_start(Authctxt *authctxt)
-{
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- u_char *x3_proof, *x4_proof;
- u_int x3_proof_len, x4_proof_len;
- char *salt, *hash_scheme;
-
- debug("%s: start", __func__);
-
- PRIVSEP(jpake_step1(pctx->grp,
- &pctx->server_id, &pctx->server_id_len,
- &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
- &x3_proof, &x3_proof_len,
- &x4_proof, &x4_proof_len));
-
- PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s,
- &hash_scheme, &salt));
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
-
- packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1);
- packet_put_cstring(hash_scheme);
- packet_put_cstring(salt);
- packet_put_string(pctx->server_id, pctx->server_id_len);
- packet_put_bignum2(pctx->g_x3);
- packet_put_bignum2(pctx->g_x4);
- packet_put_string(x3_proof, x3_proof_len);
- packet_put_string(x4_proof, x4_proof_len);
- packet_send();
- packet_write_wait();
-
- bzero(hash_scheme, strlen(hash_scheme));
- bzero(salt, strlen(salt));
- free(hash_scheme);
- free(salt);
- bzero(x3_proof, x3_proof_len);
- bzero(x4_proof, x4_proof_len);
- free(x3_proof);
- free(x4_proof);
-
- /* Expect step 1 packet from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
- input_userauth_jpake_client_step1);
-
- authctxt->postponed = 1;
- return 0;
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- u_char *x1_proof, *x2_proof, *x4_s_proof;
- u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
-
- /* Fetch step 1 values */
- if ((pctx->g_x1 = BN_new()) == NULL ||
- (pctx->g_x2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- pctx->client_id = packet_get_string(&pctx->client_id_len);
- packet_get_bignum2(pctx->g_x1);
- packet_get_bignum2(pctx->g_x2);
- x1_proof = packet_get_string(&x1_proof_len);
- x2_proof = packet_get_string(&x2_proof_len);
- packet_check_eom();
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
-
- PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
- pctx->g_x1, pctx->g_x2, pctx->x4,
- pctx->client_id, pctx->client_id_len,
- pctx->server_id, pctx->server_id_len,
- x1_proof, x1_proof_len,
- x2_proof, x2_proof_len,
- &pctx->b,
- &x4_s_proof, &x4_s_proof_len));
-
- bzero(x1_proof, x1_proof_len);
- bzero(x2_proof, x2_proof_len);
- free(x1_proof);
- free(x2_proof);
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
-
- /* Send values for step 2 */
- packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2);
- packet_put_bignum2(pctx->b);
- packet_put_string(x4_s_proof, x4_s_proof_len);
- packet_send();
- packet_write_wait();
-
- bzero(x4_s_proof, x4_s_proof_len);
- free(x4_s_proof);
-
- /* Expect step 2 packet from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
- input_userauth_jpake_client_step2);
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- u_char *x2_s_proof;
- u_int x2_s_proof_len;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
-
- if ((pctx->a = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- /* Fetch step 2 values */
- packet_get_bignum2(pctx->a);
- x2_s_proof = packet_get_string(&x2_s_proof_len);
- packet_check_eom();
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
-
- /* Derive shared key and calculate confirmation hash */
- PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
- pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
- pctx->server_id, pctx->server_id_len,
- pctx->client_id, pctx->client_id_len,
- session_id2, session_id2_len,
- x2_s_proof, x2_s_proof_len,
- &pctx->k,
- &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
-
- bzero(x2_s_proof, x2_s_proof_len);
- free(x2_s_proof);
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
-
- /* Send key confirmation proof */
- packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM);
- packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
- packet_send();
- packet_write_wait();
-
- /* Expect confirmation from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM,
- input_userauth_jpake_client_confirm);
-}
-
-/* ARGSUSED */
-static void
-input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- int authenticated = 0;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
-
- pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len);
- packet_check_eom();
-
- if (!use_privsep)
- JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
-
- /* Verify expected confirmation hash */
- if (PRIVSEP(jpake_check_confirm(pctx->k,
- pctx->client_id, pctx->client_id_len,
- session_id2, session_id2_len,
- pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1)
- authenticated = authctxt->valid ? 1 : 0;
- else
- debug("%s: confirmation mismatch", __func__);
-
- /* done */
- authctxt->postponed = 0;
- jpake_free(authctxt->jpake_ctx);
- authctxt->jpake_ctx = NULL;
- userauth_finish(authctxt, authenticated, method_jpake.name, NULL);
-}
-
-#endif /* JPAKE */
-
Modified: vendor-crypto/openssh/dist/auth2-passwd.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-passwd.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-passwd.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -59,7 +59,7 @@
if (change) {
/* discard new password from packet */
newpass = packet_get_string(&newlen);
- memset(newpass, 0, newlen);
+ explicit_bzero(newpass, newlen);
free(newpass);
}
packet_check_eom();
@@ -68,7 +68,7 @@
logit("password change not supported");
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
- memset(password, 0, len);
+ explicit_bzero(password, len);
free(password);
return authenticated;
}
Modified: vendor-crypto/openssh/dist/auth2-pubkey.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-pubkey.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2-pubkey.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.39 2013/12/30 23:52:27 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -116,6 +116,12 @@
"(received %d, expected %d)", key->type, pktype);
goto done;
}
+ if (key_type_plain(key->type) == KEY_RSA &&
+ (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ logit("Refusing RSA key because client uses unsafe "
+ "signature scheme");
+ goto done;
+ }
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
Modified: vendor-crypto/openssh/dist/auth2.c
===================================================================
--- vendor-crypto/openssh/dist/auth2.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/auth2.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -71,9 +71,6 @@
#ifdef GSSAPI
extern Authmethod method_gssapi;
#endif
-#ifdef JPAKE
-extern Authmethod method_jpake;
-#endif
Authmethod *authmethods[] = {
&method_none,
@@ -81,9 +78,6 @@
#ifdef GSSAPI
&method_gssapi,
#endif
-#ifdef JPAKE
- &method_jpake,
-#endif
&method_passwd,
&method_kbdint,
&method_hostbased,
@@ -270,9 +264,6 @@
}
/* reset state */
auth2_challenge_stop(authctxt);
-#ifdef JPAKE
- auth2_jpake_stop(authctxt);
-#endif
#ifdef GSSAPI
/* XXX move to auth2_gssapi_stop() */
Modified: vendor-crypto/openssh/dist/authfd.c
===================================================================
--- vendor-crypto/openssh/dist/authfd.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/authfd.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.88 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -42,8 +42,8 @@
#include <sys/socket.h>
#include <openssl/evp.h>
+#include <openssl/crypto.h>
-#include <openssl/crypto.h>
#include <fcntl.h>
#include <stdlib.h>
#include <signal.h>
@@ -102,7 +102,7 @@
if (!authsocket)
return -1;
- bzero(&sunaddr, sizeof(sunaddr));
+ memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@@ -474,58 +474,7 @@
static void
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
{
- buffer_put_cstring(b, key_ssh_name(key));
- switch (key->type) {
- case KEY_RSA:
- buffer_put_bignum2(b, key->rsa->n);
- buffer_put_bignum2(b, key->rsa->e);
- buffer_put_bignum2(b, key->rsa->d);
- buffer_put_bignum2(b, key->rsa->iqmp);
- buffer_put_bignum2(b, key->rsa->p);
- buffer_put_bignum2(b, key->rsa->q);
- break;
- case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
- fatal("%s: no cert/certblob", __func__);
- buffer_put_string(b, buffer_ptr(&key->cert->certblob),
- buffer_len(&key->cert->certblob));
- buffer_put_bignum2(b, key->rsa->d);
- buffer_put_bignum2(b, key->rsa->iqmp);
- buffer_put_bignum2(b, key->rsa->p);
- buffer_put_bignum2(b, key->rsa->q);
- break;
- case KEY_DSA:
- buffer_put_bignum2(b, key->dsa->p);
- buffer_put_bignum2(b, key->dsa->q);
- buffer_put_bignum2(b, key->dsa->g);
- buffer_put_bignum2(b, key->dsa->pub_key);
- buffer_put_bignum2(b, key->dsa->priv_key);
- break;
- case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
- fatal("%s: no cert/certblob", __func__);
- buffer_put_string(b, buffer_ptr(&key->cert->certblob),
- buffer_len(&key->cert->certblob));
- buffer_put_bignum2(b, key->dsa->priv_key);
- break;
-#ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
- buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid));
- buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
- EC_KEY_get0_public_key(key->ecdsa));
- buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
- break;
- case KEY_ECDSA_CERT:
- if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
- fatal("%s: no cert/certblob", __func__);
- buffer_put_string(b, buffer_ptr(&key->cert->certblob),
- buffer_len(&key->cert->certblob));
- buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
- break;
-#endif
- }
+ key_private_serialize(key, b);
buffer_put_cstring(b, comment);
}
@@ -559,6 +508,8 @@
case KEY_DSA_CERT_V00:
case KEY_ECDSA:
case KEY_ECDSA_CERT:
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
type = constrained ?
SSH2_AGENTC_ADD_ID_CONSTRAINED :
SSH2_AGENTC_ADD_IDENTITY;
@@ -606,9 +557,7 @@
buffer_put_int(&msg, BN_num_bits(key->rsa->n));
buffer_put_bignum(&msg, key->rsa->e);
buffer_put_bignum(&msg, key->rsa->n);
- } else if (key_type_plain(key->type) == KEY_DSA ||
- key_type_plain(key->type) == KEY_RSA ||
- key_type_plain(key->type) == KEY_ECDSA) {
+ } else if (key->type != KEY_UNSPEC) {
key_to_blob(key, &blob, &blen);
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
buffer_put_string(&msg, blob, blen);
Modified: vendor-crypto/openssh/dist/authfile.c
===================================================================
--- vendor-crypto/openssh/dist/authfile.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/authfile.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -13,7 +13,7 @@
* called by a name other than "ssh" or "Secure Shell".
*
*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -50,6 +50,8 @@
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"
+#include "crypto_api.h"
+
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
@@ -58,6 +60,10 @@
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
#include "xmalloc.h"
#include "cipher.h"
#include "buffer.h"
@@ -68,7 +74,17 @@
#include "rsa.h"
#include "misc.h"
#include "atomicio.h"
+#include "uuencode.h"
+/* openssh private key file format */
+#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
+#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
+#define KDFNAME "bcrypt"
+#define AUTH_MAGIC "openssh-key-v1"
+#define SALT_LEN 16
+#define DEFAULT_CIPHERNAME "aes256-cbc"
+#define DEFAULT_ROUNDS 16
+
#define MAX_KEY_FILE_SIZE (1024 * 1024)
/* Version identification string for SSH v1 identity files. */
@@ -75,6 +91,333 @@
static const char authfile_id_string[] =
"SSH PRIVATE KEY FILE FORMAT 1.1\n";
+static int
+key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
+ const char *comment, const char *ciphername, int rounds)
+{
+ u_char *key, *cp, salt[SALT_LEN];
+ size_t keylen, ivlen, blocksize, authlen;
+ u_int len, check;
+ int i, n;
+ const Cipher *c;
+ Buffer encoded, b, kdf;
+ CipherContext ctx;
+ const char *kdfname = KDFNAME;
+
+ if (rounds <= 0)
+ rounds = DEFAULT_ROUNDS;
+ if (passphrase == NULL || !strlen(passphrase)) {
+ ciphername = "none";
+ kdfname = "none";
+ } else if (ciphername == NULL)
+ ciphername = DEFAULT_CIPHERNAME;
+ else if (cipher_number(ciphername) != SSH_CIPHER_SSH2)
+ fatal("invalid cipher");
+
+ if ((c = cipher_by_name(ciphername)) == NULL)
+ fatal("unknown cipher name");
+ buffer_init(&kdf);
+ blocksize = cipher_blocksize(c);
+ keylen = cipher_keylen(c);
+ ivlen = cipher_ivlen(c);
+ authlen = cipher_authlen(c);
+ key = xcalloc(1, keylen + ivlen);
+ if (strcmp(kdfname, "none") != 0) {
+ arc4random_buf(salt, SALT_LEN);
+ if (bcrypt_pbkdf(passphrase, strlen(passphrase),
+ salt, SALT_LEN, key, keylen + ivlen, rounds) < 0)
+ fatal("bcrypt_pbkdf failed");
+ buffer_put_string(&kdf, salt, SALT_LEN);
+ buffer_put_int(&kdf, rounds);
+ }
+ cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
+ explicit_bzero(key, keylen + ivlen);
+ free(key);
+
+ buffer_init(&encoded);
+ buffer_append(&encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC));
+ buffer_put_cstring(&encoded, ciphername);
+ buffer_put_cstring(&encoded, kdfname);
+ buffer_put_string(&encoded, buffer_ptr(&kdf), buffer_len(&kdf));
+ buffer_put_int(&encoded, 1); /* number of keys */
+ key_to_blob(prv, &cp, &len); /* public key */
+ buffer_put_string(&encoded, cp, len);
+
+ explicit_bzero(cp, len);
+ free(cp);
+
+ buffer_free(&kdf);
+
+ /* set up the buffer that will be encrypted */
+ buffer_init(&b);
+
+ /* Random check bytes */
+ check = arc4random();
+ buffer_put_int(&b, check);
+ buffer_put_int(&b, check);
+
+ /* append private key and comment*/
+ key_private_serialize(prv, &b);
+ buffer_put_cstring(&b, comment);
+
+ /* padding */
+ i = 0;
+ while (buffer_len(&b) % blocksize)
+ buffer_put_char(&b, ++i & 0xff);
+
+ /* length */
+ buffer_put_int(&encoded, buffer_len(&b));
+
+ /* encrypt */
+ cp = buffer_append_space(&encoded, buffer_len(&b) + authlen);
+ if (cipher_crypt(&ctx, 0, cp, buffer_ptr(&b), buffer_len(&b), 0,
+ authlen) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
+ buffer_free(&b);
+ cipher_cleanup(&ctx);
+
+ /* uuencode */
+ len = 2 * buffer_len(&encoded);
+ cp = xmalloc(len);
+ n = uuencode(buffer_ptr(&encoded), buffer_len(&encoded),
+ (char *)cp, len);
+ if (n < 0)
+ fatal("%s: uuencode", __func__);
+
+ buffer_clear(blob);
+ buffer_append(blob, MARK_BEGIN, sizeof(MARK_BEGIN) - 1);
+ for (i = 0; i < n; i++) {
+ buffer_put_char(blob, cp[i]);
+ if (i % 70 == 69)
+ buffer_put_char(blob, '\n');
+ }
+ if (i % 70 != 69)
+ buffer_put_char(blob, '\n');
+ buffer_append(blob, MARK_END, sizeof(MARK_END) - 1);
+ free(cp);
+
+ return buffer_len(blob);
+}
+
+static Key *
+key_parse_private2(Buffer *blob, int type, const char *passphrase,
+ char **commentp)
+{
+ u_char *key = NULL, *cp, *salt = NULL, pad, last;
+ char *comment = NULL, *ciphername = NULL, *kdfname = NULL, *kdfp;
+ u_int keylen = 0, ivlen, blocksize, slen, klen, len, rounds, nkeys;
+ u_int check1, check2, m1len, m2len;
+ size_t authlen;
+ const Cipher *c;
+ Buffer b, encoded, copy, kdf;
+ CipherContext ctx;
+ Key *k = NULL;
+ int dlen, ret, i;
+
+ buffer_init(&b);
+ buffer_init(&kdf);
+ buffer_init(&encoded);
+ buffer_init(©);
+
+ /* uudecode */
+ m1len = sizeof(MARK_BEGIN) - 1;
+ m2len = sizeof(MARK_END) - 1;
+ cp = buffer_ptr(blob);
+ len = buffer_len(blob);
+ if (len < m1len || memcmp(cp, MARK_BEGIN, m1len)) {
+ debug("%s: missing begin marker", __func__);
+ goto out;
+ }
+ cp += m1len;
+ len -= m1len;
+ while (len) {
+ if (*cp != '\n' && *cp != '\r')
+ buffer_put_char(&encoded, *cp);
+ last = *cp;
+ len--;
+ cp++;
+ if (last == '\n') {
+ if (len >= m2len && !memcmp(cp, MARK_END, m2len)) {
+ buffer_put_char(&encoded, '\0');
+ break;
+ }
+ }
+ }
+ if (!len) {
+ debug("%s: no end marker", __func__);
+ goto out;
+ }
+ len = buffer_len(&encoded);
+ if ((cp = buffer_append_space(©, len)) == NULL) {
+ error("%s: buffer_append_space", __func__);
+ goto out;
+ }
+ if ((dlen = uudecode(buffer_ptr(&encoded), cp, len)) < 0) {
+ error("%s: uudecode failed", __func__);
+ goto out;
+ }
+ if ((u_int)dlen > len) {
+ error("%s: crazy uudecode length %d > %u", __func__, dlen, len);
+ goto out;
+ }
+ buffer_consume_end(©, len - dlen);
+ if (buffer_len(©) < sizeof(AUTH_MAGIC) ||
+ memcmp(buffer_ptr(©), AUTH_MAGIC, sizeof(AUTH_MAGIC))) {
+ error("%s: bad magic", __func__);
+ goto out;
+ }
+ buffer_consume(©, sizeof(AUTH_MAGIC));
+
+ ciphername = buffer_get_cstring_ret(©, NULL);
+ if (ciphername == NULL ||
+ (c = cipher_by_name(ciphername)) == NULL) {
+ error("%s: unknown cipher name", __func__);
+ goto out;
+ }
+ if ((passphrase == NULL || !strlen(passphrase)) &&
+ strcmp(ciphername, "none") != 0) {
+ /* passphrase required */
+ goto out;
+ }
+ kdfname = buffer_get_cstring_ret(©, NULL);
+ if (kdfname == NULL ||
+ (!strcmp(kdfname, "none") && !strcmp(kdfname, "bcrypt"))) {
+ error("%s: unknown kdf name", __func__);
+ goto out;
+ }
+ if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) {
+ error("%s: cipher %s requires kdf", __func__, ciphername);
+ goto out;
+ }
+ /* kdf options */
+ kdfp = buffer_get_string_ptr_ret(©, &klen);
+ if (kdfp == NULL) {
+ error("%s: kdf options not set", __func__);
+ goto out;
+ }
+ if (klen > 0) {
+ if ((cp = buffer_append_space(&kdf, klen)) == NULL) {
+ error("%s: kdf alloc failed", __func__);
+ goto out;
+ }
+ memcpy(cp, kdfp, klen);
+ }
+ /* number of keys */
+ if (buffer_get_int_ret(&nkeys, ©) < 0) {
+ error("%s: key counter missing", __func__);
+ goto out;
+ }
+ if (nkeys != 1) {
+ error("%s: only one key supported", __func__);
+ goto out;
+ }
+ /* pubkey */
+ if ((cp = buffer_get_string_ret(©, &len)) == NULL) {
+ error("%s: pubkey not found", __func__);
+ goto out;
+ }
+ free(cp); /* XXX check pubkey against decrypted private key */
+
+ /* size of encrypted key blob */
+ len = buffer_get_int(©);
+ blocksize = cipher_blocksize(c);
+ authlen = cipher_authlen(c);
+ if (len < blocksize) {
+ error("%s: encrypted data too small", __func__);
+ goto out;
+ }
+ if (len % blocksize) {
+ error("%s: length not multiple of blocksize", __func__);
+ goto out;
+ }
+
+ /* setup key */
+ keylen = cipher_keylen(c);
+ ivlen = cipher_ivlen(c);
+ key = xcalloc(1, keylen + ivlen);
+ if (!strcmp(kdfname, "bcrypt")) {
+ if ((salt = buffer_get_string_ret(&kdf, &slen)) == NULL) {
+ error("%s: salt not set", __func__);
+ goto out;
+ }
+ if (buffer_get_int_ret(&rounds, &kdf) < 0) {
+ error("%s: rounds not set", __func__);
+ goto out;
+ }
+ if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
+ key, keylen + ivlen, rounds) < 0) {
+ error("%s: bcrypt_pbkdf failed", __func__);
+ goto out;
+ }
+ }
+
+ cp = buffer_append_space(&b, len);
+ cipher_init(&ctx, c, key, keylen, key + keylen, ivlen, 0);
+ ret = cipher_crypt(&ctx, 0, cp, buffer_ptr(©), len, 0, authlen);
+ cipher_cleanup(&ctx);
+ buffer_consume(©, len);
+
+ /* fail silently on decryption errors */
+ if (ret != 0) {
+ debug("%s: decrypt failed", __func__);
+ goto out;
+ }
+
+ if (buffer_len(©) != 0) {
+ error("%s: key blob has trailing data (len = %u)", __func__,
+ buffer_len(©));
+ goto out;
+ }
+
+ /* check bytes */
+ if (buffer_get_int_ret(&check1, &b) < 0 ||
+ buffer_get_int_ret(&check2, &b) < 0) {
+ error("check bytes missing");
+ goto out;
+ }
+ if (check1 != check2) {
+ debug("%s: decrypt failed: 0x%08x != 0x%08x", __func__,
+ check1, check2);
+ goto out;
+ }
+
+ k = key_private_deserialize(&b);
+
+ /* comment */
+ comment = buffer_get_cstring_ret(&b, NULL);
+
+ i = 0;
+ while (buffer_len(&b)) {
+ if (buffer_get_char_ret(&pad, &b) == -1 ||
+ pad != (++i & 0xff)) {
+ error("%s: bad padding", __func__);
+ key_free(k);
+ k = NULL;
+ goto out;
+ }
+ }
+
+ if (k && commentp) {
+ *commentp = comment;
+ comment = NULL;
+ }
+
+ /* XXX decode pubkey and check against private */
+ out:
+ free(ciphername);
+ free(kdfname);
+ free(salt);
+ free(comment);
+ if (key)
+ explicit_bzero(key, keylen + ivlen);
+ free(key);
+ buffer_free(&encoded);
+ buffer_free(©);
+ buffer_free(&kdf);
+ buffer_free(&b);
+ return k;
+}
+
/*
* Serialises the authentication (private) key to a blob, encrypting it with
* passphrase. The identification of the blob (lowest 64 bits of n) will
@@ -149,13 +492,14 @@
cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_ENCRYPT);
- cipher_crypt(&ciphercontext, cp,
- buffer_ptr(&buffer), buffer_len(&buffer), 0, 0);
+ if (cipher_crypt(&ciphercontext, 0, cp,
+ buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
cipher_cleanup(&ciphercontext);
- memset(&ciphercontext, 0, sizeof(ciphercontext));
+ explicit_bzero(&ciphercontext, sizeof(ciphercontext));
/* Destroy temporary data. */
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
buffer_free(&buffer);
buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -239,7 +583,8 @@
/* Serialise "key" to buffer "blob" */
static int
key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
- const char *comment)
+ const char *comment, int force_new_format, const char *new_format_cipher,
+ int new_format_rounds)
{
switch (key->type) {
case KEY_RSA1:
@@ -247,7 +592,14 @@
case KEY_DSA:
case KEY_ECDSA:
case KEY_RSA:
+ if (force_new_format) {
+ return key_private_to_blob2(key, blob, passphrase,
+ comment, new_format_cipher, new_format_rounds);
+ }
return key_private_pem_to_blob(key, blob, passphrase, comment);
+ case KEY_ED25519:
+ return key_private_to_blob2(key, blob, passphrase,
+ comment, new_format_cipher, new_format_rounds);
default:
error("%s: cannot save key type %d", __func__, key->type);
return 0;
@@ -256,13 +608,15 @@
int
key_save_private(Key *key, const char *filename, const char *passphrase,
- const char *comment)
+ const char *comment, int force_new_format, const char *new_format_cipher,
+ int new_format_rounds)
{
Buffer keyblob;
int success = 0;
buffer_init(&keyblob);
- if (!key_private_to_blob(key, &keyblob, passphrase, comment))
+ if (!key_private_to_blob(key, &keyblob, passphrase, comment,
+ force_new_format, new_format_cipher, new_format_rounds))
goto out;
if (!key_save_private_blob(&keyblob, filename))
goto out;
@@ -349,17 +703,17 @@
__func__, filename == NULL ? "" : filename,
filename == NULL ? "" : " ", strerror(errno));
buffer_clear(blob);
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return 0;
}
buffer_append(blob, buf, len);
if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
buffer_clear(blob);
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
goto toobig;
}
}
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
st.st_size != buffer_len(blob)) {
debug("%s: key file %.200s%schanged size while reading",
@@ -473,10 +827,11 @@
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_DECRYPT);
- cipher_crypt(&ciphercontext, cp,
- buffer_ptr(©), buffer_len(©), 0, 0);
+ if (cipher_crypt(&ciphercontext, 0, cp,
+ buffer_ptr(©), buffer_len(©), 0, 0) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
cipher_cleanup(&ciphercontext);
- memset(&ciphercontext, 0, sizeof(ciphercontext));
+ explicit_bzero(&ciphercontext, sizeof(ciphercontext));
buffer_free(©);
check1 = buffer_get_char(&decrypted);
@@ -641,6 +996,8 @@
key_parse_private_type(Buffer *blob, int type, const char *passphrase,
char **commentp)
{
+ Key *k;
+
switch (type) {
case KEY_RSA1:
return key_parse_private_rsa1(blob, passphrase, commentp);
@@ -647,7 +1004,12 @@
case KEY_DSA:
case KEY_ECDSA:
case KEY_RSA:
+ return key_parse_private_pem(blob, type, passphrase, commentp);
+ case KEY_ED25519:
+ return key_parse_private2(blob, type, passphrase, commentp);
case KEY_UNSPEC:
+ if ((k = key_parse_private2(blob, type, passphrase, commentp)))
+ return k;
return key_parse_private_pem(blob, type, passphrase, commentp);
default:
error("%s: cannot parse key type %d", __func__, type);
@@ -851,6 +1213,7 @@
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+ case KEY_ED25519:
break;
default:
error("%s: unsupported key type", __func__);
@@ -943,4 +1306,3 @@
fclose(f);
return ret;
}
-
Modified: vendor-crypto/openssh/dist/authfile.h
===================================================================
--- vendor-crypto/openssh/dist/authfile.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/authfile.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.17 2013/12/06 13:34:54 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -15,7 +15,8 @@
#ifndef AUTHFILE_H
#define AUTHFILE_H
-int key_save_private(Key *, const char *, const char *, const char *);
+int key_save_private(Key *, const char *, const char *, const char *,
+ int, const char *, int);
int key_load_file(int, const char *, Buffer *);
Key *key_load_cert(const char *);
Key *key_load_public(const char *, char **);
Added: vendor-crypto/openssh/dist/blocks.c
===================================================================
--- vendor-crypto/openssh/dist/blocks.c (rev 0)
+++ vendor-crypto/openssh/dist/blocks.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,248 @@
+/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Author: Daniel J. Bernstein
+ * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c
+ */
+
+#include "includes.h"
+
+#include "crypto_api.h"
+
+typedef unsigned long long uint64;
+
+static uint64 load_bigendian(const unsigned char *x)
+{
+ return
+ (uint64) (x[7]) \
+ | (((uint64) (x[6])) << 8) \
+ | (((uint64) (x[5])) << 16) \
+ | (((uint64) (x[4])) << 24) \
+ | (((uint64) (x[3])) << 32) \
+ | (((uint64) (x[2])) << 40) \
+ | (((uint64) (x[1])) << 48) \
+ | (((uint64) (x[0])) << 56)
+ ;
+}
+
+static void store_bigendian(unsigned char *x,uint64 u)
+{
+ x[7] = u; u >>= 8;
+ x[6] = u; u >>= 8;
+ x[5] = u; u >>= 8;
+ x[4] = u; u >>= 8;
+ x[3] = u; u >>= 8;
+ x[2] = u; u >>= 8;
+ x[1] = u; u >>= 8;
+ x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+ M(w0 ,w14,w9 ,w1 ) \
+ M(w1 ,w15,w10,w2 ) \
+ M(w2 ,w0 ,w11,w3 ) \
+ M(w3 ,w1 ,w12,w4 ) \
+ M(w4 ,w2 ,w13,w5 ) \
+ M(w5 ,w3 ,w14,w6 ) \
+ M(w6 ,w4 ,w15,w7 ) \
+ M(w7 ,w5 ,w0 ,w8 ) \
+ M(w8 ,w6 ,w1 ,w9 ) \
+ M(w9 ,w7 ,w2 ,w10) \
+ M(w10,w8 ,w3 ,w11) \
+ M(w11,w9 ,w4 ,w12) \
+ M(w12,w10,w5 ,w13) \
+ M(w13,w11,w6 ,w14) \
+ M(w14,w12,w7 ,w15) \
+ M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+ T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+ T2 = Sigma0(a) + Maj(a,b,c); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + T1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = T1 + T2;
+
+int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+ uint64 state[8];
+ uint64 a;
+ uint64 b;
+ uint64 c;
+ uint64 d;
+ uint64 e;
+ uint64 f;
+ uint64 g;
+ uint64 h;
+ uint64 T1;
+ uint64 T2;
+
+ a = load_bigendian(statebytes + 0); state[0] = a;
+ b = load_bigendian(statebytes + 8); state[1] = b;
+ c = load_bigendian(statebytes + 16); state[2] = c;
+ d = load_bigendian(statebytes + 24); state[3] = d;
+ e = load_bigendian(statebytes + 32); state[4] = e;
+ f = load_bigendian(statebytes + 40); state[5] = f;
+ g = load_bigendian(statebytes + 48); state[6] = g;
+ h = load_bigendian(statebytes + 56); state[7] = h;
+
+ while (inlen >= 128) {
+ uint64 w0 = load_bigendian(in + 0);
+ uint64 w1 = load_bigendian(in + 8);
+ uint64 w2 = load_bigendian(in + 16);
+ uint64 w3 = load_bigendian(in + 24);
+ uint64 w4 = load_bigendian(in + 32);
+ uint64 w5 = load_bigendian(in + 40);
+ uint64 w6 = load_bigendian(in + 48);
+ uint64 w7 = load_bigendian(in + 56);
+ uint64 w8 = load_bigendian(in + 64);
+ uint64 w9 = load_bigendian(in + 72);
+ uint64 w10 = load_bigendian(in + 80);
+ uint64 w11 = load_bigendian(in + 88);
+ uint64 w12 = load_bigendian(in + 96);
+ uint64 w13 = load_bigendian(in + 104);
+ uint64 w14 = load_bigendian(in + 112);
+ uint64 w15 = load_bigendian(in + 120);
+
+ F(w0 ,0x428a2f98d728ae22ULL)
+ F(w1 ,0x7137449123ef65cdULL)
+ F(w2 ,0xb5c0fbcfec4d3b2fULL)
+ F(w3 ,0xe9b5dba58189dbbcULL)
+ F(w4 ,0x3956c25bf348b538ULL)
+ F(w5 ,0x59f111f1b605d019ULL)
+ F(w6 ,0x923f82a4af194f9bULL)
+ F(w7 ,0xab1c5ed5da6d8118ULL)
+ F(w8 ,0xd807aa98a3030242ULL)
+ F(w9 ,0x12835b0145706fbeULL)
+ F(w10,0x243185be4ee4b28cULL)
+ F(w11,0x550c7dc3d5ffb4e2ULL)
+ F(w12,0x72be5d74f27b896fULL)
+ F(w13,0x80deb1fe3b1696b1ULL)
+ F(w14,0x9bdc06a725c71235ULL)
+ F(w15,0xc19bf174cf692694ULL)
+
+ EXPAND
+
+ F(w0 ,0xe49b69c19ef14ad2ULL)
+ F(w1 ,0xefbe4786384f25e3ULL)
+ F(w2 ,0x0fc19dc68b8cd5b5ULL)
+ F(w3 ,0x240ca1cc77ac9c65ULL)
+ F(w4 ,0x2de92c6f592b0275ULL)
+ F(w5 ,0x4a7484aa6ea6e483ULL)
+ F(w6 ,0x5cb0a9dcbd41fbd4ULL)
+ F(w7 ,0x76f988da831153b5ULL)
+ F(w8 ,0x983e5152ee66dfabULL)
+ F(w9 ,0xa831c66d2db43210ULL)
+ F(w10,0xb00327c898fb213fULL)
+ F(w11,0xbf597fc7beef0ee4ULL)
+ F(w12,0xc6e00bf33da88fc2ULL)
+ F(w13,0xd5a79147930aa725ULL)
+ F(w14,0x06ca6351e003826fULL)
+ F(w15,0x142929670a0e6e70ULL)
+
+ EXPAND
+
+ F(w0 ,0x27b70a8546d22ffcULL)
+ F(w1 ,0x2e1b21385c26c926ULL)
+ F(w2 ,0x4d2c6dfc5ac42aedULL)
+ F(w3 ,0x53380d139d95b3dfULL)
+ F(w4 ,0x650a73548baf63deULL)
+ F(w5 ,0x766a0abb3c77b2a8ULL)
+ F(w6 ,0x81c2c92e47edaee6ULL)
+ F(w7 ,0x92722c851482353bULL)
+ F(w8 ,0xa2bfe8a14cf10364ULL)
+ F(w9 ,0xa81a664bbc423001ULL)
+ F(w10,0xc24b8b70d0f89791ULL)
+ F(w11,0xc76c51a30654be30ULL)
+ F(w12,0xd192e819d6ef5218ULL)
+ F(w13,0xd69906245565a910ULL)
+ F(w14,0xf40e35855771202aULL)
+ F(w15,0x106aa07032bbd1b8ULL)
+
+ EXPAND
+
+ F(w0 ,0x19a4c116b8d2d0c8ULL)
+ F(w1 ,0x1e376c085141ab53ULL)
+ F(w2 ,0x2748774cdf8eeb99ULL)
+ F(w3 ,0x34b0bcb5e19b48a8ULL)
+ F(w4 ,0x391c0cb3c5c95a63ULL)
+ F(w5 ,0x4ed8aa4ae3418acbULL)
+ F(w6 ,0x5b9cca4f7763e373ULL)
+ F(w7 ,0x682e6ff3d6b2b8a3ULL)
+ F(w8 ,0x748f82ee5defb2fcULL)
+ F(w9 ,0x78a5636f43172f60ULL)
+ F(w10,0x84c87814a1f0ab72ULL)
+ F(w11,0x8cc702081a6439ecULL)
+ F(w12,0x90befffa23631e28ULL)
+ F(w13,0xa4506cebde82bde9ULL)
+ F(w14,0xbef9a3f7b2c67915ULL)
+ F(w15,0xc67178f2e372532bULL)
+
+ EXPAND
+
+ F(w0 ,0xca273eceea26619cULL)
+ F(w1 ,0xd186b8c721c0c207ULL)
+ F(w2 ,0xeada7dd6cde0eb1eULL)
+ F(w3 ,0xf57d4f7fee6ed178ULL)
+ F(w4 ,0x06f067aa72176fbaULL)
+ F(w5 ,0x0a637dc5a2c898a6ULL)
+ F(w6 ,0x113f9804bef90daeULL)
+ F(w7 ,0x1b710b35131c471bULL)
+ F(w8 ,0x28db77f523047d84ULL)
+ F(w9 ,0x32caab7b40c72493ULL)
+ F(w10,0x3c9ebe0a15c9bebcULL)
+ F(w11,0x431d67c49c100d4cULL)
+ F(w12,0x4cc5d4becb3e42b6ULL)
+ F(w13,0x597f299cfc657e2aULL)
+ F(w14,0x5fcb6fab3ad6faecULL)
+ F(w15,0x6c44198c4a475817ULL)
+
+ a += state[0];
+ b += state[1];
+ c += state[2];
+ d += state[3];
+ e += state[4];
+ f += state[5];
+ g += state[6];
+ h += state[7];
+
+ state[0] = a;
+ state[1] = b;
+ state[2] = c;
+ state[3] = d;
+ state[4] = e;
+ state[5] = f;
+ state[6] = g;
+ state[7] = h;
+
+ in += 128;
+ inlen -= 128;
+ }
+
+ store_bigendian(statebytes + 0,state[0]);
+ store_bigendian(statebytes + 8,state[1]);
+ store_bigendian(statebytes + 16,state[2]);
+ store_bigendian(statebytes + 24,state[3]);
+ store_bigendian(statebytes + 32,state[4]);
+ store_bigendian(statebytes + 40,state[5]);
+ store_bigendian(statebytes + 48,state[6]);
+ store_bigendian(statebytes + 56,state[7]);
+
+ return inlen;
+}
Modified: vendor-crypto/openssh/dist/bufaux.c
===================================================================
--- vendor-crypto/openssh/dist/bufaux.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/bufaux.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -45,6 +45,7 @@
#include <string.h>
#include <stdarg.h>
+#include <stdlib.h>
#include "xmalloc.h"
#include "buffer.h"
@@ -215,7 +216,7 @@
if (cp == ret + length - 1)
error("buffer_get_cstring_ret: string contains \\0");
else {
- bzero(ret, length);
+ explicit_bzero(ret, length);
free(ret);
return NULL;
}
@@ -314,3 +315,76 @@
buffer_append(buffer, &ch, 1);
}
+
+/* Pseudo bignum functions */
+
+void *
+buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
+{
+ u_int len;
+ u_char *bin, *p, *ret;
+
+ if ((p = bin = buffer_get_string_ret(buffer, &len)) == NULL) {
+ error("%s: invalid bignum", __func__);
+ return NULL;
+ }
+
+ if (len > 0 && (bin[0] & 0x80)) {
+ error("%s: negative numbers not supported", __func__);
+ free(bin);
+ return NULL;
+ }
+ if (len > 8 * 1024) {
+ error("%s: cannot handle BN of size %d", __func__, len);
+ free(bin);
+ return NULL;
+ }
+ /* Skip zero prefix on numbers with the MSB set */
+ if (len > 1 && bin[0] == 0x00 && (bin[1] & 0x80) != 0) {
+ p++;
+ len--;
+ }
+ ret = xmalloc(len);
+ memcpy(ret, p, len);
+ explicit_bzero(p, len);
+ free(bin);
+ return ret;
+}
+
+void *
+buffer_get_bignum2_as_string(Buffer *buffer, u_int *l)
+{
+ void *ret = buffer_get_bignum2_as_string_ret(buffer, l);
+
+ if (ret == NULL)
+ fatal("%s: buffer error", __func__);
+ return ret;
+}
+
+/*
+ * Stores a string using the bignum encoding rules (\0 pad if MSB set).
+ */
+void
+buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+{
+ u_char *buf, *p;
+ int pad = 0;
+
+ if (l > 8 * 1024)
+ fatal("%s: length %u too long", __func__, l);
+ p = buf = xmalloc(l + 1);
+ /*
+ * If most significant bit is set then prepend a zero byte to
+ * avoid interpretation as a negative number.
+ */
+ if (l > 0 && (s[0] & 0x80) != 0) {
+ *p++ = '\0';
+ pad = 1;
+ }
+ memcpy(p, s, l);
+ buffer_put_string(buffer, buf, l + pad);
+ explicit_bzero(buf, l + pad);
+ free(buf);
+}
+
+
Modified: vendor-crypto/openssh/dist/bufbn.c
===================================================================
--- vendor-crypto/openssh/dist/bufbn.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/bufbn.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
+/* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -45,6 +45,7 @@
#include <string.h>
#include <stdarg.h>
+#include <stdlib.h>
#include "xmalloc.h"
#include "buffer.h"
@@ -79,7 +80,7 @@
/* Store the binary data. */
buffer_append(buffer, buf, oi);
- memset(buf, 0, bin_size);
+ explicit_bzero(buf, bin_size);
free(buf);
return (0);
@@ -107,6 +108,11 @@
return (-1);
}
bits = get_u16(buf);
+ if (bits > 65535-7) {
+ error("buffer_get_bignum_ret: cannot handle BN of size %d",
+ bits);
+ return (-1);
+ }
/* Compute the number of binary bytes that follow. */
bytes = (bits + 7) / 8;
if (bytes > 8 * 1024) {
@@ -172,7 +178,7 @@
}
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
- memset(buf, 0, bytes);
+ explicit_bzero(buf, bytes);
free(buf);
return (0);
}
Modified: vendor-crypto/openssh/dist/bufec.c
===================================================================
--- vendor-crypto/openssh/dist/bufec.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/bufec.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2010 Damien Miller <djm at mindrot.org>
*
@@ -77,7 +77,7 @@
ret = 0;
out:
if (buf != NULL) {
- bzero(buf, len);
+ explicit_bzero(buf, len);
free(buf);
}
BN_CTX_free(bnctx);
@@ -130,7 +130,7 @@
ret = 0;
out:
BN_CTX_free(bnctx);
- bzero(buf, len);
+ explicit_bzero(buf, len);
free(buf);
return ret;
}
Modified: vendor-crypto/openssh/dist/buffer.c
===================================================================
--- vendor-crypto/openssh/dist/buffer.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/buffer.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -19,6 +19,7 @@
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
+#include <stdlib.h>
#include "xmalloc.h"
#include "buffer.h"
@@ -48,7 +49,7 @@
buffer_free(Buffer *buffer)
{
if (buffer->alloc > 0) {
- memset(buffer->buf, 0, buffer->alloc);
+ explicit_bzero(buffer->buf, buffer->alloc);
buffer->alloc = 0;
free(buffer->buf);
}
Modified: vendor-crypto/openssh/dist/buffer.h
===================================================================
--- vendor-crypto/openssh/dist/buffer.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/buffer.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -86,6 +86,10 @@
void *buffer_get_string_ptr_ret(Buffer *, u_int *);
int buffer_get_char_ret(u_char *, Buffer *);
+void *buffer_get_bignum2_as_string_ret(Buffer *, u_int *);
+void *buffer_get_bignum2_as_string(Buffer *, u_int *);
+void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int);
+
#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
Modified: vendor-crypto/openssh/dist/canohost.c
===================================================================
--- vendor-crypto/openssh/dist/canohost.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/canohost.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: canohost.c,v 1.70 2014/01/19 04:17:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -20,7 +20,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
@@ -48,7 +47,6 @@
get_remote_hostname(int sock, int use_dns)
{
struct sockaddr_storage from;
- int i;
socklen_t fromlen;
struct addrinfo hints, *ai, *aitop;
char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
@@ -99,14 +97,10 @@
return xstrdup(ntop);
}
+ /* Names are stores in lowercase. */
+ lowercase(name);
+
/*
- * Convert it to all lowercase (which is expected by the rest
- * of this software).
- */
- for (i = 0; name[i]; i++)
- if (isupper(name[i]))
- name[i] = (char)tolower(name[i]);
- /*
* Map it back to an IP address and check that the given
* address actually is an address of this host. This is
* necessary because anyone with access to a name server can
@@ -160,8 +154,7 @@
#ifdef IP_OPTIONS
u_char options[200];
char text[sizeof(options) * 3 + 1];
- socklen_t option_size;
- u_int i;
+ socklen_t option_size, i;
int ipproto;
struct protoent *ip;
@@ -199,7 +192,7 @@
memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr));
port = a6->sin6_port;
- bzero(a4, sizeof(*a4));
+ memset(a4, 0, sizeof(*a4));
a4->sin_family = AF_INET;
*len = sizeof(*a4);
Added: vendor-crypto/openssh/dist/chacha.c
===================================================================
--- vendor-crypto/openssh/dist/chacha.c (rev 0)
+++ vendor-crypto/openssh/dist/chacha.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,219 @@
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+#include "includes.h"
+
+#include "chacha.h"
+
+/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+typedef struct chacha_ctx chacha_ctx;
+
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+
+#define ROTL32(v, n) \
+ (U32V((v) << (n)) | ((v) >> (32 - (n))))
+
+#define U8TO32_LITTLE(p) \
+ (((u32)((p)[0]) ) | \
+ ((u32)((p)[1]) << 8) | \
+ ((u32)((p)[2]) << 16) | \
+ ((u32)((p)[3]) << 24))
+
+#define U32TO8_LITTLE(p, v) \
+ do { \
+ (p)[0] = U8V((v) ); \
+ (p)[1] = U8V((v) >> 8); \
+ (p)[2] = U8V((v) >> 16); \
+ (p)[3] = U8V((v) >> 24); \
+ } while (0)
+
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+
+#define QUARTERROUND(a,b,c,d) \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+
+static const char sigma[16] = "expand 32-byte k";
+static const char tau[16] = "expand 16-byte k";
+
+void
+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
+{
+ const char *constants;
+
+ x->input[4] = U8TO32_LITTLE(k + 0);
+ x->input[5] = U8TO32_LITTLE(k + 4);
+ x->input[6] = U8TO32_LITTLE(k + 8);
+ x->input[7] = U8TO32_LITTLE(k + 12);
+ if (kbits == 256) { /* recommended */
+ k += 16;
+ constants = sigma;
+ } else { /* kbits == 128 */
+ constants = tau;
+ }
+ x->input[8] = U8TO32_LITTLE(k + 0);
+ x->input[9] = U8TO32_LITTLE(k + 4);
+ x->input[10] = U8TO32_LITTLE(k + 8);
+ x->input[11] = U8TO32_LITTLE(k + 12);
+ x->input[0] = U8TO32_LITTLE(constants + 0);
+ x->input[1] = U8TO32_LITTLE(constants + 4);
+ x->input[2] = U8TO32_LITTLE(constants + 8);
+ x->input[3] = U8TO32_LITTLE(constants + 12);
+}
+
+void
+chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
+{
+ x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
+ x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
+ x->input[14] = U8TO32_LITTLE(iv + 0);
+ x->input[15] = U8TO32_LITTLE(iv + 4);
+}
+
+void
+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+{
+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+ u8 *ctarget = NULL;
+ u8 tmp[64];
+ u_int i;
+
+ if (!bytes) return;
+
+ j0 = x->input[0];
+ j1 = x->input[1];
+ j2 = x->input[2];
+ j3 = x->input[3];
+ j4 = x->input[4];
+ j5 = x->input[5];
+ j6 = x->input[6];
+ j7 = x->input[7];
+ j8 = x->input[8];
+ j9 = x->input[9];
+ j10 = x->input[10];
+ j11 = x->input[11];
+ j12 = x->input[12];
+ j13 = x->input[13];
+ j14 = x->input[14];
+ j15 = x->input[15];
+
+ for (;;) {
+ if (bytes < 64) {
+ for (i = 0;i < bytes;++i) tmp[i] = m[i];
+ m = tmp;
+ ctarget = c;
+ c = tmp;
+ }
+ x0 = j0;
+ x1 = j1;
+ x2 = j2;
+ x3 = j3;
+ x4 = j4;
+ x5 = j5;
+ x6 = j6;
+ x7 = j7;
+ x8 = j8;
+ x9 = j9;
+ x10 = j10;
+ x11 = j11;
+ x12 = j12;
+ x13 = j13;
+ x14 = j14;
+ x15 = j15;
+ for (i = 20;i > 0;i -= 2) {
+ QUARTERROUND( x0, x4, x8,x12)
+ QUARTERROUND( x1, x5, x9,x13)
+ QUARTERROUND( x2, x6,x10,x14)
+ QUARTERROUND( x3, x7,x11,x15)
+ QUARTERROUND( x0, x5,x10,x15)
+ QUARTERROUND( x1, x6,x11,x12)
+ QUARTERROUND( x2, x7, x8,x13)
+ QUARTERROUND( x3, x4, x9,x14)
+ }
+ x0 = PLUS(x0,j0);
+ x1 = PLUS(x1,j1);
+ x2 = PLUS(x2,j2);
+ x3 = PLUS(x3,j3);
+ x4 = PLUS(x4,j4);
+ x5 = PLUS(x5,j5);
+ x6 = PLUS(x6,j6);
+ x7 = PLUS(x7,j7);
+ x8 = PLUS(x8,j8);
+ x9 = PLUS(x9,j9);
+ x10 = PLUS(x10,j10);
+ x11 = PLUS(x11,j11);
+ x12 = PLUS(x12,j12);
+ x13 = PLUS(x13,j13);
+ x14 = PLUS(x14,j14);
+ x15 = PLUS(x15,j15);
+
+ x0 = XOR(x0,U8TO32_LITTLE(m + 0));
+ x1 = XOR(x1,U8TO32_LITTLE(m + 4));
+ x2 = XOR(x2,U8TO32_LITTLE(m + 8));
+ x3 = XOR(x3,U8TO32_LITTLE(m + 12));
+ x4 = XOR(x4,U8TO32_LITTLE(m + 16));
+ x5 = XOR(x5,U8TO32_LITTLE(m + 20));
+ x6 = XOR(x6,U8TO32_LITTLE(m + 24));
+ x7 = XOR(x7,U8TO32_LITTLE(m + 28));
+ x8 = XOR(x8,U8TO32_LITTLE(m + 32));
+ x9 = XOR(x9,U8TO32_LITTLE(m + 36));
+ x10 = XOR(x10,U8TO32_LITTLE(m + 40));
+ x11 = XOR(x11,U8TO32_LITTLE(m + 44));
+ x12 = XOR(x12,U8TO32_LITTLE(m + 48));
+ x13 = XOR(x13,U8TO32_LITTLE(m + 52));
+ x14 = XOR(x14,U8TO32_LITTLE(m + 56));
+ x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+
+ j12 = PLUSONE(j12);
+ if (!j12) {
+ j13 = PLUSONE(j13);
+ /* stopping at 2^70 bytes per nonce is user's responsibility */
+ }
+
+ U32TO8_LITTLE(c + 0,x0);
+ U32TO8_LITTLE(c + 4,x1);
+ U32TO8_LITTLE(c + 8,x2);
+ U32TO8_LITTLE(c + 12,x3);
+ U32TO8_LITTLE(c + 16,x4);
+ U32TO8_LITTLE(c + 20,x5);
+ U32TO8_LITTLE(c + 24,x6);
+ U32TO8_LITTLE(c + 28,x7);
+ U32TO8_LITTLE(c + 32,x8);
+ U32TO8_LITTLE(c + 36,x9);
+ U32TO8_LITTLE(c + 40,x10);
+ U32TO8_LITTLE(c + 44,x11);
+ U32TO8_LITTLE(c + 48,x12);
+ U32TO8_LITTLE(c + 52,x13);
+ U32TO8_LITTLE(c + 56,x14);
+ U32TO8_LITTLE(c + 60,x15);
+
+ if (bytes <= 64) {
+ if (bytes < 64) {
+ for (i = 0;i < bytes;++i) ctarget[i] = c[i];
+ }
+ x->input[12] = j12;
+ x->input[13] = j13;
+ return;
+ }
+ bytes -= 64;
+ c += 64;
+ m += 64;
+ }
+}
Added: vendor-crypto/openssh/dist/chacha.h
===================================================================
--- vendor-crypto/openssh/dist/chacha.h (rev 0)
+++ vendor-crypto/openssh/dist/chacha.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,35 @@
+/* $OpenBSD: chacha.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */
+
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CHACHA_H
+#define CHACHA_H
+
+#include <sys/types.h>
+
+struct chacha_ctx {
+ u_int input[16];
+};
+
+#define CHACHA_MINKEYLEN 16
+#define CHACHA_NONCELEN 8
+#define CHACHA_CTRLEN 8
+#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN)
+#define CHACHA_BLOCKLEN 64
+
+void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits)
+ __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
+void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr)
+ __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN)))
+ __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
+void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
+ u_char *c, u_int bytes)
+ __attribute__((__bounded__(__buffer__, 2, 4)))
+ __attribute__((__bounded__(__buffer__, 3, 4)));
+
+#endif /* CHACHA_H */
+
Modified: vendor-crypto/openssh/dist/channels.c
===================================================================
--- vendor-crypto/openssh/dist/channels.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/channels.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.327 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.331 2014/02/26 20:29:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -423,7 +423,7 @@
if (cc->abandon_cb != NULL)
cc->abandon_cb(c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
- bzero(cc, sizeof(*cc));
+ explicit_bzero(cc, sizeof(*cc));
free(cc);
}
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
@@ -1072,6 +1072,9 @@
buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
have = buffer_len(&c->input);
p = buffer_ptr(&c->input);
+ if (memchr(p, '\0', have) == NULL)
+ fatal("channel %d: decode socks4: user not nul terminated",
+ c->self);
len = strlen(p);
debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
len++; /* trailing '\0' */
@@ -1385,6 +1388,8 @@
{
int direct;
char buf[1024];
+ char *local_ipaddr = get_local_ipaddr(c->sock);
+ int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1);
char *remote_ipaddr = get_peer_ipaddr(c->sock);
int remote_port = get_peer_port(c->sock);
@@ -1399,9 +1404,9 @@
snprintf(buf, sizeof buf,
"%s: listening port %d for %.100s port %d, "
- "connect from %.200s port %d",
+ "connect from %.200s port %d to %.100s port %d",
rtype, c->listening_port, c->path, c->host_port,
- remote_ipaddr, remote_port);
+ remote_ipaddr, remote_port, local_ipaddr, local_port);
free(c->remote_name);
c->remote_name = xstrdup(buf);
@@ -1419,7 +1424,7 @@
} else {
/* listen address, port */
packet_put_cstring(c->path);
- packet_put_int(c->listening_port);
+ packet_put_int(local_port);
}
/* originator host and port */
packet_put_cstring(remote_ipaddr);
@@ -1436,6 +1441,7 @@
packet_send();
}
free(remote_ipaddr);
+ free(local_ipaddr);
}
static void
@@ -2668,7 +2674,7 @@
return;
cc->cb(type, c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
- bzero(cc, sizeof(*cc));
+ explicit_bzero(cc, sizeof(*cc));
free(cc);
}
@@ -2710,8 +2716,20 @@
if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
*listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
- (!is_client && gateway_ports == 1))
+ (!is_client && gateway_ports == 1)) {
wildcard = 1;
+ /*
+ * Notify client if they requested a specific listen
+ * address and it was overridden.
+ */
+ if (*listen_addr != '\0' &&
+ strcmp(listen_addr, "0.0.0.0") != 0 &&
+ strcmp(listen_addr, "*") != 0) {
+ packet_send_debug("Forwarding listen address "
+ "\"%s\" overridden by server "
+ "GatewayPorts", listen_addr);
+ }
+ }
else if (strcmp(listen_addr, "localhost") != 0)
addr = listen_addr;
}
@@ -3289,9 +3307,7 @@
free(cctx->host);
if (cctx->aitop)
freeaddrinfo(cctx->aitop);
- bzero(cctx, sizeof(*cctx));
- cctx->host = NULL;
- cctx->ai = cctx->aitop = NULL;
+ memset(cctx, 0, sizeof(*cctx));
}
/* Return CONNECTING channel to remote host, port */
Modified: vendor-crypto/openssh/dist/cipher-3des1.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-3des1.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/cipher-3des1.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: cipher-3des1.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@@ -93,7 +93,7 @@
if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
- memset(c, 0, sizeof(*c));
+ explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
return (0);
@@ -134,7 +134,7 @@
EVP_CIPHER_CTX_cleanup(&c->k1);
EVP_CIPHER_CTX_cleanup(&c->k2);
EVP_CIPHER_CTX_cleanup(&c->k3);
- memset(c, 0, sizeof(*c));
+ explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
Added: vendor-crypto/openssh/dist/cipher-chachapoly.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-chachapoly.c (rev 0)
+++ vendor-crypto/openssh/dist/cipher-chachapoly.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: cipher-chachapoly.c,v 1.4 2014/01/31 16:39:19 tedu Exp $ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <stdarg.h> /* needed for log.h */
+#include <string.h>
+#include <stdio.h> /* needed for misc.h */
+
+#include "log.h"
+#include "misc.h"
+#include "cipher-chachapoly.h"
+
+void chachapoly_init(struct chachapoly_ctx *ctx,
+ const u_char *key, u_int keylen)
+{
+ if (keylen != (32 + 32)) /* 2 x 256 bit keys */
+ fatal("%s: invalid keylen %u", __func__, keylen);
+ chacha_keysetup(&ctx->main_ctx, key, 256);
+ chacha_keysetup(&ctx->header_ctx, key + 32, 256);
+}
+
+/*
+ * chachapoly_crypt() operates as following:
+ * En/decrypt with header key 'aadlen' bytes from 'src', storing result
+ * to 'dest'. The ciphertext here is treated as additional authenticated
+ * data for MAC calculation.
+ * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use
+ * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication
+ * tag. This tag is written on encryption and verified on decryption.
+ */
+int
+chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
+ const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt)
+{
+ u_char seqbuf[8];
+ const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */
+ u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
+ int r = -1;
+
+ /*
+ * Run ChaCha20 once to generate the Poly1305 key. The IV is the
+ * packet sequence number.
+ */
+ memset(poly_key, 0, sizeof(poly_key));
+ put_u64(seqbuf, seqnr);
+ chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL);
+ chacha_encrypt_bytes(&ctx->main_ctx,
+ poly_key, poly_key, sizeof(poly_key));
+ /* Set Chacha's block counter to 1 */
+ chacha_ivsetup(&ctx->main_ctx, seqbuf, one);
+
+ /* If decrypting, check tag before anything else */
+ if (!do_encrypt) {
+ const u_char *tag = src + aadlen + len;
+
+ poly1305_auth(expected_tag, src, aadlen + len, poly_key);
+ if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0)
+ goto out;
+ }
+ /* Crypt additional data */
+ if (aadlen) {
+ chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL);
+ chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen);
+ }
+ chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen,
+ dest + aadlen, len);
+
+ /* If encrypting, calculate and append tag */
+ if (do_encrypt) {
+ poly1305_auth(dest + aadlen + len, dest, aadlen + len,
+ poly_key);
+ }
+ r = 0;
+
+ out:
+ explicit_bzero(expected_tag, sizeof(expected_tag));
+ explicit_bzero(seqbuf, sizeof(seqbuf));
+ explicit_bzero(poly_key, sizeof(poly_key));
+ return r;
+}
+
+/* Decrypt and extract the encrypted packet length */
+int
+chachapoly_get_length(struct chachapoly_ctx *ctx,
+ u_int *plenp, u_int seqnr, const u_char *cp, u_int len)
+{
+ u_char buf[4], seqbuf[8];
+
+ if (len < 4)
+ return -1; /* Insufficient length */
+ put_u64(seqbuf, seqnr);
+ chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL);
+ chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4);
+ *plenp = get_u32(buf);
+ return 0;
+}
+
Added: vendor-crypto/openssh/dist/cipher-chachapoly.h
===================================================================
--- vendor-crypto/openssh/dist/cipher-chachapoly.h (rev 0)
+++ vendor-crypto/openssh/dist/cipher-chachapoly.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,41 @@
+/* $OpenBSD: cipher-chachapoly.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */
+
+/*
+ * Copyright (c) Damien Miller 2013 <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef CHACHA_POLY_AEAD_H
+#define CHACHA_POLY_AEAD_H
+
+#include <sys/types.h>
+#include "chacha.h"
+#include "poly1305.h"
+
+#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */
+
+struct chachapoly_ctx {
+ struct chacha_ctx main_ctx, header_ctx;
+};
+
+void chachapoly_init(struct chachapoly_ctx *cpctx,
+ const u_char *key, u_int keylen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr,
+ u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen,
+ int do_encrypt);
+int chachapoly_get_length(struct chachapoly_ctx *cpctx,
+ u_int *plenp, u_int seqnr, const u_char *cp, u_int len)
+ __attribute__((__bounded__(__buffer__, 4, 5)));
+
+#endif /* CHACHA_POLY_AEAD_H */
Modified: vendor-crypto/openssh/dist/cipher.c
===================================================================
--- vendor-crypto/openssh/dist/cipher.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/cipher.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -39,14 +39,16 @@
#include <sys/types.h>
-#include <openssl/md5.h>
-
#include <string.h>
#include <stdarg.h>
+#include <stdio.h>
#include "xmalloc.h"
#include "log.h"
+#include "misc.h"
#include "cipher.h"
+#include "buffer.h"
+#include "digest.h"
/* compatibility with old or broken OpenSSL versions */
#include "openbsd-compat/openssl-compat.h"
@@ -63,7 +65,9 @@
u_int iv_len; /* defaults to block_size */
u_int auth_len;
u_int discard_len;
- u_int cbc_mode;
+ u_int flags;
+#define CFLAG_CBC (1<<0)
+#define CFLAG_CHACHAPOLY (1<<1)
const EVP_CIPHER *(*evptype)(void);
};
@@ -95,14 +99,16 @@
{ "aes256-gcm at openssh.com",
SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
#endif
+ { "chacha20-poly1305 at openssh.com",
+ SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
};
/*--*/
-/* Returns a comma-separated list of supported ciphers. */
+/* Returns a list of supported ciphers separated by the specified char. */
char *
-cipher_alg_list(void)
+cipher_alg_list(char sep, int auth_only)
{
char *ret = NULL;
size_t nlen, rlen = 0;
@@ -111,8 +117,10 @@
for (c = ciphers; c->name != NULL; c++) {
if (c->number != SSH_CIPHER_SSH2)
continue;
+ if (auth_only && c->auth_len == 0)
+ continue;
if (ret != NULL)
- ret[rlen++] = '\n';
+ ret[rlen++] = sep;
nlen = strlen(c->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, c->name, nlen + 1);
@@ -134,6 +142,14 @@
}
u_int
+cipher_seclen(const Cipher *c)
+{
+ if (strcmp("3des-cbc", c->name) == 0)
+ return 14;
+ return cipher_keylen(c);
+}
+
+u_int
cipher_authlen(const Cipher *c)
{
return (c->auth_len);
@@ -142,7 +158,12 @@
u_int
cipher_ivlen(const Cipher *c)
{
- return (c->iv_len ? c->iv_len : c->block_size);
+ /*
+ * Default is cipher block size, except for chacha20+poly1305 that
+ * needs no IV. XXX make iv_len == -1 default?
+ */
+ return (c->iv_len != 0 || (c->flags & CFLAG_CHACHAPOLY) != 0) ?
+ c->iv_len : c->block_size;
}
u_int
@@ -154,7 +175,7 @@
u_int
cipher_is_cbc(const Cipher *c)
{
- return (c->cbc_mode);
+ return (c->flags & CFLAG_CBC) != 0;
}
u_int
@@ -207,8 +228,6 @@
debug("bad cipher %s [%s]", p, names);
free(cipher_list);
return 0;
- } else {
- debug3("cipher ok: %s [%s]", p, names);
}
}
debug3("ciphers ok: [%s]", names);
@@ -274,8 +293,11 @@
ivlen, cipher->name);
cc->cipher = cipher;
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
+ chachapoly_init(&cc->cp_ctx, key, keylen);
+ return;
+ }
type = (*cipher->evptype)();
-
EVP_CIPHER_CTX_init(&cc->evp);
#ifdef SSH_OLD_EVP
if (type->key_len > 0 && type->key_len != keylen) {
@@ -313,7 +335,7 @@
if (EVP_Cipher(&cc->evp, discard, junk,
cipher->discard_len) == 0)
fatal("evp_crypt: EVP_Cipher failed during discard");
- memset(discard, 0, cipher->discard_len);
+ explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
}
@@ -328,11 +350,16 @@
* Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
* This tag is written on encryption and verified on decryption.
* Both 'aadlen' and 'authlen' can be set to 0.
+ * cipher_crypt() returns 0 on success and -1 if the decryption integrity
+ * check fails.
*/
-void
-cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src,
+int
+cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
u_int len, u_int aadlen, u_int authlen)
{
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
+ aadlen, authlen, cc->encrypt);
if (authlen) {
u_char lastiv[1];
@@ -365,7 +392,7 @@
if (cc->encrypt)
fatal("%s: EVP_Cipher(final) failed", __func__);
else
- fatal("Decryption integrity check failed");
+ return -1;
}
if (cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
@@ -372,12 +399,29 @@
authlen, dest + aadlen + len))
fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
}
+ return 0;
}
+/* Extract the packet length, including any decryption necessary beforehand */
+int
+cipher_get_length(CipherContext *cc, u_int *plenp, u_int seqnr,
+ const u_char *cp, u_int len)
+{
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr,
+ cp, len);
+ if (len < 4)
+ return -1;
+ *plenp = get_u32(cp);
+ return 0;
+}
+
void
cipher_cleanup(CipherContext *cc)
{
- if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
+ else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
}
@@ -390,17 +434,15 @@
cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
const char *passphrase, int do_encrypt)
{
- MD5_CTX md;
u_char digest[16];
- MD5_Init(&md);
- MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
- MD5_Final(digest, &md);
+ if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase),
+ digest, sizeof(digest)) < 0)
+ fatal("%s: md5 failed", __func__);
cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
- memset(digest, 0, sizeof(digest));
- memset(&md, 0, sizeof(md));
+ explicit_bzero(digest, sizeof(digest));
}
/*
@@ -417,6 +459,8 @@
if (c->number == SSH_CIPHER_3DES)
ivlen = 24;
+ else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ ivlen = 0;
else
ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
return (ivlen);
@@ -428,6 +472,12 @@
const Cipher *c = cc->cipher;
int evplen;
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
+ if (len != 0)
+ fatal("%s: wrong iv length %d != %d", __func__, len, 0);
+ return;
+ }
+
switch (c->number) {
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
@@ -464,6 +514,9 @@
const Cipher *c = cc->cipher;
int evplen = 0;
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ return;
+
switch (c->number) {
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
Modified: vendor-crypto/openssh/dist/cipher.h
===================================================================
--- vendor-crypto/openssh/dist/cipher.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/cipher.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.44 2014/01/25 10:12:50 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -38,6 +38,8 @@
#define CIPHER_H
#include <openssl/evp.h>
+#include "cipher-chachapoly.h"
+
/*
* Cipher types for SSH-1. New types can be added, but old types should not
* be removed for compatibility. The maximum allowed value is 31.
@@ -66,6 +68,7 @@
int plaintext;
int encrypt;
EVP_CIPHER_CTX evp;
+ struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
const Cipher *cipher;
};
@@ -75,15 +78,18 @@
int cipher_number(const char *);
char *cipher_name(int);
int ciphers_valid(const char *);
-char *cipher_alg_list(void);
+char *cipher_alg_list(char, int);
void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int,
const u_char *, u_int, int);
-void cipher_crypt(CipherContext *, u_char *, const u_char *,
+int cipher_crypt(CipherContext *, u_int, u_char *, const u_char *,
u_int, u_int, u_int);
+int cipher_get_length(CipherContext *, u_int *, u_int,
+ const u_char *, u_int);
void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
+u_int cipher_seclen(const Cipher *);
u_int cipher_authlen(const Cipher *);
u_int cipher_ivlen(const Cipher *);
u_int cipher_is_cbc(const Cipher *);
Modified: vendor-crypto/openssh/dist/clientloop.c
===================================================================
--- vendor-crypto/openssh/dist/clientloop.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/clientloop.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.255 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -289,7 +289,7 @@
dlen = strlen(display);
for (i = 0; i < dlen; i++) {
- if (!isalnum(display[i]) &&
+ if (!isalnum((u_char)display[i]) &&
strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) {
debug("Invalid character '%c' in DISPLAY", display[i]);
return 0;
@@ -549,7 +549,7 @@
gc->cb(type, seq, gc->ctx);
if (--gc->ref_count <= 0) {
TAILQ_REMOVE(&global_confirms, gc, entry);
- bzero(gc, sizeof(*gc));
+ explicit_bzero(gc, sizeof(*gc));
free(gc);
}
@@ -876,7 +876,7 @@
int cancel_port, ok;
Forward fwd;
- bzero(&fwd, sizeof(fwd));
+ memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = fwd.connect_host = NULL;
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
@@ -884,7 +884,7 @@
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
if (s == NULL)
goto out;
- while (isspace(*s))
+ while (isspace((u_char)*s))
s++;
if (*s == '-')
s++; /* Skip cmdline '-', if any */
@@ -938,7 +938,7 @@
goto out;
}
- while (isspace(*++s))
+ while (isspace((u_char)*++s))
;
/* XXX update list of forwards in options */
@@ -1153,7 +1153,7 @@
"%cB\r\n", escape_char);
buffer_append(berr, string,
strlen(string));
- channel_request_start(session_ident,
+ channel_request_start(c->self,
"break", 0);
packet_put_int(1000);
packet_send();
@@ -1761,7 +1761,7 @@
char *data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stdout_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
static void
@@ -1771,7 +1771,7 @@
char *data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stderr_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
static void
Modified: vendor-crypto/openssh/dist/compat.c
===================================================================
--- vendor-crypto/openssh/dist/compat.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/compat.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.82 2013/12/30 23:52:27 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -171,8 +171,9 @@
for (i = 0; check[i].pat; i++) {
if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
- debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
+ debug("match: %s pat %s compat 0x%08x",
+ version, check[i].pat, datafellows);
return;
}
}
@@ -208,33 +209,59 @@
return ret;
}
-char *
-compat_cipher_proposal(char *cipher_prop)
+/*
+ * Filters a proposal string, excluding any algorithm matching the 'filter'
+ * pattern list.
+ */
+static char *
+filter_proposal(char *proposal, const char *filter)
{
Buffer b;
- char *orig_prop, *fix_ciphers;
+ char *orig_prop, *fix_prop;
char *cp, *tmp;
- if (!(datafellows & SSH_BUG_BIGENDIANAES))
- return(cipher_prop);
-
buffer_init(&b);
- tmp = orig_prop = xstrdup(cipher_prop);
+ tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) {
- if (strncmp(cp, "aes", 3) != 0) {
+ if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp));
- }
+ } else
+ debug2("Compat: skipping algorithm \"%s\"", cp);
}
buffer_append(&b, "\0", 1);
- fix_ciphers = xstrdup(buffer_ptr(&b));
+ fix_prop = xstrdup(buffer_ptr(&b));
buffer_free(&b);
free(orig_prop);
- debug2("Original cipher proposal: %s", cipher_prop);
- debug2("Compat cipher proposal: %s", fix_ciphers);
- if (!*fix_ciphers)
- fatal("No available ciphers found.");
- return(fix_ciphers);
+ return fix_prop;
}
+
+char *
+compat_cipher_proposal(char *cipher_prop)
+{
+ if (!(datafellows & SSH_BUG_BIGENDIANAES))
+ return cipher_prop;
+ debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
+ cipher_prop = filter_proposal(cipher_prop, "aes*");
+ debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
+ if (*cipher_prop == '\0')
+ fatal("No supported ciphers found");
+ return cipher_prop;
+}
+
+
+char *
+compat_pkalg_proposal(char *pkalg_prop)
+{
+ if (!(datafellows & SSH_BUG_RSASIGMD5))
+ return pkalg_prop;
+ debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
+ pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
+ debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
+ if (*pkalg_prop == '\0')
+ fatal("No supported PK algorithms found");
+ return pkalg_prop;
+}
+
Modified: vendor-crypto/openssh/dist/compat.h
===================================================================
--- vendor-crypto/openssh/dist/compat.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/compat.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.43 2011/09/23 07:45:05 markus Exp $ */
+/* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -65,6 +65,7 @@
void compat_datafellows(const char *);
int proto_spec(const char *);
char *compat_cipher_proposal(char *);
+char *compat_pkalg_proposal(char *);
extern int compat13;
extern int compat20;
Modified: vendor-crypto/openssh/dist/config.h.in
===================================================================
--- vendor-crypto/openssh/dist/config.h.in 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/config.h.in 2014-10-11 16:33:18 UTC (rev 6863)
@@ -47,6 +47,10 @@
/* Can't do comparisons on readv */
#undef BROKEN_READV_COMPARISON
+/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
+ against it */
+#undef BROKEN_READ_COMPARISON
+
/* Define if you have a broken realpath. */
#undef BROKEN_REALPATH
@@ -74,7 +78,7 @@
/* Define if your snprintf is busted */
#undef BROKEN_SNPRINTF
-/* FreeBSD strnvis does not do what we need */
+/* FreeBSD strnvis argument order is swapped compared to OpenBSD */
#undef BROKEN_STRNVIS
/* tcgetattr with ICANON may hang */
@@ -182,6 +186,9 @@
/* Define to 1 if you have the `arc4random_buf' function. */
#undef HAVE_ARC4RANDOM_BUF
+/* Define to 1 if you have the `arc4random_stir' function. */
+#undef HAVE_ARC4RANDOM_STIR
+
/* Define to 1 if you have the `arc4random_uniform' function. */
#undef HAVE_ARC4RANDOM_UNIFORM
@@ -212,9 +219,30 @@
/* Define to 1 if you have the `bcopy' function. */
#undef HAVE_BCOPY
+/* Define to 1 if you have the `bcrypt_pbkdf' function. */
+#undef HAVE_BCRYPT_PBKDF
+
/* Define to 1 if you have the `bindresvport_sa' function. */
#undef HAVE_BINDRESVPORT_SA
+/* Define to 1 if you have the `blf_enc' function. */
+#undef HAVE_BLF_ENC
+
+/* Define to 1 if you have the <blf.h> header file. */
+#undef HAVE_BLF_H
+
+/* Define to 1 if you have the `Blowfish_expand0state' function. */
+#undef HAVE_BLOWFISH_EXPAND0STATE
+
+/* Define to 1 if you have the `Blowfish_expandstate' function. */
+#undef HAVE_BLOWFISH_EXPANDSTATE
+
+/* Define to 1 if you have the `Blowfish_initstate' function. */
+#undef HAVE_BLOWFISH_INITSTATE
+
+/* Define to 1 if you have the `Blowfish_stream2word' function. */
+#undef HAVE_BLOWFISH_STREAM2WORD
+
/* Define to 1 if you have the `BN_is_prime_ex' function. */
#undef HAVE_BN_IS_PRIME_EX
@@ -227,6 +255,9 @@
/* Define to 1 if you have the <bstring.h> header file. */
#undef HAVE_BSTRING_H
+/* Define to 1 if you have the `cap_rights_limit' function. */
+#undef HAVE_CAP_RIGHTS_LIMIT
+
/* Define to 1 if you have the `clock' function. */
#undef HAVE_CLOCK
@@ -374,6 +405,21 @@
/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
#undef HAVE_EVP_CIPHER_CTX_CTRL
+/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
+#undef HAVE_EVP_DIGESTFINAL_EX
+
+/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
+#undef HAVE_EVP_DIGESTINIT_EX
+
+/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
+#undef HAVE_EVP_MD_CTX_CLEANUP
+
+/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
+#undef HAVE_EVP_MD_CTX_COPY_EX
+
+/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
+#undef HAVE_EVP_MD_CTX_INIT
+
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
@@ -380,6 +426,9 @@
/* Define if you have ut_exit in utmp.h */
#undef HAVE_EXIT_IN_UTMP
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
/* Define to 1 if you have the `fchmod' function. */
#undef HAVE_FCHMOD
@@ -413,6 +462,9 @@
/* Define to 1 if the system has the type `fsfilcnt_t'. */
#undef HAVE_FSFILCNT_T
+/* Define to 1 if you have the `fstatfs' function. */
+#undef HAVE_FSTATFS
+
/* Define to 1 if you have the `fstatvfs' function. */
#undef HAVE_FSTATVFS
@@ -584,6 +636,9 @@
/* define if you have int64_t data type */
#undef HAVE_INT64_T
+/* Define to 1 if the system has the type `intmax_t'. */
+#undef HAVE_INTMAX_T
+
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
@@ -1083,6 +1138,9 @@
/* Define to 1 if you have the <sys/bsdtty.h> header file. */
#undef HAVE_SYS_BSDTTY_H
+/* Define to 1 if you have the <sys/capability.h> header file. */
+#undef HAVE_SYS_CAPABILITY_H
+
/* Define to 1 if you have the <sys/cdefs.h> header file. */
#undef HAVE_SYS_CDEFS_H
@@ -1197,6 +1255,9 @@
/* Define to 1 if you have the <ucred.h> header file. */
#undef HAVE_UCRED_H
+/* Define to 1 if the system has the type `uintmax_t'. */
+#undef HAVE_UINTMAX_T
+
/* define if you have uintxx_t data type */
#undef HAVE_UINTXX_T
@@ -1385,9 +1446,18 @@
/* Define if EVP_DigestUpdate returns void */
#undef OPENSSL_EVP_DIGESTUPDATE_VOID
-/* libcrypto includes complete ECC support */
+/* OpenSSL has ECC */
#undef OPENSSL_HAS_ECC
+/* libcrypto has NID_X9_62_prime256v1 */
+#undef OPENSSL_HAS_NISTP256
+
+/* libcrypto has NID_secp384r1 */
+#undef OPENSSL_HAS_NISTP384
+
+/* libcrypto has NID_secp521r1 */
+#undef OPENSSL_HAS_NISTP521
+
/* libcrypto has EVP AES CTR */
#undef OPENSSL_HAVE_EVPCTR
@@ -1440,6 +1510,9 @@
/* read(1) can return 0 for a non-closed fd */
#undef PTY_ZEROREAD
+/* Sandbox using capsicum */
+#undef SANDBOX_CAPSICUM
+
/* Sandbox using Darwin sandbox_init(3) */
#undef SANDBOX_DARWIN
@@ -1455,6 +1528,9 @@
/* setrlimit RLIMIT_FSIZE works */
#undef SANDBOX_SKIP_RLIMIT_FSIZE
+/* define if setrlimit RLIMIT_NOFILE breaks things */
+#undef SANDBOX_SKIP_RLIMIT_NOFILE
+
/* Sandbox using systrace(4) */
#undef SANDBOX_SYSTRACE
Modified: vendor-crypto/openssh/dist/configure
===================================================================
--- vendor-crypto/openssh/dist/configure 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/configure 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.ac Revision: 1.536 .
+# From configure.ac Revision: 1.571 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for OpenSSH Portable.
#
@@ -606,6 +606,7 @@
ac_subst_vars='LTLIBOBJS
LIBOBJS
UNSUPPORTED_ALGORITHMS
+TEST_MALLOC_OPTIONS
TEST_SSH_IPV6
piddir
user_path
@@ -623,7 +624,6 @@
SSH_PRIVSEP_USER
COMMENT_OUT_ECC
TEST_SSH_ECC
-TEST_SSH_SHA256
LIBEDIT
PKGCONFIG
LD
@@ -712,6 +712,7 @@
enable_option_checking
enable_largefile
with_stackprotect
+with_hardening
with_rpath
with_cflags
with_cppflags
@@ -728,6 +729,7 @@
with_ldns
with_libedit
with_audit
+with_pie
with_ssl_dir
with_openssl_header_check
with_ssl_engine
@@ -1402,6 +1404,7 @@
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-stackprotect Don't use compiler's stack protection
+ --without-hardening Don't use toolchain hardening flags
--without-rpath Disable auto-added -R linker paths
--with-cflags Specify additional flags to pass to compiler
--with-cppflags Specify additional flags to pass to preprocessor
@@ -1418,6 +1421,7 @@
--with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
--with-libedit[=PATH] Enable libedit support for sftp
--with-audit=module Enable audit support (modules=debug,bsm,linux)
+ --with-pie Build Position Independent Executables if possible
--with-ssl-dir=PATH Specify path to OpenSSL installation
--without-openssl-header-check Disable OpenSSL version consistency check
--with-ssl-engine Enable OpenSSL (hardware) ENGINE support
@@ -1425,7 +1429,7 @@
--with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
--with-pam Enable PAM support
--with-privsep-user=user Specify non-privileged user for privilege separation
- --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
+ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)
--with-selinux Enable SELinux support
--with-kerberos5=PATH Enable Kerberos 5 support
--with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
@@ -5590,7 +5594,9 @@
have_linux_no_new_privs=1
fi
+
use_stack_protector=1
+use_toolchain_hardening=1
# Check whether --with-stackprotect was given.
if test "${with_stackprotect+set}" = set; then :
@@ -5601,18 +5607,61 @@
fi
+# Check whether --with-hardening was given.
+if test "${with_hardening+set}" = set; then :
+ withval=$with_hardening;
+ if test "x$withval" = "xno"; then
+ use_toolchain_hardening=0
+ fi
+fi
+
+# We use -Werror for the tests only so that we catch warnings like "this is
+# on by default" for things like -fPIE.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5
+$as_echo_n "checking if $CC supports -Werror... " >&6; }
+saved_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS -Werror"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ WERROR="-Werror"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ WERROR=""
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+CFLAGS="$saved_CFLAGS"
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Qunused-arguments -Werror" >&5
-$as_echo_n "checking if $CC supports -Qunused-arguments -Werror... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5
+$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Qunused-arguments -Werror"
- _define_flag="-Qunused-arguments"
- test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments -Werror"
+ CFLAGS="$CFLAGS $WERROR -Qunused-arguments"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5635,15 +5684,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunknown-warning-option -Werror" >&5
-$as_echo_n "checking if $CC supports -Wunknown-warning-option -Werror... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5
+$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wunknown-warning-option -Werror"
- _define_flag="-Wno-unknown-warning-option"
- test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option -Werror"
+ CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5666,15 +5727,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5
-$as_echo_n "checking if $CC supports -Wall... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5
+$as_echo_n "checking if $CC supports compile flag -Wall... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wall"
+ CFLAGS="$CFLAGS $WERROR -Wall"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wall"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5697,15 +5770,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-arith" >&5
-$as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5
+$as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wpointer-arith"
+ CFLAGS="$CFLAGS $WERROR -Wpointer-arith"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5728,15 +5813,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wuninitialized" >&5
-$as_echo_n "checking if $CC supports -Wuninitialized... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5
+$as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wuninitialized"
+ CFLAGS="$CFLAGS $WERROR -Wuninitialized"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wuninitialized"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5759,15 +5856,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsign-compare" >&5
-$as_echo_n "checking if $CC supports -Wsign-compare... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5
+$as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wsign-compare"
+ CFLAGS="$CFLAGS $WERROR -Wsign-compare"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wsign-compare"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5790,15 +5899,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-security" >&5
-$as_echo_n "checking if $CC supports -Wformat-security... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5
+$as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wformat-security"
+ CFLAGS="$CFLAGS $WERROR -Wformat-security"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wformat-security"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5821,15 +5942,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsizeof-pointer-memaccess" >&5
-$as_echo_n "checking if $CC supports -Wsizeof-pointer-memaccess... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5
+$as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wsizeof-pointer-memaccess"
+ CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5852,15 +5985,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-sign" >&5
-$as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5
+$as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wpointer-sign"
+ CFLAGS="$CFLAGS $WERROR -Wpointer-sign"
_define_flag="-Wno-pointer-sign"
test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5883,15 +6028,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunused-result" >&5
-$as_echo_n "checking if $CC supports -Wunused-result... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5
+$as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -Wunused-result"
+ CFLAGS="$CFLAGS $WERROR -Wunused-result"
_define_flag="-Wno-unused-result"
test "x$_define_flag" = "x" && _define_flag="-Wunused-result"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5914,15 +6071,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fno-strict-aliasing" >&5
-$as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5
+$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fno-strict-aliasing"
+ CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5945,15 +6114,27 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
{
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -D_FORTIFY_SOURCE=2" >&5
-$as_echo_n "checking if $CC supports -D_FORTIFY_SOURCE=2... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5
+$as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; }
saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
+ CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2"
_define_flag=""
test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-int main(void) { return 0; }
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
@@ -5975,6 +6156,165 @@
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
}
+ if test "x$use_toolchain_hardening" = "x1"; then
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5
+$as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; }
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LDFLAGS="$saved_LDFLAGS $_define_flag"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LDFLAGS="$saved_LDFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5
+$as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; }
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LDFLAGS="$saved_LDFLAGS $_define_flag"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LDFLAGS="$saved_LDFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5
+$as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; }
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LDFLAGS="$saved_LDFLAGS $_define_flag"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LDFLAGS="$saved_LDFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+}
+ # NB. -ftrapv expects certain support functions to be present in
+ # the compiler library (libgcc or similar) to detect integer operations
+ # that can overflow. We must check that the result of enabling it
+ # actually links. The test program compiled/linked includes a number
+ # of integer operations that should exercise this.
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5
+$as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $WERROR -ftrapv"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-ftrapv"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+}
+ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5
$as_echo_n "checking gcc version... " >&6; }
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
@@ -6020,7 +6360,8 @@
# and/or platforms, so we test if we can. If it's not supported
# on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "x1"; then
- for t in -fstack-protector-all -fstack-protector; do
+ for t in -fstack-protector-strong -fstack-protector-all \
+ -fstack-protector; do
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5
$as_echo_n "checking if $CC supports $t... " >&6; }
saved_CFLAGS="$CFLAGS"
@@ -6224,6 +6565,7 @@
for ac_header in \
+ blf.h \
bstring.h \
crypt.h \
crypto/sha2.h \
@@ -6237,6 +6579,7 @@
glob.h \
ia.h \
iaf.h \
+ inttypes.h \
limits.h \
locale.h \
login.h \
@@ -6261,6 +6604,7 @@
sys/audit.h \
sys/bitypes.h \
sys/bsdtty.h \
+ sys/capability.h \
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
@@ -6713,6 +7057,51 @@
$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h
+ # Cygwin defines optargs, optargs as declspec(dllimport) for historical
+ # reasons which cause compile warnings, so we disable those warnings.
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5
+$as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $WERROR -Wno-attributes"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wno-attributes"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
;;
*-*-dgux*)
@@ -6726,6 +7115,7 @@
;;
*-*-darwin*)
+ use_pie=auto
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5
$as_echo_n "checking if we have working getaddrinfo... " >&6; }
if test "$cross_compiling" = yes; then :
@@ -6824,6 +7214,7 @@
;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
+ TEST_MALLOC_OPTIONS="AFGJPRX"
;;
*-*-haiku*)
LIBS="$LIBS -lbsd "
@@ -7046,6 +7437,7 @@
;;
*-*-linux*)
no_dev_ptmx=1
+ use_pie=auto
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
@@ -7178,6 +7570,13 @@
$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+ TEST_MALLOC_OPTIONS="AJRX"
+
+$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h
+
;;
*-*-freebsd*)
check_for_libcrypt_later=1
@@ -7203,6 +7602,12 @@
$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
+ TEST_MALLOC_OPTIONS="AJRX"
+ # Preauth crypto occasionally uses file descriptors for crypto offload
+ # and will crash if they cannot be opened.
+
+$as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h
+
;;
*-*-bsdi*)
$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
@@ -7229,6 +7634,7 @@
;;
*-*-openbsd*)
+ use_pie=auto
$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h
@@ -7241,6 +7647,7 @@
$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h
+ TEST_MALLOC_OPTIONS="AFGJPRX"
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
@@ -8929,6 +9336,64 @@
done
+# On some platforms, inet_ntop may be found in libresolv or libnsl.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5
+$as_echo_n "checking for library containing inet_ntop... " >&6; }
+if ${ac_cv_search_inet_ntop+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_ntop ();
+int
+main ()
+{
+return inet_ntop ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv nsl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_inet_ntop=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_inet_ntop+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_inet_ntop+:} false; then :
+
+else
+ ac_cv_search_inet_ntop=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5
+$as_echo "$ac_cv_search_inet_ntop" >&6; }
+ac_res=$ac_cv_search_inet_ntop
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+
for ac_func in strftime
do :
ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
@@ -9495,7 +9960,7 @@
fi
fi
if test "x$use_pkgconfig_for_libedit" = "xyes"; then
- LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ LIBEDIT=`$PKGCONFIG --libs libedit`
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
else
LIBEDIT="-ledit -lcurses"
@@ -9689,7 +10154,7 @@
$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h
- if test "$sol2ver" -eq 11; then
+ if test "$sol2ver" -ge 11; then
SSHDLIBS="$SSHDLIBS -lscf"
$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h
@@ -9737,9 +10202,155 @@
fi
+
+# Check whether --with-pie was given.
+if test "${with_pie+set}" = set; then :
+ withval=$with_pie;
+ if test "x$withval" = "xno"; then
+ use_pie=no
+ fi
+ if test "x$withval" = "xyes"; then
+ use_pie=yes
+ fi
+
+
+fi
+
+if test "x$use_pie" = "x"; then
+ use_pie=no
+fi
+if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
+ # Turn off automatic PIE when toolchain hardening is off.
+ use_pie=no
+fi
+if test "x$use_pie" = "xauto"; then
+ # Automatic PIE requires gcc >= 4.x
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5
+$as_echo_n "checking for gcc >= 4.x... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#if !defined(__GNUC__) || __GNUC__ < 4
+#error gcc is too old
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ use_pie=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test "x$use_pie" != "xno"; then
+ SAVED_CFLAGS="$CFLAGS"
+ SAVED_LDFLAGS="$LDFLAGS"
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5
+$as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $WERROR -fPIE"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-fPIE"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5
+$as_echo_n "checking if $LD supports link flag -pie... " >&6; }
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $WERROR -pie"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-pie"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+ /* Some math to catch -ftrapv problems in the toolchain */
+ int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+ float l = i * 2.1;
+ double m = l / 0.5;
+ long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LDFLAGS="$saved_LDFLAGS $_define_flag"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LDFLAGS="$saved_LDFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+}
+ # We use both -fPIE and -pie or neither.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5
+$as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; }
+ if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
+ echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$SAVED_CFLAGS"
+ LDFLAGS="$SAVED_LDFLAGS"
+ fi
+fi
+
for ac_func in \
+ Blowfish_initstate \
+ Blowfish_expandstate \
+ Blowfish_expand0state \
+ Blowfish_stream2word \
arc4random \
arc4random_buf \
+ arc4random_stir \
arc4random_uniform \
asprintf \
b64_ntop \
@@ -9747,14 +10358,19 @@
b64_pton \
__b64_pton \
bcopy \
+ bcrypt_pbkdf \
bindresvport_sa \
+ blf_enc \
+ cap_rights_limit \
clock \
closefrom \
dirfd \
endgrent \
+ explicit_bzero \
fchmod \
fchown \
freeaddrinfo \
+ fstatfs \
fstatvfs \
futimes \
getaddrinfo \
@@ -11491,7 +12107,18 @@
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
-for ac_func in RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init
+for ac_func in \
+ BN_is_prime_ex \
+ DSA_generate_parameters_ex \
+ EVP_DigestInit_ex \
+ EVP_DigestFinal_ex \
+ EVP_MD_CTX_init \
+ EVP_MD_CTX_cleanup \
+ EVP_MD_CTX_copy_ex \
+ HMAC_CTX_init \
+ RSA_generate_key_ex \
+ RSA_get_default_method \
+
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -11876,10 +12503,9 @@
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
- TEST_SSH_SHA256=yes
+
else
- TEST_SSH_SHA256=no
- unsupported_algorithms="$unsupported_algorithms \
+ unsupported_algorithms="$unsupported_algorithms \
hmac-sha2-256 hmac-sha2-512 \
diffie-hellman-group-exchange-sha256 \
hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
@@ -11889,10 +12515,9 @@
done
-
# Check complete ECC support in OpenSSL
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has complete ECC support" >&5
-$as_echo_n "checking whether OpenSSL has complete ECC support... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5
+$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -11910,6 +12535,82 @@
main ()
{
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ const EVP_MD *m = EVP_sha256(); /* We need this too */
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ enable_nistp256=1
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5
+$as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+
+int
+main ()
+{
+
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
+ const EVP_MD *m = EVP_sha384(); /* We need this too */
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ enable_nistp384=1
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5
+$as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+
+int
+main ()
+{
+
EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
const EVP_MD *m = EVP_sha512(); /* We need this too */
@@ -11918,35 +12619,101 @@
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5
+$as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;}
+ enable_nistp521=1
-$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
- TEST_SSH_ECC=yes
- COMMENT_OUT_ECC=""
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+int
+main ()
+{
+
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
+ const EVP_MD *m = EVP_sha512(); /* We need this too */
+ exit(e == NULL || m == NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ enable_nistp521=1
else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- TEST_SSH_ECC=no
- COMMENT_OUT_ECC="#no ecc#"
- unsupported_algorithms="$unsupported_algorithms \
- ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
- ecdsa-sha2-nistp256-cert-v01 at openssh.com \
- ecdsa-sha2-nistp384-cert-v01 at openssh.com \
- ecdsa-sha2-nistp521-cert-v01 at openssh.com \
- ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
-
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
+COMMENT_OUT_ECC="#no ecc#"
+TEST_SSH_ECC=no
+if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
+ test x$enable_nistp521 = x1; then
+$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
+
+fi
+if test x$enable_nistp256 = x1; then
+
+$as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h
+
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
+ ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01 at openssh.com"
+fi
+if test x$enable_nistp384 = x1; then
+
+$as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h
+
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
+ ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01 at openssh.com"
+fi
+if test x$enable_nistp521 = x1; then
+
+$as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h
+
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01 at openssh.com"
+fi
+
+
+
+
saved_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5
$as_echo_n "checking for ia_openinfo in -liaf... " >&6; }
@@ -12635,6 +13402,18 @@
$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
+elif test "x$sandbox_arg" = "xcapsicum" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$ac_cv_header_sys_capability_h" = "xyes" && \
+ test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
+ test "x$ac_cv_header_sys_capability_h" != "xyes" && \
+ as_fn_error $? "capsicum sandbox requires sys/capability.h header" "$LINENO" 5
+ test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
+ as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5
+ SANDBOX_STYLE="capsicum"
+
+$as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h
+
elif test "x$sandbox_arg" = "xrlimit" || \
( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
test "x$select_works_with_rlimit" = "xyes" && \
@@ -13204,7 +13983,9 @@
have_u_int64_t=1
fi
-if test -z "$have_u_int64_t" ; then
+if (test -z "$have_u_int64_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5
$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -13276,7 +14057,9 @@
fi
fi
-if test -z "$have_uintxx_t" ; then
+if (test -z "$have_uintxx_t" && \
+ test "x$ac_cv_header_stdint_h" = "xyes")
+then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5
$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -13305,6 +14088,37 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
+if (test -z "$have_uintxx_t" && \
+ test "x$ac_cv_header_inttypes_h" = "xyes")
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5
+$as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <inttypes.h>
+int
+main ()
+{
+ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
@@ -13379,7 +14193,35 @@
fi
+ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "
+#include <sys/types.h>
+#include <stdint.h>
+"
+if test "x$ac_cv_type_intmax_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INTMAX_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "
+#include <sys/types.h>
+#include <stdint.h>
+
+"
+if test "x$ac_cv_type_uintmax_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINTMAX_T 1
+_ACEOF
+
+
+fi
+
+
+
ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
#include <sys/socket.h>
"
@@ -17492,6 +18334,8 @@
TEST_SSH_IPV6=$TEST_SSH_IPV6
+TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS
+
UNSUPPORTED_ALGORITHMS=$unsupported_algorithms
Modified: vendor-crypto/openssh/dist/configure.ac
===================================================================
--- vendor-crypto/openssh/dist/configure.ac 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/configure.ac 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $
+# $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev at mindrot.org])
-AC_REVISION($Revision: 1.536 $)
+AC_REVISION($Revision: 1.571 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C])
@@ -120,19 +120,36 @@
#include <sys/types.h>
#include <linux/prctl.h>
])
+
use_stack_protector=1
+use_toolchain_hardening=1
AC_ARG_WITH([stackprotect],
[ --without-stackprotect Don't use compiler's stack protection], [
if test "x$withval" = "xno"; then
use_stack_protector=0
fi ])
+AC_ARG_WITH([hardening],
+ [ --without-hardening Don't use toolchain hardening flags], [
+ if test "x$withval" = "xno"; then
+ use_toolchain_hardening=0
+ fi ])
+# We use -Werror for the tests only so that we catch warnings like "this is
+# on by default" for things like -fPIE.
+AC_MSG_CHECKING([if $CC supports -Werror])
+saved_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS -Werror"
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+ [ AC_MSG_RESULT([yes])
+ WERROR="-Werror"],
+ [ AC_MSG_RESULT([no])
+ WERROR="" ]
+)
+CFLAGS="$saved_CFLAGS"
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
- OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror],
- [-Qunused-arguments])
- OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror],
- [-Wno-unknown-warning-option])
+ OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
+ OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
OSSH_CHECK_CFLAG_COMPILE([-Wall])
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
@@ -143,6 +160,17 @@
OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
+ if test "x$use_toolchain_hardening" = "x1"; then
+ OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
+ OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
+ OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
+ # NB. -ftrapv expects certain support functions to be present in
+ # the compiler library (libgcc or similar) to detect integer operations
+ # that can overflow. We must check that the result of enabling it
+ # actually links. The test program compiled/linked includes a number
+ # of integer operations that should exercise this.
+ OSSH_CHECK_CFLAG_LINK([-ftrapv])
+ fi
AC_MSG_CHECKING([gcc version])
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
case $GCC_VER in
@@ -169,7 +197,8 @@
# and/or platforms, so we test if we can. If it's not supported
# on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "x1"; then
- for t in -fstack-protector-all -fstack-protector; do
+ for t in -fstack-protector-strong -fstack-protector-all \
+ -fstack-protector; do
AC_MSG_CHECKING([if $CC supports $t])
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
@@ -296,6 +325,7 @@
)
AC_CHECK_HEADERS([ \
+ blf.h \
bstring.h \
crypt.h \
crypto/sha2.h \
@@ -309,6 +339,7 @@
glob.h \
ia.h \
iaf.h \
+ inttypes.h \
limits.h \
locale.h \
login.h \
@@ -333,6 +364,7 @@
sys/audit.h \
sys/bitypes.h \
sys/bsdtty.h \
+ sys/capability.h \
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
@@ -513,7 +545,10 @@
[Define if your platform needs to skip post auth
file descriptor passing])
AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
- AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
+ AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
+ # Cygwin defines optargs, optargs as declspec(dllimport) for historical
+ # reasons which cause compile warnings, so we disable those warnings.
+ OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
;;
*-*-dgux*)
AC_DEFINE([IP_TOS_IS_BROKEN], [1],
@@ -523,6 +558,7 @@
AC_DEFINE([BROKEN_SETREGID])
;;
*-*-darwin*)
+ use_pie=auto
AC_MSG_CHECKING([if we have working getaddrinfo])
AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -563,6 +599,7 @@
;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
+ TEST_MALLOC_OPTIONS="AFGJPRX"
;;
*-*-haiku*)
LIBS="$LIBS -lbsd "
@@ -660,6 +697,7 @@
;;
*-*-linux*)
no_dev_ptmx=1
+ use_pie=auto
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
AC_DEFINE([PAM_TTY_KLUDGE], [1],
@@ -728,6 +766,11 @@
AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
+ TEST_MALLOC_OPTIONS="AJRX"
+ AC_DEFINE([BROKEN_STRNVIS], [1],
+ [NetBSD strnvis argument order is swapped compared to OpenBSD])
+ AC_DEFINE([BROKEN_READ_COMPARISON], [1],
+ [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
;;
*-*-freebsd*)
check_for_libcrypt_later=1
@@ -736,7 +779,13 @@
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
- AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need])
+ AC_DEFINE([BROKEN_STRNVIS], [1],
+ [FreeBSD strnvis argument order is swapped compared to OpenBSD])
+ TEST_MALLOC_OPTIONS="AJRX"
+ # Preauth crypto occasionally uses file descriptors for crypto offload
+ # and will crash if they cannot be opened.
+ AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
+ [define if setrlimit RLIMIT_NOFILE breaks things])
;;
*-*-bsdi*)
AC_DEFINE([SETEUID_BREAKS_SETUID])
@@ -754,11 +803,13 @@
AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
;;
*-*-openbsd*)
+ use_pie=auto
AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
[syslog_r function is safe to use in in a signal handler])
+ TEST_MALLOC_OPTIONS="AFGJPRX"
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
@@ -1191,6 +1242,9 @@
AC_SEARCH_LIBS([updwtmp], [util bsd])
AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
+# On some platforms, inet_ntop may be found in libresolv or libnsl.
+AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
+
AC_FUNC_STRFTIME
# Check for ALTDIRFUNC glob() extension
@@ -1442,7 +1496,7 @@
fi
fi
if test "x$use_pkgconfig_for_libedit" = "xyes"; then
- LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ LIBEDIT=`$PKGCONFIG --libs libedit`
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
else
LIBEDIT="-ledit -lcurses"
@@ -1496,7 +1550,7 @@
# These are optional
AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
- if test "$sol2ver" -eq 11; then
+ if test "$sol2ver" -ge 11; then
SSHDLIBS="$SSHDLIBS -lscf"
AC_DEFINE([BROKEN_BSM_API], [1],
[The system has incomplete BSM API])
@@ -1524,10 +1578,62 @@
esac ]
)
+AC_ARG_WITH([pie],
+ [ --with-pie Build Position Independent Executables if possible], [
+ if test "x$withval" = "xno"; then
+ use_pie=no
+ fi
+ if test "x$withval" = "xyes"; then
+ use_pie=yes
+ fi
+ ]
+)
+if test "x$use_pie" = "x"; then
+ use_pie=no
+fi
+if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
+ # Turn off automatic PIE when toolchain hardening is off.
+ use_pie=no
+fi
+if test "x$use_pie" = "xauto"; then
+ # Automatic PIE requires gcc >= 4.x
+ AC_MSG_CHECKING([for gcc >= 4.x])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+#if !defined(__GNUC__) || __GNUC__ < 4
+#error gcc is too old
+#endif
+]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ use_pie=no ]
+)
+fi
+if test "x$use_pie" != "xno"; then
+ SAVED_CFLAGS="$CFLAGS"
+ SAVED_LDFLAGS="$LDFLAGS"
+ OSSH_CHECK_CFLAG_COMPILE([-fPIE])
+ OSSH_CHECK_LDFLAG_LINK([-pie])
+ # We use both -fPIE and -pie or neither.
+ AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
+ if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
+ echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ CFLAGS="$SAVED_CFLAGS"
+ LDFLAGS="$SAVED_LDFLAGS"
+ fi
+fi
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS([ \
+ Blowfish_initstate \
+ Blowfish_expandstate \
+ Blowfish_expand0state \
+ Blowfish_stream2word \
arc4random \
arc4random_buf \
+ arc4random_stir \
arc4random_uniform \
asprintf \
b64_ntop \
@@ -1535,14 +1641,19 @@
b64_pton \
__b64_pton \
bcopy \
+ bcrypt_pbkdf \
bindresvport_sa \
+ blf_enc \
+ cap_rights_limit \
clock \
closefrom \
dirfd \
endgrent \
+ explicit_bzero \
fchmod \
fchown \
freeaddrinfo \
+ fstatfs \
fstatvfs \
futimes \
getaddrinfo \
@@ -2312,7 +2423,18 @@
]
)
-AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
+AC_CHECK_FUNCS([ \
+ BN_is_prime_ex \
+ DSA_generate_parameters_ex \
+ EVP_DigestInit_ex \
+ EVP_DigestFinal_ex \
+ EVP_MD_CTX_init \
+ EVP_MD_CTX_cleanup \
+ EVP_MD_CTX_copy_ex \
+ HMAC_CTX_init \
+ RSA_generate_key_ex \
+ RSA_get_default_method \
+])
AC_ARG_WITH([ssl-engine],
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
@@ -2436,19 +2558,16 @@
AC_CHECK_FUNCS([crypt DES_crypt])
# Search for SHA256 support in libc and/or OpenSSL
-AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
- [TEST_SSH_SHA256=yes],
- [TEST_SSH_SHA256=no
- unsupported_algorithms="$unsupported_algorithms \
+AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
+ [unsupported_algorithms="$unsupported_algorithms \
hmac-sha2-256 hmac-sha2-512 \
diffie-hellman-group-exchange-sha256 \
hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
]
)
-AC_SUBST([TEST_SSH_SHA256])
# Check complete ECC support in OpenSSL
-AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
+AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
#include <openssl/ec.h>
@@ -2461,28 +2580,108 @@
# error "OpenSSL < 0.9.8g has unreliable ECC code"
#endif
]], [[
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ const EVP_MD *m = EVP_sha256(); /* We need this too */
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ enable_nistp256=1 ],
+ [ AC_MSG_RESULT([no]) ]
+)
+
+AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+ ]], [[
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
+ const EVP_MD *m = EVP_sha384(); /* We need this too */
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ enable_nistp384=1 ],
+ [ AC_MSG_RESULT([no]) ]
+)
+
+AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+ ]], [[
EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
const EVP_MD *m = EVP_sha512(); /* We need this too */
]])],
- [
- AC_MSG_RESULT([yes])
- AC_DEFINE([OPENSSL_HAS_ECC], [1],
- [libcrypto includes complete ECC support])
- TEST_SSH_ECC=yes
- COMMENT_OUT_ECC=""
- ],
- [
- AC_MSG_RESULT([no])
- TEST_SSH_ECC=no
- COMMENT_OUT_ECC="#no ecc#"
- unsupported_algorithms="$unsupported_algorithms \
- ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
- ecdsa-sha2-nistp256-cert-v01 at openssh.com \
- ecdsa-sha2-nistp384-cert-v01 at openssh.com \
- ecdsa-sha2-nistp521-cert-v01 at openssh.com \
- ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
- ]
+ [ AC_MSG_RESULT([yes])
+ AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+ ]],[[
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
+ const EVP_MD *m = EVP_sha512(); /* We need this too */
+ exit(e == NULL || m == NULL);
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ enable_nistp521=1 ],
+ [ AC_MSG_RESULT([no]) ],
+ [ AC_MSG_WARN([cross-compiling: assuming yes])
+ enable_nistp521=1 ]
+ )],
+ AC_MSG_RESULT([no])
)
+
+COMMENT_OUT_ECC="#no ecc#"
+TEST_SSH_ECC=no
+
+if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
+ test x$enable_nistp521 = x1; then
+ AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
+fi
+if test x$enable_nistp256 = x1; then
+ AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
+ [libcrypto has NID_X9_62_prime256v1])
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
+ ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01 at openssh.com"
+fi
+if test x$enable_nistp384 = x1; then
+ AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
+ ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01 at openssh.com"
+fi
+if test x$enable_nistp521 = x1; then
+ AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+else
+ unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01 at openssh.com"
+fi
+
AC_SUBST([TEST_SSH_ECC])
AC_SUBST([COMMENT_OUT_ECC])
@@ -2714,7 +2913,7 @@
# Decide which sandbox style to use
sandbox_arg=""
AC_ARG_WITH([sandbox],
- [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
[
if test "x$withval" = "xyes" ; then
sandbox_arg=""
@@ -2843,6 +3042,16 @@
AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
SANDBOX_STYLE="seccomp_filter"
AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
+elif test "x$sandbox_arg" = "xcapsicum" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$ac_cv_header_sys_capability_h" = "xyes" && \
+ test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
+ test "x$ac_cv_header_sys_capability_h" != "xyes" && \
+ AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
+ test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
+ AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
+ SANDBOX_STYLE="capsicum"
+ AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
elif test "x$sandbox_arg" = "xrlimit" || \
( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
test "x$select_works_with_rlimit" = "xyes" && \
@@ -3066,7 +3275,9 @@
have_u_int64_t=1
fi
-if test -z "$have_u_int64_t" ; then
+if (test -z "$have_u_int64_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
[[ u_int64_t a; a = 1]])],
@@ -3096,7 +3307,9 @@
fi
fi
-if test -z "$have_uintxx_t" ; then
+if (test -z "$have_uintxx_t" && \
+ test "x$ac_cv_header_stdint_h" = "xyes")
+then
AC_MSG_CHECKING([for uintXX_t types in stdint.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
@@ -3107,6 +3320,19 @@
])
fi
+if (test -z "$have_uintxx_t" && \
+ test "x$ac_cv_header_inttypes_h" = "xyes")
+then
+ AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
+ [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
+ [
+ AC_DEFINE([HAVE_UINTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
+fi
+
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
@@ -3137,6 +3363,11 @@
AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
fi
+AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
+#include <sys/types.h>
+#include <stdint.h>
+])
+
TYPE_SOCKLEN_T
AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
@@ -4561,6 +4792,7 @@
fi
AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
+AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
AC_EXEEXT
Modified: vendor-crypto/openssh/dist/contrib/caldera/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/caldera/openssh.spec 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/contrib/caldera/openssh.spec 2014-10-11 16:33:18 UTC (rev 6863)
@@ -16,7 +16,7 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
-%define version 6.4p1
+%define version 6.6p1
%if %{use_stable}
%define cvs %{nil}
%define release 1
@@ -363,4 +363,4 @@
* Mon Jan 01 1998 ...
Template Version: 1.31
-$Id: openssh.spec,v 1.80.4.1 2013/11/08 01:36:19 djm Exp $
+$Id: openssh.spec,v 1.83 2014/02/27 23:03:55 djm Exp $
Modified: vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config 2014-10-11 16:33:18 UTC (rev 6863)
@@ -68,54 +68,6 @@
opt_force=no
# ======================================================================
-# Routine: create_host_keys
-# ======================================================================
-create_host_keys() {
- local ret=0
-
- if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
- then
- csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
- if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
- then
- csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
- let ++ret
- fi
- fi
-
- if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
- then
- csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
- if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
- then
- csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
- let ++ret
- fi
- fi
-
- if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
- then
- csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
- if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
- then
- csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
- let ++ret
- fi
- fi
-
- if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
- then
- csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
- if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
- then
- csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
- let ++ret
- fi
- fi
- return $ret
-} # --- End of create_host_keys --- #
-
-# ======================================================================
# Routine: update_services_file
# ======================================================================
update_services_file() {
@@ -719,8 +671,8 @@
let ++warning_cnt
fi
-# host keys
-create_host_keys || let warning_cnt+=$?
+# generate missing host keys
+/usr/bin/ssh-keygen -A || let warning_cnt+=$?
# handle ssh_config
csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
Modified: vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/openssh.spec 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/contrib/redhat/openssh.spec 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-%define ver 6.4p1
+%define ver 6.6p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
Modified: vendor-crypto/openssh/dist/contrib/suse/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/suse/openssh.spec 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/contrib/suse/openssh.spec 2014-10-11 16:33:18 UTC (rev 6863)
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 6.4p1
+Version: 6.6p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
Added: vendor-crypto/openssh/dist/crypto_api.h
===================================================================
--- vendor-crypto/openssh/dist/crypto_api.h (rev 0)
+++ vendor-crypto/openssh/dist/crypto_api.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,44 @@
+/* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */
+
+/*
+ * Assembled from generated headers and source files by Markus Friedl.
+ * Placed in the public domain.
+ */
+
+#ifndef crypto_api_h
+#define crypto_api_h
+
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <stdlib.h>
+
+typedef int32_t crypto_int32;
+typedef uint32_t crypto_uint32;
+
+#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
+
+#define crypto_hashblocks_sha512_STATEBYTES 64U
+#define crypto_hashblocks_sha512_BLOCKBYTES 128U
+
+int crypto_hashblocks_sha512(unsigned char *, const unsigned char *,
+ unsigned long long);
+
+#define crypto_hash_sha512_BYTES 64U
+
+int crypto_hash_sha512(unsigned char *, const unsigned char *,
+ unsigned long long);
+
+int crypto_verify_32(const unsigned char *, const unsigned char *);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES 64U
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+#define crypto_sign_ed25519_BYTES 64U
+
+int crypto_sign_ed25519(unsigned char *, unsigned long long *,
+ const unsigned char *, unsigned long long, const unsigned char *);
+int crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
+ const unsigned char *, unsigned long long, const unsigned char *);
+int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
+
+#endif /* crypto_api_h */
Modified: vendor-crypto/openssh/dist/defines.h
===================================================================
--- vendor-crypto/openssh/dist/defines.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/defines.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.172 2013/06/01 21:18:48 dtucker Exp $ */
+/* $Id: defines.h,v 1.176 2014/01/17 13:12:38 dtucker Exp $ */
/* Constants */
@@ -269,6 +269,21 @@
# endif
#endif
+#ifndef HAVE_UINTXX_T
+typedef u_int8_t uint8_t;
+typedef u_int16_t uint16_t;
+typedef u_int32_t uint32_t;
+typedef u_int64_t uint64_t;
+#endif
+
+#ifndef HAVE_INTMAX_T
+typedef long long intmax_t;
+#endif
+
+#ifndef HAVE_UINTMAX_T
+typedef unsigned long long uintmax_t;
+#endif
+
#ifndef HAVE_U_CHAR
typedef unsigned char u_char;
# define HAVE_U_CHAR
@@ -802,4 +817,13 @@
# endif
#endif
+/*
+ * Platforms that have arc4random_uniform() and not arc4random_stir()
+ * shouldn't need the latter.
+ */
+#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \
+ !defined(HAVE_ARC4RANDOM_STIR)
+# define arc4random_stir()
+#endif
+
#endif /* _DEFINES_H */
Modified: vendor-crypto/openssh/dist/dh.c
===================================================================
--- vendor-crypto/openssh/dist/dh.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/dh.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.53 2013/11/21 00:45:44 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@@ -254,33 +254,19 @@
void
dh_gen_key(DH *dh, int need)
{
- int i, bits_set, tries = 0;
+ int pbits;
- if (need < 0)
- fatal("dh_gen_key: need < 0");
+ if (need <= 0)
+ fatal("%s: need <= 0", __func__);
if (dh->p == NULL)
- fatal("dh_gen_key: dh->p == NULL");
- if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
- fatal("dh_gen_key: group too small: %d (2*need %d)",
- BN_num_bits(dh->p), 2*need);
- do {
- if (dh->priv_key != NULL)
- BN_clear_free(dh->priv_key);
- if ((dh->priv_key = BN_new()) == NULL)
- fatal("dh_gen_key: BN_new failed");
- /* generate a 2*need bits random private exponent */
- if (!BN_rand(dh->priv_key, 2*need, 0, 0))
- fatal("dh_gen_key: BN_rand failed");
- if (DH_generate_key(dh) == 0)
- fatal("DH_generate_key");
- for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++)
- if (BN_is_bit_set(dh->priv_key, i))
- bits_set++;
- debug2("dh_gen_key: priv key bits set: %d/%d",
- bits_set, BN_num_bits(dh->priv_key));
- if (tries++ > 10)
- fatal("dh_gen_key: too many bad keys: giving up");
- } while (!dh_pub_is_valid(dh, dh->pub_key));
+ fatal("%s: dh->p == NULL", __func__);
+ if ((pbits = BN_num_bits(dh->p)) <= 0)
+ fatal("%s: bits(p) <= 0", __func__);
+ dh->length = MIN(need * 2, pbits - 1);
+ if (DH_generate_key(dh) == 0)
+ fatal("%s: key generation failed", __func__);
+ if (!dh_pub_is_valid(dh, dh->pub_key))
+ fatal("%s: generated invalid key", __func__);
}
DH *
@@ -352,17 +338,20 @@
/*
* Estimates the group order for a Diffie-Hellman group that has an
- * attack complexity approximately the same as O(2**bits). Estimate
- * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
+ * attack complexity approximately the same as O(2**bits).
+ * Values from NIST Special Publication 800-57: Recommendation for Key
+ * Management Part 1 (rev 3) limited by the recommended maximum value
+ * from RFC4419 section 3.
*/
int
dh_estimate(int bits)
{
-
+ if (bits <= 112)
+ return 2048;
if (bits <= 128)
- return (1024); /* O(2**86) */
+ return 3072;
if (bits <= 192)
- return (2048); /* O(2**116) */
- return (4096); /* O(2**156) */
+ return 7680;
+ return 8192;
}
Modified: vendor-crypto/openssh/dist/dh.h
===================================================================
--- vendor-crypto/openssh/dist/dh.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/dh.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.11 2013/10/08 11:42:13 dtucker Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -43,6 +43,7 @@
int dh_estimate(int);
+/* Min and max values from RFC4419. */
#define DH_GRP_MIN 1024
#define DH_GRP_MAX 8192
Added: vendor-crypto/openssh/dist/digest-libc.c
===================================================================
--- vendor-crypto/openssh/dist/digest-libc.c (rev 0)
+++ vendor-crypto/openssh/dist/digest-libc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,238 @@
+/* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
+/*
+ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
+ * Copyright (c) 2014 Markus Friedl. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <md5.h>
+#include <rmd160.h>
+#include <sha1.h>
+#include <sha2.h>
+
+#include "buffer.h"
+#include "digest.h"
+
+typedef void md_init_fn(void *mdctx);
+typedef void md_update_fn(void *mdctx, const u_int8_t *m, size_t mlen);
+typedef void md_final_fn(u_int8_t[], void *mdctx);
+
+struct ssh_digest_ctx {
+ int alg;
+ void *mdctx;
+};
+
+struct ssh_digest {
+ int id;
+ const char *name;
+ size_t block_len;
+ size_t digest_len;
+ size_t ctx_len;
+ md_init_fn *md_init;
+ md_update_fn *md_update;
+ md_final_fn *md_final;
+};
+
+/* NB. Indexed directly by algorithm number */
+const struct ssh_digest digests[SSH_DIGEST_MAX] = {
+ {
+ SSH_DIGEST_MD5,
+ "MD5",
+ MD5_BLOCK_LENGTH,
+ MD5_DIGEST_LENGTH,
+ sizeof(MD5_CTX),
+ (md_init_fn *) MD5Init,
+ (md_update_fn *) MD5Update,
+ (md_final_fn *) MD5Final
+ },
+ {
+ SSH_DIGEST_RIPEMD160,
+ "RIPEMD160",
+ RMD160_BLOCK_LENGTH,
+ RMD160_DIGEST_LENGTH,
+ sizeof(RMD160_CTX),
+ (md_init_fn *) RMD160Init,
+ (md_update_fn *) RMD160Update,
+ (md_final_fn *) RMD160Final
+ },
+ {
+ SSH_DIGEST_SHA1,
+ "SHA1",
+ SHA1_BLOCK_LENGTH,
+ SHA1_DIGEST_LENGTH,
+ sizeof(SHA1_CTX),
+ (md_init_fn *) SHA1Init,
+ (md_update_fn *) SHA1Update,
+ (md_final_fn *) SHA1Final
+ },
+ {
+ SSH_DIGEST_SHA256,
+ "SHA256",
+ SHA256_BLOCK_LENGTH,
+ SHA256_DIGEST_LENGTH,
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA256Init,
+ (md_update_fn *) SHA256Update,
+ (md_final_fn *) SHA256Final
+ },
+ {
+ SSH_DIGEST_SHA384,
+ "SHA384",
+ SHA384_BLOCK_LENGTH,
+ SHA384_DIGEST_LENGTH,
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA384Init,
+ (md_update_fn *) SHA384Update,
+ (md_final_fn *) SHA384Final
+ },
+ {
+ SSH_DIGEST_SHA512,
+ "SHA512",
+ SHA512_BLOCK_LENGTH,
+ SHA512_DIGEST_LENGTH,
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA512Init,
+ (md_update_fn *) SHA512Update,
+ (md_final_fn *) SHA512Final
+ }
+};
+
+static const struct ssh_digest *
+ssh_digest_by_alg(int alg)
+{
+ if (alg < 0 || alg >= SSH_DIGEST_MAX)
+ return NULL;
+ if (digests[alg].id != alg) /* sanity */
+ return NULL;
+ return &(digests[alg]);
+}
+
+size_t
+ssh_digest_bytes(int alg)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(alg);
+
+ return digest == NULL ? 0 : digest->digest_len;
+}
+
+size_t
+ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
+
+ return digest == NULL ? 0 : digest->block_len;
+}
+
+struct ssh_digest_ctx *
+ssh_digest_start(int alg)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(alg);
+ struct ssh_digest_ctx *ret;
+
+ if (digest == NULL || (ret = calloc(1, sizeof(ret))) == NULL)
+ return NULL;
+ if ((ret->mdctx = calloc(1, digest->ctx_len)) == NULL) {
+ free(ret);
+ return NULL;
+ }
+ ret->alg = alg;
+ digest->md_init(ret->mdctx);
+ return ret;
+}
+
+int
+ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(from->alg);
+
+ if (digest == NULL || from->alg != to->alg)
+ return -1;
+ memcpy(to->mdctx, from->mdctx, digest->ctx_len);
+ return 0;
+}
+
+int
+ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
+
+ if (digest == NULL)
+ return -1;
+ digest->md_update(ctx->mdctx, m, mlen);
+ return 0;
+}
+
+int
+ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b)
+{
+ return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b));
+}
+
+int
+ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
+
+ if (digest == NULL)
+ return -1;
+ if (dlen > UINT_MAX)
+ return -1;
+ if (dlen < digest->digest_len) /* No truncation allowed */
+ return -1;
+ digest->md_final(d, ctx->mdctx);
+ return 0;
+}
+
+void
+ssh_digest_free(struct ssh_digest_ctx *ctx)
+{
+ const struct ssh_digest *digest;
+
+ if (ctx != NULL) {
+ digest = ssh_digest_by_alg(ctx->alg);
+ if (digest) {
+ explicit_bzero(ctx->mdctx, digest->ctx_len);
+ free(ctx->mdctx);
+ explicit_bzero(ctx, sizeof(*ctx));
+ free(ctx);
+ }
+ }
+}
+
+int
+ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
+{
+ struct ssh_digest_ctx *ctx = ssh_digest_start(alg);
+
+ if (ctx == NULL)
+ return -1;
+ if (ssh_digest_update(ctx, m, mlen) != 0 ||
+ ssh_digest_final(ctx, d, dlen) != 0)
+ return -1;
+ ssh_digest_free(ctx);
+ return 0;
+}
+
+int
+ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen)
+{
+ return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen);
+}
Added: vendor-crypto/openssh/dist/digest-openssl.c
===================================================================
--- vendor-crypto/openssh/dist/digest-openssl.c (rev 0)
+++ vendor-crypto/openssh/dist/digest-openssl.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,166 @@
+/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
+/*
+ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+
+#include "openbsd-compat/openssl-compat.h"
+
+#include "buffer.h"
+#include "digest.h"
+
+struct ssh_digest_ctx {
+ int alg;
+ EVP_MD_CTX mdctx;
+};
+
+struct ssh_digest {
+ int id;
+ const char *name;
+ size_t digest_len;
+ const EVP_MD *(*mdfunc)(void);
+};
+
+/* NB. Indexed directly by algorithm number */
+const struct ssh_digest digests[] = {
+ { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
+ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
+ { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
+#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
+ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
+ { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
+ { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
+#endif
+ { -1, NULL, 0, NULL },
+};
+
+static const struct ssh_digest *
+ssh_digest_by_alg(int alg)
+{
+ if (alg < 0 || alg >= SSH_DIGEST_MAX)
+ return NULL;
+ if (digests[alg].id != alg) /* sanity */
+ return NULL;
+ return &(digests[alg]);
+}
+
+size_t
+ssh_digest_bytes(int alg)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(alg);
+
+ return digest == NULL ? 0 : digest->digest_len;
+}
+
+size_t
+ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
+{
+ return EVP_MD_CTX_block_size(&ctx->mdctx);
+}
+
+struct ssh_digest_ctx *
+ssh_digest_start(int alg)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(alg);
+ struct ssh_digest_ctx *ret;
+
+ if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
+ return NULL;
+ ret->alg = alg;
+ EVP_MD_CTX_init(&ret->mdctx);
+ if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
+ free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+int
+ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
+{
+ /* we have bcopy-style order while openssl has memcpy-style */
+ if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
+ return -1;
+ return 0;
+}
+
+int
+ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
+{
+ if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
+ return -1;
+ return 0;
+}
+
+int
+ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b)
+{
+ return ssh_digest_update(ctx, buffer_ptr(b), buffer_len(b));
+}
+
+int
+ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
+{
+ const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
+ u_int l = dlen;
+
+ if (dlen > UINT_MAX)
+ return -1;
+ if (dlen < digest->digest_len) /* No truncation allowed */
+ return -1;
+ if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
+ return -1;
+ if (l != digest->digest_len) /* sanity */
+ return -1;
+ return 0;
+}
+
+void
+ssh_digest_free(struct ssh_digest_ctx *ctx)
+{
+ if (ctx != NULL) {
+ EVP_MD_CTX_cleanup(&ctx->mdctx);
+ explicit_bzero(ctx, sizeof(*ctx));
+ free(ctx);
+ }
+}
+
+int
+ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen)
+{
+ struct ssh_digest_ctx *ctx = ssh_digest_start(alg);
+
+ if (ctx == NULL)
+ return -1;
+ if (ssh_digest_update(ctx, m, mlen) != 0 ||
+ ssh_digest_final(ctx, d, dlen) != 0)
+ return -1;
+ ssh_digest_free(ctx);
+ return 0;
+}
+
+int
+ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen)
+{
+ return ssh_digest_memory(alg, buffer_ptr(b), buffer_len(b), d, dlen);
+}
Added: vendor-crypto/openssh/dist/digest.h
===================================================================
--- vendor-crypto/openssh/dist/digest.h (rev 0)
+++ vendor-crypto/openssh/dist/digest.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,63 @@
+/* $OpenBSD: digest.h,v 1.2 2014/01/27 18:58:14 markus Exp $ */
+/*
+ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _DIGEST_H
+#define _DIGEST_H
+
+/* Maximum digest output length */
+#define SSH_DIGEST_MAX_LENGTH 64
+
+/* Digest algorithms */
+#define SSH_DIGEST_MD5 0
+#define SSH_DIGEST_RIPEMD160 1
+#define SSH_DIGEST_SHA1 2
+#define SSH_DIGEST_SHA256 3
+#define SSH_DIGEST_SHA384 4
+#define SSH_DIGEST_SHA512 5
+#define SSH_DIGEST_MAX 6
+
+struct ssh_digest_ctx;
+
+/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */
+size_t ssh_digest_bytes(int alg);
+
+/* Returns the block size of the digest, e.g. for implementing HMAC */
+size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx);
+
+/* Copies internal state of digest of 'from' to 'to' */
+int ssh_digest_copy_state(struct ssh_digest_ctx *from,
+ struct ssh_digest_ctx *to);
+
+/* One-shot API */
+int ssh_digest_memory(int alg, const void *m, size_t mlen,
+ u_char *d, size_t dlen)
+ __attribute__((__bounded__(__buffer__, 2, 3)))
+ __attribute__((__bounded__(__buffer__, 4, 5)));
+int ssh_digest_buffer(int alg, const Buffer *b, u_char *d, size_t dlen)
+ __attribute__((__bounded__(__buffer__, 3, 4)));
+
+/* Update API */
+struct ssh_digest_ctx *ssh_digest_start(int alg);
+int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+int ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const Buffer *b);
+int ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+void ssh_digest_free(struct ssh_digest_ctx *ctx);
+
+#endif /* _DIGEST_H */
+
Added: vendor-crypto/openssh/dist/ed25519.c
===================================================================
--- vendor-crypto/openssh/dist/ed25519.c (rev 0)
+++ vendor-crypto/openssh/dist/ed25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,144 @@
+/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
+ */
+
+#include "includes.h"
+#include "crypto_api.h"
+
+#include "ge25519.h"
+
+static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
+{
+ unsigned long long i;
+
+ for (i = 0;i < 32;++i) playground[i] = sm[i];
+ for (i = 32;i < 64;++i) playground[i] = pk[i-32];
+ for (i = 64;i < smlen;++i) playground[i] = sm[i];
+
+ crypto_hash_sha512(hram,playground,smlen);
+}
+
+
+int crypto_sign_ed25519_keypair(
+ unsigned char *pk,
+ unsigned char *sk
+ )
+{
+ sc25519 scsk;
+ ge25519 gepk;
+ unsigned char extsk[64];
+ int i;
+
+ randombytes(sk, 32);
+ crypto_hash_sha512(extsk, sk, 32);
+ extsk[0] &= 248;
+ extsk[31] &= 127;
+ extsk[31] |= 64;
+
+ sc25519_from32bytes(&scsk,extsk);
+
+ ge25519_scalarmult_base(&gepk, &scsk);
+ ge25519_pack(pk, &gepk);
+ for(i=0;i<32;i++)
+ sk[32 + i] = pk[i];
+ return 0;
+}
+
+int crypto_sign_ed25519(
+ unsigned char *sm,unsigned long long *smlen,
+ const unsigned char *m,unsigned long long mlen,
+ const unsigned char *sk
+ )
+{
+ sc25519 sck, scs, scsk;
+ ge25519 ger;
+ unsigned char r[32];
+ unsigned char s[32];
+ unsigned char extsk[64];
+ unsigned long long i;
+ unsigned char hmg[crypto_hash_sha512_BYTES];
+ unsigned char hram[crypto_hash_sha512_BYTES];
+
+ crypto_hash_sha512(extsk, sk, 32);
+ extsk[0] &= 248;
+ extsk[31] &= 127;
+ extsk[31] |= 64;
+
+ *smlen = mlen+64;
+ for(i=0;i<mlen;i++)
+ sm[64 + i] = m[i];
+ for(i=0;i<32;i++)
+ sm[32 + i] = extsk[32+i];
+
+ crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
+
+ /* Computation of R */
+ sc25519_from64bytes(&sck, hmg);
+ ge25519_scalarmult_base(&ger, &sck);
+ ge25519_pack(r, &ger);
+
+ /* Computation of s */
+ for(i=0;i<32;i++)
+ sm[i] = r[i];
+
+ get_hram(hram, sm, sk+32, sm, mlen+64);
+
+ sc25519_from64bytes(&scs, hram);
+ sc25519_from32bytes(&scsk, extsk);
+ sc25519_mul(&scs, &scs, &scsk);
+
+ sc25519_add(&scs, &scs, &sck);
+
+ sc25519_to32bytes(s,&scs); /* cat s */
+ for(i=0;i<32;i++)
+ sm[32 + i] = s[i];
+
+ return 0;
+}
+
+int crypto_sign_ed25519_open(
+ unsigned char *m,unsigned long long *mlen,
+ const unsigned char *sm,unsigned long long smlen,
+ const unsigned char *pk
+ )
+{
+ unsigned int i;
+ int ret;
+ unsigned char t2[32];
+ ge25519 get1, get2;
+ sc25519 schram, scs;
+ unsigned char hram[crypto_hash_sha512_BYTES];
+
+ *mlen = (unsigned long long) -1;
+ if (smlen < 64) return -1;
+
+ if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
+
+ get_hram(hram,sm,pk,m,smlen);
+
+ sc25519_from64bytes(&schram, hram);
+
+ sc25519_from32bytes(&scs, sm+32);
+
+ ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
+ ge25519_pack(t2, &get2);
+
+ ret = crypto_verify_32(sm, t2);
+
+ if (!ret)
+ {
+ for(i=0;i<smlen-64;i++)
+ m[i] = sm[i + 64];
+ *mlen = smlen-64;
+ }
+ else
+ {
+ for(i=0;i<smlen-64;i++)
+ m[i] = 0;
+ }
+ return ret;
+}
Added: vendor-crypto/openssh/dist/fe25519.c
===================================================================
--- vendor-crypto/openssh/dist/fe25519.c (rev 0)
+++ vendor-crypto/openssh/dist/fe25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,337 @@
+/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c
+ */
+
+#include "includes.h"
+
+#define WINDOWSIZE 1 /* Should be 1,2, or 4 */
+#define WINDOWMASK ((1<<WINDOWSIZE)-1)
+
+#include "fe25519.h"
+
+static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+ crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */
+ x -= 1; /* 4294967295: yes; 0..65534: no */
+ x >>= 31; /* 1: yes; 0: no */
+ return x;
+}
+
+static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+ unsigned int x = a;
+ x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */
+ x >>= 31; /* 0: yes; 1: no */
+ x ^= 1; /* 1: yes; 0: no */
+ return x;
+}
+
+static crypto_uint32 times19(crypto_uint32 a)
+{
+ return (a << 4) + (a << 1) + a;
+}
+
+static crypto_uint32 times38(crypto_uint32 a)
+{
+ return (a << 5) + (a << 2) + (a << 1);
+}
+
+static void reduce_add_sub(fe25519 *r)
+{
+ crypto_uint32 t;
+ int i,rep;
+
+ for(rep=0;rep<4;rep++)
+ {
+ t = r->v[31] >> 7;
+ r->v[31] &= 127;
+ t = times19(t);
+ r->v[0] += t;
+ for(i=0;i<31;i++)
+ {
+ t = r->v[i] >> 8;
+ r->v[i+1] += t;
+ r->v[i] &= 255;
+ }
+ }
+}
+
+static void reduce_mul(fe25519 *r)
+{
+ crypto_uint32 t;
+ int i,rep;
+
+ for(rep=0;rep<2;rep++)
+ {
+ t = r->v[31] >> 7;
+ r->v[31] &= 127;
+ t = times19(t);
+ r->v[0] += t;
+ for(i=0;i<31;i++)
+ {
+ t = r->v[i] >> 8;
+ r->v[i+1] += t;
+ r->v[i] &= 255;
+ }
+ }
+}
+
+/* reduction modulo 2^255-19 */
+void fe25519_freeze(fe25519 *r)
+{
+ int i;
+ crypto_uint32 m = equal(r->v[31],127);
+ for(i=30;i>0;i--)
+ m &= equal(r->v[i],255);
+ m &= ge(r->v[0],237);
+
+ m = -m;
+
+ r->v[31] -= m&127;
+ for(i=30;i>0;i--)
+ r->v[i] -= m&255;
+ r->v[0] -= m&237;
+}
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32])
+{
+ int i;
+ for(i=0;i<32;i++) r->v[i] = x[i];
+ r->v[31] &= 127;
+}
+
+/* Assumes input x being reduced below 2^255 */
+void fe25519_pack(unsigned char r[32], const fe25519 *x)
+{
+ int i;
+ fe25519 y = *x;
+ fe25519_freeze(&y);
+ for(i=0;i<32;i++)
+ r[i] = y.v[i];
+}
+
+int fe25519_iszero(const fe25519 *x)
+{
+ int i;
+ int r;
+ fe25519 t = *x;
+ fe25519_freeze(&t);
+ r = equal(t.v[0],0);
+ for(i=1;i<32;i++)
+ r &= equal(t.v[i],0);
+ return r;
+}
+
+int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
+{
+ int i;
+ fe25519 t1 = *x;
+ fe25519 t2 = *y;
+ fe25519_freeze(&t1);
+ fe25519_freeze(&t2);
+ for(i=0;i<32;i++)
+ if(t1.v[i] != t2.v[i]) return 0;
+ return 1;
+}
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
+{
+ int i;
+ crypto_uint32 mask = b;
+ mask = -mask;
+ for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
+}
+
+unsigned char fe25519_getparity(const fe25519 *x)
+{
+ fe25519 t = *x;
+ fe25519_freeze(&t);
+ return t.v[0] & 1;
+}
+
+void fe25519_setone(fe25519 *r)
+{
+ int i;
+ r->v[0] = 1;
+ for(i=1;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_setzero(fe25519 *r)
+{
+ int i;
+ for(i=0;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_neg(fe25519 *r, const fe25519 *x)
+{
+ fe25519 t;
+ int i;
+ for(i=0;i<32;i++) t.v[i]=x->v[i];
+ fe25519_setzero(r);
+ fe25519_sub(r, r, &t);
+}
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+ int i;
+ for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+ reduce_add_sub(r);
+}
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+ int i;
+ crypto_uint32 t[32];
+ t[0] = x->v[0] + 0x1da;
+ t[31] = x->v[31] + 0xfe;
+ for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
+ for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
+ reduce_add_sub(r);
+}
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+ int i,j;
+ crypto_uint32 t[63];
+ for(i=0;i<63;i++)t[i] = 0;
+
+ for(i=0;i<32;i++)
+ for(j=0;j<32;j++)
+ t[i+j] += x->v[i] * y->v[j];
+
+ for(i=32;i<63;i++)
+ r->v[i-32] = t[i-32] + times38(t[i]);
+ r->v[31] = t[31]; /* result now in r[0]...r[31] */
+
+ reduce_mul(r);
+}
+
+void fe25519_square(fe25519 *r, const fe25519 *x)
+{
+ fe25519_mul(r, x, x);
+}
+
+void fe25519_invert(fe25519 *r, const fe25519 *x)
+{
+ fe25519 z2;
+ fe25519 z9;
+ fe25519 z11;
+ fe25519 z2_5_0;
+ fe25519 z2_10_0;
+ fe25519 z2_20_0;
+ fe25519 z2_50_0;
+ fe25519 z2_100_0;
+ fe25519 t0;
+ fe25519 t1;
+ int i;
+
+ /* 2 */ fe25519_square(&z2,x);
+ /* 4 */ fe25519_square(&t1,&z2);
+ /* 8 */ fe25519_square(&t0,&t1);
+ /* 9 */ fe25519_mul(&z9,&t0,x);
+ /* 11 */ fe25519_mul(&z11,&z9,&z2);
+ /* 22 */ fe25519_square(&t0,&z11);
+ /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
+
+ /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
+ /* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
+ /* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
+ /* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
+ /* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
+ /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
+
+ /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
+ /* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
+ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+ /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
+
+ /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
+ /* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
+ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+ /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
+
+ /* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
+ /* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
+ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+ /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
+
+ /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
+ /* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
+ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+ /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
+
+ /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
+ /* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
+ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+ /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
+
+ /* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
+ /* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
+ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+ /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
+
+ /* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
+ /* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
+ /* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
+ /* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
+ /* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
+ /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
+}
+
+void fe25519_pow2523(fe25519 *r, const fe25519 *x)
+{
+ fe25519 z2;
+ fe25519 z9;
+ fe25519 z11;
+ fe25519 z2_5_0;
+ fe25519 z2_10_0;
+ fe25519 z2_20_0;
+ fe25519 z2_50_0;
+ fe25519 z2_100_0;
+ fe25519 t;
+ int i;
+
+ /* 2 */ fe25519_square(&z2,x);
+ /* 4 */ fe25519_square(&t,&z2);
+ /* 8 */ fe25519_square(&t,&t);
+ /* 9 */ fe25519_mul(&z9,&t,x);
+ /* 11 */ fe25519_mul(&z11,&z9,&z2);
+ /* 22 */ fe25519_square(&t,&z11);
+ /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9);
+
+ /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0);
+ /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); }
+ /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0);
+
+ /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0);
+ /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+ /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0);
+
+ /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0);
+ /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); }
+ /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0);
+
+ /* 2^41 - 2^1 */ fe25519_square(&t,&t);
+ /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+ /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0);
+
+ /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0);
+ /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+ /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0);
+
+ /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0);
+ /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); }
+ /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0);
+
+ /* 2^201 - 2^1 */ fe25519_square(&t,&t);
+ /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+ /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0);
+
+ /* 2^251 - 2^1 */ fe25519_square(&t,&t);
+ /* 2^252 - 2^2 */ fe25519_square(&t,&t);
+ /* 2^252 - 3 */ fe25519_mul(r,&t,x);
+}
Added: vendor-crypto/openssh/dist/fe25519.h
===================================================================
--- vendor-crypto/openssh/dist/fe25519.h (rev 0)
+++ vendor-crypto/openssh/dist/fe25519.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,70 @@
+/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h
+ */
+
+#ifndef FE25519_H
+#define FE25519_H
+
+#include "crypto_api.h"
+
+#define fe25519 crypto_sign_ed25519_ref_fe25519
+#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze
+#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack
+#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack
+#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero
+#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime
+#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov
+#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone
+#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero
+#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg
+#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity
+#define fe25519_add crypto_sign_ed25519_ref_fe25519_add
+#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub
+#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul
+#define fe25519_square crypto_sign_ed25519_ref_fe25519_square
+#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert
+#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523
+
+typedef struct
+{
+ crypto_uint32 v[32];
+}
+fe25519;
+
+void fe25519_freeze(fe25519 *r);
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
+
+void fe25519_pack(unsigned char r[32], const fe25519 *x);
+
+int fe25519_iszero(const fe25519 *x);
+
+int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
+
+void fe25519_setone(fe25519 *r);
+
+void fe25519_setzero(fe25519 *r);
+
+void fe25519_neg(fe25519 *r, const fe25519 *x);
+
+unsigned char fe25519_getparity(const fe25519 *x);
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_square(fe25519 *r, const fe25519 *x);
+
+void fe25519_invert(fe25519 *r, const fe25519 *x);
+
+void fe25519_pow2523(fe25519 *r, const fe25519 *x);
+
+#endif
Added: vendor-crypto/openssh/dist/ge25519.c
===================================================================
--- vendor-crypto/openssh/dist/ge25519.c (rev 0)
+++ vendor-crypto/openssh/dist/ge25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,321 @@
+/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c
+ */
+
+#include "includes.h"
+
+#include "fe25519.h"
+#include "sc25519.h"
+#include "ge25519.h"
+
+/*
+ * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2
+ * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
+ * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
+ */
+
+/* d */
+static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00,
+ 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}};
+/* 2*d */
+static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00,
+ 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}};
+/* sqrt(-1) */
+static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F,
+ 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}};
+
+#define ge25519_p3 ge25519
+
+typedef struct
+{
+ fe25519 x;
+ fe25519 z;
+ fe25519 y;
+ fe25519 t;
+} ge25519_p1p1;
+
+typedef struct
+{
+ fe25519 x;
+ fe25519 y;
+ fe25519 z;
+} ge25519_p2;
+
+typedef struct
+{
+ fe25519 x;
+ fe25519 y;
+} ge25519_aff;
+
+
+/* Packed coordinates of the base point */
+const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69,
+ 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}},
+ {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20,
+ 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}};
+
+/* Multiples of the base point in affine representation */
+static const ge25519_aff ge25519_base_multiples_affine[425] = {
+#include "ge25519_base.data"
+};
+
+static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p)
+{
+ fe25519_mul(&r->x, &p->x, &p->t);
+ fe25519_mul(&r->y, &p->y, &p->z);
+ fe25519_mul(&r->z, &p->z, &p->t);
+}
+
+static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p)
+{
+ p1p1_to_p2((ge25519_p2 *)r, p);
+ fe25519_mul(&r->t, &p->x, &p->y);
+}
+
+static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q)
+{
+ fe25519 a,b,t1,t2,c,d,e,f,g,h,qt;
+ fe25519_mul(&qt, &q->x, &q->y);
+ fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */
+ fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */
+ fe25519_sub(&t1, &q->y, &q->x);
+ fe25519_add(&t2, &q->y, &q->x);
+ fe25519_mul(&a, &a, &t1);
+ fe25519_mul(&b, &b, &t2);
+ fe25519_sub(&e, &b, &a); /* E = B-A */
+ fe25519_add(&h, &b, &a); /* H = B+A */
+ fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */
+ fe25519_mul(&c, &c, &ge25519_ec2d);
+ fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */
+ fe25519_sub(&f, &d, &c); /* F = D-C */
+ fe25519_add(&g, &d, &c); /* G = D+C */
+ fe25519_mul(&r->x, &e, &f);
+ fe25519_mul(&r->y, &h, &g);
+ fe25519_mul(&r->z, &g, &f);
+ fe25519_mul(&r->t, &e, &h);
+}
+
+static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q)
+{
+ fe25519 a, b, c, d, t;
+
+ fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */
+ fe25519_sub(&t, &q->y, &q->x);
+ fe25519_mul(&a, &a, &t);
+ fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */
+ fe25519_add(&t, &q->x, &q->y);
+ fe25519_mul(&b, &b, &t);
+ fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */
+ fe25519_mul(&c, &c, &ge25519_ec2d);
+ fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */
+ fe25519_add(&d, &d, &d);
+ fe25519_sub(&r->x, &b, &a); /* E = B-A */
+ fe25519_sub(&r->t, &d, &c); /* F = D-C */
+ fe25519_add(&r->z, &d, &c); /* G = D+C */
+ fe25519_add(&r->y, &b, &a); /* H = B+A */
+}
+
+/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */
+static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p)
+{
+ fe25519 a,b,c,d;
+ fe25519_square(&a, &p->x);
+ fe25519_square(&b, &p->y);
+ fe25519_square(&c, &p->z);
+ fe25519_add(&c, &c, &c);
+ fe25519_neg(&d, &a);
+
+ fe25519_add(&r->x, &p->x, &p->y);
+ fe25519_square(&r->x, &r->x);
+ fe25519_sub(&r->x, &r->x, &a);
+ fe25519_sub(&r->x, &r->x, &b);
+ fe25519_add(&r->z, &d, &b);
+ fe25519_sub(&r->t, &r->z, &c);
+ fe25519_sub(&r->y, &d, &b);
+}
+
+/* Constant-time version of: if(b) r = p */
+static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b)
+{
+ fe25519_cmov(&r->x, &p->x, b);
+ fe25519_cmov(&r->y, &p->y, b);
+}
+
+static unsigned char equal(signed char b,signed char c)
+{
+ unsigned char ub = b;
+ unsigned char uc = c;
+ unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
+ crypto_uint32 y = x; /* 0: yes; 1..255: no */
+ y -= 1; /* 4294967295: yes; 0..254: no */
+ y >>= 31; /* 1: yes; 0: no */
+ return y;
+}
+
+static unsigned char negative(signed char b)
+{
+ unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+ x >>= 63; /* 1: yes; 0: no */
+ return x;
+}
+
+static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b)
+{
+ /* constant time */
+ fe25519 v;
+ *t = ge25519_base_multiples_affine[5*pos+0];
+ cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
+ cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
+ cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
+ cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
+ fe25519_neg(&v, &t->x);
+ fe25519_cmov(&t->x, &v, negative(b));
+}
+
+static void setneutral(ge25519 *r)
+{
+ fe25519_setzero(&r->x);
+ fe25519_setone(&r->y);
+ fe25519_setone(&r->z);
+ fe25519_setzero(&r->t);
+}
+
+/* ********************************************************************
+ * EXPORTED FUNCTIONS
+ ******************************************************************** */
+
+/* return 0 on success, -1 otherwise */
+int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
+{
+ unsigned char par;
+ fe25519 t, chk, num, den, den2, den4, den6;
+ fe25519_setone(&r->z);
+ par = p[31] >> 7;
+ fe25519_unpack(&r->y, p);
+ fe25519_square(&num, &r->y); /* x = y^2 */
+ fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */
+ fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */
+ fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */
+
+ /* Computation of sqrt(num/den) */
+ /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */
+ fe25519_square(&den2, &den);
+ fe25519_square(&den4, &den2);
+ fe25519_mul(&den6, &den4, &den2);
+ fe25519_mul(&t, &den6, &num);
+ fe25519_mul(&t, &t, &den);
+
+ fe25519_pow2523(&t, &t);
+ /* 2. computation of r->x = t * num * den^3 */
+ fe25519_mul(&t, &t, &num);
+ fe25519_mul(&t, &t, &den);
+ fe25519_mul(&t, &t, &den);
+ fe25519_mul(&r->x, &t, &den);
+
+ /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */
+ fe25519_square(&chk, &r->x);
+ fe25519_mul(&chk, &chk, &den);
+ if (!fe25519_iseq_vartime(&chk, &num))
+ fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1);
+
+ /* 4. Now we have one of the two square roots, except if input was not a square */
+ fe25519_square(&chk, &r->x);
+ fe25519_mul(&chk, &chk, &den);
+ if (!fe25519_iseq_vartime(&chk, &num))
+ return -1;
+
+ /* 5. Choose the desired square root according to parity: */
+ if(fe25519_getparity(&r->x) != (1-par))
+ fe25519_neg(&r->x, &r->x);
+
+ fe25519_mul(&r->t, &r->x, &r->y);
+ return 0;
+}
+
+void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
+{
+ fe25519 tx, ty, zi;
+ fe25519_invert(&zi, &p->z);
+ fe25519_mul(&tx, &p->x, &zi);
+ fe25519_mul(&ty, &p->y, &zi);
+ fe25519_pack(r, &ty);
+ r[31] ^= fe25519_getparity(&tx) << 7;
+}
+
+int ge25519_isneutral_vartime(const ge25519_p3 *p)
+{
+ int ret = 1;
+ if(!fe25519_iszero(&p->x)) ret = 0;
+ if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0;
+ return ret;
+}
+
+/* computes [s1]p1 + [s2]p2 */
+void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2)
+{
+ ge25519_p1p1 tp1p1;
+ ge25519_p3 pre[16];
+ unsigned char b[127];
+ int i;
+
+ /* precomputation s2 s1 */
+ setneutral(pre); /* 00 00 */
+ pre[1] = *p1; /* 00 01 */
+ dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */
+ add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */
+ pre[4] = *p2; /* 01 00 */
+ add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */
+ add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */
+ add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */
+ dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */
+ add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */
+ dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */
+ add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */
+ add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */
+ add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */
+ add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */
+ add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */
+
+ sc25519_2interleave2(b,s1,s2);
+
+ /* scalar multiplication */
+ *r = pre[b[126]];
+ for(i=125;i>=0;i--)
+ {
+ dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+ p1p1_to_p2((ge25519_p2 *) r, &tp1p1);
+ dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+ if(b[i]!=0)
+ {
+ p1p1_to_p3(r, &tp1p1);
+ add_p1p1(&tp1p1, r, &pre[b[i]]);
+ }
+ if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1);
+ else p1p1_to_p3(r, &tp1p1);
+ }
+}
+
+void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
+{
+ signed char b[85];
+ int i;
+ ge25519_aff t;
+ sc25519_window3(b,s);
+
+ choose_t((ge25519_aff *)r, 0, b[0]);
+ fe25519_setone(&r->z);
+ fe25519_mul(&r->t, &r->x, &r->y);
+ for(i=1;i<85;i++)
+ {
+ choose_t(&t, (unsigned long long) i, b[i]);
+ ge25519_mixadd2(r, &t);
+ }
+}
Added: vendor-crypto/openssh/dist/ge25519.h
===================================================================
--- vendor-crypto/openssh/dist/ge25519.h (rev 0)
+++ vendor-crypto/openssh/dist/ge25519.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,43 @@
+/* $OpenBSD: ge25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h
+ */
+
+#ifndef GE25519_H
+#define GE25519_H
+
+#include "fe25519.h"
+#include "sc25519.h"
+
+#define ge25519 crypto_sign_ed25519_ref_ge25519
+#define ge25519_base crypto_sign_ed25519_ref_ge25519_base
+#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime
+#define ge25519_pack crypto_sign_ed25519_ref_pack
+#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime
+#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime
+#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base
+
+typedef struct
+{
+ fe25519 x;
+ fe25519 y;
+ fe25519 z;
+ fe25519 t;
+} ge25519;
+
+const ge25519 ge25519_base;
+
+int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
+
+void ge25519_pack(unsigned char r[32], const ge25519 *p);
+
+int ge25519_isneutral_vartime(const ge25519 *p);
+
+void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2);
+
+void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+
+#endif
Added: vendor-crypto/openssh/dist/ge25519_base.data
===================================================================
--- vendor-crypto/openssh/dist/ge25519_base.data (rev 0)
+++ vendor-crypto/openssh/dist/ge25519_base.data 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,858 @@
+/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data
+ */
+
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} ,
+ {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}},
+{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} ,
+ {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}},
+{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} ,
+ {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}},
+{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} ,
+ {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} ,
+ {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}},
+{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} ,
+ {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}},
+{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} ,
+ {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}},
+{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} ,
+ {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} ,
+ {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}},
+{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} ,
+ {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}},
+{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} ,
+ {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}},
+{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} ,
+ {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} ,
+ {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}},
+{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} ,
+ {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}},
+{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} ,
+ {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}},
+{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} ,
+ {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} ,
+ {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}},
+{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} ,
+ {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}},
+{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} ,
+ {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}},
+{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} ,
+ {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} ,
+ {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}},
+{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} ,
+ {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}},
+{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} ,
+ {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}},
+{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} ,
+ {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} ,
+ {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}},
+{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} ,
+ {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}},
+{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} ,
+ {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}},
+{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} ,
+ {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} ,
+ {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}},
+{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} ,
+ {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}},
+{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} ,
+ {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}},
+{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} ,
+ {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} ,
+ {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}},
+{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} ,
+ {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}},
+{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} ,
+ {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}},
+{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} ,
+ {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} ,
+ {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}},
+{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} ,
+ {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}},
+{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} ,
+ {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}},
+{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} ,
+ {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} ,
+ {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}},
+{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} ,
+ {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}},
+{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} ,
+ {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}},
+{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} ,
+ {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} ,
+ {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}},
+{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} ,
+ {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}},
+{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} ,
+ {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}},
+{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} ,
+ {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} ,
+ {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}},
+{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} ,
+ {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}},
+{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} ,
+ {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}},
+{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} ,
+ {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} ,
+ {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}},
+{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} ,
+ {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}},
+{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} ,
+ {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}},
+{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} ,
+ {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} ,
+ {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}},
+{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} ,
+ {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}},
+{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} ,
+ {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}},
+{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} ,
+ {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} ,
+ {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}},
+{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} ,
+ {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}},
+{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} ,
+ {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}},
+{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} ,
+ {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} ,
+ {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}},
+{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} ,
+ {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}},
+{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} ,
+ {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}},
+{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} ,
+ {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} ,
+ {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}},
+{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} ,
+ {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}},
+{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} ,
+ {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}},
+{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} ,
+ {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} ,
+ {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}},
+{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} ,
+ {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}},
+{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} ,
+ {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}},
+{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} ,
+ {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} ,
+ {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}},
+{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} ,
+ {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}},
+{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} ,
+ {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}},
+{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} ,
+ {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} ,
+ {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}},
+{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} ,
+ {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}},
+{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} ,
+ {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}},
+{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} ,
+ {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} ,
+ {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}},
+{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} ,
+ {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}},
+{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} ,
+ {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}},
+{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} ,
+ {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} ,
+ {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}},
+{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} ,
+ {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}},
+{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} ,
+ {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}},
+{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} ,
+ {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} ,
+ {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}},
+{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} ,
+ {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}},
+{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} ,
+ {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}},
+{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} ,
+ {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} ,
+ {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}},
+{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} ,
+ {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}},
+{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} ,
+ {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}},
+{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} ,
+ {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} ,
+ {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}},
+{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} ,
+ {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}},
+{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} ,
+ {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}},
+{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} ,
+ {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} ,
+ {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}},
+{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} ,
+ {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}},
+{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} ,
+ {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}},
+{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} ,
+ {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} ,
+ {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}},
+{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} ,
+ {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}},
+{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} ,
+ {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}},
+{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} ,
+ {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} ,
+ {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}},
+{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} ,
+ {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}},
+{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} ,
+ {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}},
+{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} ,
+ {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} ,
+ {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}},
+{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} ,
+ {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}},
+{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} ,
+ {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}},
+{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} ,
+ {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} ,
+ {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}},
+{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} ,
+ {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}},
+{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} ,
+ {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}},
+{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} ,
+ {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} ,
+ {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}},
+{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} ,
+ {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}},
+{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} ,
+ {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}},
+{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} ,
+ {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} ,
+ {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}},
+{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} ,
+ {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}},
+{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} ,
+ {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}},
+{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} ,
+ {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} ,
+ {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}},
+{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} ,
+ {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}},
+{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} ,
+ {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}},
+{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} ,
+ {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} ,
+ {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}},
+{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} ,
+ {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}},
+{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} ,
+ {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}},
+{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} ,
+ {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} ,
+ {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}},
+{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} ,
+ {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}},
+{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} ,
+ {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}},
+{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} ,
+ {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} ,
+ {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}},
+{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} ,
+ {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}},
+{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} ,
+ {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}},
+{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} ,
+ {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} ,
+ {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}},
+{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} ,
+ {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}},
+{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} ,
+ {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}},
+{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} ,
+ {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} ,
+ {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}},
+{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} ,
+ {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}},
+{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} ,
+ {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}},
+{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} ,
+ {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} ,
+ {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}},
+{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} ,
+ {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}},
+{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} ,
+ {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}},
+{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} ,
+ {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} ,
+ {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}},
+{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} ,
+ {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}},
+{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} ,
+ {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}},
+{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} ,
+ {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} ,
+ {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}},
+{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} ,
+ {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}},
+{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} ,
+ {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}},
+{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} ,
+ {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} ,
+ {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}},
+{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} ,
+ {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}},
+{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} ,
+ {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}},
+{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} ,
+ {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} ,
+ {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}},
+{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} ,
+ {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}},
+{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} ,
+ {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}},
+{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} ,
+ {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} ,
+ {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}},
+{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} ,
+ {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}},
+{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} ,
+ {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}},
+{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} ,
+ {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} ,
+ {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}},
+{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} ,
+ {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}},
+{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} ,
+ {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}},
+{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} ,
+ {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} ,
+ {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}},
+{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} ,
+ {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}},
+{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} ,
+ {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}},
+{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} ,
+ {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} ,
+ {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}},
+{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} ,
+ {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}},
+{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} ,
+ {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}},
+{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} ,
+ {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} ,
+ {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}},
+{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} ,
+ {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}},
+{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} ,
+ {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}},
+{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} ,
+ {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} ,
+ {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}},
+{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} ,
+ {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}},
+{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} ,
+ {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}},
+{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} ,
+ {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} ,
+ {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}},
+{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} ,
+ {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}},
+{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} ,
+ {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}},
+{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} ,
+ {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} ,
+ {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}},
+{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} ,
+ {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}},
+{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} ,
+ {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}},
+{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} ,
+ {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} ,
+ {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}},
+{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} ,
+ {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}},
+{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} ,
+ {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}},
+{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} ,
+ {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} ,
+ {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}},
+{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} ,
+ {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}},
+{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} ,
+ {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}},
+{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} ,
+ {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} ,
+ {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}},
+{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} ,
+ {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}},
+{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} ,
+ {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}},
+{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} ,
+ {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} ,
+ {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}},
+{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} ,
+ {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}},
+{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} ,
+ {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}},
+{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} ,
+ {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} ,
+ {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}},
+{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} ,
+ {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}},
+{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} ,
+ {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}},
+{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} ,
+ {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} ,
+ {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}},
+{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} ,
+ {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}},
+{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} ,
+ {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}},
+{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} ,
+ {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} ,
+ {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}},
+{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} ,
+ {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}},
+{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} ,
+ {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}},
+{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} ,
+ {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} ,
+ {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}},
+{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} ,
+ {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}},
+{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} ,
+ {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}},
+{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} ,
+ {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} ,
+ {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}},
+{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} ,
+ {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}},
+{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} ,
+ {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}},
+{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} ,
+ {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} ,
+ {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}},
+{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} ,
+ {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}},
+{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} ,
+ {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}},
+{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} ,
+ {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} ,
+ {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}},
+{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} ,
+ {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}},
+{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} ,
+ {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}},
+{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} ,
+ {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} ,
+ {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}},
+{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} ,
+ {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}},
+{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} ,
+ {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}},
+{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} ,
+ {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} ,
+ {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}},
+{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} ,
+ {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}},
+{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} ,
+ {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}},
+{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} ,
+ {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} ,
+ {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}},
+{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} ,
+ {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}},
+{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} ,
+ {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}},
+{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} ,
+ {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} ,
+ {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}},
+{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} ,
+ {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}},
+{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} ,
+ {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}},
+{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} ,
+ {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} ,
+ {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}},
+{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} ,
+ {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}},
+{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} ,
+ {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}},
+{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} ,
+ {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} ,
+ {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}},
+{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} ,
+ {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}},
+{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} ,
+ {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}},
+{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} ,
+ {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} ,
+ {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}},
+{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} ,
+ {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}},
+{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} ,
+ {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}},
+{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} ,
+ {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} ,
+ {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}},
+{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} ,
+ {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}},
+{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} ,
+ {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}},
+{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} ,
+ {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} ,
+ {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}},
+{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} ,
+ {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}},
+{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} ,
+ {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}},
+{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} ,
+ {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} ,
+ {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}},
+{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} ,
+ {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}},
+{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} ,
+ {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}},
+{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} ,
+ {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} ,
+ {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}},
+{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} ,
+ {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}},
+{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} ,
+ {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}},
+{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} ,
+ {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} ,
+ {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}},
+{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} ,
+ {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}},
+{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} ,
+ {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}},
+{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} ,
+ {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} ,
+ {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}},
+{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} ,
+ {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}},
+{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} ,
+ {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}},
+{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} ,
+ {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} ,
+ {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}},
+{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} ,
+ {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}},
+{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} ,
+ {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}},
+{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} ,
+ {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} ,
+ {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}},
+{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} ,
+ {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}},
+{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} ,
+ {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}},
+{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} ,
+ {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} ,
+ {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}},
+{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} ,
+ {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}},
+{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} ,
+ {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}},
+{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} ,
+ {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} ,
+ {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}},
+{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} ,
+ {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}},
+{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} ,
+ {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}},
+{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} ,
+ {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} ,
+ {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}},
+{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} ,
+ {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}},
+{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} ,
+ {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}},
+{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} ,
+ {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} ,
+ {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}},
+{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} ,
+ {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}},
+{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} ,
+ {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}},
+{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} ,
+ {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} ,
+ {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}},
+{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} ,
+ {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}},
+{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} ,
+ {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}},
+{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} ,
+ {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} ,
+ {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}},
+{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} ,
+ {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}},
+{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} ,
+ {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}},
+{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} ,
+ {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} ,
+ {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}},
+{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} ,
+ {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}},
+{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} ,
+ {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}},
+{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} ,
+ {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}}
Modified: vendor-crypto/openssh/dist/gss-serv-krb5.c
===================================================================
--- vendor-crypto/openssh/dist/gss-serv-krb5.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/gss-serv-krb5.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -132,10 +132,16 @@
return;
#ifdef HEIMDAL
+# ifdef HAVE_KRB5_CC_NEW_UNIQUE
if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
NULL, &ccache)) != 0) {
errmsg = krb5_get_error_message(krb_context, problem);
logit("krb5_cc_new_unique(): %.100s", errmsg);
+# else
+ if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
+ logit("krb5_cc_gen_new(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+# endif
krb5_free_error_message(krb_context, errmsg);
return;
}
Modified: vendor-crypto/openssh/dist/gss-serv.c
===================================================================
--- vendor-crypto/openssh/dist/gss-serv.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/gss-serv.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -66,7 +66,26 @@
&gssapi_null_mech,
};
+/*
+ * ssh_gssapi_supported_oids() can cause sandbox violations, so prepare the
+ * list of supported mechanisms before privsep is set up.
+ */
+static gss_OID_set supported_oids;
+void
+ssh_gssapi_prepare_supported_oids(void)
+{
+ ssh_gssapi_supported_oids(&supported_oids);
+}
+
+OM_uint32
+ssh_gssapi_test_oid_supported(OM_uint32 *ms, gss_OID member, int *present)
+{
+ if (supported_oids == NULL)
+ ssh_gssapi_prepare_supported_oids();
+ return gss_test_oid_set_member(ms, member, supported_oids, present);
+}
+
/*
* Acquire credentials for a server running on the current host.
* Requires that the context structure contains a valid OID
@@ -346,7 +365,8 @@
gss_release_buffer(&lmin, &gssapi_client.displayname);
gss_release_buffer(&lmin, &gssapi_client.exportedname);
gss_release_cred(&lmin, &gssapi_client.creds);
- memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
+ explicit_bzero(&gssapi_client,
+ sizeof(ssh_gssapi_client));
return 0;
}
else
Added: vendor-crypto/openssh/dist/hash.c
===================================================================
--- vendor-crypto/openssh/dist/hash.c (rev 0)
+++ vendor-crypto/openssh/dist/hash.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,76 @@
+/* $OpenBSD: hash.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/* Copied from nacl-20110221/crypto_hash/sha512/ref/hash.c */
+
+/*
+20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "includes.h"
+
+#include "crypto_api.h"
+
+#define blocks crypto_hashblocks_sha512
+
+static const unsigned char iv[64] = {
+ 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+ 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+ 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+ 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+ 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+ 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+ 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+ 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+
+typedef unsigned long long uint64;
+
+int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen)
+{
+ unsigned char h[64];
+ unsigned char padded[256];
+ unsigned int i;
+ unsigned long long bytes = inlen;
+
+ for (i = 0;i < 64;++i) h[i] = iv[i];
+
+ blocks(h,in,inlen);
+ in += inlen;
+ inlen &= 127;
+ in -= inlen;
+
+ for (i = 0;i < inlen;++i) padded[i] = in[i];
+ padded[inlen] = 0x80;
+
+ if (inlen < 112) {
+ for (i = inlen + 1;i < 119;++i) padded[i] = 0;
+ padded[119] = bytes >> 61;
+ padded[120] = bytes >> 53;
+ padded[121] = bytes >> 45;
+ padded[122] = bytes >> 37;
+ padded[123] = bytes >> 29;
+ padded[124] = bytes >> 21;
+ padded[125] = bytes >> 13;
+ padded[126] = bytes >> 5;
+ padded[127] = bytes << 3;
+ blocks(h,padded,128);
+ } else {
+ for (i = inlen + 1;i < 247;++i) padded[i] = 0;
+ padded[247] = bytes >> 61;
+ padded[248] = bytes >> 53;
+ padded[249] = bytes >> 45;
+ padded[250] = bytes >> 37;
+ padded[251] = bytes >> 29;
+ padded[252] = bytes >> 21;
+ padded[253] = bytes >> 13;
+ padded[254] = bytes >> 5;
+ padded[255] = bytes << 3;
+ blocks(h,padded,256);
+ }
+
+ for (i = 0;i < 64;++i) out[i] = h[i];
+
+ return 0;
+}
Added: vendor-crypto/openssh/dist/hmac.c
===================================================================
--- vendor-crypto/openssh/dist/hmac.c (rev 0)
+++ vendor-crypto/openssh/dist/hmac.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,197 @@
+/* $OpenBSD: hmac.c,v 1.10 2014/01/31 16:39:19 tedu Exp $ */
+/*
+ * Copyright (c) 2014 Markus Friedl. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <string.h>
+
+#include "buffer.h"
+#include "digest.h"
+#include "hmac.h"
+
+struct ssh_hmac_ctx {
+ int alg;
+ struct ssh_digest_ctx *ictx;
+ struct ssh_digest_ctx *octx;
+ struct ssh_digest_ctx *digest;
+ u_char *buf;
+ size_t buf_len;
+};
+
+size_t
+ssh_hmac_bytes(int alg)
+{
+ return ssh_digest_bytes(alg);
+}
+
+struct ssh_hmac_ctx *
+ssh_hmac_start(int alg)
+{
+ struct ssh_hmac_ctx *ret;
+
+ if ((ret = calloc(1, sizeof(*ret))) == NULL)
+ return NULL;
+ ret->alg = alg;
+ if ((ret->ictx = ssh_digest_start(alg)) == NULL ||
+ (ret->octx = ssh_digest_start(alg)) == NULL ||
+ (ret->digest = ssh_digest_start(alg)) == NULL)
+ goto fail;
+ ret->buf_len = ssh_digest_blocksize(ret->ictx);
+ if ((ret->buf = calloc(1, ret->buf_len)) == NULL)
+ goto fail;
+ return ret;
+fail:
+ ssh_hmac_free(ret);
+ return NULL;
+}
+
+int
+ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen)
+{
+ size_t i;
+
+ /* reset ictx and octx if no is key given */
+ if (key != NULL) {
+ /* truncate long keys */
+ if (klen <= ctx->buf_len)
+ memcpy(ctx->buf, key, klen);
+ else if (ssh_digest_memory(ctx->alg, key, klen, ctx->buf,
+ ctx->buf_len) < 0)
+ return -1;
+ for (i = 0; i < ctx->buf_len; i++)
+ ctx->buf[i] ^= 0x36;
+ if (ssh_digest_update(ctx->ictx, ctx->buf, ctx->buf_len) < 0)
+ return -1;
+ for (i = 0; i < ctx->buf_len; i++)
+ ctx->buf[i] ^= 0x36 ^ 0x5c;
+ if (ssh_digest_update(ctx->octx, ctx->buf, ctx->buf_len) < 0)
+ return -1;
+ explicit_bzero(ctx->buf, ctx->buf_len);
+ }
+ /* start with ictx */
+ if (ssh_digest_copy_state(ctx->ictx, ctx->digest) < 0)
+ return -1;
+ return 0;
+}
+
+int
+ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen)
+{
+ return ssh_digest_update(ctx->digest, m, mlen);
+}
+
+int
+ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const Buffer *b)
+{
+ return ssh_digest_update_buffer(ctx->digest, b);
+}
+
+int
+ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen)
+{
+ size_t len;
+
+ len = ssh_digest_bytes(ctx->alg);
+ if (dlen < len ||
+ ssh_digest_final(ctx->digest, ctx->buf, len))
+ return -1;
+ /* switch to octx */
+ if (ssh_digest_copy_state(ctx->octx, ctx->digest) < 0 ||
+ ssh_digest_update(ctx->digest, ctx->buf, len) < 0 ||
+ ssh_digest_final(ctx->digest, d, dlen) < 0)
+ return -1;
+ return 0;
+}
+
+void
+ssh_hmac_free(struct ssh_hmac_ctx *ctx)
+{
+ if (ctx != NULL) {
+ ssh_digest_free(ctx->ictx);
+ ssh_digest_free(ctx->octx);
+ ssh_digest_free(ctx->digest);
+ if (ctx->buf) {
+ explicit_bzero(ctx->buf, ctx->buf_len);
+ free(ctx->buf);
+ }
+ explicit_bzero(ctx, sizeof(*ctx));
+ free(ctx);
+ }
+}
+
+#ifdef TEST
+
+/* cc -DTEST hmac.c digest.c buffer.c cleanup.c fatal.c log.c xmalloc.c -lcrypto */
+static void
+hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen)
+{
+ struct ssh_hmac_ctx *ctx;
+ size_t i;
+ u_char digest[16];
+
+ if ((ctx = ssh_hmac_start(SSH_DIGEST_MD5)) == NULL)
+ printf("ssh_hmac_start failed");
+ if (ssh_hmac_init(ctx, key, klen) < 0 ||
+ ssh_hmac_update(ctx, m, mlen) < 0 ||
+ ssh_hmac_final(ctx, digest, sizeof(digest)) < 0)
+ printf("ssh_hmac_xxx failed");
+ ssh_hmac_free(ctx);
+
+ if (memcmp(e, digest, elen)) {
+ for (i = 0; i < elen; i++)
+ printf("[%zd] %2.2x %2.2x\n", i, e[i], digest[i]);
+ printf("mismatch\n");
+ } else
+ printf("ok\n");
+}
+
+int
+main(int argc, char **argv)
+{
+ /* try test vectors from RFC 2104 */
+
+ u_char key1[16] = {
+ 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+ 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb };
+ u_char *data1 = "Hi There";
+ u_char dig1[16] = {
+ 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c,
+ 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d };
+
+ u_char *key2 = "Jefe";
+ u_char *data2 = "what do ya want for nothing?";
+ u_char dig2[16] = {
+ 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03,
+ 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 };
+
+ u_char key3[16];
+ u_char data3[50];
+ u_char dig3[16] = {
+ 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88,
+ 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 };
+ memset(key3, 0xaa, sizeof(key3));
+ memset(data3, 0xdd, sizeof(data3));
+
+ hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1));
+ hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2));
+ hmac_test(key3, sizeof(key3), data3, sizeof(data3), dig3, sizeof(dig3));
+
+ return 0;
+}
+
+#endif
Added: vendor-crypto/openssh/dist/hmac.h
===================================================================
--- vendor-crypto/openssh/dist/hmac.h (rev 0)
+++ vendor-crypto/openssh/dist/hmac.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,37 @@
+/* $OpenBSD: hmac.h,v 1.6 2014/01/27 18:58:14 markus Exp $ */
+/*
+ * Copyright (c) 2014 Markus Friedl. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _HMAC_H
+#define _HMAC_H
+
+/* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */
+size_t ssh_hmac_bytes(int alg);
+
+struct ssh_hmac_ctx;
+struct ssh_hmac_ctx *ssh_hmac_start(int alg);
+
+/* Sets the state of the HMAC or resets the state if key == NULL */
+int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const Buffer *b);
+int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen)
+ __attribute__((__bounded__(__buffer__, 2, 3)));
+void ssh_hmac_free(struct ssh_hmac_ctx *ctx);
+
+#endif /* _HMAC_H */
Modified: vendor-crypto/openssh/dist/hostfile.c
===================================================================
--- vendor-crypto/openssh/dist/hostfile.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/hostfile.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,6 @@
#include <netinet/in.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-
#include <resolv.h>
#include <stdarg.h>
#include <stdio.h>
@@ -57,6 +54,8 @@
#include "hostfile.h"
#include "log.h"
#include "misc.h"
+#include "digest.h"
+#include "hmac.h"
struct hostkeys {
struct hostkey_entry *entries;
@@ -101,9 +100,9 @@
debug2("extract_salt: salt decode error");
return (-1);
}
- if (ret != SHA_DIGEST_LENGTH) {
- debug2("extract_salt: expected salt len %d, got %d",
- SHA_DIGEST_LENGTH, ret);
+ if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) {
+ debug2("extract_salt: expected salt len %zd, got %d",
+ ssh_hmac_bytes(SSH_DIGEST_SHA1), ret);
return (-1);
}
@@ -113,14 +112,13 @@
char *
host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
{
- const EVP_MD *md = EVP_sha1();
- HMAC_CTX mac_ctx;
+ struct ssh_hmac_ctx *ctx;
u_char salt[256], result[256];
char uu_salt[512], uu_result[512];
static char encoded[1024];
u_int i, len;
- len = EVP_MD_size(md);
+ len = ssh_digest_bytes(SSH_DIGEST_SHA1);
if (name_from_hostfile == NULL) {
/* Create new salt */
@@ -133,14 +131,16 @@
return (NULL);
}
- HMAC_Init(&mac_ctx, salt, len, md);
- HMAC_Update(&mac_ctx, (u_char *)host, strlen(host));
- HMAC_Final(&mac_ctx, result, NULL);
- HMAC_cleanup(&mac_ctx);
+ if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
+ ssh_hmac_init(ctx, salt, len) < 0 ||
+ ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
+ ssh_hmac_final(ctx, result, sizeof(result)))
+ fatal("%s: ssh_hmac failed", __func__);
+ ssh_hmac_free(ctx);
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
- fatal("host_hash: __b64_ntop failed");
+ fatal("%s: __b64_ntop failed", __func__);
snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
HASH_DELIM, uu_result);
@@ -333,10 +333,10 @@
free(hostkeys->entries[i].host);
free(hostkeys->entries[i].file);
key_free(hostkeys->entries[i].key);
- bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
+ explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
}
free(hostkeys->entries);
- bzero(hostkeys, sizeof(*hostkeys));
+ explicit_bzero(hostkeys, sizeof(*hostkeys));
free(hostkeys);
}
Deleted: vendor-crypto/openssh/dist/jpake.c
===================================================================
--- vendor-crypto/openssh/dist/jpake.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/jpake.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,456 +0,0 @@
-/* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
-/*
- * Copyright (c) 2008 Damien Miller. All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Shared components of zero-knowledge password auth using J-PAKE protocol
- * as described in:
- *
- * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
- * 16th Workshop on Security Protocols, Cambridge, April 2008
- *
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-
-#include "xmalloc.h"
-#include "ssh2.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "buffer.h"
-#include "packet.h"
-#include "dispatch.h"
-#include "log.h"
-#include "misc.h"
-
-#include "jpake.h"
-#include "schnorr.h"
-
-#ifdef JPAKE
-
-/* RFC3526 group 5, 1536 bits */
-#define JPAKE_GROUP_G "2"
-#define JPAKE_GROUP_P \
- "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" \
- "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" \
- "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" \
- "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \
- "9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
-
-struct modp_group *
-jpake_default_group(void)
-{
- return modp_group_from_g_and_safe_p(JPAKE_GROUP_G, JPAKE_GROUP_P);
-}
-
-struct jpake_ctx *
-jpake_new(void)
-{
- struct jpake_ctx *ret;
-
- ret = xcalloc(1, sizeof(*ret));
-
- ret->grp = jpake_default_group();
-
- ret->s = ret->k = NULL;
- ret->x1 = ret->x2 = ret->x3 = ret->x4 = NULL;
- ret->g_x1 = ret->g_x2 = ret->g_x3 = ret->g_x4 = NULL;
- ret->a = ret->b = NULL;
-
- ret->client_id = ret->server_id = NULL;
- ret->h_k_cid_sessid = ret->h_k_sid_sessid = NULL;
-
- debug3("%s: alloc %p", __func__, ret);
-
- return ret;
-}
-
-void
-jpake_free(struct jpake_ctx *pctx)
-{
- debug3("%s: free %p", __func__, pctx);
-
-#define JPAKE_BN_CLEAR_FREE(v) \
- do { \
- if ((v) != NULL) { \
- BN_clear_free(v); \
- (v) = NULL; \
- } \
- } while (0)
-#define JPAKE_BUF_CLEAR_FREE(v, l) \
- do { \
- if ((v) != NULL) { \
- bzero((v), (l)); \
- free(v); \
- (v) = NULL; \
- (l) = 0; \
- } \
- } while (0)
-
- JPAKE_BN_CLEAR_FREE(pctx->s);
- JPAKE_BN_CLEAR_FREE(pctx->k);
- JPAKE_BN_CLEAR_FREE(pctx->x1);
- JPAKE_BN_CLEAR_FREE(pctx->x2);
- JPAKE_BN_CLEAR_FREE(pctx->x3);
- JPAKE_BN_CLEAR_FREE(pctx->x4);
- JPAKE_BN_CLEAR_FREE(pctx->g_x1);
- JPAKE_BN_CLEAR_FREE(pctx->g_x2);
- JPAKE_BN_CLEAR_FREE(pctx->g_x3);
- JPAKE_BN_CLEAR_FREE(pctx->g_x4);
- JPAKE_BN_CLEAR_FREE(pctx->a);
- JPAKE_BN_CLEAR_FREE(pctx->b);
-
- JPAKE_BUF_CLEAR_FREE(pctx->client_id, pctx->client_id_len);
- JPAKE_BUF_CLEAR_FREE(pctx->server_id, pctx->server_id_len);
- JPAKE_BUF_CLEAR_FREE(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
- JPAKE_BUF_CLEAR_FREE(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
-
-#undef JPAKE_BN_CLEAR_FREE
-#undef JPAKE_BUF_CLEAR_FREE
-
- bzero(pctx, sizeof(*pctx));
- free(pctx);
-}
-
-/* dump entire jpake_ctx. NB. includes private values! */
-void
-jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...)
-{
- char *out;
- va_list args;
-
- out = NULL;
- va_start(args, fmt);
- vasprintf(&out, fmt, args);
- va_end(args);
- if (out == NULL)
- fatal("%s: vasprintf failed", __func__);
-
- debug3("%s: %s (ctx at %p)", __func__, out, pctx);
- if (pctx == NULL) {
- free(out);
- return;
- }
-
-#define JPAKE_DUMP_BN(a) do { \
- if ((a) != NULL) \
- JPAKE_DEBUG_BN(((a), "%s = ", #a)); \
- } while (0)
-#define JPAKE_DUMP_BUF(a, b) do { \
- if ((a) != NULL) \
- JPAKE_DEBUG_BUF((a, b, "%s", #a)); \
- } while (0)
-
- JPAKE_DUMP_BN(pctx->s);
- JPAKE_DUMP_BN(pctx->k);
- JPAKE_DUMP_BN(pctx->x1);
- JPAKE_DUMP_BN(pctx->x2);
- JPAKE_DUMP_BN(pctx->x3);
- JPAKE_DUMP_BN(pctx->x4);
- JPAKE_DUMP_BN(pctx->g_x1);
- JPAKE_DUMP_BN(pctx->g_x2);
- JPAKE_DUMP_BN(pctx->g_x3);
- JPAKE_DUMP_BN(pctx->g_x4);
- JPAKE_DUMP_BN(pctx->a);
- JPAKE_DUMP_BN(pctx->b);
-
- JPAKE_DUMP_BUF(pctx->client_id, pctx->client_id_len);
- JPAKE_DUMP_BUF(pctx->server_id, pctx->server_id_len);
- JPAKE_DUMP_BUF(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
- JPAKE_DUMP_BUF(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
-
- debug3("%s: %s done", __func__, out);
- free(out);
-}
-
-/* Shared parts of step 1 exchange calculation */
-void
-jpake_step1(struct modp_group *grp,
- u_char **id, u_int *id_len,
- BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
- u_char **priv1_proof, u_int *priv1_proof_len,
- u_char **priv2_proof, u_int *priv2_proof_len)
-{
- BN_CTX *bn_ctx;
-
- if ((bn_ctx = BN_CTX_new()) == NULL)
- fatal("%s: BN_CTX_new", __func__);
-
- /* Random nonce to prevent replay */
- *id = xmalloc(KZP_ID_LEN);
- *id_len = KZP_ID_LEN;
- arc4random_buf(*id, *id_len);
-
- /*
- * x1/x3 is a random element of Zq
- * x2/x4 is a random element of Z*q
- * We also exclude [1] from x1/x3 candidates and [0, 1] from
- * x2/x4 candiates to avoid possible degeneracy (i.e. g^0, g^1).
- */
- if ((*priv1 = bn_rand_range_gt_one(grp->q)) == NULL ||
- (*priv2 = bn_rand_range_gt_one(grp->q)) == NULL)
- fatal("%s: bn_rand_range_gt_one", __func__);
-
- /*
- * client: g_x1 = g^x1 mod p / server: g_x3 = g^x3 mod p
- * client: g_x2 = g^x2 mod p / server: g_x4 = g^x4 mod p
- */
- if ((*g_priv1 = BN_new()) == NULL ||
- (*g_priv2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- if (BN_mod_exp(*g_priv1, grp->g, *priv1, grp->p, bn_ctx) == -1)
- fatal("%s: BN_mod_exp", __func__);
- if (BN_mod_exp(*g_priv2, grp->g, *priv2, grp->p, bn_ctx) == -1)
- fatal("%s: BN_mod_exp", __func__);
-
- /* Generate proofs for holding x1/x3 and x2/x4 */
- if (schnorr_sign_buf(grp->p, grp->q, grp->g,
- *priv1, *g_priv1, *id, *id_len,
- priv1_proof, priv1_proof_len) != 0)
- fatal("%s: schnorr_sign", __func__);
- if (schnorr_sign_buf(grp->p, grp->q, grp->g,
- *priv2, *g_priv2, *id, *id_len,
- priv2_proof, priv2_proof_len) != 0)
- fatal("%s: schnorr_sign", __func__);
-
- BN_CTX_free(bn_ctx);
-}
-
-/* Shared parts of step 2 exchange calculation */
-void
-jpake_step2(struct modp_group *grp, BIGNUM *s,
- BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
- const u_char *theirid, u_int theirid_len,
- const u_char *myid, u_int myid_len,
- const u_char *theirpub1_proof, u_int theirpub1_proof_len,
- const u_char *theirpub2_proof, u_int theirpub2_proof_len,
- BIGNUM **newpub,
- u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
-{
- BN_CTX *bn_ctx;
- BIGNUM *tmp, *exponent;
-
- /* Validate peer's step 1 values */
- if (BN_cmp(theirpub1, BN_value_one()) <= 0)
- fatal("%s: theirpub1 <= 1", __func__);
- if (BN_cmp(theirpub1, grp->p) >= 0)
- fatal("%s: theirpub1 >= p", __func__);
- if (BN_cmp(theirpub2, BN_value_one()) <= 0)
- fatal("%s: theirpub2 <= 1", __func__);
- if (BN_cmp(theirpub2, grp->p) >= 0)
- fatal("%s: theirpub2 >= p", __func__);
-
- if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1,
- theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1)
- fatal("%s: schnorr_verify theirpub1 failed", __func__);
- if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub2,
- theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1)
- fatal("%s: schnorr_verify theirpub2 failed", __func__);
-
- if ((bn_ctx = BN_CTX_new()) == NULL)
- fatal("%s: BN_CTX_new", __func__);
-
- if ((*newpub = BN_new()) == NULL ||
- (tmp = BN_new()) == NULL ||
- (exponent = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- /*
- * client: exponent = x2 * s mod p
- * server: exponent = x4 * s mod p
- */
- if (BN_mod_mul(exponent, mypriv2, s, grp->q, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (exponent = mypriv2 * s mod p)",
- __func__);
-
- /*
- * client: tmp = g^(x1 + x3 + x4) mod p
- * server: tmp = g^(x1 + x2 + x3) mod p
- */
- if (BN_mod_mul(tmp, mypub1, theirpub1, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (tmp = mypub1 * theirpub1 mod p)",
- __func__);
- if (BN_mod_mul(tmp, tmp, theirpub2, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (tmp = tmp * theirpub2 mod p)", __func__);
-
- /*
- * client: a = tmp^exponent = g^((x1+x3+x4) * x2 * s) mod p
- * server: b = tmp^exponent = g^((x1+x2+x3) * x4 * s) mod p
- */
- if (BN_mod_exp(*newpub, tmp, exponent, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (newpub = tmp^exponent mod p)", __func__);
-
- JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__));
- JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__));
-
- /* Note the generator here is 'tmp', not g */
- if (schnorr_sign_buf(grp->p, grp->q, tmp, exponent, *newpub,
- myid, myid_len,
- newpub_exponent_proof, newpub_exponent_proof_len) != 0)
- fatal("%s: schnorr_sign newpub", __func__);
-
- BN_clear_free(tmp); /* XXX stash for later use? */
- BN_clear_free(exponent); /* XXX stash for later use? (yes, in conf) */
-
- BN_CTX_free(bn_ctx);
-}
-
-/* Confirmation hash calculation */
-void
-jpake_confirm_hash(const BIGNUM *k,
- const u_char *endpoint_id, u_int endpoint_id_len,
- const u_char *sess_id, u_int sess_id_len,
- u_char **confirm_hash, u_int *confirm_hash_len)
-{
- Buffer b;
-
- /*
- * Calculate confirmation proof:
- * client: H(k || client_id || session_id)
- * server: H(k || server_id || session_id)
- */
- buffer_init(&b);
- buffer_put_bignum2(&b, k);
- buffer_put_string(&b, endpoint_id, endpoint_id_len);
- buffer_put_string(&b, sess_id, sess_id_len);
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
- confirm_hash, confirm_hash_len) != 0)
- fatal("%s: hash_buffer", __func__);
- buffer_free(&b);
-}
-
-/* Shared parts of key derivation and confirmation calculation */
-void
-jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
- BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
- BIGNUM *theirpub1, BIGNUM *theirpub2,
- const u_char *my_id, u_int my_id_len,
- const u_char *their_id, u_int their_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
- BIGNUM **k,
- u_char **confirm_hash, u_int *confirm_hash_len)
-{
- BN_CTX *bn_ctx;
- BIGNUM *tmp;
-
- if ((bn_ctx = BN_CTX_new()) == NULL)
- fatal("%s: BN_CTX_new", __func__);
- if ((tmp = BN_new()) == NULL ||
- (*k = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- /* Validate step 2 values */
- if (BN_cmp(step2_val, BN_value_one()) <= 0)
- fatal("%s: step2_val <= 1", __func__);
- if (BN_cmp(step2_val, grp->p) >= 0)
- fatal("%s: step2_val >= p", __func__);
-
- /*
- * theirpriv2_s_proof is calculated with a different generator:
- * tmp = g^(mypriv1+mypriv2+theirpub1) = g^mypub1*g^mypub2*g^theirpub1
- * Calculate it here so we can check the signature.
- */
- if (BN_mod_mul(tmp, mypub1, mypub2, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (tmp = mypub1 * mypub2 mod p)", __func__);
- if (BN_mod_mul(tmp, tmp, theirpub1, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (tmp = tmp * theirpub1 mod p)", __func__);
-
- JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__));
-
- if (schnorr_verify_buf(grp->p, grp->q, tmp, step2_val,
- their_id, their_id_len,
- theirpriv2_s_proof, theirpriv2_s_proof_len) != 1)
- fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__);
-
- /*
- * Derive shared key:
- * client: k = (b / g^(x2*x4*s))^x2 = g^((x1+x3)*x2*x4*s)
- * server: k = (a / g^(x2*x4*s))^x4 = g^((x1+x3)*x2*x4*s)
- *
- * Computed as:
- * client: k = (g_x4^(q - (x2 * s)) * b)^x2 mod p
- * server: k = (g_x2^(q - (x4 * s)) * b)^x4 mod p
- */
- if (BN_mul(tmp, mypriv2, s, bn_ctx) != 1)
- fatal("%s: BN_mul (tmp = mypriv2 * s)", __func__);
- if (BN_mod_sub(tmp, grp->q, tmp, grp->q, bn_ctx) != 1)
- fatal("%s: BN_mod_sub (tmp = q - tmp mod q)", __func__);
- if (BN_mod_exp(tmp, theirpub2, tmp, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_exp (tmp = theirpub2^tmp) mod p", __func__);
- if (BN_mod_mul(tmp, tmp, step2_val, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_mul (tmp = tmp * step2_val) mod p", __func__);
- if (BN_mod_exp(*k, tmp, mypriv2, grp->p, bn_ctx) != 1)
- fatal("%s: BN_mod_exp (k = tmp^mypriv2) mod p", __func__);
-
- BN_CTX_free(bn_ctx);
- BN_clear_free(tmp);
-
- jpake_confirm_hash(*k, my_id, my_id_len, sess_id, sess_id_len,
- confirm_hash, confirm_hash_len);
-}
-
-/*
- * Calculate and check confirmation hash from peer. Returns 1 on success
- * 0 on failure/mismatch.
- */
-int
-jpake_check_confirm(const BIGNUM *k,
- const u_char *peer_id, u_int peer_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
-{
- u_char *expected_confirm_hash;
- u_int expected_confirm_hash_len;
- int success = 0;
-
- /* Calculate and verify expected confirmation hash */
- jpake_confirm_hash(k, peer_id, peer_id_len, sess_id, sess_id_len,
- &expected_confirm_hash, &expected_confirm_hash_len);
-
- JPAKE_DEBUG_BUF((expected_confirm_hash, expected_confirm_hash_len,
- "%s: expected confirm hash", __func__));
- JPAKE_DEBUG_BUF((peer_confirm_hash, peer_confirm_hash_len,
- "%s: received confirm hash", __func__));
-
- if (peer_confirm_hash_len != expected_confirm_hash_len)
- error("%s: confirmation length mismatch (my %u them %u)",
- __func__, expected_confirm_hash_len, peer_confirm_hash_len);
- else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash,
- expected_confirm_hash_len) == 0)
- success = 1;
- bzero(expected_confirm_hash, expected_confirm_hash_len);
- free(expected_confirm_hash);
- debug3("%s: success = %d", __func__, success);
- return success;
-}
-
-/* XXX main() function with tests */
-
-#endif /* JPAKE */
-
Deleted: vendor-crypto/openssh/dist/jpake.h
===================================================================
--- vendor-crypto/openssh/dist/jpake.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/jpake.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,114 +0,0 @@
-/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */
-/*
- * Copyright (c) 2008 Damien Miller. All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef JPAKE_H
-#define JPAKE_H
-
-#include <sys/types.h>
-
-#include <openssl/bn.h>
-
-/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */
-#ifndef JPAKE_DEBUG
-# define JPAKE_DEBUG_BN(a)
-# define JPAKE_DEBUG_BUF(a)
-# define JPAKE_DEBUG_CTX(a)
-#else
-# define JPAKE_DEBUG_BN(a) debug3_bn a
-# define JPAKE_DEBUG_BUF(a) debug3_buf a
-# define JPAKE_DEBUG_CTX(a) jpake_dump a
-#endif /* JPAKE_DEBUG */
-
-#define KZP_ID_LEN 16 /* Length of client and server IDs */
-
-struct jpake_ctx {
- /* Parameters */
- struct modp_group *grp;
-
- /* Private values shared by client and server */
- BIGNUM *s; /* Secret (salted, crypted password) */
- BIGNUM *k; /* Derived key */
-
- /* Client private values (NULL for server) */
- BIGNUM *x1; /* random in Zq */
- BIGNUM *x2; /* random in Z*q */
-
- /* Server private values (NULL for server) */
- BIGNUM *x3; /* random in Zq */
- BIGNUM *x4; /* random in Z*q */
-
- /* Step 1: C->S */
- u_char *client_id; /* Anti-replay nonce */
- u_int client_id_len;
- BIGNUM *g_x1; /* g^x1 */
- BIGNUM *g_x2; /* g^x2 */
-
- /* Step 1: S->C */
- u_char *server_id; /* Anti-replay nonce */
- u_int server_id_len;
- BIGNUM *g_x3; /* g^x3 */
- BIGNUM *g_x4; /* g^x4 */
-
- /* Step 2: C->S */
- BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */
-
- /* Step 2: S->C */
- BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */
-
- /* Confirmation: C->S */
- u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */
- u_int h_k_cid_sessid_len;
-
- /* Confirmation: S->C */
- u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */
- u_int h_k_sid_sessid_len;
-};
-
-/* jpake.c */
-struct modp_group *jpake_default_group(void);
-void jpake_dump(struct jpake_ctx *, const char *, ...)
- __attribute__((__nonnull__ (2)))
- __attribute__((format(printf, 2, 3)));
-struct jpake_ctx *jpake_new(void);
-void jpake_free(struct jpake_ctx *);
-
-void jpake_step1(struct modp_group *, u_char **, u_int *,
- BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
- u_char **, u_int *, u_char **, u_int *);
-
-void jpake_step2(struct modp_group *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-
-void jpake_confirm_hash(const BIGNUM *,
- const u_char *, u_int,
- const u_char *, u_int,
- u_char **, u_int *);
-
-void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-
-int jpake_check_confirm(const BIGNUM *, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int);
-
-#endif /* JPAKE_H */
-
Modified: vendor-crypto/openssh/dist/kex.c
===================================================================
--- vendor-crypto/openssh/dist/kex.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kex.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -49,6 +49,7 @@
#include "dispatch.h"
#include "monitor.h"
#include "roaming.h"
+#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
@@ -66,25 +67,34 @@
char *name;
int type;
int ec_nid;
- const EVP_MD *(*mdfunc)(void);
+ int hash_alg;
};
static const struct kexalg kexalgs[] = {
- { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
- { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
- { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
+ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
+ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
+ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
#ifdef HAVE_EVP_SHA256
- { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
#endif
#ifdef OPENSSL_HAS_ECC
- { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
- { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
- { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
+ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
+ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
+ SSH_DIGEST_SHA384 },
+# ifdef OPENSSL_HAS_NISTP521
+ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
+ SSH_DIGEST_SHA512 },
+# endif
#endif
- { NULL, -1, -1, NULL},
+ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
+#ifdef HAVE_EVP_SHA256
+ { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+#endif
+ { NULL, -1, -1, -1},
};
char *
-kex_alg_list(void)
+kex_alg_list(char sep)
{
char *ret = NULL;
size_t nlen, rlen = 0;
@@ -92,7 +102,7 @@
for (k = kexalgs; k->name != NULL; k++) {
if (ret != NULL)
- ret[rlen++] = '\n';
+ ret[rlen++] = sep;
nlen = strlen(k->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, k->name, nlen + 1);
@@ -401,7 +411,7 @@
if ((kexalg = kex_alg_by_name(k->name)) == NULL)
fatal("unsupported kex alg %s", k->name);
k->kex_type = kexalg->type;
- k->evp_md = kexalg->mdfunc();
+ k->hash_alg = kexalg->hash_alg;
k->ec_nid = kexalg->ec_nid;
}
@@ -448,7 +458,7 @@
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
- u_int mode, ctos, need, authlen;
+ u_int mode, ctos, need, dh_need, authlen;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
@@ -496,20 +506,21 @@
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
- need = 0;
+ need = dh_need = 0;
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = kex->newkeys[mode];
- if (need < newkeys->enc.key_len)
- need = newkeys->enc.key_len;
- if (need < newkeys->enc.block_size)
- need = newkeys->enc.block_size;
- if (need < newkeys->enc.iv_len)
- need = newkeys->enc.iv_len;
- if (need < newkeys->mac.key_len)
- need = newkeys->mac.key_len;
+ need = MAX(need, newkeys->enc.key_len);
+ need = MAX(need, newkeys->enc.block_size);
+ need = MAX(need, newkeys->enc.iv_len);
+ need = MAX(need, newkeys->mac.key_len);
+ dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher));
+ dh_need = MAX(dh_need, newkeys->enc.block_size);
+ dh_need = MAX(dh_need, newkeys->enc.iv_len);
+ dh_need = MAX(dh_need, newkeys->mac.key_len);
}
/* XXX need runden? */
kex->we_need = need;
+ kex->dh_need = dh_need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
@@ -524,30 +535,34 @@
static u_char *
derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
- BIGNUM *shared_secret)
+ const u_char *shared_secret, u_int slen)
{
Buffer b;
- EVP_MD_CTX md;
+ struct ssh_digest_ctx *hashctx;
char c = id;
u_int have;
- int mdsz;
+ size_t mdsz;
u_char *digest;
- if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
- fatal("bad kex md size %d", mdsz);
+ if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)
+ fatal("bad kex md size %zu", mdsz);
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
- buffer_put_bignum2(&b, shared_secret);
+ buffer_append(&b, shared_secret, slen);
/* K1 = HASH(K || H || "A" || session_id) */
- EVP_DigestInit(&md, kex->evp_md);
- if (!(datafellows & SSH_BUG_DERIVEKEY))
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestUpdate(&md, hash, hashlen);
- EVP_DigestUpdate(&md, &c, 1);
- EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
- EVP_DigestFinal(&md, digest, NULL);
+ if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL)
+ fatal("%s: ssh_digest_start failed", __func__);
+ if (ssh_digest_update_buffer(hashctx, &b) != 0 ||
+ ssh_digest_update(hashctx, hash, hashlen) != 0 ||
+ ssh_digest_update(hashctx, &c, 1) != 0 ||
+ ssh_digest_update(hashctx, kex->session_id,
+ kex->session_id_len) != 0)
+ fatal("%s: ssh_digest_update failed", __func__);
+ if (ssh_digest_final(hashctx, digest, mdsz) != 0)
+ fatal("%s: ssh_digest_final failed", __func__);
+ ssh_digest_free(hashctx);
/*
* expand key:
@@ -555,12 +570,15 @@
* Key = K1 || K2 || ... || Kn
*/
for (have = mdsz; need > have; have += mdsz) {
- EVP_DigestInit(&md, kex->evp_md);
- if (!(datafellows & SSH_BUG_DERIVEKEY))
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestUpdate(&md, hash, hashlen);
- EVP_DigestUpdate(&md, digest, have);
- EVP_DigestFinal(&md, digest + have, NULL);
+ if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL)
+ fatal("%s: ssh_digest_start failed", __func__);
+ if (ssh_digest_update_buffer(hashctx, &b) != 0 ||
+ ssh_digest_update(hashctx, hash, hashlen) != 0 ||
+ ssh_digest_update(hashctx, digest, have) != 0)
+ fatal("%s: ssh_digest_update failed", __func__);
+ if (ssh_digest_final(hashctx, digest + have, mdsz) != 0)
+ fatal("%s: ssh_digest_final failed", __func__);
+ ssh_digest_free(hashctx);
}
buffer_free(&b);
#ifdef DEBUG_KEX
@@ -574,7 +592,8 @@
#define NKEYS 6
void
-kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
+kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
+ const u_char *shared_secret, u_int slen)
{
u_char *keys[NKEYS];
u_int i, mode, ctos;
@@ -581,7 +600,7 @@
for (i = 0; i < NKEYS; i++) {
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
- shared_secret);
+ shared_secret, slen);
}
debug2("kex_derive_keys");
@@ -596,6 +615,18 @@
}
}
+void
+kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
+{
+ Buffer shared_secret;
+
+ buffer_init(&shared_secret);
+ buffer_put_bignum2(&shared_secret, secret);
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
+}
+
Newkeys *
kex_get_newkeys(int mode)
{
@@ -610,33 +641,33 @@
derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
u_int8_t cookie[8], u_int8_t id[16])
{
- const EVP_MD *evp_md = EVP_md5();
- EVP_MD_CTX md;
- u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
+ u_int8_t nbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH];
int len;
+ struct ssh_digest_ctx *hashctx;
- EVP_DigestInit(&md, evp_md);
+ if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL)
+ fatal("%s: ssh_digest_start", __func__);
len = BN_num_bytes(host_modulus);
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad host modulus (len %d)", __func__, len);
BN_bn2bin(host_modulus, nbuf);
- EVP_DigestUpdate(&md, nbuf, len);
+ if (ssh_digest_update(hashctx, nbuf, len) != 0)
+ fatal("%s: ssh_digest_update failed", __func__);
len = BN_num_bytes(server_modulus);
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad server modulus (len %d)", __func__, len);
BN_bn2bin(server_modulus, nbuf);
- EVP_DigestUpdate(&md, nbuf, len);
+ if (ssh_digest_update(hashctx, nbuf, len) != 0 ||
+ ssh_digest_update(hashctx, cookie, 8) != 0)
+ fatal("%s: ssh_digest_update failed", __func__);
+ if (ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0)
+ fatal("%s: ssh_digest_final failed", __func__);
+ memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5));
- EVP_DigestUpdate(&md, cookie, 8);
-
- EVP_DigestFinal(&md, obuf, NULL);
- memcpy(id, obuf, 16);
-
- memset(nbuf, 0, sizeof(nbuf));
- memset(obuf, 0, sizeof(obuf));
- memset(&md, 0, sizeof(md));
+ explicit_bzero(nbuf, sizeof(nbuf));
+ explicit_bzero(obuf, sizeof(obuf));
}
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
Modified: vendor-crypto/openssh/dist/kex.h
===================================================================
--- vendor-crypto/openssh/dist/kex.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kex.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -43,6 +43,7 @@
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
+#define KEX_CURVE25519_SHA256 "curve25519-sha256 at libssh.org"
#define COMP_NONE 0
#define COMP_ZLIB 1
@@ -74,6 +75,7 @@
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
+ KEX_C25519_SHA256,
KEX_MAX
};
@@ -103,9 +105,8 @@
u_int key_len;
int type;
int etm; /* Encrypt-then-MAC */
- const EVP_MD *evp_md;
- HMAC_CTX evp_ctx;
- struct umac_ctx *umac_ctx;
+ struct ssh_hmac_ctx *hmac_ctx;
+ struct umac_ctx *umac_ctx;
};
struct Comp {
int type;
@@ -122,6 +123,7 @@
u_int session_id_len;
Newkeys *newkeys[MODE_MAX];
u_int we_need;
+ u_int dh_need;
int server;
char *name;
int hostkey_type;
@@ -131,7 +133,7 @@
Buffer peer;
sig_atomic_t done;
int flags;
- const EVP_MD *evp_md;
+ int hash_alg;
int ec_nid;
char *client_version_string;
char *server_version_string;
@@ -144,7 +146,7 @@
};
int kex_names_valid(const char *);
-char *kex_alg_list(void);
+char *kex_alg_list(char);
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
@@ -151,7 +153,8 @@
void kex_send_kexinit(Kex *);
void kex_input_kexinit(int, u_int32_t, void *);
-void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *);
+void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
+void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
Newkeys *kex_get_newkeys(int);
@@ -161,21 +164,36 @@
void kexgex_server(Kex *);
void kexecdh_client(Kex *);
void kexecdh_server(Kex *);
+void kexc25519_client(Kex *);
+void kexc25519_server(Kex *);
void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
void
-kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
+kexgex_hash(int, char *, char *, char *, int, char *,
int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, u_char **, u_int *);
#ifdef OPENSSL_HAS_ECC
void
-kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int,
+kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
const BIGNUM *, u_char **, u_int *);
#endif
+void
+kex_c25519_hash(int, char *, char *, char *, int,
+ char *, int, u_char *, int, const u_char *, const u_char *,
+ const u_char *, u_int, u_char **, u_int *);
+#define CURVE25519_SIZE 32
+void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+ const u_char pub[CURVE25519_SIZE], Buffer *out)
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+
void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
Added: vendor-crypto/openssh/dist/kexc25519.c
===================================================================
--- vendor-crypto/openssh/dist/kexc25519.c (rev 0)
+++ vendor-crypto/openssh/dist/kexc25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,122 @@
+/* $OpenBSD: kexc25519.c,v 1.5 2014/01/31 16:39:19 tedu Exp $ */
+/*
+ * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
+ * Copyright (c) 2010 Damien Miller. All rights reserved.
+ * Copyright (c) 2013 Aris Adamantiadis. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <signal.h>
+#include <string.h>
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+#include "buffer.h"
+#include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+#include "digest.h"
+
+extern int crypto_scalarmult_curve25519(u_char a[CURVE25519_SIZE],
+ const u_char b[CURVE25519_SIZE], const u_char c[CURVE25519_SIZE])
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 3, CURVE25519_SIZE)));
+
+void
+kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
+{
+ static const u_char basepoint[CURVE25519_SIZE] = {9};
+
+ arc4random_buf(key, CURVE25519_SIZE);
+ crypto_scalarmult_curve25519(pub, key, basepoint);
+}
+
+void
+kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+ const u_char pub[CURVE25519_SIZE], Buffer *out)
+{
+ u_char shared_key[CURVE25519_SIZE];
+
+ crypto_scalarmult_curve25519(shared_key, key, pub);
+#ifdef DEBUG_KEXECDH
+ dump_digest("shared secret", shared_key, CURVE25519_SIZE);
+#endif
+ buffer_clear(out);
+ buffer_put_bignum2_from_string(out, shared_key, CURVE25519_SIZE);
+ explicit_bzero(shared_key, CURVE25519_SIZE);
+}
+
+void
+kex_c25519_hash(
+ int hash_alg,
+ char *client_version_string,
+ char *server_version_string,
+ char *ckexinit, int ckexinitlen,
+ char *skexinit, int skexinitlen,
+ u_char *serverhostkeyblob, int sbloblen,
+ const u_char client_dh_pub[CURVE25519_SIZE],
+ const u_char server_dh_pub[CURVE25519_SIZE],
+ const u_char *shared_secret, u_int secretlen,
+ u_char **hash, u_int *hashlen)
+{
+ Buffer b;
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
+
+ buffer_init(&b);
+ buffer_put_cstring(&b, client_version_string);
+ buffer_put_cstring(&b, server_version_string);
+
+ /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
+ buffer_put_int(&b, ckexinitlen+1);
+ buffer_put_char(&b, SSH2_MSG_KEXINIT);
+ buffer_append(&b, ckexinit, ckexinitlen);
+ buffer_put_int(&b, skexinitlen+1);
+ buffer_put_char(&b, SSH2_MSG_KEXINIT);
+ buffer_append(&b, skexinit, skexinitlen);
+
+ buffer_put_string(&b, serverhostkeyblob, sbloblen);
+ buffer_put_string(&b, client_dh_pub, CURVE25519_SIZE);
+ buffer_put_string(&b, server_dh_pub, CURVE25519_SIZE);
+ buffer_append(&b, shared_secret, secretlen);
+
+#ifdef DEBUG_KEX
+ buffer_dump(&b);
+#endif
+ if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: digest_buffer failed", __func__);
+
+ buffer_free(&b);
+
+#ifdef DEBUG_KEX
+ dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
+#endif
+ *hash = digest;
+ *hashlen = ssh_digest_bytes(hash_alg);
+}
Added: vendor-crypto/openssh/dist/kexc25519c.c
===================================================================
--- vendor-crypto/openssh/dist/kexc25519c.c (rev 0)
+++ vendor-crypto/openssh/dist/kexc25519c.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,129 @@
+/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 2010 Damien Miller. All rights reserved.
+ * Copyright (c) 2013 Aris Adamantiadis. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "ssh2.h"
+
+void
+kexc25519_client(Kex *kex)
+{
+ Key *server_host_key;
+ u_char client_key[CURVE25519_SIZE];
+ u_char client_pubkey[CURVE25519_SIZE];
+ u_char *server_pubkey = NULL;
+ u_char *server_host_key_blob = NULL, *signature = NULL;
+ u_char *hash;
+ u_int slen, sbloblen, hashlen;
+ Buffer shared_secret;
+
+ kexc25519_keygen(client_key, client_pubkey);
+
+ packet_start(SSH2_MSG_KEX_ECDH_INIT);
+ packet_put_string(client_pubkey, sizeof(client_pubkey));
+ packet_send();
+ debug("sending SSH2_MSG_KEX_ECDH_INIT");
+
+#ifdef DEBUG_KEXECDH
+ dump_digest("client private key:", client_key, sizeof(client_key));
+#endif
+
+ debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
+ packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
+
+ /* hostkey */
+ server_host_key_blob = packet_get_string(&sbloblen);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* Q_S, server public key */
+ server_pubkey = packet_get_string(&slen);
+ if (slen != CURVE25519_SIZE)
+ fatal("Incorrect size for server Curve25519 pubkey: %d", slen);
+
+#ifdef DEBUG_KEXECDH
+ dump_digest("server public key:", server_pubkey, CURVE25519_SIZE);
+#endif
+
+ /* signed H */
+ signature = packet_get_string(&slen);
+ packet_check_eom();
+
+ buffer_init(&shared_secret);
+ kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
+
+ /* calc and verify H */
+ kex_c25519_hash(
+ kex->hash_alg,
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ server_host_key_blob, sbloblen,
+ client_pubkey,
+ server_pubkey,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret),
+ &hash, &hashlen
+ );
+ free(server_host_key_blob);
+ free(server_pubkey);
+ if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
+ fatal("key_verify failed for server_host_key");
+ key_free(server_host_key);
+ free(signature);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = hashlen;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
+ kex_finish(kex);
+}
Added: vendor-crypto/openssh/dist/kexc25519s.c
===================================================================
--- vendor-crypto/openssh/dist/kexc25519s.c (rev 0)
+++ vendor-crypto/openssh/dist/kexc25519s.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,126 @@
+/* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 2010 Damien Miller. All rights reserved.
+ * Copyright (c) 2013 Aris Adamantiadis. All rights reserved.
+ *
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <string.h>
+#include <signal.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "ssh2.h"
+
+void
+kexc25519_server(Kex *kex)
+{
+ Key *server_host_private, *server_host_public;
+ u_char *server_host_key_blob = NULL, *signature = NULL;
+ u_char server_key[CURVE25519_SIZE];
+ u_char *client_pubkey = NULL;
+ u_char server_pubkey[CURVE25519_SIZE];
+ u_char *hash;
+ u_int slen, sbloblen, hashlen;
+ Buffer shared_secret;
+
+ /* generate private key */
+ kexc25519_keygen(server_key, server_pubkey);
+#ifdef DEBUG_KEXECDH
+ dump_digest("server private key:", server_key, sizeof(server_key));
+#endif
+
+ if (kex->load_host_public_key == NULL ||
+ kex->load_host_private_key == NULL)
+ fatal("Cannot load hostkey");
+ server_host_public = kex->load_host_public_key(kex->hostkey_type);
+ if (server_host_public == NULL)
+ fatal("Unsupported hostkey type %d", kex->hostkey_type);
+ server_host_private = kex->load_host_private_key(kex->hostkey_type);
+
+ debug("expecting SSH2_MSG_KEX_ECDH_INIT");
+ packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
+ client_pubkey = packet_get_string(&slen);
+ if (slen != CURVE25519_SIZE)
+ fatal("Incorrect size for server Curve25519 pubkey: %d", slen);
+ packet_check_eom();
+
+#ifdef DEBUG_KEXECDH
+ dump_digest("client public key:", client_pubkey, CURVE25519_SIZE);
+#endif
+
+ buffer_init(&shared_secret);
+ kexc25519_shared_key(server_key, client_pubkey, &shared_secret);
+
+ /* calc H */
+ key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
+ kex_c25519_hash(
+ kex->hash_alg,
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ server_host_key_blob, sbloblen,
+ client_pubkey,
+ server_pubkey,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret),
+ &hash, &hashlen
+ );
+
+ /* save session id := H */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = hashlen;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ /* sign H */
+ kex->sign(server_host_private, server_host_public, &signature, &slen,
+ hash, hashlen);
+
+ /* destroy_sensitive_data(); */
+
+ /* send server hostkey, ECDH pubkey 'Q_S' and signed H */
+ packet_start(SSH2_MSG_KEX_ECDH_REPLY);
+ packet_put_string(server_host_key_blob, sbloblen);
+ packet_put_string(server_pubkey, sizeof(server_pubkey));
+ packet_put_string(signature, slen);
+ packet_send();
+
+ free(signature);
+ free(server_host_key_blob);
+ /* have keys, free server key */
+ free(client_pubkey);
+
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
+ kex_finish(kex);
+}
Modified: vendor-crypto/openssh/dist/kexdh.c
===================================================================
--- vendor-crypto/openssh/dist/kexdh.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexdh.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdh.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexdh.c,v 1.24 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -36,6 +36,8 @@
#include "key.h"
#include "cipher.h"
#include "kex.h"
+#include "digest.h"
+#include "log.h"
void
kex_dh_hash(
@@ -50,9 +52,7 @@
u_char **hash, u_int *hashlen)
{
Buffer b;
- static u_char digest[EVP_MAX_MD_SIZE];
- const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
@@ -74,15 +74,14 @@
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest("hash", digest, EVP_MD_size(evp_md));
+ dump_digest("hash", digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
#endif
*hash = digest;
- *hashlen = EVP_MD_size(evp_md);
+ *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
}
Modified: vendor-crypto/openssh/dist/kexdhc.c
===================================================================
--- vendor-crypto/openssh/dist/kexdhc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexdhc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -124,7 +124,7 @@
fatal("kexdh_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc and verify H */
@@ -155,7 +155,7 @@
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
Modified: vendor-crypto/openssh/dist/kexdhs.c
===================================================================
--- vendor-crypto/openssh/dist/kexdhs.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexdhs.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -42,10 +42,6 @@
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
void
kexdh_server(Kex *kex)
@@ -114,7 +110,7 @@
fatal("kexdh_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_server: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -158,7 +154,7 @@
/* have keys, free DH */
DH_free(dh);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
Modified: vendor-crypto/openssh/dist/kexecdh.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdh.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexecdh.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.5 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -44,10 +44,11 @@
#include "cipher.h"
#include "kex.h"
#include "log.h"
+#include "digest.h"
void
kex_ecdh_hash(
- const EVP_MD *evp_md,
+ int hash_alg,
const EC_GROUP *ec_group,
char *client_version_string,
char *server_version_string,
@@ -60,8 +61,7 @@
u_char **hash, u_int *hashlen)
{
Buffer b;
- EVP_MD_CTX md;
- static u_char digest[EVP_MAX_MD_SIZE];
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
@@ -83,17 +83,15 @@
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest("hash", digest, EVP_MD_size(evp_md));
+ dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
#endif
*hash = digest;
- *hashlen = EVP_MD_size(evp_md);
+ *hashlen = ssh_digest_bytes(hash_alg);
}
-
#endif /* OPENSSL_HAS_ECC */
Modified: vendor-crypto/openssh/dist/kexecdhc.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdhc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexecdhc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -119,12 +119,12 @@
fatal("%s: BN_new failed", __func__);
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc and verify H */
kex_ecdh_hash(
- kex->evp_md,
+ kex->hash_alg,
group,
kex->client_version_string,
kex->server_version_string,
@@ -152,7 +152,7 @@
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
Modified: vendor-crypto/openssh/dist/kexecdhs.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdhs.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexecdhs.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -37,12 +37,7 @@
#include "kex.h"
#include "log.h"
#include "packet.h"
-#include "dh.h"
#include "ssh2.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
#ifdef OPENSSL_HAS_ECC
@@ -108,13 +103,13 @@
fatal("%s: BN_new failed", __func__);
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc H */
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
kex_ecdh_hash(
- kex->evp_md,
+ kex->hash_alg,
group,
kex->client_version_string,
kex->server_version_string,
@@ -153,7 +148,7 @@
/* have keys, free server key */
EC_KEY_free(server_key);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
Modified: vendor-crypto/openssh/dist/kexgex.c
===================================================================
--- vendor-crypto/openssh/dist/kexgex.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexgex.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgex.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kexgex.c,v 1.28 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -36,10 +36,12 @@
#include "cipher.h"
#include "kex.h"
#include "ssh2.h"
+#include "digest.h"
+#include "log.h"
void
kexgex_hash(
- const EVP_MD *evp_md,
+ int hash_alg,
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
@@ -52,8 +54,7 @@
u_char **hash, u_int *hashlen)
{
Buffer b;
- static u_char digest[EVP_MAX_MD_SIZE];
- EVP_MD_CTX md;
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
@@ -84,15 +85,14 @@
#ifdef DEBUG_KEXDH
buffer_dump(&b);
#endif
+ if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ buffer_free(&b);
- buffer_free(&b);
+#ifdef DEBUG_KEX
+ dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
+#endif
*hash = digest;
- *hashlen = EVP_MD_size(evp_md);
-#ifdef DEBUG_KEXDH
- dump_digest("hash", digest, *hashlen);
-#endif
+ *hashlen = ssh_digest_bytes(hash_alg);
}
Modified: vendor-crypto/openssh/dist/kexgexc.c
===================================================================
--- vendor-crypto/openssh/dist/kexgexc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexgexc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -58,7 +58,7 @@
int min, max, nbits;
DH *dh;
- nbits = dh_estimate(kex->we_need * 8);
+ nbits = dh_estimate(kex->dh_need * 8);
if (datafellows & SSH_OLD_DHGEX) {
/* Old GEX request */
@@ -162,7 +162,7 @@
fatal("kexgex_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
if (datafellows & SSH_OLD_DHGEX)
@@ -170,7 +170,7 @@
/* calc and verify H */
kexgex_hash(
- kex->evp_md,
+ kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
@@ -200,7 +200,7 @@
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
Modified: vendor-crypto/openssh/dist/kexgexs.c
===================================================================
--- vendor-crypto/openssh/dist/kexgexs.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/kexgexs.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -150,7 +150,7 @@
fatal("kexgex_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -160,7 +160,7 @@
/* calc H */
kexgex_hash(
- kex->evp_md,
+ kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
@@ -201,7 +201,7 @@
/* have keys, free DH */
DH_free(dh);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
Modified: vendor-crypto/openssh/dist/key.c
===================================================================
--- vendor-crypto/openssh/dist/key.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/key.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -39,6 +39,8 @@
#include <sys/param.h>
#include <sys/types.h>
+#include "crypto_api.h"
+
#include <openssl/evp.h>
#include <openbsd-compat/openssl-compat.h>
@@ -54,8 +56,10 @@
#include "log.h"
#include "misc.h"
#include "ssh2.h"
+#include "digest.h"
static int to_blob(const Key *, u_char **, u_int *, int);
+static Key *key_from_blob2(const u_char *, u_int, int);
static struct KeyCert *
cert_new(void)
@@ -85,6 +89,8 @@
k->dsa = NULL;
k->rsa = NULL;
k->cert = NULL;
+ k->ed25519_sk = NULL;
+ k->ed25519_pk = NULL;
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
@@ -119,6 +125,10 @@
/* Cannot do anything until we know the group */
break;
#endif
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ /* no need to prealloc */
+ break;
case KEY_UNSPEC:
break;
default:
@@ -163,6 +173,10 @@
case KEY_ECDSA_CERT:
/* Cannot do anything until we know the group */
break;
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ /* no need to prealloc */
+ break;
case KEY_UNSPEC:
break;
default:
@@ -225,6 +239,19 @@
k->ecdsa = NULL;
break;
#endif
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ if (k->ed25519_pk) {
+ explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
+ free(k->ed25519_pk);
+ k->ed25519_pk = NULL;
+ }
+ if (k->ed25519_sk) {
+ explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
+ free(k->ed25519_sk);
+ k->ed25519_sk = NULL;
+ }
+ break;
case KEY_UNSPEC:
break;
default:
@@ -306,6 +333,10 @@
BN_CTX_free(bnctx);
return 1;
#endif /* OPENSSL_HAS_ECC */
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
+ memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
default:
fatal("key_equal: bad key type %d", a->type);
}
@@ -328,30 +359,26 @@
key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
u_int *dgst_raw_length)
{
- const EVP_MD *md = NULL;
- EVP_MD_CTX ctx;
u_char *blob = NULL;
u_char *retval = NULL;
u_int len = 0;
- int nlen, elen;
+ int nlen, elen, hash_alg = -1;
*dgst_raw_length = 0;
+ /* XXX switch to DIGEST_* directly? */
switch (dgst_type) {
case SSH_FP_MD5:
- md = EVP_md5();
+ hash_alg = SSH_DIGEST_MD5;
break;
case SSH_FP_SHA1:
- md = EVP_sha1();
+ hash_alg = SSH_DIGEST_SHA1;
break;
-#ifdef HAVE_EVP_SHA256
case SSH_FP_SHA256:
- md = EVP_sha256();
+ hash_alg = SSH_DIGEST_SHA256;
break;
-#endif
default:
- fatal("key_fingerprint_raw: bad digest type %d",
- dgst_type);
+ fatal("%s: bad digest type %d", __func__, dgst_type);
}
switch (k->type) {
case KEY_RSA1:
@@ -365,6 +392,7 @@
case KEY_DSA:
case KEY_ECDSA:
case KEY_RSA:
+ case KEY_ED25519:
key_to_blob(k, &blob, &len);
break;
case KEY_DSA_CERT_V00:
@@ -372,6 +400,7 @@
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
+ case KEY_ED25519_CERT:
/* We want a fingerprint of the _key_ not of the cert */
to_blob(k, &blob, &len, 1);
break;
@@ -378,18 +407,19 @@
case KEY_UNSPEC:
return retval;
default:
- fatal("key_fingerprint_raw: bad key type %d", k->type);
+ fatal("%s: bad key type %d", __func__, k->type);
break;
}
if (blob != NULL) {
- retval = xmalloc(EVP_MAX_MD_SIZE);
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, blob, len);
- EVP_DigestFinal(&ctx, retval, dgst_raw_length);
- memset(blob, 0, len);
+ retval = xmalloc(SSH_DIGEST_MAX_LENGTH);
+ if ((ssh_digest_memory(hash_alg, blob, len,
+ retval, SSH_DIGEST_MAX_LENGTH)) != 0)
+ fatal("%s: digest_memory failed", __func__);
+ explicit_bzero(blob, len);
free(blob);
+ *dgst_raw_length = ssh_digest_bytes(hash_alg);
} else {
- fatal("key_fingerprint_raw: blob is null");
+ fatal("%s: blob is null", __func__);
}
return retval;
}
@@ -593,7 +623,7 @@
dgst_rep);
break;
}
- memset(dgst_raw, 0, dgst_raw_len);
+ explicit_bzero(dgst_raw, dgst_raw_len);
free(dgst_raw);
return retval;
}
@@ -698,11 +728,13 @@
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+ case KEY_ED25519:
case KEY_DSA_CERT_V00:
case KEY_RSA_CERT_V00:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
+ case KEY_ED25519_CERT:
space = strchr(cp, ' ');
if (space == NULL) {
debug3("key_read: missing whitespace");
@@ -804,6 +836,14 @@
#endif
}
#endif
+ if (key_type_plain(ret->type) == KEY_ED25519) {
+ free(ret->ed25519_pk);
+ ret->ed25519_pk = k->ed25519_pk;
+ k->ed25519_pk = NULL;
+#ifdef DEBUG_PK
+ /* XXX */
+#endif
+ }
success = 1;
/*XXXX*/
key_free(k);
@@ -867,6 +907,11 @@
return 0;
break;
#endif
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ if (key->ed25519_pk == NULL)
+ return 0;
+ break;
case KEY_RSA:
case KEY_RSA_CERT_V00:
case KEY_RSA_CERT:
@@ -914,10 +959,13 @@
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
+ { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
#ifdef OPENSSL_HAS_ECC
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
+# ifdef OPENSSL_HAS_NISTP521
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
+# endif
#endif /* OPENSSL_HAS_ECC */
{ "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
{ "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
@@ -926,13 +974,17 @@
KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
{ "ecdsa-sha2-nistp384-cert-v01 at openssh.com", "ECDSA-CERT",
KEY_ECDSA_CERT, NID_secp384r1, 1 },
+# ifdef OPENSSL_HAS_NISTP521
{ "ecdsa-sha2-nistp521-cert-v01 at openssh.com", "ECDSA-CERT",
KEY_ECDSA_CERT, NID_secp521r1, 1 },
+# endif
#endif /* OPENSSL_HAS_ECC */
{ "ssh-rsa-cert-v00 at openssh.com", "RSA-CERT-V00",
KEY_RSA_CERT_V00, 0, 1 },
{ "ssh-dss-cert-v00 at openssh.com", "DSA-CERT-V00",
KEY_DSA_CERT_V00, 0, 1 },
+ { "ssh-ed25519-cert-v01 at openssh.com", "ED25519-CERT",
+ KEY_ED25519_CERT, 0, 1 },
{ NULL, NULL, -1, -1, 0 }
};
@@ -1004,7 +1056,7 @@
}
char *
-key_alg_list(void)
+key_alg_list(int certs_only, int plain_only)
{
char *ret = NULL;
size_t nlen, rlen = 0;
@@ -1013,6 +1065,8 @@
for (kt = keytypes; kt->type != -1; kt++) {
if (kt->name == NULL)
continue;
+ if ((certs_only && !kt->cert) || (plain_only && kt->cert))
+ continue;
if (ret != NULL)
ret[rlen++] = '\n';
nlen = strlen(kt->name);
@@ -1023,6 +1077,32 @@
return ret;
}
+int
+key_type_is_cert(int type)
+{
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ if (kt->type == type)
+ return kt->cert;
+ }
+ return 0;
+}
+
+static int
+key_type_is_valid_ca(int type)
+{
+ switch (type) {
+ case KEY_RSA:
+ case KEY_DSA:
+ case KEY_ECDSA:
+ case KEY_ED25519:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
u_int
key_size(const Key *k)
{
@@ -1036,6 +1116,8 @@
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
return BN_num_bits(k->dsa->p);
+ case KEY_ED25519:
+ return 256; /* XXX */
#ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
case KEY_ECDSA_CERT:
@@ -1087,8 +1169,10 @@
return NID_X9_62_prime256v1;
case 384:
return NID_secp384r1;
+# ifdef OPENSSL_HAS_NISTP521
case 521:
return NID_secp521r1;
+# endif
#endif
default:
return -1;
@@ -1103,7 +1187,9 @@
int nids[] = {
NID_X9_62_prime256v1,
NID_secp384r1,
+# ifdef OPENSSL_HAS_NISTP521
NID_secp521r1,
+# endif
-1
};
int nid;
@@ -1175,6 +1261,11 @@
case KEY_RSA1:
k->rsa = rsa_generate_private_key(bits);
break;
+ case KEY_ED25519:
+ k->ed25519_pk = xmalloc(ED25519_PK_SZ);
+ k->ed25519_sk = xmalloc(ED25519_SK_SZ);
+ crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
+ break;
case KEY_RSA_CERT_V00:
case KEY_DSA_CERT_V00:
case KEY_RSA_CERT:
@@ -1268,6 +1359,14 @@
(BN_copy(n->rsa->e, k->rsa->e) == NULL))
fatal("key_from_private: BN_copy failed");
break;
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ n = key_new(k->type);
+ if (k->ed25519_pk != NULL) {
+ n->ed25519_pk = xmalloc(ED25519_PK_SZ);
+ memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ }
+ break;
default:
fatal("key_from_private: unknown type %d", k->type);
break;
@@ -1387,14 +1486,12 @@
}
buffer_clear(&tmp);
- if ((key->cert->signature_key = key_from_blob(sig_key,
- sklen)) == NULL) {
+ if ((key->cert->signature_key = key_from_blob2(sig_key, sklen, 0))
+ == NULL) {
error("%s: Signature key invalid", __func__);
goto out;
}
- if (key->cert->signature_key->type != KEY_RSA &&
- key->cert->signature_key->type != KEY_DSA &&
- key->cert->signature_key->type != KEY_ECDSA) {
+ if (!key_type_is_valid_ca(key->cert->signature_key->type)) {
error("%s: Invalid signature key type %s (%d)", __func__,
key_type(key->cert->signature_key),
key->cert->signature_key->type);
@@ -1425,12 +1522,14 @@
return ret;
}
-Key *
-key_from_blob(const u_char *blob, u_int blen)
+static Key *
+key_from_blob2(const u_char *blob, u_int blen, int allow_cert)
{
Buffer b;
int rlen, type;
+ u_int len;
char *ktype = NULL, *curve = NULL;
+ u_char *pk = NULL;
Key *key = NULL;
#ifdef OPENSSL_HAS_ECC
EC_POINT *q = NULL;
@@ -1452,7 +1551,10 @@
if (key_type_plain(type) == KEY_ECDSA)
nid = key_ecdsa_nid_from_name(ktype);
#endif
-
+ if (!allow_cert && key_type_is_cert(type)) {
+ error("key_from_blob: certificate not allowed in this context");
+ goto out;
+ }
switch (type) {
case KEY_RSA_CERT:
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
@@ -1526,6 +1628,23 @@
#endif
break;
#endif /* OPENSSL_HAS_ECC */
+ case KEY_ED25519_CERT:
+ (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
+ /* FALLTHROUGH */
+ case KEY_ED25519:
+ if ((pk = buffer_get_string_ret(&b, &len)) == NULL) {
+ error("key_from_blob: can't read ed25519 key");
+ goto badkey;
+ }
+ if (len != ED25519_PK_SZ) {
+ error("key_from_blob: ed25519 len %d != %d",
+ len, ED25519_PK_SZ);
+ goto badkey;
+ }
+ key = key_new(type);
+ key->ed25519_pk = pk;
+ pk = NULL;
+ break;
case KEY_UNSPEC:
key = key_new(type);
break;
@@ -1543,6 +1662,7 @@
out:
free(ktype);
free(curve);
+ free(pk);
#ifdef OPENSSL_HAS_ECC
if (q != NULL)
EC_POINT_free(q);
@@ -1551,6 +1671,12 @@
return key;
}
+Key *
+key_from_blob(const u_char *blob, u_int blen)
+{
+ return key_from_blob2(blob, blen, 1);
+}
+
static int
to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
{
@@ -1557,6 +1683,10 @@
Buffer b;
int len, type;
+ if (blobp != NULL)
+ *blobp = NULL;
+ if (lenp != NULL)
+ *lenp = 0;
if (key == NULL) {
error("key_to_blob: key == NULL");
return 0;
@@ -1569,6 +1699,7 @@
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
+ case KEY_ED25519_CERT:
/* Use the existing blob */
buffer_append(&b, buffer_ptr(&key->cert->certblob),
buffer_len(&key->cert->certblob));
@@ -1596,6 +1727,11 @@
buffer_put_bignum2(&b, key->rsa->e);
buffer_put_bignum2(&b, key->rsa->n);
break;
+ case KEY_ED25519:
+ buffer_put_cstring(&b,
+ key_ssh_name_from_type_nid(type, key->ecdsa_nid));
+ buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ);
+ break;
default:
error("key_to_blob: unsupported key type %d", key->type);
buffer_free(&b);
@@ -1608,7 +1744,7 @@
*blobp = xmalloc(len);
memcpy(*blobp, buffer_ptr(&b), len);
}
- memset(buffer_ptr(&b), 0, len);
+ explicit_bzero(buffer_ptr(&b), len);
buffer_free(&b);
return len;
}
@@ -1639,6 +1775,9 @@
case KEY_RSA_CERT:
case KEY_RSA:
return ssh_rsa_sign(key, sigp, lenp, data, datalen);
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return ssh_ed25519_sign(key, sigp, lenp, data, datalen);
default:
error("key_sign: invalid key type %d", key->type);
return -1;
@@ -1672,6 +1811,9 @@
case KEY_RSA_CERT:
case KEY_RSA:
return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
default:
error("key_verify: invalid key type %d", key->type);
return -1;
@@ -1691,6 +1833,8 @@
pk->dsa = NULL;
pk->ecdsa = NULL;
pk->rsa = NULL;
+ pk->ed25519_pk = NULL;
+ pk->ed25519_sk = NULL;
switch (k->type) {
case KEY_RSA_CERT_V00:
@@ -1734,8 +1878,17 @@
fatal("key_demote: EC_KEY_set_public_key failed");
break;
#endif
+ case KEY_ED25519_CERT:
+ key_cert_copy(k, pk);
+ /* FALLTHROUGH */
+ case KEY_ED25519:
+ if (k->ed25519_pk != NULL) {
+ pk->ed25519_pk = xmalloc(ED25519_PK_SZ);
+ memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ }
+ break;
default:
- fatal("key_free: bad key type %d", k->type);
+ fatal("key_demote: bad key type %d", k->type);
break;
}
@@ -1747,16 +1900,7 @@
{
if (k == NULL)
return 0;
- switch (k->type) {
- case KEY_RSA_CERT_V00:
- case KEY_DSA_CERT_V00:
- case KEY_RSA_CERT:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- return 1;
- default:
- return 0;
- }
+ return key_type_is_cert(k->type);
}
/* Return the cert-less equivalent to a certified key type */
@@ -1772,12 +1916,14 @@
return KEY_DSA;
case KEY_ECDSA_CERT:
return KEY_ECDSA;
+ case KEY_ED25519_CERT:
+ return KEY_ED25519;
default:
return type;
}
}
-/* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */
+/* Convert a plain key to their _CERT equivalent */
int
key_to_certified(Key *k, int legacy)
{
@@ -1797,6 +1943,13 @@
k->cert = cert_new();
k->type = KEY_ECDSA_CERT;
return 0;
+ case KEY_ED25519:
+ if (legacy)
+ fatal("%s: legacy ED25519 certificates are not "
+ "supported", __func__);
+ k->cert = cert_new();
+ k->type = KEY_ED25519_CERT;
+ return 0;
default:
error("%s: key has incorrect type %s", __func__, key_type(k));
return -1;
@@ -1803,35 +1956,21 @@
}
}
-/* Convert a KEY_RSA_CERT or KEY_DSA_CERT to their raw key equivalent */
+/* Convert a certificate to its raw key equivalent */
int
key_drop_cert(Key *k)
{
- switch (k->type) {
- case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- cert_free(k->cert);
- k->type = KEY_RSA;
- return 0;
- case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- cert_free(k->cert);
- k->type = KEY_DSA;
- return 0;
- case KEY_ECDSA_CERT:
- cert_free(k->cert);
- k->type = KEY_ECDSA;
- return 0;
- default:
+ if (!key_type_is_cert(k->type)) {
error("%s: key has incorrect type %s", __func__, key_type(k));
return -1;
}
+ cert_free(k->cert);
+ k->cert = NULL;
+ k->type = key_type_plain(k->type);
+ return 0;
}
-/*
- * Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating
- * the signed certblob
- */
+/* Sign a certified key, (re-)generating the signed certblob. */
int
key_certify(Key *k, Key *ca)
{
@@ -1850,8 +1989,7 @@
return -1;
}
- if (ca->type != KEY_RSA && ca->type != KEY_DSA &&
- ca->type != KEY_ECDSA) {
+ if (!key_type_is_valid_ca(ca->type)) {
error("%s: CA key has unsupported type %s", __func__,
key_type(ca));
return -1;
@@ -1867,6 +2005,7 @@
if (!key_cert_is_legacy(k))
buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
+ /* XXX this substantially duplicates to_blob(); refactor */
switch (k->type) {
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
@@ -1889,6 +2028,10 @@
buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
break;
+ case KEY_ED25519_CERT:
+ buffer_put_string(&k->cert->certblob,
+ k->ed25519_pk, ED25519_PK_SZ);
+ break;
default:
error("%s: key has incorrect type %s", __func__, key_type(k));
buffer_clear(&k->cert->certblob);
@@ -2018,8 +2161,10 @@
return NID_X9_62_prime256v1;
else if (strcmp(name, "nistp384") == 0)
return NID_secp384r1;
+# ifdef OPENSSL_HAS_NISTP521
else if (strcmp(name, "nistp521") == 0)
return NID_secp521r1;
+# endif
#endif
debug("%s: unsupported EC curve name \"%.100s\"", __func__, name);
@@ -2035,8 +2180,10 @@
return 256;
case NID_secp384r1:
return 384;
+# ifdef OPENSSL_HAS_NISTP521
case NID_secp521r1:
return 521;
+# endif
#endif
default:
error("%s: unsupported EC curve nid %d", __func__, nid);
@@ -2052,8 +2199,10 @@
return "nistp256";
else if (nid == NID_secp384r1)
return "nistp384";
+# ifdef OPENSSL_HAS_NISTP521
else if (nid == NID_secp521r1)
return "nistp521";
+# endif
#endif
error("%s: unsupported EC curve nid %d", __func__, nid);
return NULL;
@@ -2060,8 +2209,8 @@
}
#ifdef OPENSSL_HAS_ECC
-const EVP_MD *
-key_ec_nid_to_evpmd(int nid)
+int
+key_ec_nid_to_hash_alg(int nid)
{
int kbits = key_curve_nid_to_bits(nid);
@@ -2069,11 +2218,11 @@
fatal("%s: invalid nid %d", __func__, nid);
/* RFC5656 section 6.2.1 */
if (kbits <= 256)
- return EVP_sha256();
+ return SSH_DIGEST_SHA256;
else if (kbits <= 384)
- return EVP_sha384();
+ return SSH_DIGEST_SHA384;
else
- return EVP_sha512();
+ return SSH_DIGEST_SHA512;
}
int
@@ -2245,3 +2394,232 @@
}
#endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */
#endif /* OPENSSL_HAS_ECC */
+
+void
+key_private_serialize(const Key *key, Buffer *b)
+{
+ buffer_put_cstring(b, key_ssh_name(key));
+ switch (key->type) {
+ case KEY_RSA:
+ buffer_put_bignum2(b, key->rsa->n);
+ buffer_put_bignum2(b, key->rsa->e);
+ buffer_put_bignum2(b, key->rsa->d);
+ buffer_put_bignum2(b, key->rsa->iqmp);
+ buffer_put_bignum2(b, key->rsa->p);
+ buffer_put_bignum2(b, key->rsa->q);
+ break;
+ case KEY_RSA_CERT_V00:
+ case KEY_RSA_CERT:
+ if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+ fatal("%s: no cert/certblob", __func__);
+ buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+ buffer_len(&key->cert->certblob));
+ buffer_put_bignum2(b, key->rsa->d);
+ buffer_put_bignum2(b, key->rsa->iqmp);
+ buffer_put_bignum2(b, key->rsa->p);
+ buffer_put_bignum2(b, key->rsa->q);
+ break;
+ case KEY_DSA:
+ buffer_put_bignum2(b, key->dsa->p);
+ buffer_put_bignum2(b, key->dsa->q);
+ buffer_put_bignum2(b, key->dsa->g);
+ buffer_put_bignum2(b, key->dsa->pub_key);
+ buffer_put_bignum2(b, key->dsa->priv_key);
+ break;
+ case KEY_DSA_CERT_V00:
+ case KEY_DSA_CERT:
+ if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+ fatal("%s: no cert/certblob", __func__);
+ buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+ buffer_len(&key->cert->certblob));
+ buffer_put_bignum2(b, key->dsa->priv_key);
+ break;
+#ifdef OPENSSL_HAS_ECC
+ case KEY_ECDSA:
+ buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid));
+ buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
+ EC_KEY_get0_public_key(key->ecdsa));
+ buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
+ break;
+ case KEY_ECDSA_CERT:
+ if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+ fatal("%s: no cert/certblob", __func__);
+ buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+ buffer_len(&key->cert->certblob));
+ buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
+ break;
+#endif /* OPENSSL_HAS_ECC */
+ case KEY_ED25519:
+ buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
+ buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
+ break;
+ case KEY_ED25519_CERT:
+ if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
+ fatal("%s: no cert/certblob", __func__);
+ buffer_put_string(b, buffer_ptr(&key->cert->certblob),
+ buffer_len(&key->cert->certblob));
+ buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
+ buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
+ break;
+ }
+}
+
+Key *
+key_private_deserialize(Buffer *blob)
+{
+ char *type_name;
+ Key *k = NULL;
+ u_char *cert;
+ u_int len, pklen, sklen;
+ int type;
+#ifdef OPENSSL_HAS_ECC
+ char *curve;
+ BIGNUM *exponent;
+ EC_POINT *q;
+#endif
+
+ type_name = buffer_get_string(blob, NULL);
+ type = key_type_from_name(type_name);
+ switch (type) {
+ case KEY_DSA:
+ k = key_new_private(type);
+ buffer_get_bignum2(blob, k->dsa->p);
+ buffer_get_bignum2(blob, k->dsa->q);
+ buffer_get_bignum2(blob, k->dsa->g);
+ buffer_get_bignum2(blob, k->dsa->pub_key);
+ buffer_get_bignum2(blob, k->dsa->priv_key);
+ break;
+ case KEY_DSA_CERT_V00:
+ case KEY_DSA_CERT:
+ cert = buffer_get_string(blob, &len);
+ if ((k = key_from_blob(cert, len)) == NULL)
+ fatal("Certificate parse failed");
+ free(cert);
+ key_add_private(k);
+ buffer_get_bignum2(blob, k->dsa->priv_key);
+ break;
+#ifdef OPENSSL_HAS_ECC
+ case KEY_ECDSA:
+ k = key_new_private(type);
+ k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
+ curve = buffer_get_string(blob, NULL);
+ if (k->ecdsa_nid != key_curve_name_to_nid(curve))
+ fatal("%s: curve names mismatch", __func__);
+ free(curve);
+ k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
+ if (k->ecdsa == NULL)
+ fatal("%s: EC_KEY_new_by_curve_name failed",
+ __func__);
+ q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
+ if (q == NULL)
+ fatal("%s: BN_new failed", __func__);
+ if ((exponent = BN_new()) == NULL)
+ fatal("%s: BN_new failed", __func__);
+ buffer_get_ecpoint(blob,
+ EC_KEY_get0_group(k->ecdsa), q);
+ buffer_get_bignum2(blob, exponent);
+ if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
+ fatal("%s: EC_KEY_set_public_key failed",
+ __func__);
+ if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
+ fatal("%s: EC_KEY_set_private_key failed",
+ __func__);
+ if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
+ EC_KEY_get0_public_key(k->ecdsa)) != 0)
+ fatal("%s: bad ECDSA public key", __func__);
+ if (key_ec_validate_private(k->ecdsa) != 0)
+ fatal("%s: bad ECDSA private key", __func__);
+ BN_clear_free(exponent);
+ EC_POINT_free(q);
+ break;
+ case KEY_ECDSA_CERT:
+ cert = buffer_get_string(blob, &len);
+ if ((k = key_from_blob(cert, len)) == NULL)
+ fatal("Certificate parse failed");
+ free(cert);
+ key_add_private(k);
+ if ((exponent = BN_new()) == NULL)
+ fatal("%s: BN_new failed", __func__);
+ buffer_get_bignum2(blob, exponent);
+ if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
+ fatal("%s: EC_KEY_set_private_key failed",
+ __func__);
+ if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
+ EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
+ key_ec_validate_private(k->ecdsa) != 0)
+ fatal("%s: bad ECDSA key", __func__);
+ BN_clear_free(exponent);
+ break;
+#endif
+ case KEY_RSA:
+ k = key_new_private(type);
+ buffer_get_bignum2(blob, k->rsa->n);
+ buffer_get_bignum2(blob, k->rsa->e);
+ buffer_get_bignum2(blob, k->rsa->d);
+ buffer_get_bignum2(blob, k->rsa->iqmp);
+ buffer_get_bignum2(blob, k->rsa->p);
+ buffer_get_bignum2(blob, k->rsa->q);
+
+ /* Generate additional parameters */
+ rsa_generate_additional_parameters(k->rsa);
+ break;
+ case KEY_RSA_CERT_V00:
+ case KEY_RSA_CERT:
+ cert = buffer_get_string(blob, &len);
+ if ((k = key_from_blob(cert, len)) == NULL)
+ fatal("Certificate parse failed");
+ free(cert);
+ key_add_private(k);
+ buffer_get_bignum2(blob, k->rsa->d);
+ buffer_get_bignum2(blob, k->rsa->iqmp);
+ buffer_get_bignum2(blob, k->rsa->p);
+ buffer_get_bignum2(blob, k->rsa->q);
+ break;
+ case KEY_ED25519:
+ k = key_new_private(type);
+ k->ed25519_pk = buffer_get_string(blob, &pklen);
+ k->ed25519_sk = buffer_get_string(blob, &sklen);
+ if (pklen != ED25519_PK_SZ)
+ fatal("%s: ed25519 pklen %d != %d",
+ __func__, pklen, ED25519_PK_SZ);
+ if (sklen != ED25519_SK_SZ)
+ fatal("%s: ed25519 sklen %d != %d",
+ __func__, sklen, ED25519_SK_SZ);
+ break;
+ case KEY_ED25519_CERT:
+ cert = buffer_get_string(blob, &len);
+ if ((k = key_from_blob(cert, len)) == NULL)
+ fatal("Certificate parse failed");
+ free(cert);
+ key_add_private(k);
+ k->ed25519_pk = buffer_get_string(blob, &pklen);
+ k->ed25519_sk = buffer_get_string(blob, &sklen);
+ if (pklen != ED25519_PK_SZ)
+ fatal("%s: ed25519 pklen %d != %d",
+ __func__, pklen, ED25519_PK_SZ);
+ if (sklen != ED25519_SK_SZ)
+ fatal("%s: ed25519 sklen %d != %d",
+ __func__, sklen, ED25519_SK_SZ);
+ break;
+ default:
+ free(type_name);
+ buffer_clear(blob);
+ return NULL;
+ }
+ free(type_name);
+
+ /* enable blinding */
+ switch (k->type) {
+ case KEY_RSA:
+ case KEY_RSA_CERT_V00:
+ case KEY_RSA_CERT:
+ case KEY_RSA1:
+ if (RSA_blinding_on(k->rsa, NULL) != 1) {
+ error("%s: RSA_blinding_on failed", __func__);
+ key_free(k);
+ return NULL;
+ }
+ break;
+ }
+ return k;
+}
Modified: vendor-crypto/openssh/dist/key.h
===================================================================
--- vendor-crypto/openssh/dist/key.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/key.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: key.h,v 1.41 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,9 +39,11 @@
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
+ KEY_ED25519,
KEY_RSA_CERT,
KEY_DSA_CERT,
KEY_ECDSA_CERT,
+ KEY_ED25519_CERT,
KEY_RSA_CERT_V00,
KEY_DSA_CERT_V00,
KEY_UNSPEC
@@ -86,8 +88,13 @@
void *ecdsa;
#endif
struct KeyCert *cert;
+ u_char *ed25519_sk;
+ u_char *ed25519_pk;
};
+#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
+#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
+
Key *key_new(int);
void key_add_private(Key *);
Key *key_new_private(int);
@@ -107,6 +114,7 @@
Key *key_from_private(const Key *);
int key_type_from_name(char *);
int key_is_cert(const Key *);
+int key_type_is_cert(int);
int key_type_plain(int);
int key_to_certified(Key *, int);
int key_drop_cert(Key *);
@@ -123,11 +131,11 @@
int key_ecdsa_bits_to_nid(int);
#ifdef OPENSSL_HAS_ECC
int key_ecdsa_key_to_nid(EC_KEY *);
-const EVP_MD *key_ec_nid_to_evpmd(int nid);
+int key_ec_nid_to_hash_alg(int nid);
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
int key_ec_validate_private(const EC_KEY *);
#endif
-char *key_alg_list(void);
+char *key_alg_list(int, int);
Key *key_from_blob(const u_char *, u_int);
int key_to_blob(const Key *, u_char **, u_int *);
@@ -144,6 +152,8 @@
int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+int ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK))
void key_dump_ec_point(const EC_GROUP *, const EC_POINT *);
@@ -150,4 +160,7 @@
void key_dump_ec_key(const EC_KEY *);
#endif
+void key_private_serialize(const Key *, Buffer *);
+Key *key_private_deserialize(Buffer *);
+
#endif
Modified: vendor-crypto/openssh/dist/krl.c
===================================================================
--- vendor-crypto/openssh/dist/krl.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/krl.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */
#include "includes.h"
@@ -238,7 +238,7 @@
struct revoked_serial rs, *ers, *crs, *irs;
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
- bzero(&rs, sizeof(rs));
+ memset(&rs, 0, sizeof(rs));
rs.lo = lo;
rs.hi = hi;
ers = RB_NFIND(revoked_serial_tree, rt, &rs);
@@ -1115,7 +1115,7 @@
struct revoked_certs *rc;
/* Check explicitly revoked hashes first */
- bzero(&rb, sizeof(rb));
+ memset(&rb, 0, sizeof(rb));
if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL)
return -1;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
@@ -1126,7 +1126,7 @@
}
/* Next, explicit keys */
- bzero(&rb, sizeof(rb));
+ memset(&rb, 0, sizeof(rb));
if (plain_key_blob(key, &rb.blob, &rb.len) != 0)
return -1;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
@@ -1147,7 +1147,7 @@
return 0; /* No entry for this CA */
/* Check revocation by cert key ID */
- bzero(&rki, sizeof(rki));
+ memset(&rki, 0, sizeof(rki));
rki.key_id = key->cert->key_id;
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
if (erki != NULL) {
@@ -1162,7 +1162,7 @@
if (key_cert_is_legacy(key) || key->cert->serial == 0)
return 0;
- bzero(&rs, sizeof(rs));
+ memset(&rs, 0, sizeof(rs));
rs.lo = rs.hi = key->cert->serial;
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
if (ers != NULL) {
Modified: vendor-crypto/openssh/dist/loginrec.c
===================================================================
--- vendor-crypto/openssh/dist/loginrec.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/loginrec.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -310,9 +310,13 @@
fatal("%s: Cannot find account for uid %ld", __func__,
(long)uid);
- /* No MIN_SIZEOF here - we absolutely *must not* truncate the
- * username (XXX - so check for trunc!) */
- strlcpy(li->username, pw->pw_name, sizeof(li->username));
+ if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >=
+ sizeof(li->username)) {
+ error("%s: username too long (%lu > max %lu)", __func__,
+ (unsigned long)strlen(pw->pw_name),
+ (unsigned long)sizeof(li->username) - 1);
+ return NULL;
+ }
if (getlast_entry(li))
return (li);
@@ -320,7 +324,6 @@
return (NULL);
}
-
/*
* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise
* a logininfo structure
Modified: vendor-crypto/openssh/dist/mac.c
===================================================================
--- vendor-crypto/openssh/dist/mac.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/mac.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */
+/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -27,8 +27,6 @@
#include <sys/types.h>
-#include <openssl/hmac.h>
-
#include <stdarg.h>
#include <string.h>
#include <signal.h>
@@ -42,11 +40,13 @@
#include "mac.h"
#include "misc.h"
+#include "digest.h"
+#include "hmac.h"
#include "umac.h"
#include "openbsd-compat/openssl-compat.h"
-#define SSH_EVP 1 /* OpenSSL EVP-based MAC */
+#define SSH_DIGEST 1 /* SSH_DIGEST_XXX */
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
#define SSH_UMAC128 3
@@ -53,7 +53,7 @@
struct macalg {
char *name;
int type;
- const EVP_MD * (*mdfunc)(void);
+ int alg;
int truncatebits; /* truncate digest if != 0 */
int key_len; /* just for UMAC */
int len; /* just for UMAC */
@@ -62,38 +62,38 @@
static const struct macalg macs[] = {
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
- { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
- { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
+ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
+ { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
#ifdef HAVE_EVP_SHA256
- { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
- { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
+ { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
+ { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
#endif
- { "hmac-md5", SSH_EVP, EVP_md5, 0, 0, 0, 0 },
- { "hmac-md5-96", SSH_EVP, EVP_md5, 96, 0, 0, 0 },
- { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
- { "hmac-ripemd160 at openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
- { "umac-64 at openssh.com", SSH_UMAC, NULL, 0, 128, 64, 0 },
- { "umac-128 at openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 0 },
+ { "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
+ { "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
+ { "hmac-ripemd160", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+ { "hmac-ripemd160 at openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+ { "umac-64 at openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
+ { "umac-128 at openssh.com", SSH_UMAC128, 0, 0, 128, 128, 0 },
/* Encrypt-then-MAC variants */
- { "hmac-sha1-etm at openssh.com", SSH_EVP, EVP_sha1, 0, 0, 0, 1 },
- { "hmac-sha1-96-etm at openssh.com", SSH_EVP, EVP_sha1, 96, 0, 0, 1 },
+ { "hmac-sha1-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
+ { "hmac-sha1-96-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
#ifdef HAVE_EVP_SHA256
- { "hmac-sha2-256-etm at openssh.com", SSH_EVP, EVP_sha256, 0, 0, 0, 1 },
- { "hmac-sha2-512-etm at openssh.com", SSH_EVP, EVP_sha512, 0, 0, 0, 1 },
+ { "hmac-sha2-256-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
+ { "hmac-sha2-512-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
#endif
- { "hmac-md5-etm at openssh.com", SSH_EVP, EVP_md5, 0, 0, 0, 1 },
- { "hmac-md5-96-etm at openssh.com", SSH_EVP, EVP_md5, 96, 0, 0, 1 },
- { "hmac-ripemd160-etm at openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 1 },
- { "umac-64-etm at openssh.com", SSH_UMAC, NULL, 0, 128, 64, 1 },
- { "umac-128-etm at openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 1 },
+ { "hmac-md5-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
+ { "hmac-md5-96-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
+ { "hmac-ripemd160-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
+ { "umac-64-etm at openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
+ { "umac-128-etm at openssh.com", SSH_UMAC128, 0, 0, 128, 128, 1 },
- { NULL, 0, NULL, 0, 0, 0, 0 }
+ { NULL, 0, 0, 0, 0, 0, 0 }
};
-/* Returns a comma-separated list of supported MACs. */
+/* Returns a list of supported MACs separated by the specified char. */
char *
-mac_alg_list(void)
+mac_alg_list(char sep)
{
char *ret = NULL;
size_t nlen, rlen = 0;
@@ -101,7 +101,7 @@
for (m = macs; m->name != NULL; m++) {
if (ret != NULL)
- ret[rlen++] = '\n';
+ ret[rlen++] = sep;
nlen = strlen(m->name);
ret = xrealloc(ret, 1, rlen + nlen + 2);
memcpy(ret + rlen, m->name, nlen + 1);
@@ -113,14 +113,11 @@
static void
mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
{
- int evp_len;
-
mac->type = macalg->type;
- if (mac->type == SSH_EVP) {
- mac->evp_md = macalg->mdfunc();
- if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
- fatal("mac %s len %d", mac->name, evp_len);
- mac->key_len = mac->mac_len = (u_int)evp_len;
+ if (mac->type == SSH_DIGEST) {
+ if ((mac->hmac_ctx = ssh_hmac_start(macalg->alg)) == NULL)
+ fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
+ mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
} else {
mac->mac_len = macalg->len / 8;
mac->key_len = macalg->key_len / 8;
@@ -139,9 +136,10 @@
for (m = macs; m->name != NULL; m++) {
if (strcmp(name, m->name) != 0)
continue;
- if (mac != NULL)
+ if (mac != NULL) {
mac_setup_by_alg(mac, m);
- debug2("mac_setup: found %s", name);
+ debug2("mac_setup: setup %s", name);
+ }
return (0);
}
debug2("mac_setup: unknown %s", name);
@@ -152,13 +150,12 @@
mac_init(Mac *mac)
{
if (mac->key == NULL)
- fatal("mac_init: no key");
+ fatal("%s: no key", __func__);
switch (mac->type) {
- case SSH_EVP:
- if (mac->evp_md == NULL)
+ case SSH_DIGEST:
+ if (mac->hmac_ctx == NULL ||
+ ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
return -1;
- HMAC_CTX_init(&mac->evp_ctx);
- HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md);
return 0;
case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key);
@@ -181,17 +178,18 @@
u_char b[4], nonce[8];
if (mac->mac_len > sizeof(u))
- fatal("mac_compute: mac too long %u %lu",
- mac->mac_len, (u_long)sizeof(u));
+ fatal("mac_compute: mac too long %u %zu",
+ mac->mac_len, sizeof(u));
switch (mac->type) {
- case SSH_EVP:
+ case SSH_DIGEST:
put_u32(b, seqno);
/* reset HMAC context */
- HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
- HMAC_Update(&mac->evp_ctx, b, sizeof(b));
- HMAC_Update(&mac->evp_ctx, data, datalen);
- HMAC_Final(&mac->evp_ctx, u.m, NULL);
+ if (ssh_hmac_init(mac->hmac_ctx, NULL, 0) < 0 ||
+ ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
+ ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
+ ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
+ fatal("ssh_hmac failed");
break;
case SSH_UMAC:
put_u64(nonce, seqno);
@@ -218,9 +216,9 @@
} else if (mac->type == SSH_UMAC128) {
if (mac->umac_ctx != NULL)
umac128_delete(mac->umac_ctx);
- } else if (mac->evp_md != NULL)
- HMAC_cleanup(&mac->evp_ctx);
- mac->evp_md = NULL;
+ } else if (mac->hmac_ctx != NULL)
+ ssh_hmac_free(mac->hmac_ctx);
+ mac->hmac_ctx = NULL;
mac->umac_ctx = NULL;
}
@@ -240,8 +238,6 @@
debug("bad mac %s [%s]", p, names);
free(maclist);
return (0);
- } else {
- debug3("mac ok: %s [%s]", p, names);
}
}
debug3("macs ok: [%s]", names);
Modified: vendor-crypto/openssh/dist/mac.h
===================================================================
--- vendor-crypto/openssh/dist/mac.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/mac.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */
+/* $OpenBSD: mac.h,v 1.8 2013/11/07 11:58:27 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -24,7 +24,7 @@
*/
int mac_valid(const char *);
-char *mac_alg_list(void);
+char *mac_alg_list(char);
int mac_setup(Mac *, char *);
int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
Modified: vendor-crypto/openssh/dist/match.c
===================================================================
--- vendor-crypto/openssh/dist/match.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/match.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -141,8 +141,8 @@
for (subi = 0;
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
subi++, i++)
- sub[subi] = dolower && isupper(pattern[i]) ?
- (char)tolower(pattern[i]) : pattern[i];
+ sub[subi] = dolower && isupper((u_char)pattern[i]) ?
+ tolower((u_char)pattern[i]) : pattern[i];
/* If subpattern too long, return failure (no match). */
if (subi >= sizeof(sub) - 1)
return 0;
Modified: vendor-crypto/openssh/dist/misc.c
===================================================================
--- vendor-crypto/openssh/dist/misc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/misc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.92 2013/10/14 23:28:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -43,6 +43,7 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
+#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
@@ -1017,7 +1018,14 @@
snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos);
return iptos_str;
}
+
void
+lowercase(char *s)
+{
+ for (; *s; s++)
+ *s = tolower((u_char)*s);
+}
+void
sock_set_v6only(int s)
{
#ifdef IPV6_V6ONLY
Modified: vendor-crypto/openssh/dist/misc.h
===================================================================
--- vendor-crypto/openssh/dist/misc.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/misc.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.50 2013/10/14 23:28:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -36,6 +36,8 @@
void ms_subtract_diff(struct timeval *, int *);
void ms_to_timeval(struct timeval *, int);
time_t monotime(void);
+void lowercase(char *s);
+
void sock_set_v6only(int);
struct passwd *pwcopy(struct passwd *);
Modified: vendor-crypto/openssh/dist/moduli.0
===================================================================
--- vendor-crypto/openssh/dist/moduli.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/moduli.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -71,4 +71,4 @@
the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
2006.
-OpenBSD 5.4 September 26, 2012 OpenBSD 5.4
+OpenBSD 5.5 September 26, 2012 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/moduli.c
===================================================================
--- vendor-crypto/openssh/dist/moduli.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/moduli.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.28 2013/10/24 00:49:49 dtucker Exp $ */
/*
* Copyright 1994 Phil Karn <karn at qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson at greendragon.com>
@@ -56,6 +56,7 @@
#include "xmalloc.h"
#include "dh.h"
#include "log.h"
+#include "misc.h"
#include "openbsd-compat/openssl-compat.h"
@@ -488,6 +489,79 @@
return lineno;
}
+static unsigned long
+count_lines(FILE *f)
+{
+ unsigned long count = 0;
+ char lp[QLINESIZE + 1];
+
+ if (fseek(f, 0, SEEK_SET) != 0) {
+ debug("input file is not seekable");
+ return ULONG_MAX;
+ }
+ while (fgets(lp, QLINESIZE + 1, f) != NULL)
+ count++;
+ rewind(f);
+ debug("input file has %lu lines", count);
+ return count;
+}
+
+static char *
+fmt_time(time_t seconds)
+{
+ int day, hr, min;
+ static char buf[128];
+
+ min = (seconds / 60) % 60;
+ hr = (seconds / 60 / 60) % 24;
+ day = seconds / 60 / 60 / 24;
+ if (day > 0)
+ snprintf(buf, sizeof buf, "%dd %d:%02d", day, hr, min);
+ else
+ snprintf(buf, sizeof buf, "%d:%02d", hr, min);
+ return buf;
+}
+
+static void
+print_progress(unsigned long start_lineno, unsigned long current_lineno,
+ unsigned long end_lineno)
+{
+ static time_t time_start, time_prev;
+ time_t time_now, elapsed;
+ unsigned long num_to_process, processed, remaining, percent, eta;
+ double time_per_line;
+ char *eta_str;
+
+ time_now = monotime();
+ if (time_start == 0) {
+ time_start = time_prev = time_now;
+ return;
+ }
+ /* print progress after 1m then once per 5m */
+ if (time_now - time_prev < 5 * 60)
+ return;
+ time_prev = time_now;
+ elapsed = time_now - time_start;
+ processed = current_lineno - start_lineno;
+ remaining = end_lineno - current_lineno;
+ num_to_process = end_lineno - start_lineno;
+ time_per_line = (double)elapsed / processed;
+ /* if we don't know how many we're processing just report count+time */
+ time(&time_now);
+ if (end_lineno == ULONG_MAX) {
+ logit("%.24s processed %lu in %s", ctime(&time_now),
+ processed, fmt_time(elapsed));
+ return;
+ }
+ percent = 100 * processed / num_to_process;
+ eta = time_per_line * remaining;
+ eta_str = xstrdup(fmt_time(eta));
+ logit("%.24s processed %lu of %lu (%lu%%) in %s, ETA %s",
+ ctime(&time_now), processed, num_to_process, percent,
+ fmt_time(elapsed), eta_str);
+ free(eta_str);
+}
+
/*
* perform a Miller-Rabin primality test
* on the list of candidates
@@ -512,6 +586,11 @@
return (-1);
}
+ if (num_lines == 0)
+ end_lineno = count_lines(in);
+ else
+ end_lineno = start_lineno + num_lines;
+
time(&time_start);
if ((p = BN_new()) == NULL)
@@ -526,26 +605,25 @@
if (checkpoint_file != NULL)
last_processed = read_checkpoint(checkpoint_file);
- if (start_lineno > last_processed)
- last_processed = start_lineno;
- if (num_lines == 0)
- end_lineno = ULONG_MAX;
+ last_processed = start_lineno = MAX(last_processed, start_lineno);
+ if (end_lineno == ULONG_MAX)
+ debug("process from line %lu from pipe", last_processed);
else
- end_lineno = last_processed + num_lines;
- debug2("process line %lu to line %lu", last_processed, end_lineno);
+ debug("process from line %lu to line %lu", last_processed,
+ end_lineno);
res = 0;
lp = xmalloc(QLINESIZE + 1);
while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
count_in++;
- if (checkpoint_file != NULL) {
- if (count_in <= last_processed) {
- debug3("skipping line %u, before checkpoint",
- count_in);
- continue;
- }
+ if (count_in <= last_processed) {
+ debug3("skipping line %u, before checkpoint or "
+ "specified start line", count_in);
+ continue;
+ }
+ if (checkpoint_file != NULL)
write_checkpoint(checkpoint_file, count_in);
- }
+ print_progress(start_lineno, count_in, end_lineno);
if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
debug2("%10u: comment or short line", count_in);
continue;
Modified: vendor-crypto/openssh/dist/monitor.c
===================================================================
--- vendor-crypto/openssh/dist/monitor.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -95,7 +95,6 @@
#include "misc.h"
#include "compat.h"
#include "ssh2.h"
-#include "jpake.h"
#include "roaming.h"
#include "authfd.h"
@@ -161,11 +160,6 @@
int mm_answer_rsa_response(int, Buffer *);
int mm_answer_sesskey(int, Buffer *);
int mm_answer_sessid(int, Buffer *);
-int mm_answer_jpake_get_pwdata(int, Buffer *);
-int mm_answer_jpake_step1(int, Buffer *);
-int mm_answer_jpake_step2(int, Buffer *);
-int mm_answer_jpake_key_confirm(int, Buffer *);
-int mm_answer_jpake_check_confirm(int, Buffer *);
#ifdef USE_PAM
int mm_answer_pam_start(int, Buffer *);
@@ -254,13 +248,6 @@
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
#endif
-#ifdef JPAKE
- {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
- {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
- {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
- {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
- {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
-#endif
{0, 0, NULL}
};
@@ -427,15 +414,6 @@
if (!authenticated)
authctxt->failures++;
}
-#ifdef JPAKE
- /* Cleanup JPAKE context after authentication */
- if (ent->flags & MON_AUTHDECIDE) {
- if (authctxt->jpake_ctx != NULL) {
- jpake_free(authctxt->jpake_ctx);
- authctxt->jpake_ctx = NULL;
- }
- }
-#endif
}
if (!authctxt->valid)
@@ -566,7 +544,7 @@
struct pollfd pfd[2];
for (;;) {
- bzero(&pfd, sizeof(pfd));
+ memset(&pfd, 0, sizeof(pfd));
pfd[0].fd = pmonitor->m_sendfd;
pfd[0].events = POLLIN;
pfd[1].fd = pmonitor->m_log_recvfd;
@@ -880,7 +858,7 @@
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
auth_password(authctxt, passwd);
- memset(passwd, 0, strlen(passwd));
+ explicit_bzero(passwd, strlen(passwd));
free(passwd);
buffer_clear(m);
@@ -1822,13 +1800,13 @@
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
- memset(child_state.input, 0, child_state.ilen);
+ explicit_bzero(child_state.input, child_state.ilen);
free(child_state.input);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
- memset(child_state.output, 0, child_state.olen);
+ explicit_bzero(child_state.output, child_state.olen);
free(child_state.output);
/* Roaming */
@@ -1855,6 +1833,7 @@
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ kex->kex[KEX_C25519_SHA256] = kexc25519_server;
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
@@ -2158,205 +2137,3 @@
}
#endif /* GSSAPI */
-#ifdef JPAKE
-int
-mm_answer_jpake_step1(int sock, Buffer *m)
-{
- struct jpake_ctx *pctx;
- u_char *x3_proof, *x4_proof;
- u_int x3_proof_len, x4_proof_len;
-
- if (!options.zero_knowledge_password_authentication)
- fatal("zero_knowledge_password_authentication disabled");
-
- if (authctxt->jpake_ctx != NULL)
- fatal("%s: authctxt->jpake_ctx already set (%p)",
- __func__, authctxt->jpake_ctx);
- authctxt->jpake_ctx = pctx = jpake_new();
-
- jpake_step1(pctx->grp,
- &pctx->server_id, &pctx->server_id_len,
- &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
- &x3_proof, &x3_proof_len,
- &x4_proof, &x4_proof_len);
-
- JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
-
- buffer_clear(m);
-
- buffer_put_string(m, pctx->server_id, pctx->server_id_len);
- buffer_put_bignum2(m, pctx->g_x3);
- buffer_put_bignum2(m, pctx->g_x4);
- buffer_put_string(m, x3_proof, x3_proof_len);
- buffer_put_string(m, x4_proof, x4_proof_len);
-
- debug3("%s: sending step1", __func__);
- mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
-
- bzero(x3_proof, x3_proof_len);
- bzero(x4_proof, x4_proof_len);
- free(x3_proof);
- free(x4_proof);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
-
- return 0;
-}
-
-int
-mm_answer_jpake_get_pwdata(int sock, Buffer *m)
-{
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- char *hash_scheme, *salt;
-
- if (pctx == NULL)
- fatal("%s: pctx == NULL", __func__);
-
- auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
-
- buffer_clear(m);
- /* pctx->s is sensitive, not returned to slave */
- buffer_put_cstring(m, hash_scheme);
- buffer_put_cstring(m, salt);
-
- debug3("%s: sending pwdata", __func__);
- mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
-
- bzero(hash_scheme, strlen(hash_scheme));
- bzero(salt, strlen(salt));
- free(hash_scheme);
- free(salt);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
-
- return 0;
-}
-
-int
-mm_answer_jpake_step2(int sock, Buffer *m)
-{
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- u_char *x1_proof, *x2_proof, *x4_s_proof;
- u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
-
- if (pctx == NULL)
- fatal("%s: pctx == NULL", __func__);
-
- if ((pctx->g_x1 = BN_new()) == NULL ||
- (pctx->g_x2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- buffer_get_bignum2(m, pctx->g_x1);
- buffer_get_bignum2(m, pctx->g_x2);
- pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
- x1_proof = buffer_get_string(m, &x1_proof_len);
- x2_proof = buffer_get_string(m, &x2_proof_len);
-
- jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
- pctx->g_x1, pctx->g_x2, pctx->x4,
- pctx->client_id, pctx->client_id_len,
- pctx->server_id, pctx->server_id_len,
- x1_proof, x1_proof_len,
- x2_proof, x2_proof_len,
- &pctx->b,
- &x4_s_proof, &x4_s_proof_len);
-
- JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
-
- bzero(x1_proof, x1_proof_len);
- bzero(x2_proof, x2_proof_len);
- free(x1_proof);
- free(x2_proof);
-
- buffer_clear(m);
-
- buffer_put_bignum2(m, pctx->b);
- buffer_put_string(m, x4_s_proof, x4_s_proof_len);
-
- debug3("%s: sending step2", __func__);
- mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
-
- bzero(x4_s_proof, x4_s_proof_len);
- free(x4_s_proof);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
-
- return 0;
-}
-
-int
-mm_answer_jpake_key_confirm(int sock, Buffer *m)
-{
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
- u_char *x2_s_proof;
- u_int x2_s_proof_len;
-
- if (pctx == NULL)
- fatal("%s: pctx == NULL", __func__);
-
- if ((pctx->a = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- buffer_get_bignum2(m, pctx->a);
- x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
-
- jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
- pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
- pctx->server_id, pctx->server_id_len,
- pctx->client_id, pctx->client_id_len,
- session_id2, session_id2_len,
- x2_s_proof, x2_s_proof_len,
- &pctx->k,
- &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
-
- JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
-
- bzero(x2_s_proof, x2_s_proof_len);
- buffer_clear(m);
-
- /* pctx->k is sensitive, not sent */
- buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
-
- debug3("%s: sending confirmation hash", __func__);
- mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
-
- return 0;
-}
-
-int
-mm_answer_jpake_check_confirm(int sock, Buffer *m)
-{
- int authenticated = 0;
- u_char *peer_confirm_hash;
- u_int peer_confirm_hash_len;
- struct jpake_ctx *pctx = authctxt->jpake_ctx;
-
- if (pctx == NULL)
- fatal("%s: pctx == NULL", __func__);
-
- peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
-
- authenticated = jpake_check_confirm(pctx->k,
- pctx->client_id, pctx->client_id_len,
- session_id2, session_id2_len,
- peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
-
- JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
-
- bzero(peer_confirm_hash, peer_confirm_hash_len);
- free(peer_confirm_hash);
-
- buffer_clear(m);
- buffer_put_int(m, authenticated);
-
- debug3("%s: sending result %d", __func__, authenticated);
- mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
-
- monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
-
- auth_method = "jpake-01 at openssh.com";
- return authenticated;
-}
-
-#endif /* JPAKE */
Modified: vendor-crypto/openssh/dist/monitor.h
===================================================================
--- vendor-crypto/openssh/dist/monitor.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.17 2012/12/02 20:34:10 djm Exp $ */
+/* $OpenBSD: monitor.h,v 1.18 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -56,11 +56,6 @@
MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47,
MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
MONITOR_REQ_TERM = 50,
- MONITOR_REQ_JPAKE_STEP1 = 52, MONITOR_ANS_JPAKE_STEP1 = 53,
- MONITOR_REQ_JPAKE_GET_PWDATA = 54, MONITOR_ANS_JPAKE_GET_PWDATA = 55,
- MONITOR_REQ_JPAKE_STEP2 = 56, MONITOR_ANS_JPAKE_STEP2 = 57,
- MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61,
MONITOR_REQ_PAM_START = 100,
MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
Modified: vendor-crypto/openssh/dist/monitor_mm.c
===================================================================
--- vendor-crypto/openssh/dist/monitor_mm.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor_mm.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.c,v 1.18 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: monitor_mm.c,v 1.19 2014/01/04 17:50:55 tedu Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* All rights reserved.
@@ -35,6 +35,7 @@
#include <errno.h>
#include <stdarg.h>
+#include <stddef.h>
#include <stdlib.h>
#include <string.h>
@@ -46,7 +47,7 @@
static int
mm_compare(struct mm_share *a, struct mm_share *b)
{
- long diff = (char *)a->address - (char *)b->address;
+ ptrdiff_t diff = (char *)a->address - (char *)b->address;
if (diff == 0)
return (0);
@@ -73,8 +74,8 @@
tmp2 = RB_INSERT(mmtree, head, tmp);
if (tmp2 != NULL)
- fatal("mm_make_entry(%p): double address %p->%p(%lu)",
- mm, tmp2, address, (u_long)size);
+ fatal("mm_make_entry(%p): double address %p->%p(%zu)",
+ mm, tmp2, address, size);
return (tmp);
}
@@ -101,7 +102,7 @@
address = xmmap(size);
if (address == (void *)MAP_FAILED)
- fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
+ fatal("mmap(%zu): %s", size, strerror(errno));
mm->address = address;
mm->size = size;
@@ -141,7 +142,7 @@
#ifdef HAVE_MMAP
if (munmap(mm->address, mm->size) == -1)
- fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
+ fatal("munmap(%p, %zu): %s", mm->address, mm->size,
strerror(errno));
#else
fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
@@ -160,7 +161,7 @@
address = mm_malloc(mm, size);
if (address == NULL)
- fatal("%s: mm_malloc(%lu)", __func__, (u_long)size);
+ fatal("%s: mm_malloc(%zu)", __func__, size);
memset(address, 0, size);
return (address);
}
@@ -195,7 +196,7 @@
/* Does not change order in RB tree */
mms->size -= size;
- mms->address = (u_char *)mms->address + size;
+ mms->address = (char *)mms->address + size;
if (mms->size == 0) {
RB_REMOVE(mmtree, &mm->rb_free, mms);
@@ -248,8 +249,8 @@
/* Check if range does not overlap */
if (prev != NULL && MM_ADDRESS_END(prev) > address)
- fatal("mm_free: memory corruption: %p(%lu) > %p",
- prev->address, (u_long)prev->size, address);
+ fatal("mm_free: memory corruption: %p(%zu) > %p",
+ prev->address, prev->size, address);
/* See if we can merge backwards */
if (prev != NULL && MM_ADDRESS_END(prev) == address) {
@@ -271,8 +272,8 @@
return;
if (MM_ADDRESS_END(prev) > mms->address)
- fatal("mm_free: memory corruption: %p < %p(%lu)",
- mms->address, prev->address, (u_long)prev->size);
+ fatal("mm_free: memory corruption: %p < %p(%zu)",
+ mms->address, prev->address, prev->size);
if (MM_ADDRESS_END(prev) != mms->address)
return;
@@ -343,12 +344,12 @@
void
mm_memvalid(struct mm_master *mm, void *address, size_t size)
{
- void *end = (u_char *)address + size;
+ void *end = (char *)address + size;
if (address < mm->address)
fatal("mm_memvalid: address too small: %p", address);
if (end < address)
fatal("mm_memvalid: end < address: %p < %p", end, address);
- if (end > (void *)((u_char *)mm->address + mm->size))
+ if (end > MM_ADDRESS_END(mm))
fatal("mm_memvalid: address too large: %p", address);
}
Modified: vendor-crypto/openssh/dist/monitor_mm.h
===================================================================
--- vendor-crypto/openssh/dist/monitor_mm.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor_mm.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.h,v 1.5 2008/04/29 11:20:31 otto Exp $ */
+/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -47,7 +47,7 @@
#define MM_MINSIZE 128
-#define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size)
+#define MM_ADDRESS_END(x) (void *)((char *)(x)->address + (x)->size)
struct mm_master *mm_create(struct mm_master *, size_t);
void mm_destroy(struct mm_master *);
Modified: vendor-crypto/openssh/dist/monitor_wrap.c
===================================================================
--- vendor-crypto/openssh/dist/monitor_wrap.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor_wrap.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.77 2013/11/06 16:52:11 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -71,8 +71,6 @@
#include "atomicio.h"
#include "monitor_fdpass.h"
#include "misc.h"
-#include "schnorr.h"
-#include "jpake.h"
#include "uuencode.h"
#include "channels.h"
@@ -574,7 +572,7 @@
*blobp = xmalloc(len);
memcpy(*blobp, buffer_ptr(&b), len);
}
- memset(buffer_ptr(&b), 0, len);
+ explicit_bzero(buffer_ptr(&b), len);
buffer_free(&b);
return len;
}
@@ -618,7 +616,7 @@
key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
- memset(key, 0, keylen);
+ explicit_bzero(key, keylen);
free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
@@ -1292,164 +1290,3 @@
}
#endif /* GSSAPI */
-#ifdef JPAKE
-void
-mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
- char **hash_scheme, char **salt)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_GET_PWDATA, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_GET_PWDATA, &m);
-
- *hash_scheme = buffer_get_string(&m, NULL);
- *salt = buffer_get_string(&m, NULL);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step1(struct modp_group *grp,
- u_char **id, u_int *id_len,
- BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
- u_char **priv1_proof, u_int *priv1_proof_len,
- u_char **priv2_proof, u_int *priv2_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP1, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP1, &m);
-
- if ((*priv1 = BN_new()) == NULL ||
- (*priv2 = BN_new()) == NULL ||
- (*g_priv1 = BN_new()) == NULL ||
- (*g_priv2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- *id = buffer_get_string(&m, id_len);
- /* priv1 and priv2 are, well, private */
- buffer_get_bignum2(&m, *g_priv1);
- buffer_get_bignum2(&m, *g_priv2);
- *priv1_proof = buffer_get_string(&m, priv1_proof_len);
- *priv2_proof = buffer_get_string(&m, priv2_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
- BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
- const u_char *theirid, u_int theirid_len,
- const u_char *myid, u_int myid_len,
- const u_char *theirpub1_proof, u_int theirpub1_proof_len,
- const u_char *theirpub2_proof, u_int theirpub2_proof_len,
- BIGNUM **newpub,
- u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except theirpub1, theirpub2 */
- buffer_put_bignum2(&m, theirpub1);
- buffer_put_bignum2(&m, theirpub2);
- /* monitor already knows our id */
- buffer_put_string(&m, theirid, theirid_len);
- buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
- buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP2, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP2, &m);
-
- if ((*newpub = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- buffer_get_bignum2(&m, *newpub);
- *newpub_exponent_proof = buffer_get_string(&m,
- newpub_exponent_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
- BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
- BIGNUM *theirpub1, BIGNUM *theirpub2,
- const u_char *my_id, u_int my_id_len,
- const u_char *their_id, u_int their_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
- BIGNUM **k,
- u_char **confirm_hash, u_int *confirm_hash_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except step2_val */
- buffer_put_bignum2(&m, step2_val);
- /* monitor already knows all the ids */
- buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
-
- /* 'k' is sensitive and stays in the monitor */
- *confirm_hash = buffer_get_string(&m, confirm_hash_len);
-
- buffer_free(&m);
-}
-
-int
-mm_jpake_check_confirm(const BIGNUM *k,
- const u_char *peer_id, u_int peer_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
-{
- Buffer m;
- int success = 0;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* k is dummy in slave, ignored */
- /* monitor knows all the ids */
- buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
-
- success = buffer_get_int(&m);
- buffer_free(&m);
-
- debug3("%s: success = %d", __func__, success);
- return success;
-}
-#endif /* JPAKE */
Modified: vendor-crypto/openssh/dist/monitor_wrap.h
===================================================================
--- vendor-crypto/openssh/dist/monitor_wrap.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/monitor_wrap.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.24 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -102,26 +102,6 @@
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);
-/* jpake */
-struct modp_group;
-void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **);
-void mm_jpake_step1(struct modp_group *, u_char **, u_int *,
- BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
- u_char **, u_int *, u_char **, u_int *);
-void mm_jpake_step2(struct modp_group *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-void mm_jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-int mm_jpake_check_confirm(const BIGNUM *,
- const u_char *, u_int, const u_char *, u_int, const u_char *, u_int);
-
-
/* zlib allocation hooks */
void *mm_zalloc(struct mm_master *, u_int, u_int);
Modified: vendor-crypto/openssh/dist/myproposal.h
===================================================================
--- vendor-crypto/openssh/dist/myproposal.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/myproposal.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.32 2013/01/08 18:49:04 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -29,6 +29,7 @@
/* conditional algorithm support */
#ifdef OPENSSL_HAS_ECC
+#ifdef OPENSSL_HAS_NISTP521
# define KEX_ECDH_METHODS \
"ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
@@ -42,6 +43,17 @@
"ecdsa-sha2-nistp384," \
"ecdsa-sha2-nistp521,"
#else
+# define KEX_ECDH_METHODS \
+ "ecdh-sha2-nistp256," \
+ "ecdh-sha2-nistp384,"
+# define HOSTKEY_ECDSA_CERT_METHODS \
+ "ecdsa-sha2-nistp256-cert-v01 at openssh.com," \
+ "ecdsa-sha2-nistp384-cert-v01 at openssh.com,"
+# define HOSTKEY_ECDSA_METHODS \
+ "ecdsa-sha2-nistp256," \
+ "ecdsa-sha2-nistp384,"
+#endif
+#else
# define KEX_ECDH_METHODS
# define HOSTKEY_ECDSA_CERT_METHODS
# define HOSTKEY_ECDSA_METHODS
@@ -57,15 +69,19 @@
#ifdef HAVE_EVP_SHA256
# define KEX_SHA256_METHODS \
"diffie-hellman-group-exchange-sha256,"
+#define KEX_CURVE25519_METHODS \
+ "curve25519-sha256 at libssh.org,"
#define SHA2_HMAC_MODES \
"hmac-sha2-256," \
"hmac-sha2-512,"
#else
# define KEX_SHA256_METHODS
+# define KEX_CURVE25519_METHODS
# define SHA2_HMAC_MODES
#endif
# define KEX_DEFAULT_KEX \
+ KEX_CURVE25519_METHODS \
KEX_ECDH_METHODS \
KEX_SHA256_METHODS \
"diffie-hellman-group-exchange-sha1," \
@@ -74,11 +90,13 @@
#define KEX_DEFAULT_PK_ALG \
HOSTKEY_ECDSA_CERT_METHODS \
+ "ssh-ed25519-cert-v01 at openssh.com," \
"ssh-rsa-cert-v01 at openssh.com," \
"ssh-dss-cert-v01 at openssh.com," \
"ssh-rsa-cert-v00 at openssh.com," \
"ssh-dss-cert-v00 at openssh.com," \
HOSTKEY_ECDSA_METHODS \
+ "ssh-ed25519," \
"ssh-rsa," \
"ssh-dss"
@@ -88,6 +106,7 @@
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
AESGCM_CIPHER_MODES \
+ "chacha20-poly1305 at openssh.com," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
Modified: vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/Makefile.in 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/Makefile.in 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $
+# $Id: Makefile.in,v 1.55 2014/02/04 00:37:50 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@@ -16,9 +16,9 @@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
+OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
Added: vendor-crypto/openssh/dist/openbsd-compat/arc4random.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/arc4random.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/arc4random.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,294 @@
+/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */
+
+/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm at uun.org>
+ * Copyright (c) 2008, Damien Miller <djm at openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus at openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * ChaCha based random number generator for OpenBSD.
+ */
+
+#include "includes.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#ifndef HAVE_ARC4RANDOM
+
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#include "log.h"
+
+#define KEYSTREAM_ONLY
+#include "chacha_private.h"
+
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+/* OpenSSH isn't multithreaded */
+#define _ARC4_LOCK()
+#define _ARC4_UNLOCK()
+
+#define KEYSZ 32
+#define IVSZ 8
+#define BLOCKSZ 64
+#define RSBUFSZ (16*BLOCKSZ)
+static int rs_initialized;
+static pid_t rs_stir_pid;
+static chacha_ctx rs; /* chacha context for random keystream */
+static u_char rs_buf[RSBUFSZ]; /* keystream blocks */
+static size_t rs_have; /* valid bytes at end of rs_buf */
+static size_t rs_count; /* bytes till reseed */
+
+static inline void _rs_rekey(u_char *dat, size_t datlen);
+
+static inline void
+_rs_init(u_char *buf, size_t n)
+{
+ if (n < KEYSZ + IVSZ)
+ return;
+ chacha_keysetup(&rs, buf, KEYSZ * 8, 0);
+ chacha_ivsetup(&rs, buf + KEYSZ);
+}
+
+static void
+_rs_stir(void)
+{
+ u_char rnd[KEYSZ + IVSZ];
+
+ if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
+ fatal("Couldn't obtain random bytes (error %ld)",
+ ERR_get_error());
+
+ if (!rs_initialized) {
+ rs_initialized = 1;
+ _rs_init(rnd, sizeof(rnd));
+ } else
+ _rs_rekey(rnd, sizeof(rnd));
+ memset(rnd, 0, sizeof(rnd));
+
+ /* invalidate rs_buf */
+ rs_have = 0;
+ memset(rs_buf, 0, RSBUFSZ);
+
+ rs_count = 1600000;
+}
+
+static inline void
+_rs_stir_if_needed(size_t len)
+{
+ pid_t pid = getpid();
+
+ if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) {
+ rs_stir_pid = pid;
+ _rs_stir();
+ } else
+ rs_count -= len;
+}
+
+static inline void
+_rs_rekey(u_char *dat, size_t datlen)
+{
+#ifndef KEYSTREAM_ONLY
+ memset(rs_buf, 0,RSBUFSZ);
+#endif
+ /* fill rs_buf with the keystream */
+ chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ);
+ /* mix in optional user provided data */
+ if (dat) {
+ size_t i, m;
+
+ m = MIN(datlen, KEYSZ + IVSZ);
+ for (i = 0; i < m; i++)
+ rs_buf[i] ^= dat[i];
+ }
+ /* immediately reinit for backtracking resistance */
+ _rs_init(rs_buf, KEYSZ + IVSZ);
+ memset(rs_buf, 0, KEYSZ + IVSZ);
+ rs_have = RSBUFSZ - KEYSZ - IVSZ;
+}
+
+static inline void
+_rs_random_buf(void *_buf, size_t n)
+{
+ u_char *buf = (u_char *)_buf;
+ size_t m;
+
+ _rs_stir_if_needed(n);
+ while (n > 0) {
+ if (rs_have > 0) {
+ m = MIN(n, rs_have);
+ memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
+ memset(rs_buf + RSBUFSZ - rs_have, 0, m);
+ buf += m;
+ n -= m;
+ rs_have -= m;
+ }
+ if (rs_have == 0)
+ _rs_rekey(NULL, 0);
+ }
+}
+
+static inline void
+_rs_random_u32(u_int32_t *val)
+{
+ _rs_stir_if_needed(sizeof(*val));
+ if (rs_have < sizeof(*val))
+ _rs_rekey(NULL, 0);
+ memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
+ memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val));
+ rs_have -= sizeof(*val);
+ return;
+}
+
+void
+arc4random_stir(void)
+{
+ _ARC4_LOCK();
+ _rs_stir();
+ _ARC4_UNLOCK();
+}
+
+void
+arc4random_addrandom(u_char *dat, int datlen)
+{
+ int m;
+
+ _ARC4_LOCK();
+ if (!rs_initialized)
+ _rs_stir();
+ while (datlen > 0) {
+ m = MIN(datlen, KEYSZ + IVSZ);
+ _rs_rekey(dat, m);
+ dat += m;
+ datlen -= m;
+ }
+ _ARC4_UNLOCK();
+}
+
+u_int32_t
+arc4random(void)
+{
+ u_int32_t val;
+
+ _ARC4_LOCK();
+ _rs_random_u32(&val);
+ _ARC4_UNLOCK();
+ return val;
+}
+
+/*
+ * If we are providing arc4random, then we can provide a more efficient
+ * arc4random_buf().
+ */
+# ifndef HAVE_ARC4RANDOM_BUF
+void
+arc4random_buf(void *buf, size_t n)
+{
+ _ARC4_LOCK();
+ _rs_random_buf(buf, n);
+ _ARC4_UNLOCK();
+}
+# endif /* !HAVE_ARC4RANDOM_BUF */
+#endif /* !HAVE_ARC4RANDOM */
+
+/* arc4random_buf() that uses platform arc4random() */
+#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM)
+void
+arc4random_buf(void *_buf, size_t n)
+{
+ size_t i;
+ u_int32_t r = 0;
+ char *buf = (char *)_buf;
+
+ for (i = 0; i < n; i++) {
+ if (i % 4 == 0)
+ r = arc4random();
+ buf[i] = r & 0xff;
+ r >>= 8;
+ }
+ i = r = 0;
+}
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
+
+#ifndef HAVE_ARC4RANDOM_UNIFORM
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound). This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+u_int32_t
+arc4random_uniform(u_int32_t upper_bound)
+{
+ u_int32_t r, min;
+
+ if (upper_bound < 2)
+ return 0;
+
+ /* 2**32 % x == (2**32 - x) % x */
+ min = -upper_bound % upper_bound;
+
+ /*
+ * This could theoretically loop forever but each retry has
+ * p > 0.5 (worst case, usually far better) of selecting a
+ * number inside the range we need, so it should rarely need
+ * to re-roll.
+ */
+ for (;;) {
+ r = arc4random();
+ if (r >= min)
+ break;
+ }
+
+ return r % upper_bound;
+}
+#endif /* !HAVE_ARC4RANDOM_UNIFORM */
+
+#if 0
+/*-------- Test code for i386 --------*/
+#include <stdio.h>
+#include <machine/pctr.h>
+int
+main(int argc, char **argv)
+{
+ const int iter = 1000000;
+ int i;
+ pctrval v;
+
+ v = rdtsc();
+ for (i = 0; i < iter; i++)
+ arc4random();
+ v = rdtsc() - v;
+ v /= iter;
+
+ printf("%qd cycles\n", v);
+ exit(0);
+}
+#endif
Added: vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,170 @@
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
+/*
+ * Copyright (c) 2013 Ted Unangst <tedu at openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_BCRYPT_PBKDF
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+#endif
+#include <string.h>
+
+#ifdef HAVE_BLF_H
+# include <blf.h>
+#endif
+
+#include "crypto_api.h"
+#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
+
+/*
+ * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
+ *
+ * The bcrypt hash function is derived from the bcrypt password hashing
+ * function with the following modifications:
+ * 1. The input password and salt are preprocessed with SHA512.
+ * 2. The output length is expanded to 256 bits.
+ * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ * to "OxychromaticBlowfishSwatDynamite"
+ * 4. The hash function is defined to perform 64 rounds of initial state
+ * expansion. (More rounds are performed by iterating the hash.)
+ *
+ * Note that this implementation pulls the SHA512 operations into the caller
+ * as a performance optimization.
+ *
+ * One modification from official pbkdf2. Instead of outputting key material
+ * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
+ * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
+ * attacker can merely run once through the outer loop below, but the user
+ * always runs it twice. Shuffling output bytes requires computing the
+ * entirety of the key material to assemble any subkey. This is something a
+ * wise caller could do; we just do it for you.
+ */
+
+#define BCRYPT_BLOCKS 8
+#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
+
+static void
+bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
+{
+ blf_ctx state;
+ u_int8_t ciphertext[BCRYPT_HASHSIZE] =
+ "OxychromaticBlowfishSwatDynamite";
+ uint32_t cdata[BCRYPT_BLOCKS];
+ int i;
+ uint16_t j;
+ size_t shalen = SHA512_DIGEST_LENGTH;
+
+ /* key expansion */
+ Blowfish_initstate(&state);
+ Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
+ for (i = 0; i < 64; i++) {
+ Blowfish_expand0state(&state, sha2salt, shalen);
+ Blowfish_expand0state(&state, sha2pass, shalen);
+ }
+
+ /* encryption */
+ j = 0;
+ for (i = 0; i < BCRYPT_BLOCKS; i++)
+ cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
+ &j);
+ for (i = 0; i < 64; i++)
+ blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
+
+ /* copy out */
+ for (i = 0; i < BCRYPT_BLOCKS; i++) {
+ out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
+ out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
+ out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
+ out[4 * i + 0] = cdata[i] & 0xff;
+ }
+
+ /* zap */
+ memset(ciphertext, 0, sizeof(ciphertext));
+ memset(cdata, 0, sizeof(cdata));
+ memset(&state, 0, sizeof(state));
+}
+
+int
+bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
+ u_int8_t *key, size_t keylen, unsigned int rounds)
+{
+ u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
+ u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
+ u_int8_t out[BCRYPT_HASHSIZE];
+ u_int8_t tmpout[BCRYPT_HASHSIZE];
+ u_int8_t *countsalt;
+ size_t i, j, amt, stride;
+ uint32_t count;
+
+ /* nothing crazy */
+ if (rounds < 1)
+ return -1;
+ if (passlen == 0 || saltlen == 0 || keylen == 0 ||
+ keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
+ return -1;
+ if ((countsalt = calloc(1, saltlen + 4)) == NULL)
+ return -1;
+ stride = (keylen + sizeof(out) - 1) / sizeof(out);
+ amt = (keylen + stride - 1) / stride;
+
+ memcpy(countsalt, salt, saltlen);
+
+ /* collapse password */
+ crypto_hash_sha512(sha2pass, pass, passlen);
+
+ /* generate key, sizeof(out) at a time */
+ for (count = 1; keylen > 0; count++) {
+ countsalt[saltlen + 0] = (count >> 24) & 0xff;
+ countsalt[saltlen + 1] = (count >> 16) & 0xff;
+ countsalt[saltlen + 2] = (count >> 8) & 0xff;
+ countsalt[saltlen + 3] = count & 0xff;
+
+ /* first round, salt is salt */
+ crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
+
+ bcrypt_hash(sha2pass, sha2salt, tmpout);
+ memcpy(out, tmpout, sizeof(out));
+
+ for (i = 1; i < rounds; i++) {
+ /* subsequent rounds, salt is previous output */
+ crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
+ bcrypt_hash(sha2pass, sha2salt, tmpout);
+ for (j = 0; j < sizeof(out); j++)
+ out[j] ^= tmpout[j];
+ }
+
+ /*
+ * pbkdf2 deviation: ouput the key material non-linearly.
+ */
+ amt = MIN(amt, keylen);
+ for (i = 0; i < amt; i++)
+ key[i * stride + (count - 1)] = out[i];
+ keylen -= amt;
+ }
+
+ /* zap */
+ memset(out, 0, sizeof(out));
+ memset(countsalt, 0, saltlen + 4);
+ free(countsalt);
+
+ return 0;
+}
+#endif /* HAVE_BCRYPT_PBKDF */
Added: vendor-crypto/openssh/dist/openbsd-compat/blf.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/blf.h (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/blf.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,88 @@
+/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
+/*
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <provos at physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _BLF_H_
+#define _BLF_H_
+
+#include "includes.h"
+
+#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H)
+
+/* Schneier specifies a maximum key length of 56 bytes.
+ * This ensures that every key bit affects every cipher
+ * bit. However, the subkeys can hold up to 72 bytes.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
+
+/* Blowfish context */
+typedef struct BlowfishContext {
+ u_int32_t S[4][256]; /* S-Boxes */
+ u_int32_t P[BLF_N + 2]; /* Subkeys */
+} blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *);
+void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *);
+void Blowfish_initstate(blf_ctx *);
+void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
+void Blowfish_expandstate
+(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
+
+/* Standard Blowfish */
+
+void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
+void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
+void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
+
+void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
+void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
+
+void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
+
+/* Converts u_int8_t to u_int32_t */
+u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *);
+
+#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
+#endif /* _BLF_H */
+
Added: vendor-crypto/openssh/dist/openbsd-compat/blowfish.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/blowfish.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/blowfish.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,694 @@
+/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
+/*
+ * Blowfish block cipher for OpenBSD
+ * Copyright 1997 Niels Provos <provos at physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm at lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+#include "includes.h"
+
+#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
+ !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
+
+#if 0
+#include <stdio.h> /* used for debugging */
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include <blf.h>
+
+#undef inline
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+/* Function for Feistel Networks */
+
+#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
+ + (s)[0x100 + (((x)>>16)&0xFF)]) \
+ ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
+ + (s)[0x300 + ( (x) &0xFF)])
+
+#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
+
+void
+Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+ u_int32_t *s = c->S[0];
+ u_int32_t *p = c->P;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ Xl ^= p[0];
+ BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
+ BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
+ BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
+ BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
+ BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
+ BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
+ BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
+ BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
+
+ *xl = Xr ^ p[17];
+ *xr = Xl;
+}
+
+void
+Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+ u_int32_t *s = c->S[0];
+ u_int32_t *p = c->P;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ Xl ^= p[17];
+ BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
+ BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
+ BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
+ BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
+ BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
+ BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
+ BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
+ BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
+
+ *xl = Xr ^ p[0];
+ *xr = Xl;
+}
+
+void
+Blowfish_initstate(blf_ctx *c)
+{
+ /* P-box and S-box tables initialized with digits of Pi */
+
+ static const blf_ctx initstate =
+ { {
+ {
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+ 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+ 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+ 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+ 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+ 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+ 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+ 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+ 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+ 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+ 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+ 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+ 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+ 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+ 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+ 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+ 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+ 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+ 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+ 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+ 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+ 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+ 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+ 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+ 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+ 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+ 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+ 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+ 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+ 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+ 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+ 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+ 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+ 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+ 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+ 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+ 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+ 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+ 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+ 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+ 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+ 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+ 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+ {
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+ 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+ 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+ 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+ 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+ 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+ 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+ 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+ 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+ 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+ 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+ 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+ 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+ 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+ 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+ 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+ 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+ 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+ 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+ 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+ 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+ 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+ 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+ 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+ 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+ 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+ 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+ 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+ 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+ 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+ 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+ 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+ 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+ 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+ 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+ 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+ 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+ 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+ 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+ 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+ 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+ 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+ 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+ {
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+ 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+ 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+ 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+ 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+ 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+ 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+ 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+ 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+ 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+ 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+ 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+ 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+ 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+ 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+ 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+ 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+ 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+ 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+ 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+ 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+ 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+ 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+ 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+ 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+ 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+ 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+ 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+ 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+ 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+ 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+ 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+ 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+ 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+ 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+ 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+ 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+ 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+ 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+ 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+ 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+ 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+ 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+ {
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+ 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+ 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+ 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+ 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+ 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+ 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+ 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+ 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+ 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+ 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+ 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+ 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+ 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+ 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+ 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+ 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+ 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+ 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+ 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+ 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+ 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+ 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+ 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+ 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+ 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+ 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+ 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+ 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+ 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+ 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+ 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+ 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+ 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+ 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+ 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+ 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+ 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+ 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+ 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+ 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+ 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+ 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+ },
+ {
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+ 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+ 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+ 0x9216d5d9, 0x8979fb1b
+ } };
+
+ *c = initstate;
+}
+
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
+ u_int16_t *current)
+{
+ u_int8_t i;
+ u_int16_t j;
+ u_int32_t temp;
+
+ temp = 0x00000000;
+ j = *current;
+
+ for (i = 0; i < 4; i++, j++) {
+ if (j >= databytes)
+ j = 0;
+ temp = (temp << 8) | data[j];
+ }
+
+ *current = j;
+ return temp;
+}
+
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+}
+
+
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+ const u_int8_t *key, u_int16_t keybytes)
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+
+}
+
+void
+blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
+{
+ /* Initialize S-boxes and subkeys with Pi */
+ Blowfish_initstate(c);
+
+ /* Transform S-boxes and subkeys with key */
+ Blowfish_expand0state(c, k, len);
+}
+
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_encipher(c, d, d + 1);
+ d += 2;
+ }
+}
+
+void
+blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_decipher(c, d, d + 1);
+ d += 2;
+ }
+}
+
+void
+blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+{
+ u_int32_t l, r;
+ u_int32_t i;
+
+ for (i = 0; i < len; i += 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_encipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ data += 8;
+ }
+}
+
+void
+blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
+{
+ u_int32_t l, r;
+ u_int32_t i;
+
+ for (i = 0; i < len; i += 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ data += 8;
+ }
+}
+
+void
+blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
+{
+ u_int32_t l, r;
+ u_int32_t i, j;
+
+ for (i = 0; i < len; i += 8) {
+ for (j = 0; j < 8; j++)
+ data[j] ^= iv[j];
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_encipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ iv = data;
+ data += 8;
+ }
+}
+
+void
+blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
+{
+ u_int32_t l, r;
+ u_int8_t *iv;
+ u_int32_t i, j;
+
+ iv = data + len - 16;
+ data = data + len - 8;
+ for (i = len - 8; i >= 8; i -= 8) {
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ for (j = 0; j < 8; j++)
+ data[j] ^= iv[j];
+ iv -= 8;
+ data -= 8;
+ }
+ l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
+ r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
+ Blowfish_decipher(c, &l, &r);
+ data[0] = l >> 24 & 0xff;
+ data[1] = l >> 16 & 0xff;
+ data[2] = l >> 8 & 0xff;
+ data[3] = l & 0xff;
+ data[4] = r >> 24 & 0xff;
+ data[5] = r >> 16 & 0xff;
+ data[6] = r >> 8 & 0xff;
+ data[7] = r & 0xff;
+ for (j = 0; j < 8; j++)
+ data[j] ^= iva[j];
+}
+
+#if 0
+void
+report(u_int32_t data[], u_int16_t len)
+{
+ u_int16_t i;
+ for (i = 0; i < len; i += 2)
+ printf("Block %0hd: %08lx %08lx.\n",
+ i / 2, data[i], data[i + 1]);
+}
+void
+main(void)
+{
+
+ blf_ctx c;
+ char key[] = "AAAAA";
+ char key2[] = "abcdefghijklmnopqrstuvwxyz";
+
+ u_int32_t data[10];
+ u_int32_t data2[] =
+ {0x424c4f57l, 0x46495348l};
+
+ u_int16_t i;
+
+ /* First test */
+ for (i = 0; i < 10; i++)
+ data[i] = i;
+
+ blf_key(&c, (u_int8_t *) key, 5);
+ blf_enc(&c, data, 5);
+ blf_dec(&c, data, 1);
+ blf_dec(&c, data + 2, 4);
+ printf("Should read as 0 - 9.\n");
+ report(data, 10);
+
+ /* Second test */
+ blf_key(&c, (u_int8_t *) key2, strlen(key2));
+ blf_enc(&c, data2, 1);
+ printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
+ report(data2, 2);
+ blf_dec(&c, data2, 1);
+ report(data2, 2);
+}
+#endif
+
+#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
+ !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
+
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.17 2014/01/18 10:04:00 dtucker Exp $ */
/*
* Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen at redhat.com>
@@ -40,9 +40,15 @@
typedef void *HANDLE;
#define INVALID_HANDLE_VALUE ((HANDLE) -1)
+/* Cygwin functions for which declarations are only available when including
+ windows headers, so we have to define them here explicitely. */
+extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
+extern void cygwin_set_impersonation_token (const HANDLE);
+
#include <sys/cygwin.h>
#include <io.h>
+
int binary_open(const char *, int , ...);
int check_ntsec(const char *);
char **fetch_windows_environment(void);
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -28,6 +28,7 @@
#include <string.h>
#include <signal.h>
#include <stdlib.h>
+#include <time.h>
#include <unistd.h>
#include "xmalloc.h"
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: bsd-poll.c,v 1.4 2008/08/29 21:32:38 dtucker Exp $ */
+/* $Id: bsd-poll.c,v 1.6 2014/02/05 23:44:13 dtucker Exp $ */
/*
* Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
@@ -19,12 +19,15 @@
#include "includes.h"
#if !defined(HAVE_POLL)
+#include <sys/types.h>
+#include <sys/time.h>
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
+#include <errno.h>
#include <stdlib.h>
-#include <errno.h>
+#include <unistd.h>
#include "bsd-poll.h"
/*
@@ -106,12 +109,9 @@
}
out:
- if (readfds != NULL)
- free(readfds);
- if (writefds != NULL)
- free(writefds);
- if (exceptfds != NULL)
- free(exceptfds);
+ free(readfds);
+ free(writefds);
+ free(exceptfds);
if (ret == -1)
errno = saved_errno;
return ret;
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: bsd-setres_id.c,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+/* $Id: bsd-setres_id.c,v 1.2 2013/12/07 21:23:09 djm Exp $ */
/*
* Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
@@ -22,6 +22,7 @@
#include <stdarg.h>
#include <unistd.h>
+#include <string.h>
#include "log.h"
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -160,6 +160,8 @@
#define DP_C_LONG 2
#define DP_C_LDOUBLE 3
#define DP_C_LLONG 4
+#define DP_C_SIZE 5
+#define DP_C_INTMAX 6
#define char_to_int(p) ((p)- '0')
#ifndef MAX
@@ -182,7 +184,7 @@
static int fmtstr(char *buffer, size_t *currlen, size_t maxlen,
char *value, int flags, int min, int max);
static int fmtint(char *buffer, size_t *currlen, size_t maxlen,
- LLONG value, int base, int min, int max, int flags);
+ intmax_t value, int base, int min, int max, int flags);
static int fmtfp(char *buffer, size_t *currlen, size_t maxlen,
LDOUBLE fvalue, int min, int max, int flags);
@@ -190,7 +192,7 @@
dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
{
char ch;
- LLONG value;
+ intmax_t value;
LDOUBLE fvalue;
char *strvalue;
int min;
@@ -287,6 +289,10 @@
cflags = DP_C_SHORT;
ch = *format++;
break;
+ case 'j':
+ cflags = DP_C_INTMAX;
+ ch = *format++;
+ break;
case 'l':
cflags = DP_C_LONG;
ch = *format++;
@@ -299,6 +305,10 @@
cflags = DP_C_LDOUBLE;
ch = *format++;
break;
+ case 'z':
+ cflags = DP_C_SIZE;
+ ch = *format++;
+ break;
default:
break;
}
@@ -314,6 +324,10 @@
value = va_arg (args, long int);
else if (cflags == DP_C_LLONG)
value = va_arg (args, LLONG);
+ else if (cflags == DP_C_SIZE)
+ value = va_arg (args, ssize_t);
+ else if (cflags == DP_C_INTMAX)
+ value = va_arg (args, intmax_t);
else
value = va_arg (args, int);
if (fmtint(buffer, &currlen, maxlen,
@@ -328,6 +342,12 @@
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (long)va_arg (args, unsigned LLONG);
+ else if (cflags == DP_C_SIZE)
+ value = va_arg (args, size_t);
+#ifdef notyet
+ else if (cflags == DP_C_INTMAX)
+ value = va_arg (args, uintmax_t);
+#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
@@ -342,6 +362,12 @@
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
+ else if (cflags == DP_C_SIZE)
+ value = va_arg (args, size_t);
+#ifdef notyet
+ else if (cflags == DP_C_INTMAX)
+ value = va_arg (args, uintmax_t);
+#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
@@ -358,6 +384,12 @@
value = (long)va_arg (args, unsigned long int);
else if (cflags == DP_C_LLONG)
value = (LLONG)va_arg (args, unsigned LLONG);
+ else if (cflags == DP_C_SIZE)
+ value = va_arg (args, size_t);
+#ifdef notyet
+ else if (cflags == DP_C_INTMAX)
+ value = va_arg (args, uintmax_t);
+#endif
else
value = (long)va_arg (args, unsigned int);
if (fmtint(buffer, &currlen, maxlen, value,
@@ -416,6 +448,7 @@
(long) strvalue, 16, min, max, flags) == -1)
return -1;
break;
+#if we_dont_want_this_in_openssh
case 'n':
if (cflags == DP_C_SHORT) {
short int *num;
@@ -429,6 +462,14 @@
LLONG *num;
num = va_arg (args, LLONG *);
*num = (LLONG)currlen;
+ } else if (cflags == DP_C_SIZE) {
+ ssize_t *num;
+ num = va_arg (args, ssize_t *);
+ *num = (ssize_t)currlen;
+ } else if (cflags == DP_C_INTMAX) {
+ intmax_t *num;
+ num = va_arg (args, intmax_t *);
+ *num = (intmax_t)currlen;
} else {
int *num;
num = va_arg (args, int *);
@@ -435,6 +476,7 @@
*num = currlen;
}
break;
+#endif
case '%':
DOPR_OUTCH(buffer, currlen, maxlen, ch);
break;
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,7 +1,7 @@
-/* $Id: bsd-statvfs.c,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */
+/* $Id: bsd-statvfs.c,v 1.2 2014/01/17 07:10:59 dtucker Exp $ */
/*
- * Copyright (c) 2008 Darren Tucker <dtucker at zip.com.au>
+ * Copyright (c) 2008,2014 Darren Tucker <dtucker at zip.com.au>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -18,20 +18,65 @@
#include "includes.h"
+#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS)
+
+#include <sys/param.h>
+#ifdef HAVE_SYS_MOUNT_H
+# include <sys/mount.h>
+#endif
+
#include <errno.h>
-#ifndef HAVE_STATVFS
+static void
+copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from)
+{
+ to->f_bsize = from->f_bsize;
+ to->f_frsize = from->f_bsize; /* no exact equivalent */
+ to->f_blocks = from->f_blocks;
+ to->f_bfree = from->f_bfree;
+ to->f_bavail = from->f_bavail;
+ to->f_files = from->f_files;
+ to->f_ffree = from->f_ffree;
+ to->f_favail = from->f_ffree; /* no exact equivalent */
+ to->f_fsid = 0; /* XXX fix me */
+ to->f_flag = from->f_flags;
+ to->f_namemax = MNAMELEN;
+}
+
+# ifndef HAVE_STATVFS
int statvfs(const char *path, struct statvfs *buf)
{
+# ifdef HAVE_STATFS
+ struct statfs fs;
+
+ memset(&fs, 0, sizeof(fs));
+ if (statfs(path, &fs) == -1)
+ return -1;
+ copy_statfs_to_statvfs(buf, &fs);
+ return 0;
+# else
errno = ENOSYS;
return -1;
+# endif
}
-#endif
+# endif
-#ifndef HAVE_FSTATVFS
+# ifndef HAVE_FSTATVFS
int fstatvfs(int fd, struct statvfs *buf)
{
+# ifdef HAVE_FSTATFS
+ struct statfs fs;
+
+ memset(&fs, 0, sizeof(fs));
+ if (fstatfs(fd, &fs) == -1)
+ return -1;
+ copy_statfs_to_statvfs(buf, &fs);
+ return 0;
+# else
errno = ENOSYS;
return -1;
+# endif
}
+# endif
+
#endif
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,7 +1,7 @@
-/* $Id: bsd-statvfs.h,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */
+/* $Id: bsd-statvfs.h,v 1.3 2014/01/17 07:48:22 dtucker Exp $ */
/*
- * Copyright (c) 2008 Darren Tucker <dtucker at zip.com.au>
+ * Copyright (c) 2008,2014 Darren Tucker <dtucker at zip.com.au>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -18,14 +18,17 @@
#include "includes.h"
+#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS)
+
#include <sys/types.h>
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
#ifdef HAVE_SYS_STATFS_H
#include <sys/statfs.h>
#endif
-#ifndef HAVE_STATVFS
-
#ifndef HAVE_FSBLKCNT_T
typedef unsigned long fsblkcnt_t;
#endif
Added: vendor-crypto/openssh/dist/openbsd-compat/chacha_private.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/chacha_private.h (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/chacha_private.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,222 @@
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+typedef struct
+{
+ u32 input[16]; /* could be compressed */
+} chacha_ctx;
+
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+
+#define ROTL32(v, n) \
+ (U32V((v) << (n)) | ((v) >> (32 - (n))))
+
+#define U8TO32_LITTLE(p) \
+ (((u32)((p)[0]) ) | \
+ ((u32)((p)[1]) << 8) | \
+ ((u32)((p)[2]) << 16) | \
+ ((u32)((p)[3]) << 24))
+
+#define U32TO8_LITTLE(p, v) \
+ do { \
+ (p)[0] = U8V((v) ); \
+ (p)[1] = U8V((v) >> 8); \
+ (p)[2] = U8V((v) >> 16); \
+ (p)[3] = U8V((v) >> 24); \
+ } while (0)
+
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+
+#define QUARTERROUND(a,b,c,d) \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+
+static const char sigma[16] = "expand 32-byte k";
+static const char tau[16] = "expand 16-byte k";
+
+static void
+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
+{
+ const char *constants;
+
+ x->input[4] = U8TO32_LITTLE(k + 0);
+ x->input[5] = U8TO32_LITTLE(k + 4);
+ x->input[6] = U8TO32_LITTLE(k + 8);
+ x->input[7] = U8TO32_LITTLE(k + 12);
+ if (kbits == 256) { /* recommended */
+ k += 16;
+ constants = sigma;
+ } else { /* kbits == 128 */
+ constants = tau;
+ }
+ x->input[8] = U8TO32_LITTLE(k + 0);
+ x->input[9] = U8TO32_LITTLE(k + 4);
+ x->input[10] = U8TO32_LITTLE(k + 8);
+ x->input[11] = U8TO32_LITTLE(k + 12);
+ x->input[0] = U8TO32_LITTLE(constants + 0);
+ x->input[1] = U8TO32_LITTLE(constants + 4);
+ x->input[2] = U8TO32_LITTLE(constants + 8);
+ x->input[3] = U8TO32_LITTLE(constants + 12);
+}
+
+static void
+chacha_ivsetup(chacha_ctx *x,const u8 *iv)
+{
+ x->input[12] = 0;
+ x->input[13] = 0;
+ x->input[14] = U8TO32_LITTLE(iv + 0);
+ x->input[15] = U8TO32_LITTLE(iv + 4);
+}
+
+static void
+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+{
+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+ u8 *ctarget = NULL;
+ u8 tmp[64];
+ u_int i;
+
+ if (!bytes) return;
+
+ j0 = x->input[0];
+ j1 = x->input[1];
+ j2 = x->input[2];
+ j3 = x->input[3];
+ j4 = x->input[4];
+ j5 = x->input[5];
+ j6 = x->input[6];
+ j7 = x->input[7];
+ j8 = x->input[8];
+ j9 = x->input[9];
+ j10 = x->input[10];
+ j11 = x->input[11];
+ j12 = x->input[12];
+ j13 = x->input[13];
+ j14 = x->input[14];
+ j15 = x->input[15];
+
+ for (;;) {
+ if (bytes < 64) {
+ for (i = 0;i < bytes;++i) tmp[i] = m[i];
+ m = tmp;
+ ctarget = c;
+ c = tmp;
+ }
+ x0 = j0;
+ x1 = j1;
+ x2 = j2;
+ x3 = j3;
+ x4 = j4;
+ x5 = j5;
+ x6 = j6;
+ x7 = j7;
+ x8 = j8;
+ x9 = j9;
+ x10 = j10;
+ x11 = j11;
+ x12 = j12;
+ x13 = j13;
+ x14 = j14;
+ x15 = j15;
+ for (i = 20;i > 0;i -= 2) {
+ QUARTERROUND( x0, x4, x8,x12)
+ QUARTERROUND( x1, x5, x9,x13)
+ QUARTERROUND( x2, x6,x10,x14)
+ QUARTERROUND( x3, x7,x11,x15)
+ QUARTERROUND( x0, x5,x10,x15)
+ QUARTERROUND( x1, x6,x11,x12)
+ QUARTERROUND( x2, x7, x8,x13)
+ QUARTERROUND( x3, x4, x9,x14)
+ }
+ x0 = PLUS(x0,j0);
+ x1 = PLUS(x1,j1);
+ x2 = PLUS(x2,j2);
+ x3 = PLUS(x3,j3);
+ x4 = PLUS(x4,j4);
+ x5 = PLUS(x5,j5);
+ x6 = PLUS(x6,j6);
+ x7 = PLUS(x7,j7);
+ x8 = PLUS(x8,j8);
+ x9 = PLUS(x9,j9);
+ x10 = PLUS(x10,j10);
+ x11 = PLUS(x11,j11);
+ x12 = PLUS(x12,j12);
+ x13 = PLUS(x13,j13);
+ x14 = PLUS(x14,j14);
+ x15 = PLUS(x15,j15);
+
+#ifndef KEYSTREAM_ONLY
+ x0 = XOR(x0,U8TO32_LITTLE(m + 0));
+ x1 = XOR(x1,U8TO32_LITTLE(m + 4));
+ x2 = XOR(x2,U8TO32_LITTLE(m + 8));
+ x3 = XOR(x3,U8TO32_LITTLE(m + 12));
+ x4 = XOR(x4,U8TO32_LITTLE(m + 16));
+ x5 = XOR(x5,U8TO32_LITTLE(m + 20));
+ x6 = XOR(x6,U8TO32_LITTLE(m + 24));
+ x7 = XOR(x7,U8TO32_LITTLE(m + 28));
+ x8 = XOR(x8,U8TO32_LITTLE(m + 32));
+ x9 = XOR(x9,U8TO32_LITTLE(m + 36));
+ x10 = XOR(x10,U8TO32_LITTLE(m + 40));
+ x11 = XOR(x11,U8TO32_LITTLE(m + 44));
+ x12 = XOR(x12,U8TO32_LITTLE(m + 48));
+ x13 = XOR(x13,U8TO32_LITTLE(m + 52));
+ x14 = XOR(x14,U8TO32_LITTLE(m + 56));
+ x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+#endif
+
+ j12 = PLUSONE(j12);
+ if (!j12) {
+ j13 = PLUSONE(j13);
+ /* stopping at 2^70 bytes per nonce is user's responsibility */
+ }
+
+ U32TO8_LITTLE(c + 0,x0);
+ U32TO8_LITTLE(c + 4,x1);
+ U32TO8_LITTLE(c + 8,x2);
+ U32TO8_LITTLE(c + 12,x3);
+ U32TO8_LITTLE(c + 16,x4);
+ U32TO8_LITTLE(c + 20,x5);
+ U32TO8_LITTLE(c + 24,x6);
+ U32TO8_LITTLE(c + 28,x7);
+ U32TO8_LITTLE(c + 32,x8);
+ U32TO8_LITTLE(c + 36,x9);
+ U32TO8_LITTLE(c + 40,x10);
+ U32TO8_LITTLE(c + 44,x11);
+ U32TO8_LITTLE(c + 48,x12);
+ U32TO8_LITTLE(c + 52,x13);
+ U32TO8_LITTLE(c + 56,x14);
+ U32TO8_LITTLE(c + 60,x15);
+
+ if (bytes <= 64) {
+ if (bytes < 64) {
+ for (i = 0;i < bytes;++i) ctarget[i] = c[i];
+ }
+ x->input[12] = j12;
+ x->input[13] = j13;
+ return;
+ }
+ bytes -= 64;
+ c += 64;
+#ifndef KEYSTREAM_ONLY
+ m += 64;
+#endif
+ }
+}
Added: vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,20 @@
+/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
+/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+ bzero(p, n);
+}
+#endif
Modified: vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.61 2014/02/04 00:18:23 djm Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -44,6 +44,7 @@
#include "vis.h"
#include "getrrsetbyname.h"
#include "sha2.h"
+#include "blf.h"
#ifndef HAVE_BASENAME
char *basename(const char *path);
@@ -161,9 +162,13 @@
#ifndef HAVE_GETPEEREID
int getpeereid(int , uid_t *, gid_t *);
-#endif
+#endif
-#ifndef HAVE_ARC4RANDOM
+#ifdef HAVE_ARC4RANDOM
+# ifndef HAVE_ARC4RANDOM_STIR
+# define arc4random_stir()
+# endif
+#else
unsigned int arc4random(void);
void arc4random_stir(void);
#endif /* !HAVE_ARC4RANDOM */
@@ -236,6 +241,15 @@
int timingsafe_bcmp(const void *, const void *, size_t);
#endif
+#ifndef HAVE_BCRYPT_PBKDF
+int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
+ u_int8_t *, size_t, unsigned int);
+#endif
+
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *p, size_t n);
+#endif
+
void *xmmap(size_t size);
char *xcrypt(const char *password, const char *salt);
char *shadow_pw(struct passwd *pw);
Modified: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
@@ -59,6 +59,34 @@
}
#endif
+#ifndef HAVE_EVP_DIGESTINIT_EX
+int
+EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine)
+{
+ if (engine != NULL)
+ fatal("%s: ENGINE is not supported", __func__);
+# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+ EVP_DigestInit(ctx, md);
+ return 1;
+# else
+ return EVP_DigestInit(ctx, md);
+# endif
+}
+#endif
+
+#ifndef HAVE_EVP_DIGESTFINAL_EX
+int
+EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s)
+{
+# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+ EVP_DigestFinal(ctx, md, s);
+ return 1;
+# else
+ return EVP_DigestFinal(ctx, md, s);
+# endif
+}
+#endif
+
#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
int
ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
@@ -68,6 +96,14 @@
}
#endif
+#ifndef HAVE_EVP_MD_CTX_COPY_EX
+int
+EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+ return EVP_MD_CTX_copy(out, in);
+}
+#endif
+
#ifndef HAVE_BN_IS_PRIME_EX
int
BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
Modified: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.24 2013/02/12 00:00:40 djm Exp $ */
+/* $Id: openssl-compat.h,v 1.26 2014/02/13 05:38:33 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
@@ -148,6 +148,18 @@
int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
# endif
+# ifndef HAVE_EVP_DIGESTINIT_EX
+int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, void *);
+# endif
+
+# ifndef HAVE_EVP_DISESTFINAL_EX
+int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *);
+# endif
+
+# ifndef EVP_MD_CTX_COPY_EX
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *);
+# endif
+
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
unsigned char *, int);
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
@@ -158,5 +170,13 @@
# define HMAC_CTX_init(a)
# endif
+# ifndef HAVE_EVP_MD_CTX_INIT
+# define EVP_MD_CTX_init(a)
+# endif
+
+# ifndef HAVE_EVP_MD_CTX_CLEANUP
+# define EVP_MD_CTX_cleanup(a)
+# endif
+
#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
Modified: vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -67,7 +67,8 @@
void
compat_init_setproctitle(int argc, char *argv[])
{
-#if defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV
+#if !defined(HAVE_SETPROCTITLE) && \
+ defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV
extern char **environ;
char *lastargv = NULL;
char **envp = environ;
@@ -125,6 +126,7 @@
va_list ap;
char buf[1024], ptitle[1024];
size_t len;
+ int r;
extern char *__progname;
#if SPT_TYPE == SPT_PSTAT
union pstun pst;
@@ -137,13 +139,16 @@
strlcpy(buf, __progname, sizeof(buf));
+ r = -1;
va_start(ap, fmt);
if (fmt != NULL) {
len = strlcat(buf, ": ", sizeof(buf));
if (len < sizeof(buf))
- vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
+ r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
}
va_end(ap);
+ if (r == -1 || (size_t)r >= sizeof(buf) - len)
+ return;
strnvis(ptitle, buf, sizeof(ptitle),
VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL);
Modified: vendor-crypto/openssh/dist/packet.c
===================================================================
--- vendor-crypto/openssh/dist/packet.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/packet.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.189 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -713,9 +713,10 @@
buffer_append(&active_state->output, buf, 4);
cp = buffer_append_space(&active_state->output,
buffer_len(&active_state->outgoing_packet));
- cipher_crypt(&active_state->send_context, cp,
+ if (cipher_crypt(&active_state->send_context, 0, cp,
buffer_ptr(&active_state->outgoing_packet),
- buffer_len(&active_state->outgoing_packet), 0, 0);
+ buffer_len(&active_state->outgoing_packet), 0, 0) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
#ifdef PACKET_DEBUG
fprintf(stderr, "encrypted: ");
@@ -763,9 +764,9 @@
mac = &active_state->newkeys[mode]->mac;
comp = &active_state->newkeys[mode]->comp;
mac_clear(mac);
- memset(enc->iv, 0, enc->iv_len);
- memset(enc->key, 0, enc->key_len);
- memset(mac->key, 0, mac->key_len);
+ explicit_bzero(enc->iv, enc->iv_len);
+ explicit_bzero(enc->key, enc->key_len);
+ explicit_bzero(mac->key, mac->key_len);
free(enc->name);
free(enc->iv);
free(enc->key);
@@ -786,9 +787,9 @@
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->iv_len, crypt_type);
/* Deleting the keys does not gain extra security */
- /* memset(enc->iv, 0, enc->block_size);
- memset(enc->key, 0, enc->key_len);
- memset(mac->key, 0, mac->key_len); */
+ /* explicit_bzero(enc->iv, enc->block_size);
+ explicit_bzero(enc->key, enc->key_len);
+ explicit_bzero(mac->key, mac->key_len); */
if ((comp->type == COMP_ZLIB ||
(comp->type == COMP_DELAYED &&
active_state->after_authentication)) && comp->enabled == 0) {
@@ -927,7 +928,7 @@
}
} else {
/* clear padding */
- memset(cp, 0, padlen);
+ explicit_bzero(cp, padlen);
}
/* sizeof (packet_len + pad_len + payload + padding) */
len = buffer_len(&active_state->outgoing_packet);
@@ -946,9 +947,10 @@
}
/* encrypt packet and append to output buffer. */
cp = buffer_append_space(&active_state->output, len + authlen);
- cipher_crypt(&active_state->send_context, cp,
- buffer_ptr(&active_state->outgoing_packet),
- len - aadlen, aadlen, authlen);
+ if (cipher_crypt(&active_state->send_context, active_state->p_send.seqnr,
+ cp, buffer_ptr(&active_state->outgoing_packet),
+ len - aadlen, aadlen, authlen) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
/* append unencrypted MAC */
if (mac && mac->enabled) {
if (mac->etm) {
@@ -1208,8 +1210,9 @@
/* Decrypt data to incoming_packet. */
buffer_clear(&active_state->incoming_packet);
cp = buffer_append_space(&active_state->incoming_packet, padded_len);
- cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), padded_len, 0, 0);
+ if (cipher_crypt(&active_state->receive_context, 0, cp,
+ buffer_ptr(&active_state->input), padded_len, 0, 0) != 0)
+ fatal("%s: cipher_crypt failed", __func__);
buffer_consume(&active_state->input, padded_len);
@@ -1279,10 +1282,12 @@
aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
if (aadlen && active_state->packlen == 0) {
- if (buffer_len(&active_state->input) < 4)
+ if (cipher_get_length(&active_state->receive_context,
+ &active_state->packlen,
+ active_state->p_read.seqnr,
+ buffer_ptr(&active_state->input),
+ buffer_len(&active_state->input)) != 0)
return SSH_MSG_NONE;
- cp = buffer_ptr(&active_state->input);
- active_state->packlen = get_u32(cp);
if (active_state->packlen < 1 + 4 ||
active_state->packlen > PACKET_MAX_SIZE) {
#ifdef PACKET_DEBUG
@@ -1302,8 +1307,10 @@
buffer_clear(&active_state->incoming_packet);
cp = buffer_append_space(&active_state->incoming_packet,
block_size);
- cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), block_size, 0, 0);
+ if (cipher_crypt(&active_state->receive_context,
+ active_state->p_read.seqnr, cp,
+ buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
+ fatal("Decryption integrity check failed");
cp = buffer_ptr(&active_state->incoming_packet);
active_state->packlen = get_u32(cp);
if (active_state->packlen < 1 + 4 ||
@@ -1357,8 +1364,10 @@
macbuf = mac_compute(mac, active_state->p_read.seqnr,
buffer_ptr(&active_state->input), aadlen + need);
cp = buffer_append_space(&active_state->incoming_packet, aadlen + need);
- cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), need, aadlen, authlen);
+ if (cipher_crypt(&active_state->receive_context,
+ active_state->p_read.seqnr, cp,
+ buffer_ptr(&active_state->input), need, aadlen, authlen) != 0)
+ fatal("Decryption integrity check failed");
buffer_consume(&active_state->input, aadlen + need + authlen);
/*
* compute MAC over seqnr and packet,
Modified: vendor-crypto/openssh/dist/pathnames.h
===================================================================
--- vendor-crypto/openssh/dist/pathnames.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/pathnames.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */
+/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -39,6 +39,7 @@
#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key"
#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
+#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
#define _PATH_DH_MODULI SSHDIR "/moduli"
/* Backwards compatibility */
@@ -77,6 +78,7 @@
#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
+#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
/*
* Configuration file in user's home directory. This file need not be
Modified: vendor-crypto/openssh/dist/pkcs11.h
===================================================================
--- vendor-crypto/openssh/dist/pkcs11.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/pkcs11.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */
+/* $OpenBSD: pkcs11.h,v 1.3 2013/11/26 19:15:09 deraadt Exp $ */
/* pkcs11.h
Copyright 2006, 2007 g10 Code GmbH
Copyright 2006 Andreas Jellinghaus
@@ -319,7 +319,7 @@
#define CKO_HW_FEATURE (5)
#define CKO_DOMAIN_PARAMETERS (6)
#define CKO_MECHANISM (7)
-#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKO_VENDOR_DEFINED (1U << 31)
typedef unsigned long ck_hw_feature_type_t;
@@ -327,7 +327,7 @@
#define CKH_MONOTONIC_COUNTER (1)
#define CKH_CLOCK (2)
#define CKH_USER_INTERFACE (3)
-#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKH_VENDOR_DEFINED (1U << 31)
typedef unsigned long ck_key_type_t;
@@ -357,7 +357,7 @@
#define CKK_AES (0x1f)
#define CKK_BLOWFISH (0x20)
#define CKK_TWOFISH (0x21)
-#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKK_VENDOR_DEFINED (1U << 31)
typedef unsigned long ck_certificate_type_t;
@@ -364,7 +364,7 @@
#define CKC_X_509 (0)
#define CKC_X_509_ATTR_CERT (1)
#define CKC_WTLS (2)
-#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKC_VENDOR_DEFINED (1U << 31)
typedef unsigned long ck_attribute_type_t;
@@ -453,7 +453,7 @@
#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
-#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKA_VENDOR_DEFINED (1U << 31)
struct ck_attribute
@@ -672,7 +672,7 @@
#define CKM_DSA_PARAMETER_GEN (0x2000)
#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
-#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKM_VENDOR_DEFINED (1U << 31)
struct ck_mechanism
@@ -703,7 +703,7 @@
#define CKF_WRAP (1 << 17)
#define CKF_UNWRAP (1 << 18)
#define CKF_DERIVE (1 << 19)
-#define CKF_EXTENSION ((unsigned long) (1 << 31))
+#define CKF_EXTENSION (1U << 31)
/* Flags for C_WaitForSlotEvent. */
@@ -1179,7 +1179,7 @@
#define CKR_MUTEX_BAD (0x1a0)
#define CKR_MUTEX_NOT_LOCKED (0x1a1)
#define CKR_FUNCTION_REJECTED (0x200)
-#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+#define CKR_VENDOR_DEFINED (1U << 31)
Modified: vendor-crypto/openssh/dist/platform.c
===================================================================
--- vendor-crypto/openssh/dist/platform.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/platform.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.19 2013/03/12 00:31:05 dtucker Exp $ */
+/* $Id: platform.c,v 1.21 2014/01/21 01:59:29 tim Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -55,6 +55,14 @@
}
void
+platform_pre_restart(void)
+{
+#ifdef LINUX_OOM_ADJUST
+ oom_adjust_restore();
+#endif
+}
+
+void
platform_post_fork_parent(pid_t child_pid)
{
#ifdef USE_SOLARIS_PROCESS_CONTRACTS
@@ -156,12 +164,6 @@
aix_usrinfo(pw);
#endif /* _AIX */
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_LIBIAF)
- if (set_id(pw->pw_name) != 0) {
- exit(1);
- }
-# endif /* USE_LIBIAF */
-
#ifdef HAVE_SETPCRED
/*
* If we have a chroot directory, we set all creds except real
Modified: vendor-crypto/openssh/dist/platform.h
===================================================================
--- vendor-crypto/openssh/dist/platform.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/platform.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $Id: platform.h,v 1.8 2013/03/12 00:31:05 dtucker Exp $ */
+/* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -22,6 +22,7 @@
void platform_pre_listen(void);
void platform_pre_fork(void);
+void platform_pre_restart(void);
void platform_post_fork_parent(pid_t child_pid);
void platform_post_fork_child(void);
int platform_privileged_uidswap(void);
Added: vendor-crypto/openssh/dist/poly1305.c
===================================================================
--- vendor-crypto/openssh/dist/poly1305.c (rev 0)
+++ vendor-crypto/openssh/dist/poly1305.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,160 @@
+/*
+ * Public Domain poly1305 from Andrew Moon
+ * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna
+ */
+
+/* $OpenBSD: poly1305.c,v 1.3 2013/12/19 22:57:13 djm Exp $ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+#include "poly1305.h"
+
+#define mul32x32_64(a,b) ((uint64_t)(a) * (b))
+
+#define U8TO32_LE(p) \
+ (((uint32_t)((p)[0])) | \
+ ((uint32_t)((p)[1]) << 8) | \
+ ((uint32_t)((p)[2]) << 16) | \
+ ((uint32_t)((p)[3]) << 24))
+
+#define U32TO8_LE(p, v) \
+ do { \
+ (p)[0] = (uint8_t)((v)); \
+ (p)[1] = (uint8_t)((v) >> 8); \
+ (p)[2] = (uint8_t)((v) >> 16); \
+ (p)[3] = (uint8_t)((v) >> 24); \
+ } while (0)
+
+void
+poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
+ uint32_t t0,t1,t2,t3;
+ uint32_t h0,h1,h2,h3,h4;
+ uint32_t r0,r1,r2,r3,r4;
+ uint32_t s1,s2,s3,s4;
+ uint32_t b, nb;
+ size_t j;
+ uint64_t t[5];
+ uint64_t f0,f1,f2,f3;
+ uint32_t g0,g1,g2,g3,g4;
+ uint64_t c;
+ unsigned char mp[16];
+
+ /* clamp key */
+ t0 = U8TO32_LE(key+0);
+ t1 = U8TO32_LE(key+4);
+ t2 = U8TO32_LE(key+8);
+ t3 = U8TO32_LE(key+12);
+
+ /* precompute multipliers */
+ r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6;
+ r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12;
+ r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18;
+ r3 = t2 & 0x3f03fff; t3 >>= 8;
+ r4 = t3 & 0x00fffff;
+
+ s1 = r1 * 5;
+ s2 = r2 * 5;
+ s3 = r3 * 5;
+ s4 = r4 * 5;
+
+ /* init state */
+ h0 = 0;
+ h1 = 0;
+ h2 = 0;
+ h3 = 0;
+ h4 = 0;
+
+ /* full blocks */
+ if (inlen < 16) goto poly1305_donna_atmost15bytes;
+poly1305_donna_16bytes:
+ m += 16;
+ inlen -= 16;
+
+ t0 = U8TO32_LE(m-16);
+ t1 = U8TO32_LE(m-12);
+ t2 = U8TO32_LE(m-8);
+ t3 = U8TO32_LE(m-4);
+
+ h0 += t0 & 0x3ffffff;
+ h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+ h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+ h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+ h4 += (t3 >> 8) | (1 << 24);
+
+
+poly1305_donna_mul:
+ t[0] = mul32x32_64(h0,r0) + mul32x32_64(h1,s4) + mul32x32_64(h2,s3) + mul32x32_64(h3,s2) + mul32x32_64(h4,s1);
+ t[1] = mul32x32_64(h0,r1) + mul32x32_64(h1,r0) + mul32x32_64(h2,s4) + mul32x32_64(h3,s3) + mul32x32_64(h4,s2);
+ t[2] = mul32x32_64(h0,r2) + mul32x32_64(h1,r1) + mul32x32_64(h2,r0) + mul32x32_64(h3,s4) + mul32x32_64(h4,s3);
+ t[3] = mul32x32_64(h0,r3) + mul32x32_64(h1,r2) + mul32x32_64(h2,r1) + mul32x32_64(h3,r0) + mul32x32_64(h4,s4);
+ t[4] = mul32x32_64(h0,r4) + mul32x32_64(h1,r3) + mul32x32_64(h2,r2) + mul32x32_64(h3,r1) + mul32x32_64(h4,r0);
+
+ h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26);
+ t[1] += c; h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26);
+ t[2] += b; h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26);
+ t[3] += b; h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26);
+ t[4] += b; h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26);
+ h0 += b * 5;
+
+ if (inlen >= 16) goto poly1305_donna_16bytes;
+
+ /* final bytes */
+poly1305_donna_atmost15bytes:
+ if (!inlen) goto poly1305_donna_finish;
+
+ for (j = 0; j < inlen; j++) mp[j] = m[j];
+ mp[j++] = 1;
+ for (; j < 16; j++) mp[j] = 0;
+ inlen = 0;
+
+ t0 = U8TO32_LE(mp+0);
+ t1 = U8TO32_LE(mp+4);
+ t2 = U8TO32_LE(mp+8);
+ t3 = U8TO32_LE(mp+12);
+
+ h0 += t0 & 0x3ffffff;
+ h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+ h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+ h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+ h4 += (t3 >> 8);
+
+ goto poly1305_donna_mul;
+
+poly1305_donna_finish:
+ b = h0 >> 26; h0 = h0 & 0x3ffffff;
+ h1 += b; b = h1 >> 26; h1 = h1 & 0x3ffffff;
+ h2 += b; b = h2 >> 26; h2 = h2 & 0x3ffffff;
+ h3 += b; b = h3 >> 26; h3 = h3 & 0x3ffffff;
+ h4 += b; b = h4 >> 26; h4 = h4 & 0x3ffffff;
+ h0 += b * 5; b = h0 >> 26; h0 = h0 & 0x3ffffff;
+ h1 += b;
+
+ g0 = h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff;
+ g1 = h1 + b; b = g1 >> 26; g1 &= 0x3ffffff;
+ g2 = h2 + b; b = g2 >> 26; g2 &= 0x3ffffff;
+ g3 = h3 + b; b = g3 >> 26; g3 &= 0x3ffffff;
+ g4 = h4 + b - (1 << 26);
+
+ b = (g4 >> 31) - 1;
+ nb = ~b;
+ h0 = (h0 & nb) | (g0 & b);
+ h1 = (h1 & nb) | (g1 & b);
+ h2 = (h2 & nb) | (g2 & b);
+ h3 = (h3 & nb) | (g3 & b);
+ h4 = (h4 & nb) | (g4 & b);
+
+ f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]);
+ f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]);
+ f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]);
+ f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]);
+
+ U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32);
+ U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32);
+ U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32);
+ U32TO8_LE(&out[12], f3);
+}
Added: vendor-crypto/openssh/dist/poly1305.h
===================================================================
--- vendor-crypto/openssh/dist/poly1305.h (rev 0)
+++ vendor-crypto/openssh/dist/poly1305.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,22 @@
+/* $OpenBSD: poly1305.h,v 1.2 2013/12/19 22:57:13 djm Exp $ */
+
+/*
+ * Public Domain poly1305 from Andrew Moon
+ * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna
+ */
+
+#ifndef POLY1305_H
+#define POLY1305_H
+
+#include <sys/types.h>
+
+#define POLY1305_KEYLEN 32
+#define POLY1305_TAGLEN 16
+
+void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
+ const u_char key[POLY1305_KEYLEN])
+ __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN)))
+ __attribute__((__bounded__(__buffer__, 2, 3)))
+ __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN)));
+
+#endif /* POLY1305_H */
Modified: vendor-crypto/openssh/dist/progressmeter.c
===================================================================
--- vendor-crypto/openssh/dist/progressmeter.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/progressmeter.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.40 2013/09/19 00:24:52 djm Exp $ */
/*
* Copyright (c) 2003 Nils Nordman. All rights reserved.
*
@@ -66,6 +66,7 @@
static time_t start; /* start progress */
static time_t last_update; /* last progress update */
static char *file; /* name of the file being transferred */
+static off_t start_pos; /* initial position of transfer */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
static volatile off_t *counter; /* progress counter */
@@ -129,7 +130,7 @@
int i, len;
int file_len;
- transferred = *counter - cur_pos;
+ transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
now = monotime();
bytes_left = end_pos - cur_pos;
@@ -139,7 +140,7 @@
else {
elapsed = now - start;
/* Calculate true total speed when done */
- transferred = end_pos;
+ transferred = end_pos - start_pos;
bytes_per_second = 0;
}
@@ -251,6 +252,7 @@
{
start = last_update = monotime();
file = f;
+ start_pos = *ctr;
end_pos = filesize;
cur_pos = 0;
counter = ctr;
Modified: vendor-crypto/openssh/dist/readconf.c
===================================================================
--- vendor-crypto/openssh/dist/readconf.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/readconf.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.218 2014/02/23 20:11:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -17,14 +17,21 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <sys/wait.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
+#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
+#include <fcntl.h>
#include <netdb.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
@@ -47,6 +54,7 @@
#include "buffer.h"
#include "kex.h"
#include "mac.h"
+#include "uidswap.h"
/* Format of the configuration file:
@@ -115,12 +123,13 @@
typedef enum {
oBadOption,
+ oHost, oMatch,
oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
oGatewayPorts, oExitOnForwardFailure,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
- oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
+ oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
@@ -136,8 +145,10 @@
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
- oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+ oVisualHostKey, oUseRoaming,
+ oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+ oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+ oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
@@ -194,6 +205,7 @@
{ "localforward", oLocalForward },
{ "user", oUser },
{ "host", oHost },
+ { "match", oMatch },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
{ "globalknownhostsfile2", oDeprecated },
@@ -240,15 +252,15 @@
{ "permitlocalcommand", oPermitLocalCommand },
{ "visualhostkey", oVisualHostKey },
{ "useroaming", oUseRoaming },
-#ifdef JPAKE
- { "zeroknowledgepasswordauthentication",
- oZeroKnowledgePasswordAuthentication },
-#else
- { "zeroknowledgepasswordauthentication", oUnsupported },
-#endif
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
+ { "proxyusefdpass", oProxyUseFdpass },
+ { "canonicaldomains", oCanonicalDomains },
+ { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
+ { "canonicalizehostname", oCanonicalizeHostname },
+ { "canonicalizemaxdots", oCanonicalizeMaxDots },
+ { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
@@ -348,10 +360,254 @@
options->identity_files[options->num_identity_files++] = path;
}
+int
+default_ssh_port(void)
+{
+ static int port;
+ struct servent *sp;
+
+ if (port == 0) {
+ sp = getservbyname(SSH_SERVICE_NAME, "tcp");
+ port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
+ }
+ return port;
+}
+
/*
+ * Execute a command in a shell.
+ * Return its exit status or -1 on abnormal exit.
+ */
+static int
+execute_in_shell(const char *cmd)
+{
+ char *shell, *command_string;
+ pid_t pid;
+ int devnull, status;
+ extern uid_t original_real_uid;
+
+ if ((shell = getenv("SHELL")) == NULL)
+ shell = _PATH_BSHELL;
+
+ /*
+ * Use "exec" to avoid "sh -c" processes on some platforms
+ * (e.g. Solaris)
+ */
+ xasprintf(&command_string, "exec %s", cmd);
+
+ /* Need this to redirect subprocess stdin/out */
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
+ fatal("open(/dev/null): %s", strerror(errno));
+
+ debug("Executing command: '%.500s'", cmd);
+
+ /* Fork and execute the command. */
+ if ((pid = fork()) == 0) {
+ char *argv[4];
+
+ /* Child. Permanently give up superuser privileges. */
+ permanently_drop_suid(original_real_uid);
+
+ /* Redirect child stdin and stdout. Leave stderr */
+ if (dup2(devnull, STDIN_FILENO) == -1)
+ fatal("dup2: %s", strerror(errno));
+ if (dup2(devnull, STDOUT_FILENO) == -1)
+ fatal("dup2: %s", strerror(errno));
+ if (devnull > STDERR_FILENO)
+ close(devnull);
+ closefrom(STDERR_FILENO + 1);
+
+ argv[0] = shell;
+ argv[1] = "-c";
+ argv[2] = command_string;
+ argv[3] = NULL;
+
+ execv(argv[0], argv);
+ error("Unable to execute '%.100s': %s", cmd, strerror(errno));
+ /* Die with signal to make this error apparent to parent. */
+ signal(SIGTERM, SIG_DFL);
+ kill(getpid(), SIGTERM);
+ _exit(1);
+ }
+ /* Parent. */
+ if (pid < 0)
+ fatal("%s: fork: %.100s", __func__, strerror(errno));
+
+ close(devnull);
+ free(command_string);
+
+ while (waitpid(pid, &status, 0) == -1) {
+ if (errno != EINTR && errno != EAGAIN)
+ fatal("%s: waitpid: %s", __func__, strerror(errno));
+ }
+ if (!WIFEXITED(status)) {
+ error("command '%.100s' exited abnormally", cmd);
+ return -1;
+ }
+ debug3("command returned status %d", WEXITSTATUS(status));
+ return WEXITSTATUS(status);
+}
+
+/*
+ * Parse and execute a Match directive.
+ */
+static int
+match_cfg_line(Options *options, char **condition, struct passwd *pw,
+ const char *host_arg, const char *filename, int linenum)
+{
+ char *arg, *attrib, *cmd, *cp = *condition, *host;
+ const char *ruser;
+ int r, port, result = 1, attributes = 0;
+ size_t len;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
+
+ /*
+ * Configuration is likely to be incomplete at this point so we
+ * must be prepared to use default values.
+ */
+ port = options->port <= 0 ? default_ssh_port() : options->port;
+ ruser = options->user == NULL ? pw->pw_name : options->user;
+ if (options->hostname != NULL) {
+ /* NB. Please keep in sync with ssh.c:main() */
+ host = percent_expand(options->hostname,
+ "h", host_arg, (char *)NULL);
+ } else
+ host = xstrdup(host_arg);
+
+ debug3("checking match for '%s' host %s", cp, host);
+ while ((attrib = strdelim(&cp)) && *attrib != '\0') {
+ attributes++;
+ if (strcasecmp(attrib, "all") == 0) {
+ if (attributes != 1 ||
+ ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
+ error("'all' cannot be combined with other "
+ "Match attributes");
+ result = -1;
+ goto out;
+ }
+ *condition = cp;
+ result = 1;
+ goto out;
+ }
+ if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
+ error("Missing Match criteria for %s", attrib);
+ result = -1;
+ goto out;
+ }
+ len = strlen(arg);
+ if (strcasecmp(attrib, "host") == 0) {
+ if (match_hostname(host, arg, len) != 1)
+ result = 0;
+ else
+ debug("%.200s line %d: matched 'Host %.100s' ",
+ filename, linenum, host);
+ } else if (strcasecmp(attrib, "originalhost") == 0) {
+ if (match_hostname(host_arg, arg, len) != 1)
+ result = 0;
+ else
+ debug("%.200s line %d: matched "
+ "'OriginalHost %.100s' ",
+ filename, linenum, host_arg);
+ } else if (strcasecmp(attrib, "user") == 0) {
+ if (match_pattern_list(ruser, arg, len, 0) != 1)
+ result = 0;
+ else
+ debug("%.200s line %d: matched 'User %.100s' ",
+ filename, linenum, ruser);
+ } else if (strcasecmp(attrib, "localuser") == 0) {
+ if (match_pattern_list(pw->pw_name, arg, len, 0) != 1)
+ result = 0;
+ else
+ debug("%.200s line %d: matched "
+ "'LocalUser %.100s' ",
+ filename, linenum, pw->pw_name);
+ } else if (strcasecmp(attrib, "exec") == 0) {
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ strlcpy(shorthost, thishost, sizeof(shorthost));
+ shorthost[strcspn(thishost, ".")] = '\0';
+ snprintf(portstr, sizeof(portstr), "%d", port);
+
+ cmd = percent_expand(arg,
+ "L", shorthost,
+ "d", pw->pw_dir,
+ "h", host,
+ "l", thishost,
+ "n", host_arg,
+ "p", portstr,
+ "r", ruser,
+ "u", pw->pw_name,
+ (char *)NULL);
+ if (result != 1) {
+ /* skip execution if prior predicate failed */
+ debug("%.200s line %d: skipped exec \"%.100s\"",
+ filename, linenum, cmd);
+ } else {
+ r = execute_in_shell(cmd);
+ if (r == -1) {
+ fatal("%.200s line %d: match exec "
+ "'%.100s' error", filename,
+ linenum, cmd);
+ } else if (r == 0) {
+ debug("%.200s line %d: matched "
+ "'exec \"%.100s\"'", filename,
+ linenum, cmd);
+ } else {
+ debug("%.200s line %d: no match "
+ "'exec \"%.100s\"'", filename,
+ linenum, cmd);
+ result = 0;
+ }
+ }
+ free(cmd);
+ } else {
+ error("Unsupported Match attribute %s", attrib);
+ result = -1;
+ goto out;
+ }
+ }
+ if (attributes == 0) {
+ error("One or more attributes required for Match");
+ result = -1;
+ goto out;
+ }
+ debug3("match %sfound", result ? "" : "not ");
+ *condition = cp;
+ out:
+ free(host);
+ return result;
+}
+
+/* Check and prepare a domain name: removes trailing '.' and lowercases */
+static void
+valid_domain(char *name, const char *filename, int linenum)
+{
+ size_t i, l = strlen(name);
+ u_char c, last = '\0';
+
+ if (l == 0)
+ fatal("%s line %d: empty hostname suffix", filename, linenum);
+ if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0]))
+ fatal("%s line %d: hostname suffix \"%.100s\" "
+ "starts with invalid character", filename, linenum, name);
+ for (i = 0; i < l; i++) {
+ c = tolower((u_char)name[i]);
+ name[i] = (char)c;
+ if (last == '.' && c == '.')
+ fatal("%s line %d: hostname suffix \"%.100s\" contains "
+ "consecutive separators", filename, linenum, name);
+ if (c != '.' && c != '-' && !isalnum(c) &&
+ c != '_') /* technically invalid, but common */
+ fatal("%s line %d: hostname suffix \"%.100s\" contains "
+ "invalid characters", filename, linenum, name);
+ last = c;
+ }
+ if (name[l - 1] == '.')
+ name[l - 1] = '\0';
+}
+
+/*
* Returns the number of the token pointed to by cp or oBadOption.
*/
-
static OpCodes
parse_token(const char *cp, const char *filename, int linenum,
const char *ignored_unknown)
@@ -369,26 +625,94 @@
return oBadOption;
}
+/* Multistate option parsing */
+struct multistate {
+ char *key;
+ int value;
+};
+static const struct multistate multistate_flag[] = {
+ { "true", 1 },
+ { "false", 0 },
+ { "yes", 1 },
+ { "no", 0 },
+ { NULL, -1 }
+};
+static const struct multistate multistate_yesnoask[] = {
+ { "true", 1 },
+ { "false", 0 },
+ { "yes", 1 },
+ { "no", 0 },
+ { "ask", 2 },
+ { NULL, -1 }
+};
+static const struct multistate multistate_addressfamily[] = {
+ { "inet", AF_INET },
+ { "inet6", AF_INET6 },
+ { "any", AF_UNSPEC },
+ { NULL, -1 }
+};
+static const struct multistate multistate_controlmaster[] = {
+ { "true", SSHCTL_MASTER_YES },
+ { "yes", SSHCTL_MASTER_YES },
+ { "false", SSHCTL_MASTER_NO },
+ { "no", SSHCTL_MASTER_NO },
+ { "auto", SSHCTL_MASTER_AUTO },
+ { "ask", SSHCTL_MASTER_ASK },
+ { "autoask", SSHCTL_MASTER_AUTO_ASK },
+ { NULL, -1 }
+};
+static const struct multistate multistate_tunnel[] = {
+ { "ethernet", SSH_TUNMODE_ETHERNET },
+ { "point-to-point", SSH_TUNMODE_POINTOPOINT },
+ { "true", SSH_TUNMODE_DEFAULT },
+ { "yes", SSH_TUNMODE_DEFAULT },
+ { "false", SSH_TUNMODE_NO },
+ { "no", SSH_TUNMODE_NO },
+ { NULL, -1 }
+};
+static const struct multistate multistate_requesttty[] = {
+ { "true", REQUEST_TTY_YES },
+ { "yes", REQUEST_TTY_YES },
+ { "false", REQUEST_TTY_NO },
+ { "no", REQUEST_TTY_NO },
+ { "force", REQUEST_TTY_FORCE },
+ { "auto", REQUEST_TTY_AUTO },
+ { NULL, -1 }
+};
+static const struct multistate multistate_canonicalizehostname[] = {
+ { "true", SSH_CANONICALISE_YES },
+ { "false", SSH_CANONICALISE_NO },
+ { "yes", SSH_CANONICALISE_YES },
+ { "no", SSH_CANONICALISE_NO },
+ { "always", SSH_CANONICALISE_ALWAYS },
+ { NULL, -1 }
+};
+
/*
* Processes a single option line as used in the configuration files. This
* only sets those values that have not already been set.
*/
#define WHITESPACE " \t\r\n"
-
int
-process_config_line(Options *options, const char *host,
- char *line, const char *filename, int linenum,
- int *activep, int userconfig)
+process_config_line(Options *options, struct passwd *pw, const char *host,
+ char *line, const char *filename, int linenum, int *activep, int userconfig)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
char **cpptr, fwdarg[256];
u_int i, *uintptr, max_entries = 0;
- int negated, opcode, *intptr, value, value2;
+ int negated, opcode, *intptr, value, value2, cmdline = 0;
LogLevel *log_level_ptr;
long long val64;
size_t len;
Forward fwd;
+ const struct multistate *multistate_ptr;
+ struct allowed_cname *cname;
+ if (activep == NULL) { /* We are processing a command line directive */
+ cmdline = 1;
+ activep = &cmdline;
+ }
+
/* Strip trailing whitespace */
for (len = strlen(line) - 1; len > 0; len--) {
if (strchr(WHITESPACE, line[len]) == NULL)
@@ -406,8 +730,7 @@
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
/* Match lowercase keyword */
- for (i = 0; i < strlen(keyword); i++)
- keyword[i] = tolower(keyword[i]);
+ lowercase(keyword);
opcode = parse_token(keyword, filename, linenum,
options->ignored_unknown);
@@ -437,17 +760,23 @@
case oForwardAgent:
intptr = &options->forward_agent;
-parse_flag:
+ parse_flag:
+ multistate_ptr = multistate_flag;
+ parse_multistate:
arg = strdelim(&s);
if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
- value = 0; /* To avoid compiler warning... */
- if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
- value = 1;
- else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
- value = 0;
- else
- fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
+ fatal("%s line %d: missing argument.",
+ filename, linenum);
+ value = -1;
+ for (i = 0; multistate_ptr[i].key != NULL; i++) {
+ if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
+ value = multistate_ptr[i].value;
+ break;
+ }
+ }
+ if (value == -1)
+ fatal("%s line %d: unsupported option \"%s\".",
+ filename, linenum, arg);
if (*activep && *intptr == -1)
*intptr = value;
break;
@@ -480,10 +809,6 @@
intptr = &options->password_authentication;
goto parse_flag;
- case oZeroKnowledgePasswordAuthentication:
- intptr = &options->zero_knowledge_password_authentication;
- goto parse_flag;
-
case oKbdInteractiveAuthentication:
intptr = &options->kbd_interactive_authentication;
goto parse_flag;
@@ -530,27 +855,13 @@
case oVerifyHostKeyDNS:
intptr = &options->verify_host_key_dns;
- goto parse_yesnoask;
+ multistate_ptr = multistate_yesnoask;
+ goto parse_multistate;
case oStrictHostKeyChecking:
intptr = &options->strict_host_key_checking;
-parse_yesnoask:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing yes/no/ask argument.",
- filename, linenum);
- value = 0; /* To avoid compiler warning... */
- if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
- value = 1;
- else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
- value = 0;
- else if (strcmp(arg, "ask") == 0)
- value = 2;
- else
- fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_yesnoask;
+ goto parse_multistate;
case oCompression:
intptr = &options->compression;
@@ -827,6 +1138,9 @@
goto parse_flag;
case oHost:
+ if (cmdline)
+ fatal("Host directive not supported as a command-line "
+ "option");
*activep = 0;
arg2 = NULL;
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
@@ -853,6 +1167,18 @@
/* Avoid garbage check below, as strdelim is done. */
return 0;
+ case oMatch:
+ if (cmdline)
+ fatal("Host directive not supported as a command-line "
+ "option");
+ value = match_cfg_line(options, &s, pw, host,
+ filename, linenum);
+ if (value < 0)
+ fatal("%.200s line %d: Bad Match condition", filename,
+ linenum);
+ *activep = value;
+ break;
+
case oEscapeChar:
intptr = &options->escape_char;
arg = strdelim(&s);
@@ -876,22 +1202,9 @@
break;
case oAddressFamily:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing address family.",
- filename, linenum);
intptr = &options->address_family;
- if (strcasecmp(arg, "inet") == 0)
- value = AF_INET;
- else if (strcasecmp(arg, "inet6") == 0)
- value = AF_INET6;
- else if (strcasecmp(arg, "any") == 0)
- value = AF_UNSPEC;
- else
- fatal("Unsupported AddressFamily \"%s\"", arg);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_addressfamily;
+ goto parse_multistate;
case oEnableSSHKeysign:
intptr = &options->enable_ssh_keysign;
@@ -930,27 +1243,8 @@
case oControlMaster:
intptr = &options->control_master;
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing ControlMaster argument.",
- filename, linenum);
- value = 0; /* To avoid compiler warning... */
- if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
- value = SSHCTL_MASTER_YES;
- else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
- value = SSHCTL_MASTER_NO;
- else if (strcmp(arg, "auto") == 0)
- value = SSHCTL_MASTER_AUTO;
- else if (strcmp(arg, "ask") == 0)
- value = SSHCTL_MASTER_ASK;
- else if (strcmp(arg, "autoask") == 0)
- value = SSHCTL_MASTER_AUTO_ASK;
- else
- fatal("%.200s line %d: Bad ControlMaster argument.",
- filename, linenum);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_controlmaster;
+ goto parse_multistate;
case oControlPersist:
/* no/false/yes/true, or a time spec */
@@ -982,25 +1276,8 @@
case oTunnel:
intptr = &options->tun_open;
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%s line %d: Missing yes/point-to-point/"
- "ethernet/no argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcasecmp(arg, "ethernet") == 0)
- value = SSH_TUNMODE_ETHERNET;
- else if (strcasecmp(arg, "point-to-point") == 0)
- value = SSH_TUNMODE_POINTOPOINT;
- else if (strcasecmp(arg, "yes") == 0)
- value = SSH_TUNMODE_DEFAULT;
- else if (strcasecmp(arg, "no") == 0)
- value = SSH_TUNMODE_NO;
- else
- fatal("%s line %d: Bad yes/point-to-point/ethernet/"
- "no argument: %s", filename, linenum, arg);
- if (*activep)
- *intptr = value;
- break;
+ multistate_ptr = multistate_tunnel;
+ goto parse_multistate;
case oTunnelDevice:
arg = strdelim(&s);
@@ -1049,29 +1326,74 @@
goto parse_flag;
case oRequestTTY:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing argument.",
- filename, linenum);
intptr = &options->request_tty;
- if (strcasecmp(arg, "yes") == 0)
- value = REQUEST_TTY_YES;
- else if (strcasecmp(arg, "no") == 0)
- value = REQUEST_TTY_NO;
- else if (strcasecmp(arg, "force") == 0)
- value = REQUEST_TTY_FORCE;
- else if (strcasecmp(arg, "auto") == 0)
- value = REQUEST_TTY_AUTO;
- else
- fatal("Unsupported RequestTTY \"%s\"", arg);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_requesttty;
+ goto parse_multistate;
case oIgnoreUnknown:
charptr = &options->ignored_unknown;
goto parse_string;
+ case oProxyUseFdpass:
+ intptr = &options->proxy_use_fdpass;
+ goto parse_flag;
+
+ case oCanonicalDomains:
+ value = options->num_canonical_domains != 0;
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ valid_domain(arg, filename, linenum);
+ if (!*activep || value)
+ continue;
+ if (options->num_canonical_domains >= MAX_CANON_DOMAINS)
+ fatal("%s line %d: too many hostname suffixes.",
+ filename, linenum);
+ options->canonical_domains[
+ options->num_canonical_domains++] = xstrdup(arg);
+ }
+ break;
+
+ case oCanonicalizePermittedCNAMEs:
+ value = options->num_permitted_cnames != 0;
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ /* Either '*' for everything or 'list:list' */
+ if (strcmp(arg, "*") == 0)
+ arg2 = arg;
+ else {
+ lowercase(arg);
+ if ((arg2 = strchr(arg, ':')) == NULL ||
+ arg2[1] == '\0') {
+ fatal("%s line %d: "
+ "Invalid permitted CNAME \"%s\"",
+ filename, linenum, arg);
+ }
+ *arg2 = '\0';
+ arg2++;
+ }
+ if (!*activep || value)
+ continue;
+ if (options->num_permitted_cnames >= MAX_CANON_DOMAINS)
+ fatal("%s line %d: too many permitted CNAMEs.",
+ filename, linenum);
+ cname = options->permitted_cnames +
+ options->num_permitted_cnames++;
+ cname->source_list = xstrdup(arg);
+ cname->target_list = xstrdup(arg2);
+ }
+ break;
+
+ case oCanonicalizeHostname:
+ intptr = &options->canonicalize_hostname;
+ multistate_ptr = multistate_canonicalizehostname;
+ goto parse_multistate;
+
+ case oCanonicalizeMaxDots:
+ intptr = &options->canonicalize_max_dots;
+ goto parse_int;
+
+ case oCanonicalizeFallbackLocal:
+ intptr = &options->canonicalize_fallback_local;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@@ -1102,8 +1424,8 @@
*/
int
-read_config_file(const char *filename, const char *host, Options *options,
- int flags)
+read_config_file(const char *filename, struct passwd *pw, const char *host,
+ Options *options, int flags)
{
FILE *f;
char line[1024];
@@ -1134,8 +1456,8 @@
while (fgets(line, sizeof(line), f)) {
/* Update line number counter. */
linenum++;
- if (process_config_line(options, host, line, filename, linenum,
- &active, flags & SSHCONF_USERCONF) != 0)
+ if (process_config_line(options, pw, host, line, filename,
+ linenum, &active, flags & SSHCONF_USERCONF) != 0)
bad_options++;
}
fclose(f);
@@ -1145,6 +1467,13 @@
return 1;
}
+/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
+int
+option_clear_or_none(const char *o)
+{
+ return o == NULL || strcasecmp(o, "none") == 0;
+}
+
/*
* Initializes options to special values that indicate that they have not yet
* been set. Read_config_file will only set options with this value. Options
@@ -1229,18 +1558,37 @@
options->permit_local_command = -1;
options->use_roaming = -1;
options->visual_host_key = -1;
- options->zero_knowledge_password_authentication = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
+ options->proxy_use_fdpass = -1;
options->ignored_unknown = NULL;
+ options->num_canonical_domains = 0;
+ options->num_permitted_cnames = 0;
+ options->canonicalize_max_dots = -1;
+ options->canonicalize_fallback_local = -1;
+ options->canonicalize_hostname = -1;
}
/*
+ * A petite version of fill_default_options() that just fills the options
+ * needed for hostname canonicalization to proceed.
+ */
+void
+fill_default_options_for_canonicalization(Options *options)
+{
+ if (options->canonicalize_max_dots == -1)
+ options->canonicalize_max_dots = 1;
+ if (options->canonicalize_fallback_local == -1)
+ options->canonicalize_fallback_local = 1;
+ if (options->canonicalize_hostname == -1)
+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
+}
+
+/*
* Called after processing other sources of option data, this fills those
* options for which no value has been specified with their default values.
*/
-
void
fill_default_options(Options * options)
{
@@ -1321,6 +1669,8 @@
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_ID_ED25519, 0);
}
}
if (options->escape_char == -1)
@@ -1377,8 +1727,6 @@
options->use_roaming = 1;
if (options->visual_host_key == -1)
options->visual_host_key = 0;
- if (options->zero_knowledge_password_authentication == -1)
- options->zero_knowledge_password_authentication = 0;
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
@@ -1385,8 +1733,24 @@
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->request_tty == -1)
options->request_tty = REQUEST_TTY_AUTO;
- /* options->local_command should not be set by default */
- /* options->proxy_command should not be set by default */
+ if (options->proxy_use_fdpass == -1)
+ options->proxy_use_fdpass = 0;
+ if (options->canonicalize_max_dots == -1)
+ options->canonicalize_max_dots = 1;
+ if (options->canonicalize_fallback_local == -1)
+ options->canonicalize_fallback_local = 1;
+ if (options->canonicalize_hostname == -1)
+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
+#define CLEAR_ON_NONE(v) \
+ do { \
+ if (option_clear_or_none(v)) { \
+ free(v); \
+ v = NULL; \
+ } \
+ } while(0)
+ CLEAR_ON_NONE(options->local_command);
+ CLEAR_ON_NONE(options->proxy_command);
+ CLEAR_ON_NONE(options->control_path);
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
/* options->host_key_alias should not be set by default */
@@ -1413,7 +1777,7 @@
cp = p = xstrdup(fwdspec);
/* skip leading spaces */
- while (isspace(*cp))
+ while (isspace((u_char)*cp))
cp++;
for (i = 0; i < 4; ++i)
Modified: vendor-crypto/openssh/dist/readconf.h
===================================================================
--- vendor-crypto/openssh/dist/readconf.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/readconf.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.101 2014/02/23 20:11:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -29,8 +29,14 @@
/* Data structure for representing option data. */
#define MAX_SEND_ENV 256
-#define SSH_MAX_HOSTS_FILES 256
+#define SSH_MAX_HOSTS_FILES 32
+#define MAX_CANON_DOMAINS 32
+struct allowed_cname {
+ char *source_list;
+ char *target_list;
+};
+
typedef struct {
int forward_agent; /* Forward authentication agent. */
int forward_x11; /* Forward X11 display. */
@@ -53,7 +59,6 @@
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
- int zero_knowledge_password_authentication; /* Try jpake */
int batch_mode; /* Batch mode: do not ask for passwords. */
int check_host_ip; /* Also keep track of keys for IP address */
int strict_host_key_checking; /* Strict host key checking. */
@@ -138,9 +143,23 @@
int request_tty;
+ int proxy_use_fdpass;
+
+ int num_canonical_domains;
+ char *canonical_domains[MAX_CANON_DOMAINS];
+ int canonicalize_hostname;
+ int canonicalize_max_dots;
+ int canonicalize_fallback_local;
+ int num_permitted_cnames;
+ struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
+#define SSH_CANONICALISE_NO 0
+#define SSH_CANONICALISE_YES 1
+#define SSH_CANONICALISE_ALWAYS 2
+
#define SSHCTL_MASTER_NO 0
#define SSHCTL_MASTER_YES 1
#define SSHCTL_MASTER_AUTO 2
@@ -157,13 +176,15 @@
void initialize_options(Options *);
void fill_default_options(Options *);
-int read_config_file(const char *, const char *, Options *, int);
+void fill_default_options_for_canonicalization(Options *);
+int process_config_line(Options *, struct passwd *, const char *, char *,
+ const char *, int, int *, int);
+int read_config_file(const char *, struct passwd *, const char *,
+ Options *, int);
int parse_forward(Forward *, const char *, int, int);
+int default_ssh_port(void);
+int option_clear_or_none(const char *);
-int
-process_config_line(Options *, const char *, char *, const char *, int, int *,
- int);
-
void add_local_forward(Options *, const Forward *);
void add_remote_forward(Options *, const Forward *);
void add_identity_file(Options *, const char *, const char *, int);
Modified: vendor-crypto/openssh/dist/readpass.c
===================================================================
--- vendor-crypto/openssh/dist/readpass.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/readpass.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -99,13 +99,13 @@
break;
signal(SIGCHLD, osigchld);
if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return NULL;
}
buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return pass;
}
@@ -162,7 +162,7 @@
}
ret = xstrdup(buf);
- memset(buf, 'x', sizeof buf);
+ explicit_bzero(buf, sizeof(buf));
return ret;
}
Modified: vendor-crypto/openssh/dist/regress/Makefile
===================================================================
--- vendor-crypto/openssh/dist/regress/Makefile 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/Makefile 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.65 2013/04/18 02:46:12 djm Exp $
+# $OpenBSD: Makefile,v 1.68 2014/01/25 04:35:32 dtucker Exp $
-REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t-exec
tests: $(REGRESS_TARGETS)
# Interop tests are not run by default
@@ -44,6 +44,7 @@
sftp-badcmds \
sftp-batch \
sftp-glob \
+ sftp-perm \
reconfigure \
dynamic-forward \
forwarding \
@@ -64,6 +65,7 @@
forward-control \
integrity \
krl
+# dhgex \
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
@@ -72,7 +74,7 @@
USER!= id -un
CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
- t8.out t8.out.pub t9.out t9.out.pub \
+ t8.out t8.out.pub t9.out t9.out.pub t10.out t10.out.pub \
authorized_keys_${USER} known_hosts pidfile testdata \
ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
@@ -86,7 +88,10 @@
authorized_principals_${USER} expect actual ready \
sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \
ssh.log failed-ssh.log sshd.log failed-sshd.log \
- regress.log failed-regress.log ssh-log-wrapper.sh
+ regress.log failed-regress.log ssh-log-wrapper.sh \
+ sftp-server.sh sftp-server.log sftp.log setuid-allowed \
+ data ed25519-agent ed25519-agent.pub key.ed25519-512 \
+ key.ed25519-512.pub
SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}
@@ -151,6 +156,14 @@
test "${TEST_SSH_ECC}" != yes || \
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null
+
+$(OBJ)/t10.out:
+ ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -f $@
+
+t10: $(OBJ)/t10.out
+ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t10.out > /dev/null
+ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null
+
t-exec: ${LTESTS:=.sh}
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
Modified: vendor-crypto/openssh/dist/regress/agent-ptrace.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent-ptrace.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/agent-ptrace.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+# $OpenBSD: agent-ptrace.sh,v 1.2 2014/02/27 21:21:25 djm Exp $
# Placed in the Public Domain.
tid="disallow agent ptrace attach"
@@ -19,6 +19,13 @@
exit 0
fi
+if $OBJ/setuid-allowed ${SSHAGENT} ; then
+ : ok
+else
+ echo "skipped (${SSHAGENT} is mounted on a no-setuid filesystem)"
+ exit 0
+fi
+
if test -z "$SUDO" ; then
echo "skipped (SUDO not set)"
exit 0
@@ -38,8 +45,9 @@
gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
quit
EOF
- if [ $? -ne 0 ]; then
- fail "gdb failed: exit code $?"
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "gdb failed: exit code $r"
fi
egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out
r=$?
Modified: vendor-crypto/openssh/dist/regress/agent.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/agent.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
+# $OpenBSD: agent.sh,v 1.10 2014/02/27 21:21:25 djm Exp $
# Placed in the Public Domain.
tid="simple agent test"
@@ -20,7 +20,7 @@
fi
trace "overwrite authorized keys"
printf '' > $OBJ/authorized_keys_$USER
- for t in rsa rsa1; do
+ for t in ed25519 rsa rsa1; do
# generate user key for agent
rm -f $OBJ/$t-agent
${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
@@ -34,20 +34,23 @@
fi
done
${SSHADD} -l > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- fail "ssh-add -l failed: exit code $?"
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $r"
fi
# the same for full pubkey output
${SSHADD} -L > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- fail "ssh-add -L failed: exit code $?"
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -L failed: exit code $r"
fi
trace "simple connect via agent"
for p in 1 2; do
${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p
- if [ $? -ne 5$p ]; then
- fail "ssh connect with protocol $p failed (exit code $?)"
+ r=$?
+ if [ $r -ne 5$p ]; then
+ fail "ssh connect with protocol $p failed (exit code $r)"
fi
done
@@ -54,20 +57,23 @@
trace "agent forwarding"
for p in 1 2; do
${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- fail "ssh-add -l via agent fwd proto $p failed (exit code $?)"
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -l via agent fwd proto $p failed (exit code $r)"
fi
${SSH} -A -$p -F $OBJ/ssh_proxy somehost \
"${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p"
- if [ $? -ne 5$p ]; then
- fail "agent fwd proto $p failed (exit code $?)"
+ r=$?
+ if [ $r -ne 5$p ]; then
+ fail "agent fwd proto $p failed (exit code $r)"
fi
done
trace "delete all agent keys"
${SSHADD} -D > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- fail "ssh-add -D failed: exit code $?"
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -D failed: exit code $r"
fi
trace "kill agent"
Modified: vendor-crypto/openssh/dist/regress/cert-hostkey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cert-hostkey.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/cert-hostkey.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,14 +1,8 @@
-# $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $
+# $OpenBSD: cert-hostkey.sh,v 1.9 2014/01/26 10:22:10 djm Exp $
# Placed in the Public Domain.
tid="certified host keys"
-# used to disable ECC based tests on platforms without ECC
-ecdsa=""
-if test "x$TEST_SSH_ECC" = "xyes"; then
- ecdsa=ecdsa
-fi
-
rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
@@ -23,8 +17,17 @@
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
+PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+
+type_has_legacy() {
+ case $1 in
+ ed25519*|ecdsa*) return 1 ;;
+ esac
+ return 0
+}
+
# Generate and sign host keys
-for ktype in rsa dsa $ecdsa ; do
+for ktype in $PLAIN_TYPES ; do
verbose "$tid: sign host ${ktype} cert"
# Generate and sign a host key
${SSHKEYGEN} -q -N '' -t ${ktype} \
@@ -34,10 +37,10 @@
-I "regress host key for $USER" \
-n $HOSTS $OBJ/cert_host_key_${ktype} ||
fail "couldn't sign cert_host_key_${ktype}"
- # v00 ecdsa certs do not exist
- test "${ktype}" = "ecdsa" && continue
+ type_has_legacy $ktype || continue
cp $OBJ/cert_host_key_${ktype} $OBJ/cert_host_key_${ktype}_v00
cp $OBJ/cert_host_key_${ktype}.pub $OBJ/cert_host_key_${ktype}_v00.pub
+ verbose "$tid: sign host ${ktype}_v00 cert"
${SSHKEYGEN} -t v00 -h -q -s $OBJ/host_ca_key \
-I "regress host key for $USER" \
-n $HOSTS $OBJ/cert_host_key_${ktype}_v00 ||
@@ -46,7 +49,7 @@
# Basic connect tests
for privsep in yes no ; do
- for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
+ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do
verbose "$tid: host ${ktype} cert connect privsep $privsep"
(
cat $OBJ/sshd_proxy_bak
@@ -69,26 +72,13 @@
printf '@cert-authority '
printf "$HOSTS "
cat $OBJ/host_ca_key.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_rsa.pub
- if test "x$TEST_SSH_ECC" = "xyes"; then
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_ecdsa.pub
- fi
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_dsa.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_rsa_v00.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_dsa_v00.pub
+ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do
+ test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey"
+ printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n"
+ done
) > $OBJ/known_hosts-cert
for privsep in yes no ; do
- for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
+ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do
verbose "$tid: host ${ktype} revoked cert privsep $privsep"
(
cat $OBJ/sshd_proxy_bak
@@ -115,7 +105,7 @@
printf "* "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
-for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do
verbose "$tid: host ${ktype} revoked cert"
(
cat $OBJ/sshd_proxy_bak
@@ -186,9 +176,8 @@
# Check downgrade of cert to raw key when no CA found
for v in v01 v00 ; do
- for ktype in rsa dsa $ecdsa ; do
- # v00 ecdsa certs do not exist.
- test "${v}${ktype}" = "v00ecdsa" && continue
+ for ktype in $PLAIN_TYPES ; do
+ type_has_legacy $ktype || continue
rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
verbose "$tid: host ${ktype} ${v} cert downgrade to raw key"
# Generate and sign a host key
@@ -225,9 +214,8 @@
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
for v in v01 v00 ; do
- for kt in rsa dsa $ecdsa ; do
- # v00 ecdsa certs do not exist.
- test "${v}${ktype}" = "v00ecdsa" && continue
+ for kt in $PLAIN_TYPES ; do
+ type_has_legacy $kt || continue
rm -f $OBJ/cert_host_key*
# Self-sign key
${SSHKEYGEN} -q -N '' -t ${kt} \
Modified: vendor-crypto/openssh/dist/regress/cert-userkey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cert-userkey.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/cert-userkey.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,23 +1,26 @@
-# $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $
+# $OpenBSD: cert-userkey.sh,v 1.12 2013/12/06 13:52:46 markus Exp $
# Placed in the Public Domain.
tid="certified user keys"
-# used to disable ECC based tests on platforms without ECC
-ecdsa=""
-if test "x$TEST_SSH_ECC" = "xyes"; then
- ecdsa=ecdsa
-fi
-
rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+
+type_has_legacy() {
+ case $1 in
+ ed25519*|ecdsa*) return 1 ;;
+ esac
+ return 0
+}
+
# Create a CA key
${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\
fail "ssh-keygen of user_ca_key failed"
# Generate and sign user keys
-for ktype in rsa dsa $ecdsa ; do
+for ktype in $PLAIN_TYPES ; do
verbose "$tid: sign user ${ktype} cert"
${SSHKEYGEN} -q -N '' -t ${ktype} \
-f $OBJ/cert_user_key_${ktype} || \
@@ -25,18 +28,18 @@
${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
-z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
fail "couldn't sign cert_user_key_${ktype}"
- # v00 ecdsa certs do not exist
- test "${ktype}" = "ecdsa" && continue
+ type_has_legacy $ktype || continue
cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00
cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub
+ verbose "$tid: sign host ${ktype}_v00 cert"
${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \
"regress user key for $USER" \
-n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype}_v00 ||
- fail "couldn't sign cert_user_key_${ktype}_v00"
+ fatal "couldn't sign cert_user_key_${ktype}_v00"
done
# Test explicitly-specified principals
-for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do
for privsep in yes no ; do
_prefix="${ktype} privsep $privsep"
@@ -162,7 +165,7 @@
extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub"
fi
- for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do
for privsep in yes no ; do
_prefix="${ktype} privsep $privsep $auth"
# Simple connect
@@ -332,7 +335,7 @@
# Wrong certificate
cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
-for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do
case $ktype in
*_v00) args="-t v00" ;;
*) args="" ;;
Modified: vendor-crypto/openssh/dist/regress/cipher-speed.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cipher-speed.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/cipher-speed.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $
+# $OpenBSD: cipher-speed.sh,v 1.11 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="cipher speed"
@@ -11,18 +11,7 @@
tries="1 2"
-ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
- arcfour128 arcfour256 arcfour
- aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
- aes128-ctr aes192-ctr aes256-ctr"
-config_defined OPENSSL_HAVE_EVPGCM && \
- ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
-macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
- hmac-sha1-96 hmac-md5-96"
-config_defined HAVE_EVP_SHA256 && \
- macs="$macs hmac-sha2-256 hmac-sha2-512"
-
-for c in $ciphers; do n=0; for m in $macs; do
+for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do
trace "proto 2 cipher $c mac $m"
for x in $tries; do
printf "%-60s" "$c/$m:"
@@ -35,10 +24,10 @@
fail "ssh -2 failed with mac $m cipher $c"
fi
done
- # No point trying all MACs for GCM since they are ignored.
- case $c in
- aes*-gcm at openssh.com) test $n -gt 0 && break;;
- esac
+ # No point trying all MACs for AEAD ciphers since they are ignored.
+ if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
+ break
+ fi
n=`expr $n + 1`
done; done
Added: vendor-crypto/openssh/dist/regress/dhgex.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/dhgex.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/dhgex.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,54 @@
+# $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dhgex"
+
+LOG=${TEST_SSH_LOGFILE}
+rm -f ${LOG}
+
+kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
+
+ssh_test_dhgex()
+{
+ bits="$1"; shift
+ cipher="$1"; shift
+ kex="$1"; shift
+
+ rm -f ${LOG}
+ opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
+ groupsz="1024<$bits<8192"
+ verbose "$tid bits $bits $kex $cipher"
+ ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh failed ($@)"
+ fi
+ # check what we request
+ grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null
+ if [ $? != 0 ]; then
+ got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}`
+ fail "$tid unexpected GEX sizes, expected $groupsz, got $got"
+ fi
+ # check what we got (depends on contents of system moduli file)
+ gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`"
+ if [ "$gotbits" -lt "$bits" ]; then
+ fatal "$tid expected $bits bit group, got $gotbits"
+ fi
+}
+
+check()
+{
+ bits="$1"; shift
+
+ for c in $@; do
+ for k in $kexs; do
+ ssh_test_dhgex $bits $c $k
+ done
+ done
+}
+
+#check 2048 3des-cbc
+check 3072 `${SSH} -Q cipher | grep 128`
+check 3072 arcfour blowfish-cbc
+check 7680 `${SSH} -Q cipher | grep 192`
+check 8192 `${SSH} -Q cipher | grep 256`
+check 8192 rijndael-cbc at lysator.liu.se chacha20-poly1305 at openssh.com
Modified: vendor-crypto/openssh/dist/regress/forward-control.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/forward-control.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/forward-control.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: forward-control.sh,v 1.1 2012/12/02 20:47:48 djm Exp $
+# $OpenBSD: forward-control.sh,v 1.2 2013/11/18 05:09:32 naddy Exp $
# Placed in the Public Domain.
tid="sshd control of local and remote forwarding"
Modified: vendor-crypto/openssh/dist/regress/host-expand.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/host-expand.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/host-expand.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,3 +1,4 @@
+# $OpenBSD: host-expand.sh,v 1.3 2014/02/27 23:17:41 djm Exp $
# Placed in the Public Domain.
tid="expand %h and %n"
Modified: vendor-crypto/openssh/dist/regress/integrity.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/integrity.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/integrity.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $
+# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="integrity"
@@ -8,18 +8,10 @@
# XXX and ssh tries to read...
tries=10
startoffset=2900
-macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
- hmac-sha1-96 hmac-md5-96
- hmac-sha1-etm at openssh.com hmac-md5-etm at openssh.com
- umac-64-etm at openssh.com umac-128-etm at openssh.com
- hmac-sha1-96-etm at openssh.com hmac-md5-96-etm at openssh.com"
-config_defined HAVE_EVP_SHA256 &&
- macs="$macs hmac-sha2-256 hmac-sha2-512
- hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
+macs=`${SSH} -Q mac`
# The following are not MACs, but ciphers with integrated integrity. They are
# handled specially below.
-config_defined OPENSSL_HAVE_EVPGCM && \
- macs="$macs aes128-gcm at openssh.com aes256-gcm at openssh.com"
+macs="$macs `${SSH} -Q cipher-auth`"
# avoid DH group exchange as the extra traffic makes it harder to get the
# offset into the stream right.
@@ -44,12 +36,14 @@
fi
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
- case $m in
- aes*gcm*) macopt="-c $m";;
- *) macopt="-m $m";;
- esac
+ if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
+ macopt="-c $m"
+ else
+ macopt="-m $m -c aes128-ctr"
+ fi
verbose "test $tid: $m @$off"
${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
+ -oServerAliveInterval=1 -oServerAliveCountMax=30 \
999.999.999.999 'printf "%4096s" " "' >/dev/null
if [ $? -eq 0 ]; then
fail "ssh -m $m succeeds with bit-flip at $off"
Modified: vendor-crypto/openssh/dist/regress/kextype.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/kextype.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/kextype.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: kextype.sh,v 1.1 2010/09/22 12:26:05 djm Exp $
+# $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $
# Placed in the Public Domain.
tid="login with different key exchange algorithms"
@@ -7,18 +7,8 @@
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
-if test "$TEST_SSH_ECC" = "yes"; then
- kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521"
-fi
-if test "$TEST_SSH_SHA256" = "yes"; then
- kextypes="$kextypes diffie-hellman-group-exchange-sha256"
-fi
-kextypes="$kextypes diffie-hellman-group-exchange-sha1"
-kextypes="$kextypes diffie-hellman-group14-sha1"
-kextypes="$kextypes diffie-hellman-group1-sha1"
-
tries="1 2 3 4"
-for k in $kextypes; do
+for k in `${SSH} -Q kex`; do
verbose "kex $k"
for i in $tries; do
${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
Modified: vendor-crypto/openssh/dist/regress/keytype.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keytype.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/keytype.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $
+# $OpenBSD: keytype.sh,v 1.3 2013/12/06 13:52:46 markus Exp $
# Placed in the Public Domain.
tid="login with different key types"
@@ -11,10 +11,16 @@
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
-ktypes="dsa-1024 rsa-2048 rsa-3072"
-if test "$TEST_SSH_ECC" = "yes"; then
- ktypes="$ktypes ecdsa-256 ecdsa-384 ecdsa-521"
-fi
+# Traditional and builtin key types.
+ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512"
+# Types not present in all OpenSSL versions.
+for i in `$SSH -Q key`; do
+ case "$i" in
+ ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;;
+ ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;;
+ ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;;
+ esac
+done
for kt in $ktypes; do
rm -f $OBJ/key.$kt
Modified: vendor-crypto/openssh/dist/regress/krl.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/krl.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/krl.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $
+# $OpenBSD: krl.sh,v 1.2 2013/11/21 03:15:46 djm Exp $
# Placed in the Public Domain.
tid="key revocation lists"
@@ -101,6 +101,9 @@
>/dev/null || fatal "$SSHKEYGEN KRL failed"
}
+## XXX dump with trace and grep for set cert serials
+## XXX test ranges near (u64)-1, etc.
+
verbose "$tid: generating KRLs"
genkrls
Modified: vendor-crypto/openssh/dist/regress/login-timeout.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/login-timeout.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/login-timeout.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,9 +1,11 @@
-# $OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $
+# $OpenBSD: login-timeout.sh,v 1.6 2014/02/27 20:04:16 djm Exp $
# Placed in the Public Domain.
tid="connect after login grace timeout"
trace "test login grace with privsep"
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+grep -vi LoginGraceTime $OBJ/sshd_config.orig > $OBJ/sshd_config
echo "LoginGraceTime 10s" >> $OBJ/sshd_config
echo "MaxStartups 1" >> $OBJ/sshd_config
start_sshd
Modified: vendor-crypto/openssh/dist/regress/modpipe.c
===================================================================
--- vendor-crypto/openssh/dist/regress/modpipe.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/modpipe.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: modpipe.c,v 1.5 2013/05/10 03:46:14 djm Exp $ */
+/* $OpenBSD: modpipe.c,v 1.6 2013/11/21 03:16:47 djm Exp $ */
#include "includes.h"
@@ -68,7 +68,7 @@
#define MAX_MODIFICATIONS 256
struct modification {
enum { MOD_XOR, MOD_AND_OR } what;
- u_int64_t offset;
+ unsigned long long offset;
u_int8_t m1, m2;
};
@@ -79,7 +79,7 @@
int n, m1, m2;
bzero(m, sizeof(*m));
- if ((n = sscanf(s, "%16[^:]%*[:]%lli%*[:]%i%*[:]%i",
+ if ((n = sscanf(s, "%16[^:]%*[:]%llu%*[:]%i%*[:]%i",
what, &m->offset, &m1, &m2)) < 3)
errx(1, "Invalid modification spec \"%s\"", s);
if (strcasecmp(what, "xor") == 0) {
Modified: vendor-crypto/openssh/dist/regress/rekey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/rekey.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/rekey.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: rekey.sh,v 1.8 2013/05/17 04:29:14 dtucker Exp $
+# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="rekey"
@@ -7,34 +7,67 @@
rm -f ${LOG}
-for s in 16 1k 128k 256k; do
- verbose "client rekeylimit ${s}"
+# Test rekeying based on data volume only.
+# Arguments will be passed to ssh.
+ssh_data_rekeying()
+{
rm -f ${COPY} ${LOG}
- cat $DATA | \
- ${SSH} -oCompression=no -oRekeyLimit=$s \
- -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+ ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \
+ "cat > ${COPY}"
if [ $? -ne 0 ]; then
- fail "ssh failed"
+ fail "ssh failed ($@)"
fi
- cmp $DATA ${COPY} || fail "corrupted copy"
+ cmp ${DATA} ${COPY} || fail "corrupted copy ($@)"
n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
n=`expr $n - 1`
trace "$n rekeying(s)"
if [ $n -lt 1 ]; then
- fail "no rekeying occured"
+ fail "no rekeying occured ($@)"
fi
+}
+
+increase_datafile_size 300
+
+opts=""
+for i in `${SSH} -Q kex`; do
+ opts="$opts KexAlgorithms=$i"
done
+for i in `${SSH} -Q cipher`; do
+ opts="$opts Ciphers=$i"
+done
+for i in `${SSH} -Q mac`; do
+ opts="$opts MACs=$i"
+done
+for opt in $opts; do
+ verbose "client rekey $opt"
+ ssh_data_rekeying -oRekeyLimit=256k -o$opt
+done
+
+# AEAD ciphers are magical so test with all KexAlgorithms
+if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then
+ for c in `${SSH} -Q cipher-auth`; do
+ for kex in `${SSH} -Q kex`; do
+ verbose "client rekey $c $kex"
+ ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
+ done
+ done
+fi
+
+for s in 16 1k 128k 256k; do
+ verbose "client rekeylimit ${s}"
+ ssh_data_rekeying -oCompression=no -oRekeyLimit=$s
+done
+
for s in 5 10; do
verbose "client rekeylimit default ${s}"
rm -f ${COPY} ${LOG}
- cat $DATA | \
- ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
- $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
+ ${SSH} < ${DATA} -oCompression=no -oRekeyLimit="default $s" -F \
+ $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
if [ $? -ne 0 ]; then
fail "ssh failed"
fi
- cmp $DATA ${COPY} || fail "corrupted copy"
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
n=`expr $n - 1`
trace "$n rekeying(s)"
@@ -98,10 +131,10 @@
awk '/rekeylimit/{print $3}'`
if [ "$bytes" != "$b" ]; then
- fatal "rekeylimit size: expected $bytes got $b"
+ fatal "rekeylimit size: expected $bytes bytes got $b"
fi
if [ "$seconds" != "$s" ]; then
- fatal "rekeylimit time: expected $time got $s"
+ fatal "rekeylimit time: expected $time seconds got $s"
fi
done
done
Modified: vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,5 +1,5 @@
#!/bin/sh
-# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
+# $OpenBSD: scp-ssh-wrapper.sh,v 1.3 2014/01/26 10:49:17 djm Exp $
# Placed in the Public Domain.
printname () {
@@ -17,7 +17,7 @@
}
# Discard all but last argument. We use arg later.
-while test "$1" != ""; do
+while test "x$1" != "x"; do
arg="$1"
shift
done
@@ -52,6 +52,8 @@
echo "X"
;;
*)
- exec $arg
+ set -- $arg
+ shift
+ exec $SCP "$@"
;;
esac
Modified: vendor-crypto/openssh/dist/regress/scp.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/scp.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/scp.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $
+# $OpenBSD: scp.sh,v 1.10 2014/01/26 10:49:17 djm Exp $
# Placed in the Public Domain.
tid="scp"
@@ -20,6 +20,7 @@
cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
chmod 755 ${OBJ}/scp-ssh-wrapper.scp
scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp"
+export SCP # used in scp-ssh-wrapper.scp
scpclean() {
rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
Added: vendor-crypto/openssh/dist/regress/setuid-allowed.c
===================================================================
--- vendor-crypto/openssh/dist/regress/setuid-allowed.c (rev 0)
+++ vendor-crypto/openssh/dist/regress/setuid-allowed.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD$ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_STATVFS_H
+# include <sys/statvfs.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+void
+usage(void)
+{
+ fprintf(stderr, "check-setuid [path]\n");
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ const char *path = ".";
+ struct statvfs sb;
+
+ if (argc > 2)
+ usage();
+ else if (argc == 2)
+ path = argv[1];
+
+ if (statvfs(path, &sb) != 0) {
+ /* Don't return an error if the host doesn't support statvfs */
+ if (errno == ENOSYS)
+ return 0;
+ fprintf(stderr, "statvfs for \"%s\" failed: %s\n",
+ path, strerror(errno));
+ }
+ return (sb.f_flag & ST_NOSUID) ? 1 : 0;
+}
+
+
Modified: vendor-crypto/openssh/dist/regress/sftp-chroot.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-chroot.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/sftp-chroot.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+# $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $
# Placed in the Public Domain.
tid="sftp in chroot"
@@ -18,7 +18,8 @@
start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /"
verbose "test $tid: get"
-${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \
+${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \
+ >>$TEST_REGRESS_LOGFILE 2>&1 || \
fatal "Fetch ${FILENAME} failed"
cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
Added: vendor-crypto/openssh/dist/regress/sftp-perm.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-perm.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/sftp-perm.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,269 @@
+# $OpenBSD: sftp-perm.sh,v 1.2 2013/10/17 22:00:18 djm Exp $
+# Placed in the Public Domain.
+
+tid="sftp permissions"
+
+SERVER_LOG=${OBJ}/sftp-server.log
+CLIENT_LOG=${OBJ}/sftp.log
+TEST_SFTP_SERVER=${OBJ}/sftp-server.sh
+
+prepare_server() {
+ printf "#!/bin/sh\nexec $SFTPSERVER -el debug3 $* 2>$SERVER_LOG\n" \
+ > $TEST_SFTP_SERVER
+ chmod a+x $TEST_SFTP_SERVER
+}
+
+run_client() {
+ echo "$@" | ${SFTP} -D ${TEST_SFTP_SERVER} -vvvb - >$CLIENT_LOG 2>&1
+}
+
+prepare_files() {
+ _prep="$1"
+ rm -f ${COPY} ${COPY}.1
+ test -d ${COPY}.dd && { rmdir ${COPY}.dd || fatal "rmdir ${COPY}.dd"; }
+ test -z "$_prep" && return
+ sh -c "$_prep" || fail "preparation failed: \"$_prep\""
+}
+
+postcondition() {
+ _title="$1"
+ _check="$2"
+ test -z "$_check" && return
+ ${TEST_SHELL} -c "$_check" || fail "postcondition check failed: $_title"
+}
+
+ro_test() {
+ _desc=$1
+ _cmd="$2"
+ _prep="$3"
+ _expect_success_post="$4"
+ _expect_fail_post="$5"
+ verbose "$tid: read-only $_desc"
+ # Plain (no options, mostly to test that _cmd is good)
+ prepare_files "$_prep"
+ prepare_server
+ run_client "$_cmd" || fail "plain $_desc failed"
+ postcondition "$_desc no-readonly" "$_expect_success_post"
+ # Read-only enabled
+ prepare_files "$_prep"
+ prepare_server -R
+ run_client "$_cmd" && fail "read-only $_desc succeeded"
+ postcondition "$_desc readonly" "$_expect_fail_post"
+}
+
+perm_test() {
+ _op=$1
+ _whitelist_ops=$2
+ _cmd="$3"
+ _prep="$4"
+ _expect_success_post="$5"
+ _expect_fail_post="$6"
+ verbose "$tid: explicit $_op"
+ # Plain (no options, mostly to test that _cmd is good)
+ prepare_files "$_prep"
+ prepare_server
+ run_client "$_cmd" || fail "plain $_op failed"
+ postcondition "$_op no white/blacklists" "$_expect_success_post"
+ # Whitelist
+ prepare_files "$_prep"
+ prepare_server -p $_op,$_whitelist_ops
+ run_client "$_cmd" || fail "whitelisted $_op failed"
+ postcondition "$_op whitelisted" "$_expect_success_post"
+ # Blacklist
+ prepare_files "$_prep"
+ prepare_server -P $_op
+ run_client "$_cmd" && fail "blacklisted $_op succeeded"
+ postcondition "$_op blacklisted" "$_expect_fail_post"
+ # Whitelist with op missing.
+ prepare_files "$_prep"
+ prepare_server -p $_whitelist_ops
+ run_client "$_cmd" && fail "no whitelist $_op succeeded"
+ postcondition "$_op not in whitelist" "$_expect_fail_post"
+}
+
+ro_test \
+ "upload" \
+ "put $DATA $COPY" \
+ "" \
+ "cmp $DATA $COPY" \
+ "test ! -f $COPY"
+
+ro_test \
+ "setstat" \
+ "chmod 0700 $COPY" \
+ "touch $COPY; chmod 0400 $COPY" \
+ "test -x $COPY" \
+ "test ! -x $COPY"
+
+ro_test \
+ "rm" \
+ "rm $COPY" \
+ "touch $COPY" \
+ "test ! -f $COPY" \
+ "test -f $COPY"
+
+ro_test \
+ "mkdir" \
+ "mkdir ${COPY}.dd" \
+ "" \
+ "test -d ${COPY}.dd" \
+ "test ! -d ${COPY}.dd"
+
+ro_test \
+ "rmdir" \
+ "rmdir ${COPY}.dd" \
+ "mkdir ${COPY}.dd" \
+ "test ! -d ${COPY}.dd" \
+ "test -d ${COPY}.dd"
+
+ro_test \
+ "posix-rename" \
+ "rename $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1 -a ! -f $COPY" \
+ "test -f $COPY -a ! -f ${COPY}.1"
+
+ro_test \
+ "oldrename" \
+ "rename -l $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1 -a ! -f $COPY" \
+ "test -f $COPY -a ! -f ${COPY}.1"
+
+ro_test \
+ "symlink" \
+ "ln -s $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -h ${COPY}.1" \
+ "test ! -h ${COPY}.1"
+
+ro_test \
+ "hardlink" \
+ "ln $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1" \
+ "test ! -f ${COPY}.1"
+
+# Test explicit permissions
+
+perm_test \
+ "open" \
+ "realpath,stat,lstat,read,close" \
+ "get $DATA $COPY" \
+ "" \
+ "cmp $DATA $COPY" \
+ "! cmp $DATA $COPY 2>/dev/null"
+
+perm_test \
+ "read" \
+ "realpath,stat,lstat,open,close" \
+ "get $DATA $COPY" \
+ "" \
+ "cmp $DATA $COPY" \
+ "! cmp $DATA $COPY 2>/dev/null"
+
+perm_test \
+ "write" \
+ "realpath,stat,lstat,open,close" \
+ "put $DATA $COPY" \
+ "" \
+ "cmp $DATA $COPY" \
+ "! cmp $DATA $COPY 2>/dev/null"
+
+perm_test \
+ "lstat" \
+ "realpath,stat,open,read,close" \
+ "get $DATA $COPY" \
+ "" \
+ "cmp $DATA $COPY" \
+ "! cmp $DATA $COPY 2>/dev/null"
+
+perm_test \
+ "opendir" \
+ "realpath,readdir,stat,lstat" \
+ "ls -ln $OBJ"
+
+perm_test \
+ "readdir" \
+ "realpath,opendir,stat,lstat" \
+ "ls -ln $OBJ"
+
+perm_test \
+ "setstat" \
+ "realpath,stat,lstat" \
+ "chmod 0700 $COPY" \
+ "touch $COPY; chmod 0400 $COPY" \
+ "test -x $COPY" \
+ "test ! -x $COPY"
+
+perm_test \
+ "remove" \
+ "realpath,stat,lstat" \
+ "rm $COPY" \
+ "touch $COPY" \
+ "test ! -f $COPY" \
+ "test -f $COPY"
+
+perm_test \
+ "mkdir" \
+ "realpath,stat,lstat" \
+ "mkdir ${COPY}.dd" \
+ "" \
+ "test -d ${COPY}.dd" \
+ "test ! -d ${COPY}.dd"
+
+perm_test \
+ "rmdir" \
+ "realpath,stat,lstat" \
+ "rmdir ${COPY}.dd" \
+ "mkdir ${COPY}.dd" \
+ "test ! -d ${COPY}.dd" \
+ "test -d ${COPY}.dd"
+
+perm_test \
+ "posix-rename" \
+ "realpath,stat,lstat" \
+ "rename $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1 -a ! -f $COPY" \
+ "test -f $COPY -a ! -f ${COPY}.1"
+
+perm_test \
+ "rename" \
+ "realpath,stat,lstat" \
+ "rename -l $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1 -a ! -f $COPY" \
+ "test -f $COPY -a ! -f ${COPY}.1"
+
+perm_test \
+ "symlink" \
+ "realpath,stat,lstat" \
+ "ln -s $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -h ${COPY}.1" \
+ "test ! -h ${COPY}.1"
+
+perm_test \
+ "hardlink" \
+ "realpath,stat,lstat" \
+ "ln $COPY ${COPY}.1" \
+ "touch $COPY" \
+ "test -f ${COPY}.1" \
+ "test ! -f ${COPY}.1"
+
+perm_test \
+ "statvfs" \
+ "realpath,stat,lstat" \
+ "df /"
+
+# XXX need good tests for:
+# fstat
+# fsetstat
+# realpath
+# stat
+# readlink
+# fstatvfs
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.dd
+
Modified: vendor-crypto/openssh/dist/regress/test-exec.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/test-exec.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/test-exec.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.47 2013/11/09 05:41:34 dtucker Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -133,9 +133,14 @@
# Path to sshd must be absolute for rexec
case "$SSHD" in
/*) ;;
-*) SSHD=`which sshd` ;;
+*) SSHD=`which $SSHD` ;;
esac
+case "$SSHAGENT" in
+/*) ;;
+*) SSHAGENT=`which $SSHAGENT` ;;
+esac
+
# Logfiles.
# SSH_LOGFILE should be the debug output of ssh(1) only
# SSHD_LOGFILE should be the debug output of sshd(8) only
@@ -166,14 +171,22 @@
# Some test data. We make a copy because some tests will overwrite it.
# The tests may assume that $DATA exists and is writable and $COPY does
-# not exist.
+# not exist. Tests requiring larger data files can call increase_datafile_size
+# [kbytes] to ensure the file is at least that large.
DATANAME=data
DATA=$OBJ/${DATANAME}
-cat $SSHD $SSHD $SSHD $SSHD >${DATA}
+cat ${SSHAGENT} >${DATA}
chmod u+w ${DATA}
COPY=$OBJ/copy
rm -f ${COPY}
+increase_datafile_size()
+{
+ while [ `du -k ${DATA} | cut -f1` -lt $1 ]; do
+ cat ${SSHAGENT} >>${DATA}
+ done
+}
+
# these should be used in tests
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
Modified: vendor-crypto/openssh/dist/regress/try-ciphers.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/try-ciphers.sh 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/regress/try-ciphers.sh 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,27 +1,11 @@
-# $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $
+# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
-ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
- arcfour128 arcfour256 arcfour
- aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
- aes128-ctr aes192-ctr aes256-ctr"
-config_defined OPENSSL_HAVE_EVPGCM && \
- ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
-macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
- hmac-sha1-96 hmac-md5-96
- hmac-sha1-etm at openssh.com hmac-md5-etm at openssh.com
- umac-64-etm at openssh.com umac-128-etm at openssh.com
- hmac-sha1-96-etm at openssh.com hmac-md5-96-etm at openssh.com
- hmac-ripemd160-etm at openssh.com"
-config_defined HAVE_EVP_SHA256 &&
- macs="$macs hmac-sha2-256 hmac-sha2-512
- hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
-
-for c in $ciphers; do
+for c in `${SSH} -Q cipher`; do
n=0
- for m in $macs; do
+ for m in `${SSH} -Q mac`; do
trace "proto 2 cipher $c mac $m"
verbose "test $tid: proto 2 cipher $c mac $m"
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
@@ -28,10 +12,11 @@
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"
fi
- # No point trying all MACs for GCM since they are ignored.
- case $c in
- aes*-gcm at openssh.com) test $n -gt 0 && break;;
- esac
+ # No point trying all MACs for AEAD ciphers since they
+ # are ignored.
+ if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
+ break
+ fi
n=`expr $n + 1`
done
done
Modified: vendor-crypto/openssh/dist/roaming_client.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_client.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/roaming_client.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -48,6 +48,7 @@
#include "roaming.h"
#include "ssh2.h"
#include "sshconnect.h"
+#include "digest.h"
/* import */
extern Options options;
@@ -90,10 +91,8 @@
static void
roaming_auth_required(void)
{
- u_char digest[SHA_DIGEST_LENGTH];
- EVP_MD_CTX md;
+ u_char digest[SSH_DIGEST_MAX_LENGTH];
Buffer b;
- const EVP_MD *evp_md = EVP_sha1();
u_int64_t chall, oldchall;
chall = packet_get_int64();
@@ -107,14 +106,13 @@
buffer_init(&b);
buffer_put_int64(&b, cookie);
buffer_put_int64(&b, chall);
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
buffer_free(&b);
packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
packet_put_int64(key1 ^ get_recv_bytes());
- packet_put_raw(digest, sizeof(digest));
+ packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
packet_send();
oldkey1 = key1;
@@ -259,10 +257,10 @@
if (c != '\n' && c != '\r')
continue;
- if (ssh_connect(host, &hostaddr, options.port,
+ if (ssh_connect(host, NULL, &hostaddr, options.port,
options.address_family, 1, &timeout_ms,
- options.tcp_keep_alive, options.use_privileged_port,
- options.proxy_command) == 0 && roaming_resume() == 0) {
+ options.tcp_keep_alive, options.use_privileged_port) == 0 &&
+ roaming_resume() == 0) {
packet_restore_state();
reenter_guard = 0;
fprintf(stderr, "[connection resumed]\n");
Modified: vendor-crypto/openssh/dist/roaming_common.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_common.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/roaming_common.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */
+/* $OpenBSD: roaming_common.c,v 1.12 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -36,6 +36,7 @@
#include "cipher.h"
#include "buffer.h"
#include "roaming.h"
+#include "digest.h"
static size_t out_buf_size = 0;
static char *out_buf = NULL;
@@ -49,7 +50,7 @@
int resume_in_progress = 0;
int
-get_snd_buf_size()
+get_snd_buf_size(void)
{
int fd = packet_get_connection_out();
int optval;
@@ -61,7 +62,7 @@
}
int
-get_recv_buf_size()
+get_recv_buf_size(void)
{
int fd = packet_get_connection_in();
int optval;
@@ -225,9 +226,7 @@
void
calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
{
- const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX ctx;
- u_char hash[EVP_MAX_MD_SIZE];
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
Buffer b;
buffer_init(&b);
@@ -235,12 +234,11 @@
buffer_put_int64(&b, cookie);
buffer_put_int64(&b, challenge);
- EVP_DigestInit(&ctx, md);
- EVP_DigestUpdate(&ctx, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&ctx, hash, NULL);
+ if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0)
+ fatal("%s: digest_buffer failed", __func__);
buffer_clear(&b);
- buffer_append(&b, hash, EVP_MD_size(md));
+ buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
*key = buffer_get_int64(&b);
buffer_free(&b);
}
Modified: vendor-crypto/openssh/dist/rsa.c
===================================================================
--- vendor-crypto/openssh/dist/rsa.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/rsa.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -94,8 +94,8 @@
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_public_encrypt: BN_bin2bn failed");
- memset(outbuf, 0, olen);
- memset(inbuf, 0, ilen);
+ explicit_bzero(outbuf, olen);
+ explicit_bzero(inbuf, ilen);
free(outbuf);
free(inbuf);
}
@@ -120,8 +120,8 @@
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_private_decrypt: BN_bin2bn failed");
}
- memset(outbuf, 0, olen);
- memset(inbuf, 0, ilen);
+ explicit_bzero(outbuf, olen);
+ explicit_bzero(inbuf, ilen);
free(outbuf);
free(inbuf);
return len;
Added: vendor-crypto/openssh/dist/sandbox-capsicum.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-capsicum.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-capsicum.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2011 Dag-Erling Smorgrav
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef SANDBOX_CAPSICUM
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/capability.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "monitor.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+/*
+ * Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits,
+ * limits rights on stdout, stdin, stderr, monitor and switches to
+ * capability mode.
+ */
+
+struct ssh_sandbox {
+ struct monitor *monitor;
+ pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(struct monitor *monitor)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ debug3("%s: preparing capsicum sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->monitor = monitor;
+ box->child_pid = 0;
+
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ struct rlimit rl_zero;
+ cap_rights_t rights;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+
+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+#endif
+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+ __func__, strerror(errno));
+
+ cap_rights_init(&rights);
+
+ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
+ fatal("can't limit stdin: %m");
+ if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
+ fatal("can't limit stdout: %m");
+ if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
+ fatal("can't limit stderr: %m");
+
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE);
+ if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 &&
+ errno != ENOSYS)
+ fatal("%s: failed to limit the network socket", __func__);
+ cap_rights_init(&rights, CAP_WRITE);
+ if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 &&
+ errno != ENOSYS)
+ fatal("%s: failed to limit the logging socket", __func__);
+ if (cap_enter() < 0 && errno != ENOSYS)
+ fatal("%s: failed to enter capability mode", __func__);
+
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+ debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ box->child_pid = child_pid;
+}
+
+#endif /* SANDBOX_CAPSICUM */
Modified: vendor-crypto/openssh/dist/sandbox-darwin.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-darwin.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sandbox-darwin.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -40,7 +40,7 @@
};
struct ssh_sandbox *
-ssh_sandbox_init(void)
+ssh_sandbox_init(struct monitor *monitor)
{
struct ssh_sandbox *box;
Modified: vendor-crypto/openssh/dist/sandbox-null.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-null.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sandbox-null.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -39,7 +39,7 @@
};
struct ssh_sandbox *
-ssh_sandbox_init(void)
+ssh_sandbox_init(struct monitor *monitor)
{
struct ssh_sandbox *box;
Modified: vendor-crypto/openssh/dist/sandbox-rlimit.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-rlimit.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sandbox-rlimit.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -42,7 +42,7 @@
};
struct ssh_sandbox *
-ssh_sandbox_init(void)
+ssh_sandbox_init(struct monitor *monitor)
{
struct ssh_sandbox *box;
@@ -69,9 +69,11 @@
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
#endif
+#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
__func__, strerror(errno));
+#endif
#ifdef HAVE_RLIMIT_NPROC
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
Modified: vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-seccomp-filter.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sandbox-seccomp-filter.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -98,6 +98,9 @@
SC_ALLOW(read),
SC_ALLOW(write),
SC_ALLOW(close),
+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
+ SC_ALLOW(shutdown),
+#endif
SC_ALLOW(brk),
SC_ALLOW(poll),
#ifdef __NR__newselect
@@ -132,7 +135,7 @@
};
struct ssh_sandbox *
-ssh_sandbox_init(void)
+ssh_sandbox_init(struct monitor *monitor)
{
struct ssh_sandbox *box;
Modified: vendor-crypto/openssh/dist/sandbox-systrace.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-systrace.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sandbox-systrace.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.9 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm at mindrot.org>
*
@@ -66,6 +66,7 @@
{ SYS_munmap, SYSTR_POLICY_PERMIT },
{ SYS_read, SYSTR_POLICY_PERMIT },
{ SYS_select, SYSTR_POLICY_PERMIT },
+ { SYS_shutdown, SYSTR_POLICY_PERMIT },
{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
{ SYS_write, SYSTR_POLICY_PERMIT },
{ -1, -1 }
@@ -78,7 +79,7 @@
};
struct ssh_sandbox *
-ssh_sandbox_init(void)
+ssh_sandbox_init(struct monitor *monitor)
{
struct ssh_sandbox *box;
@@ -141,7 +142,7 @@
box->systrace_fd, child_pid, strerror(errno));
/* Allocate and assign policy */
- bzero(&policy, sizeof(policy));
+ memset(&policy, 0, sizeof(policy));
policy.strp_op = SYSTR_POLICY_NEW;
policy.strp_maxents = SYS_MAXSYSCALL;
if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
Added: vendor-crypto/openssh/dist/sc25519.c
===================================================================
--- vendor-crypto/openssh/dist/sc25519.c (rev 0)
+++ vendor-crypto/openssh/dist/sc25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,308 @@
+/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c
+ */
+
+#include "includes.h"
+
+#include "sc25519.h"
+
+/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21,
+ 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
+
+static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+ unsigned int x = a;
+ x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
+ x >>= 31; /* 0: no; 1: yes */
+ return x;
+}
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(sc25519 *r)
+{
+ crypto_uint32 pb = 0;
+ crypto_uint32 b;
+ crypto_uint32 mask;
+ int i;
+ unsigned char t[32];
+
+ for(i=0;i<32;i++)
+ {
+ pb += m[i];
+ b = lt(r->v[i],pb);
+ t[i] = r->v[i]-pb+(b<<8);
+ pb = b;
+ }
+ mask = b - 1;
+ for(i=0;i<32;i++)
+ r->v[i] ^= mask & (r->v[i] ^ t[i]);
+}
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
+{
+ /* See HAC, Alg. 14.42 */
+ int i,j;
+ crypto_uint32 q2[66];
+ crypto_uint32 *q3 = q2 + 33;
+ crypto_uint32 r1[33];
+ crypto_uint32 r2[33];
+ crypto_uint32 carry;
+ crypto_uint32 pb = 0;
+ crypto_uint32 b;
+
+ for (i = 0;i < 66;++i) q2[i] = 0;
+ for (i = 0;i < 33;++i) r2[i] = 0;
+
+ for(i=0;i<33;i++)
+ for(j=0;j<33;j++)
+ if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+ carry = q2[31] >> 8;
+ q2[32] += carry;
+ carry = q2[32] >> 8;
+ q2[33] += carry;
+
+ for(i=0;i<33;i++)r1[i] = x[i];
+ for(i=0;i<32;i++)
+ for(j=0;j<33;j++)
+ if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+ for(i=0;i<32;i++)
+ {
+ carry = r2[i] >> 8;
+ r2[i+1] += carry;
+ r2[i] &= 0xff;
+ }
+
+ for(i=0;i<32;i++)
+ {
+ pb += r2[i];
+ b = lt(r1[i],pb);
+ r->v[i] = r1[i]-pb+(b<<8);
+ pb = b;
+ }
+
+ /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
+ * If so: Handle it here!
+ */
+
+ reduce_add_sub(r);
+ reduce_add_sub(r);
+}
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
+{
+ int i;
+ crypto_uint32 t[64];
+ for(i=0;i<32;i++) t[i] = x[i];
+ for(i=32;i<64;++i) t[i] = 0;
+ barrett_reduce(r, t);
+}
+
+void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
+{
+ int i;
+ for(i=0;i<16;i++) r->v[i] = x[i];
+}
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
+{
+ int i;
+ crypto_uint32 t[64];
+ for(i=0;i<64;i++) t[i] = x[i];
+ barrett_reduce(r, t);
+}
+
+void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x)
+{
+ int i;
+ for(i=0;i<16;i++)
+ r->v[i] = x->v[i];
+ for(i=0;i<16;i++)
+ r->v[16+i] = 0;
+}
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
+{
+ int i;
+ for(i=0;i<32;i++) r[i] = x->v[i];
+}
+
+int sc25519_iszero_vartime(const sc25519 *x)
+{
+ int i;
+ for(i=0;i<32;i++)
+ if(x->v[i] != 0) return 0;
+ return 1;
+}
+
+int sc25519_isshort_vartime(const sc25519 *x)
+{
+ int i;
+ for(i=31;i>15;i--)
+ if(x->v[i] != 0) return 0;
+ return 1;
+}
+
+int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y)
+{
+ int i;
+ for(i=31;i>=0;i--)
+ {
+ if(x->v[i] < y->v[i]) return 1;
+ if(x->v[i] > y->v[i]) return 0;
+ }
+ return 0;
+}
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+ int i, carry;
+ for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+ for(i=0;i<31;i++)
+ {
+ carry = r->v[i] >> 8;
+ r->v[i+1] += carry;
+ r->v[i] &= 0xff;
+ }
+ reduce_add_sub(r);
+}
+
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+ crypto_uint32 b = 0;
+ crypto_uint32 t;
+ int i;
+ for(i=0;i<32;i++)
+ {
+ t = x->v[i] - y->v[i] - b;
+ r->v[i] = t & 255;
+ b = (t >> 8) & 1;
+ }
+}
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+ int i,j,carry;
+ crypto_uint32 t[64];
+ for(i=0;i<64;i++)t[i] = 0;
+
+ for(i=0;i<32;i++)
+ for(j=0;j<32;j++)
+ t[i+j] += x->v[i] * y->v[j];
+
+ /* Reduce coefficients */
+ for(i=0;i<63;i++)
+ {
+ carry = t[i] >> 8;
+ t[i+1] += carry;
+ t[i] &= 0xff;
+ }
+
+ barrett_reduce(r, t);
+}
+
+void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y)
+{
+ sc25519 t;
+ sc25519_from_shortsc(&t, y);
+ sc25519_mul(r, x, &t);
+}
+
+void sc25519_window3(signed char r[85], const sc25519 *s)
+{
+ char carry;
+ int i;
+ for(i=0;i<10;i++)
+ {
+ r[8*i+0] = s->v[3*i+0] & 7;
+ r[8*i+1] = (s->v[3*i+0] >> 3) & 7;
+ r[8*i+2] = (s->v[3*i+0] >> 6) & 7;
+ r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+ r[8*i+3] = (s->v[3*i+1] >> 1) & 7;
+ r[8*i+4] = (s->v[3*i+1] >> 4) & 7;
+ r[8*i+5] = (s->v[3*i+1] >> 7) & 7;
+ r[8*i+5] ^= (s->v[3*i+2] << 1) & 7;
+ r[8*i+6] = (s->v[3*i+2] >> 2) & 7;
+ r[8*i+7] = (s->v[3*i+2] >> 5) & 7;
+ }
+ r[8*i+0] = s->v[3*i+0] & 7;
+ r[8*i+1] = (s->v[3*i+0] >> 3) & 7;
+ r[8*i+2] = (s->v[3*i+0] >> 6) & 7;
+ r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+ r[8*i+3] = (s->v[3*i+1] >> 1) & 7;
+ r[8*i+4] = (s->v[3*i+1] >> 4) & 7;
+
+ /* Making it signed */
+ carry = 0;
+ for(i=0;i<84;i++)
+ {
+ r[i] += carry;
+ r[i+1] += r[i] >> 3;
+ r[i] &= 7;
+ carry = r[i] >> 2;
+ r[i] -= carry<<3;
+ }
+ r[84] += carry;
+}
+
+void sc25519_window5(signed char r[51], const sc25519 *s)
+{
+ char carry;
+ int i;
+ for(i=0;i<6;i++)
+ {
+ r[8*i+0] = s->v[5*i+0] & 31;
+ r[8*i+1] = (s->v[5*i+0] >> 5) & 31;
+ r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+ r[8*i+2] = (s->v[5*i+1] >> 2) & 31;
+ r[8*i+3] = (s->v[5*i+1] >> 7) & 31;
+ r[8*i+3] ^= (s->v[5*i+2] << 1) & 31;
+ r[8*i+4] = (s->v[5*i+2] >> 4) & 31;
+ r[8*i+4] ^= (s->v[5*i+3] << 4) & 31;
+ r[8*i+5] = (s->v[5*i+3] >> 1) & 31;
+ r[8*i+6] = (s->v[5*i+3] >> 6) & 31;
+ r[8*i+6] ^= (s->v[5*i+4] << 2) & 31;
+ r[8*i+7] = (s->v[5*i+4] >> 3) & 31;
+ }
+ r[8*i+0] = s->v[5*i+0] & 31;
+ r[8*i+1] = (s->v[5*i+0] >> 5) & 31;
+ r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+ r[8*i+2] = (s->v[5*i+1] >> 2) & 31;
+
+ /* Making it signed */
+ carry = 0;
+ for(i=0;i<50;i++)
+ {
+ r[i] += carry;
+ r[i+1] += r[i] >> 5;
+ r[i] &= 31;
+ carry = r[i] >> 4;
+ r[i] -= carry<<5;
+ }
+ r[50] += carry;
+}
+
+void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
+{
+ int i;
+ for(i=0;i<31;i++)
+ {
+ r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2);
+ r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2);
+ r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2);
+ r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2);
+ }
+ r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2);
+ r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2);
+ r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2);
+}
Added: vendor-crypto/openssh/dist/sc25519.h
===================================================================
--- vendor-crypto/openssh/dist/sc25519.h (rev 0)
+++ vendor-crypto/openssh/dist/sc25519.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,80 @@
+/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h
+ */
+
+#ifndef SC25519_H
+#define SC25519_H
+
+#include "crypto_api.h"
+
+#define sc25519 crypto_sign_ed25519_ref_sc25519
+#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519
+#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes
+#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes
+#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes
+#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc
+#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes
+#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime
+#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime
+#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime
+#define sc25519_add crypto_sign_ed25519_ref_sc25519_add
+#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored
+#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul
+#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc
+#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3
+#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5
+#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2
+
+typedef struct
+{
+ crypto_uint32 v[32];
+}
+sc25519;
+
+typedef struct
+{
+ crypto_uint32 v[16];
+}
+shortsc25519;
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
+
+void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
+
+void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x);
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
+
+int sc25519_iszero_vartime(const sc25519 *x);
+
+int sc25519_isshort_vartime(const sc25519 *x);
+
+int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y);
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y);
+
+/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3
+ * with r[i] in {-4,...,3}
+ */
+void sc25519_window3(signed char r[85], const sc25519 *s);
+
+/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5
+ * with r[i] in {-16,...,15}
+ */
+void sc25519_window5(signed char r[51], const sc25519 *s);
+
+void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
+
+#endif
Deleted: vendor-crypto/openssh/dist/schnorr.c
===================================================================
--- vendor-crypto/openssh/dist/schnorr.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/schnorr.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,677 +0,0 @@
-/* $OpenBSD: schnorr.c,v 1.8 2013/11/08 00:39:15 djm Exp $ */
-/*
- * Copyright (c) 2008 Damien Miller. All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Implementation of Schnorr signatures / zero-knowledge proofs, based on
- * description in:
- *
- * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
- * 16th Workshop on Security Protocols, Cambridge, April 2008
- *
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-
-#include <string.h>
-#include <stdarg.h>
-#include <stdio.h>
-
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include "xmalloc.h"
-#include "buffer.h"
-#include "log.h"
-
-#include "schnorr.h"
-
-#include "openbsd-compat/openssl-compat.h"
-
-/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */
-/* #define SCHNORR_MAIN */ /* Include main() selftest */
-
-#ifndef SCHNORR_DEBUG
-# define SCHNORR_DEBUG_BN(a)
-# define SCHNORR_DEBUG_BUF(a)
-#else
-# define SCHNORR_DEBUG_BN(a) debug3_bn a
-# define SCHNORR_DEBUG_BUF(a) debug3_buf a
-#endif /* SCHNORR_DEBUG */
-
-/*
- * Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
- * using the hash function defined by "evp_md". Returns signature as
- * bignum or NULL on error.
- */
-static BIGNUM *
-schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
- const EVP_MD *evp_md, const BIGNUM *g_v, const BIGNUM *g_x,
- const u_char *id, u_int idlen)
-{
- u_char *digest;
- u_int digest_len;
- BIGNUM *h;
- Buffer b;
- int success = -1;
-
- if ((h = BN_new()) == NULL) {
- error("%s: BN_new", __func__);
- return NULL;
- }
-
- buffer_init(&b);
-
- /* h = H(g || p || q || g^v || g^x || id) */
- buffer_put_bignum2(&b, g);
- buffer_put_bignum2(&b, p);
- buffer_put_bignum2(&b, q);
- buffer_put_bignum2(&b, g_v);
- buffer_put_bignum2(&b, g_x);
- buffer_put_string(&b, id, idlen);
-
- SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
- "%s: hashblob", __func__));
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_md,
- &digest, &digest_len) != 0) {
- error("%s: hash_buffer", __func__);
- goto out;
- }
- if (BN_bin2bn(digest, (int)digest_len, h) == NULL) {
- error("%s: BN_bin2bn", __func__);
- goto out;
- }
- success = 0;
- SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
- out:
- buffer_free(&b);
- bzero(digest, digest_len);
- free(digest);
- digest_len = 0;
- if (success == 0)
- return h;
- BN_clear_free(h);
- return NULL;
-}
-
-/*
- * Generate Schnorr signature to prove knowledge of private value 'x' used
- * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
- * using the hash function "evp_md".
- * 'idlen' bytes from 'id' will be included in the signature hash as an anti-
- * replay salt.
- *
- * On success, 0 is returned. The signature values are returned as *e_p
- * (g^v mod p) and *r_p (v - xh mod q). The caller must free these values.
- * On failure, -1 is returned.
- */
-int
-schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x,
- const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p)
-{
- int success = -1;
- BIGNUM *h, *tmp, *v, *g_v, *r;
- BN_CTX *bn_ctx;
-
- SCHNORR_DEBUG_BN((x, "%s: x = ", __func__));
- SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
-
- /* Avoid degenerate cases: g^0 yields a spoofable signature */
- if (BN_cmp(g_x, BN_value_one()) <= 0) {
- error("%s: g_x < 1", __func__);
- return -1;
- }
- if (BN_cmp(g_x, grp_p) >= 0) {
- error("%s: g_x > g", __func__);
- return -1;
- }
-
- h = g_v = r = tmp = v = NULL;
- if ((bn_ctx = BN_CTX_new()) == NULL) {
- error("%s: BN_CTX_new", __func__);
- goto out;
- }
- if ((g_v = BN_new()) == NULL ||
- (r = BN_new()) == NULL ||
- (tmp = BN_new()) == NULL) {
- error("%s: BN_new", __func__);
- goto out;
- }
-
- /*
- * v must be a random element of Zq, so 1 <= v < q
- * we also exclude v = 1, since g^1 looks dangerous
- */
- if ((v = bn_rand_range_gt_one(grp_p)) == NULL) {
- error("%s: bn_rand_range2", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((v, "%s: v = ", __func__));
-
- /* g_v = g^v mod p */
- if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) {
- error("%s: BN_mod_exp (g^v mod p)", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
-
- /* h = H(g || g^v || g^x || id) */
- if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, g_v, g_x,
- id, idlen)) == NULL) {
- error("%s: schnorr_hash failed", __func__);
- goto out;
- }
-
- /* r = v - xh mod q */
- if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) {
- error("%s: BN_mod_mul (tmp = xv mod q)", __func__);
- goto out;
- }
- if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) {
- error("%s: BN_mod_mul (r = v - tmp)", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__));
- SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
-
- *e_p = g_v;
- *r_p = r;
-
- success = 0;
- out:
- BN_CTX_free(bn_ctx);
- if (h != NULL)
- BN_clear_free(h);
- if (v != NULL)
- BN_clear_free(v);
- BN_clear_free(tmp);
-
- return success;
-}
-
-/*
- * Generate Schnorr signature to prove knowledge of private value 'x' used
- * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
- * using a SHA256 hash.
- * 'idlen' bytes from 'id' will be included in the signature hash as an anti-
- * replay salt.
- * On success, 0 is returned and *siglen bytes of signature are returned in
- * *sig (caller to free). Returns -1 on failure.
- */
-int
-schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
- u_char **sig, u_int *siglen)
-{
- Buffer b;
- BIGNUM *r, *e;
-
- if (schnorr_sign(grp_p, grp_q, grp_g, EVP_sha256(),
- x, g_x, id, idlen, &r, &e) != 0)
- return -1;
-
- /* Signature is (e, r) */
- buffer_init(&b);
- /* XXX sigtype-hash as string? */
- buffer_put_bignum2(&b, e);
- buffer_put_bignum2(&b, r);
- *siglen = buffer_len(&b);
- *sig = xmalloc(*siglen);
- memcpy(*sig, buffer_ptr(&b), *siglen);
- SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
- "%s: sigblob", __func__));
- buffer_free(&b);
-
- BN_clear_free(r);
- BN_clear_free(e);
-
- return 0;
-}
-
-/*
- * Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against
- * public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and
- * 'grp_g' using hash "evp_md".
- * Signature hash will be salted with 'idlen' bytes from 'id'.
- * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
- */
-int
-schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen,
- const BIGNUM *r, const BIGNUM *e)
-{
- int success = -1;
- BIGNUM *h = NULL, *g_xh = NULL, *g_r = NULL, *gx_q = NULL;
- BIGNUM *expected = NULL;
- BN_CTX *bn_ctx;
-
- SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
-
- /* Avoid degenerate cases: g^0 yields a spoofable signature */
- if (BN_cmp(g_x, BN_value_one()) <= 0) {
- error("%s: g_x <= 1", __func__);
- return -1;
- }
- if (BN_cmp(g_x, grp_p) >= 0) {
- error("%s: g_x >= p", __func__);
- return -1;
- }
-
- h = g_xh = g_r = expected = NULL;
- if ((bn_ctx = BN_CTX_new()) == NULL) {
- error("%s: BN_CTX_new", __func__);
- goto out;
- }
- if ((g_xh = BN_new()) == NULL ||
- (g_r = BN_new()) == NULL ||
- (gx_q = BN_new()) == NULL ||
- (expected = BN_new()) == NULL) {
- error("%s: BN_new", __func__);
- goto out;
- }
-
- SCHNORR_DEBUG_BN((e, "%s: e = ", __func__));
- SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
-
- /* gx_q = (g^x)^q must === 1 mod p */
- if (BN_mod_exp(gx_q, g_x, grp_q, grp_p, bn_ctx) == -1) {
- error("%s: BN_mod_exp (g_x^q mod p)", __func__);
- goto out;
- }
- if (BN_cmp(gx_q, BN_value_one()) != 0) {
- error("%s: Invalid signature (g^x)^q != 1 mod p", __func__);
- goto out;
- }
-
- SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
- /* h = H(g || g^v || g^x || id) */
- if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x,
- id, idlen)) == NULL) {
- error("%s: schnorr_hash failed", __func__);
- goto out;
- }
-
- /* g_xh = (g^x)^h */
- if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) {
- error("%s: BN_mod_exp (g_x^h mod p)", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
-
- /* g_r = g^r */
- if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) {
- error("%s: BN_mod_exp (g_x^h mod p)", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__));
-
- /* expected = g^r * g_xh */
- if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) {
- error("%s: BN_mod_mul (expected = g_r mod p)", __func__);
- goto out;
- }
- SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__));
-
- /* Check e == expected */
- success = BN_cmp(expected, e) == 0;
- out:
- BN_CTX_free(bn_ctx);
- if (h != NULL)
- BN_clear_free(h);
- if (gx_q != NULL)
- BN_clear_free(gx_q);
- if (g_xh != NULL)
- BN_clear_free(g_xh);
- if (g_r != NULL)
- BN_clear_free(g_r);
- if (expected != NULL)
- BN_clear_free(expected);
- return success;
-}
-
-/*
- * Verify Schnorr signature 'sig' of length 'siglen' against public exponent
- * g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a
- * SHA256 hash.
- * Signature hash will be salted with 'idlen' bytes from 'id'.
- * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
- */
-int
-schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
- const BIGNUM *grp_g,
- const BIGNUM *g_x, const u_char *id, u_int idlen,
- const u_char *sig, u_int siglen)
-{
- Buffer b;
- int ret = -1;
- u_int rlen;
- BIGNUM *r, *e;
-
- e = r = NULL;
- if ((e = BN_new()) == NULL ||
- (r = BN_new()) == NULL) {
- error("%s: BN_new", __func__);
- goto out;
- }
-
- /* Extract g^v and r from signature blob */
- buffer_init(&b);
- buffer_append(&b, sig, siglen);
- SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
- "%s: sigblob", __func__));
- buffer_get_bignum2(&b, e);
- buffer_get_bignum2(&b, r);
- rlen = buffer_len(&b);
- buffer_free(&b);
- if (rlen != 0) {
- error("%s: remaining bytes in signature %d", __func__, rlen);
- goto out;
- }
-
- ret = schnorr_verify(grp_p, grp_q, grp_g, EVP_sha256(),
- g_x, id, idlen, r, e);
- out:
- BN_clear_free(e);
- BN_clear_free(r);
-
- return ret;
-}
-
-/* Helper functions */
-
-/*
- * Generate uniformly distributed random number in range (1, high).
- * Return number on success, NULL on failure.
- */
-BIGNUM *
-bn_rand_range_gt_one(const BIGNUM *high)
-{
- BIGNUM *r, *tmp;
- int success = -1;
-
- if ((tmp = BN_new()) == NULL) {
- error("%s: BN_new", __func__);
- return NULL;
- }
- if ((r = BN_new()) == NULL) {
- error("%s: BN_new failed", __func__);
- goto out;
- }
- if (BN_set_word(tmp, 2) != 1) {
- error("%s: BN_set_word(tmp, 2)", __func__);
- goto out;
- }
- if (BN_sub(tmp, high, tmp) == -1) {
- error("%s: BN_sub failed (tmp = high - 2)", __func__);
- goto out;
- }
- if (BN_rand_range(r, tmp) == -1) {
- error("%s: BN_rand_range failed", __func__);
- goto out;
- }
- if (BN_set_word(tmp, 2) != 1) {
- error("%s: BN_set_word(tmp, 2)", __func__);
- goto out;
- }
- if (BN_add(r, r, tmp) == -1) {
- error("%s: BN_add failed (r = r + 2)", __func__);
- goto out;
- }
- success = 0;
- out:
- BN_clear_free(tmp);
- if (success == 0)
- return r;
- BN_clear_free(r);
- return NULL;
-}
-
-/*
- * Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
- * with digest via 'digestp' (caller to free) and length via 'lenp'.
- * Returns -1 on failure.
- */
-int
-hash_buffer(const u_char *buf, u_int len, const EVP_MD *md,
- u_char **digestp, u_int *lenp)
-{
- u_char digest[EVP_MAX_MD_SIZE];
- u_int digest_len;
- EVP_MD_CTX evp_md_ctx;
- int success = -1;
-
- EVP_MD_CTX_init(&evp_md_ctx);
-
- if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) {
- error("%s: EVP_DigestInit_ex", __func__);
- goto out;
- }
- if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) {
- error("%s: EVP_DigestUpdate", __func__);
- goto out;
- }
- if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) {
- error("%s: EVP_DigestFinal_ex", __func__);
- goto out;
- }
- *digestp = xmalloc(digest_len);
- *lenp = digest_len;
- memcpy(*digestp, digest, *lenp);
- success = 0;
- out:
- EVP_MD_CTX_cleanup(&evp_md_ctx);
- bzero(digest, sizeof(digest));
- digest_len = 0;
- return success;
-}
-
-/* print formatted string followed by bignum */
-void
-debug3_bn(const BIGNUM *n, const char *fmt, ...)
-{
- char *out, *h;
- va_list args;
- int ret;
-
- out = NULL;
- va_start(args, fmt);
- ret = vasprintf(&out, fmt, args);
- va_end(args);
- if (ret == -1 || out == NULL)
- fatal("%s: vasprintf failed", __func__);
-
- if (n == NULL)
- debug3("%s(null)", out);
- else {
- h = BN_bn2hex(n);
- debug3("%s0x%s", out, h);
- free(h);
- }
- free(out);
-}
-
-/* print formatted string followed by buffer contents in hex */
-void
-debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
-{
- char *out, h[65];
- u_int i, j;
- va_list args;
- int ret;
-
- out = NULL;
- va_start(args, fmt);
- ret = vasprintf(&out, fmt, args);
- va_end(args);
- if (ret == -1 || out == NULL)
- fatal("%s: vasprintf failed", __func__);
-
- debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
- free(out);
- if (buf == NULL)
- return;
-
- *h = '\0';
- for (i = j = 0; i < len; i++) {
- snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
- j += 2;
- if (j >= sizeof(h) - 1 || i == len - 1) {
- debug3(" %s", h);
- *h = '\0';
- j = 0;
- }
- }
-}
-
-/*
- * Construct a MODP group from hex strings p (which must be a safe
- * prime) and g, automatically calculating subgroup q as (p / 2)
- */
-struct modp_group *
-modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p)
-{
- struct modp_group *ret;
-
- ret = xcalloc(1, sizeof(*ret));
- ret->p = ret->q = ret->g = NULL;
- if (BN_hex2bn(&ret->p, grp_p) == 0 ||
- BN_hex2bn(&ret->g, grp_g) == 0)
- fatal("%s: BN_hex2bn", __func__);
- /* Subgroup order is p/2 (p is a safe prime) */
- if ((ret->q = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- if (BN_rshift1(ret->q, ret->p) != 1)
- fatal("%s: BN_rshift1", __func__);
-
- return ret;
-}
-
-void
-modp_group_free(struct modp_group *grp)
-{
- if (grp->g != NULL)
- BN_clear_free(grp->g);
- if (grp->p != NULL)
- BN_clear_free(grp->p);
- if (grp->q != NULL)
- BN_clear_free(grp->q);
- bzero(grp, sizeof(*grp));
- free(grp);
-}
-
-/* main() function for self-test */
-
-#ifdef SCHNORR_MAIN
-static void
-schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
- const BIGNUM *grp_g, const BIGNUM *x)
-{
- BIGNUM *g_x;
- u_char *sig;
- u_int siglen;
- BN_CTX *bn_ctx;
-
- if ((bn_ctx = BN_CTX_new()) == NULL)
- fatal("%s: BN_CTX_new", __func__);
- if ((g_x = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1)
- fatal("%s: g_x", __func__);
- if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4,
- &sig, &siglen))
- fatal("%s: schnorr_sign", __func__);
- if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
- sig, siglen) != 1)
- fatal("%s: verify fail", __func__);
- if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
- sig, siglen) != 0)
- fatal("%s: verify should have failed (bad ID)", __func__);
- sig[4] ^= 1;
- if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
- sig, siglen) != 0)
- fatal("%s: verify should have failed (bit error)", __func__);
- free(sig);
- BN_free(g_x);
- BN_CTX_free(bn_ctx);
-}
-
-static void
-schnorr_selftest(void)
-{
- BIGNUM *x;
- struct modp_group *grp;
- u_int i;
- char *hh;
-
- grp = jpake_default_group();
- if ((x = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
- SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__));
- SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__));
- SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__));
-
- /* [1, 20) */
- for (i = 1; i < 20; i++) {
- printf("x = %u\n", i);
- fflush(stdout);
- if (BN_set_word(x, i) != 1)
- fatal("%s: set x word", __func__);
- schnorr_selftest_one(grp->p, grp->q, grp->g, x);
- }
-
- /* 100 x random [0, p) */
- for (i = 0; i < 100; i++) {
- if (BN_rand_range(x, grp->p) != 1)
- fatal("%s: BN_rand_range", __func__);
- hh = BN_bn2hex(x);
- printf("x = (random) 0x%s\n", hh);
- free(hh);
- fflush(stdout);
- schnorr_selftest_one(grp->p, grp->q, grp->g, x);
- }
-
- /* [q-20, q) */
- if (BN_set_word(x, 20) != 1)
- fatal("%s: BN_set_word (x = 20)", __func__);
- if (BN_sub(x, grp->q, x) != 1)
- fatal("%s: BN_sub (q - x)", __func__);
- for (i = 0; i < 19; i++) {
- hh = BN_bn2hex(x);
- printf("x = (q - %d) 0x%s\n", 20 - i, hh);
- free(hh);
- fflush(stdout);
- schnorr_selftest_one(grp->p, grp->q, grp->g, x);
- if (BN_add(x, x, BN_value_one()) != 1)
- fatal("%s: BN_add (x + 1)", __func__);
- }
- BN_free(x);
-}
-
-int
-main(int argc, char **argv)
-{
- log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1);
-
- schnorr_selftest();
- return 0;
-}
-#endif
-
Deleted: vendor-crypto/openssh/dist/schnorr.h
===================================================================
--- vendor-crypto/openssh/dist/schnorr.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/schnorr.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,60 +0,0 @@
-/* $OpenBSD: schnorr.h,v 1.1 2009/03/05 07:18:19 djm Exp $ */
-/*
- * Copyright (c) 2009 Damien Miller. All rights reserved.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef SCHNORR_H
-#define SCHNORR_H
-
-#include <sys/types.h>
-
-#include <openssl/bn.h>
-
-struct modp_group {
- BIGNUM *p, *q, *g;
-};
-
-BIGNUM *bn_rand_range_gt_one(const BIGNUM *high);
-int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *);
-void debug3_bn(const BIGNUM *, const char *, ...)
- __attribute__((__nonnull__ (2)))
- __attribute__((format(printf, 2, 3)));
-void debug3_buf(const u_char *, u_int, const char *, ...)
- __attribute__((__nonnull__ (3)))
- __attribute__((format(printf, 3, 4)));
-struct modp_group *modp_group_from_g_and_safe_p(const char *, const char *);
-void modp_group_free(struct modp_group *);
-
-/* Signature and verification functions */
-int
-schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x,
- const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p);
-int
-schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
- u_char **sig, u_int *siglen);
-int
-schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
- const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen,
- const BIGNUM *r, const BIGNUM *e);
-int
-schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
- const BIGNUM *grp_g,
- const BIGNUM *g_x, const u_char *id, u_int idlen,
- const u_char *sig, u_int siglen);
-
-#endif /* JPAKE_H */
-
Modified: vendor-crypto/openssh/dist/scp.0
===================================================================
--- vendor-crypto/openssh/dist/scp.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/scp.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -67,6 +67,11 @@
AddressFamily
BatchMode
BindAddress
+ CanonicalDomains
+ CanonicalizeFallbackLocal
+ CanonicalizeHostname
+ CanonicalizeMaxDots
+ CanonicalizePermittedCNAMEs
ChallengeResponseAuthentication
CheckHostIP
Cipher
@@ -155,4 +160,4 @@
Timo Rinne <tri at iki.fi>
Tatu Ylonen <ylo at cs.hut.fi>
-OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
+OpenBSD 5.5 October 20, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/scp.1
===================================================================
--- vendor-crypto/openssh/dist/scp.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/scp.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: scp.1,v 1.61 2013/10/20 09:51:26 djm Exp $
.\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: October 20 2013 $
.Dt SCP 1
.Os
.Sh NAME
@@ -130,6 +130,11 @@
.It AddressFamily
.It BatchMode
.It BindAddress
+.It CanonicalDomains
+.It CanonicalizeFallbackLocal
+.It CanonicalizeHostname
+.It CanonicalizeMaxDots
+.It CanonicalizePermittedCNAMEs
.It ChallengeResponseAuthentication
.It CheckHostIP
.It Cipher
@@ -232,8 +237,9 @@
.Nm
is based on the
.Xr rcp 1
-program in BSD source code from the Regents of the University of
-California.
+program in
+.Bx
+source code from the Regents of the University of California.
.Sh AUTHORS
.An Timo Rinne Aq Mt tri at iki.fi
.An Tatu Ylonen Aq Mt ylo at cs.hut.fi
Modified: vendor-crypto/openssh/dist/scp.c
===================================================================
--- vendor-crypto/openssh/dist/scp.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/scp.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.178 2013/06/22 06:31:57 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.179 2013/11/20 20:53:10 deraadt Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -1023,7 +1023,7 @@
if (*cp++ != ' ')
SCREWUP("mode not delimited");
- for (size = 0; isdigit(*cp);)
+ for (size = 0; isdigit((unsigned char)*cp);)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
@@ -1287,7 +1287,7 @@
c = (int)*cp;
if (c & 0200)
goto bad;
- if (!isalpha(c) && !isdigit(c)) {
+ if (!isalpha(c) && !isdigit((unsigned char)c)) {
switch (c) {
case '\'':
case '"':
Modified: vendor-crypto/openssh/dist/servconf.c
===================================================================
--- vendor-crypto/openssh/dist/servconf.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/servconf.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.249 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -92,6 +92,7 @@
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->x11_use_localhost = -1;
+ options->permit_tty = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
options->tcp_keep_alive = -1;
@@ -146,7 +147,6 @@
options->chroot_directory = NULL;
options->authorized_keys_command = NULL;
options->authorized_keys_command_user = NULL;
- options->zero_knowledge_password_authentication = -1;
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
@@ -179,6 +179,8 @@
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_ECDSA_KEY_FILE;
#endif
+ options->host_key_files[options->num_host_key_files++] =
+ _PATH_HOST_ED25519_KEY_FILE;
}
}
/* No certificates by default */
@@ -212,6 +214,8 @@
options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
+ if (options->permit_tty == -1)
+ options->permit_tty = 1;
if (options->strict_modes == -1)
options->strict_modes = 1;
if (options->tcp_keep_alive == -1)
@@ -290,8 +294,6 @@
}
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
- if (options->zero_knowledge_password_authentication == -1)
- options->zero_knowledge_password_authentication = 0;
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
@@ -329,7 +331,7 @@
sListenAddress, sAddressFamily,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
- sStrictModes, sEmptyPasswd, sTCPKeepAlive,
+ sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -341,7 +343,7 @@
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
+ sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
@@ -413,11 +415,6 @@
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
-#ifdef JPAKE
- { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL },
-#else
- { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL },
-#endif
{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
@@ -462,6 +459,7 @@
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
+ { "permittty", sPermitTTY, SSHCFG_ALL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
@@ -641,13 +639,13 @@
/*
* All of the attributes on a single Match line are ANDed together, so we need
- * to check every * attribute and set the result to zero if any attribute does
+ * to check every attribute and set the result to zero if any attribute does
* not match.
*/
static int
match_cfg_line(char **condition, int line, struct connection_info *ci)
{
- int result = 1, port;
+ int result = 1, attributes = 0, port;
char *arg, *attrib, *cp = *condition;
size_t len;
@@ -661,6 +659,17 @@
ci->laddress ? ci->laddress : "(null)", ci->lport);
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
+ attributes++;
+ if (strcasecmp(attrib, "all") == 0) {
+ if (attributes != 1 ||
+ ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
+ error("'all' cannot be combined with other "
+ "Match attributes");
+ return -1;
+ }
+ *condition = cp;
+ return 1;
+ }
if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
error("Missing Match criteria for %s", attrib);
return -1;
@@ -754,6 +763,10 @@
return -1;
}
}
+ if (attributes == 0) {
+ error("One or more attributes required for Match");
+ return -1;
+ }
if (ci != NULL)
debug3("match %sfound", result ? "" : "not ");
*condition = cp;
@@ -1081,10 +1094,6 @@
intptr = &options->password_authentication;
goto parse_flag;
- case sZeroKnowledgePasswordAuthentication:
- intptr = &options->zero_knowledge_password_authentication;
- goto parse_flag;
-
case sKbdInteractiveAuthentication:
intptr = &options->kbd_interactive_authentication;
goto parse_flag;
@@ -1117,6 +1126,10 @@
charptr = &options->xauth_location;
goto parse_filename;
+ case sPermitTTY:
+ intptr = &options->permit_tty;
+ goto parse_flag;
+
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
@@ -1719,24 +1732,6 @@
return 0; /* partial */
}
-/* Helper macros */
-#define M_CP_INTOPT(n) do {\
- if (src->n != -1) \
- dst->n = src->n; \
-} while (0)
-#define M_CP_STROPT(n) do {\
- if (src->n != NULL) { \
- free(dst->n); \
- dst->n = src->n; \
- } \
-} while(0)
-#define M_CP_STRARRAYOPT(n, num_n) do {\
- if (src->num_n != 0) { \
- for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
- dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
- } \
-} while(0)
-
/*
* Copy any supported values that are set.
*
@@ -1747,6 +1742,11 @@
void
copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
+#define M_CP_INTOPT(n) do {\
+ if (src->n != -1) \
+ dst->n = src->n; \
+} while (0)
+
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
@@ -1755,9 +1755,6 @@
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
- M_CP_INTOPT(zero_knowledge_password_authentication);
- M_CP_STROPT(authorized_keys_command);
- M_CP_STROPT(authorized_keys_command_user);
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
@@ -1768,6 +1765,7 @@
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
+ M_CP_INTOPT(permit_tty);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
@@ -1775,6 +1773,20 @@
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
+ /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+#define M_CP_STROPT(n) do {\
+ if (src->n != NULL && dst->n != src->n) { \
+ free(dst->n); \
+ dst->n = src->n; \
+ } \
+} while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+ if (src->num_n != 0) { \
+ for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+ dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+ } \
+} while(0)
+
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
@@ -1985,10 +1997,6 @@
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
#endif
-#ifdef JPAKE
- dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
- o->zero_knowledge_password_authentication);
-#endif
dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(sKbdInteractiveAuthentication,
o->kbd_interactive_authentication);
@@ -1998,6 +2006,7 @@
dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ dump_cfg_fmtint(sPermitTTY, o->permit_tty);
dump_cfg_fmtint(sStrictModes, o->strict_modes);
dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
@@ -2012,8 +2021,9 @@
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
dump_cfg_string(sXAuthLocation, o->xauth_location);
- dump_cfg_string(sCiphers, o->ciphers);
- dump_cfg_string(sMacs, o->macs);
+ dump_cfg_string(sCiphers, o->ciphers ? o->ciphers :
+ cipher_alg_list(',', 0));
+ dump_cfg_string(sMacs, o->macs ? o->macs : mac_alg_list(','));
dump_cfg_string(sBanner, o->banner);
dump_cfg_string(sForceCommand, o->adm_forced_command);
dump_cfg_string(sChrootDirectory, o->chroot_directory);
@@ -2025,6 +2035,8 @@
dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
+ dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms :
+ kex_alg_list(','));
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
@@ -2063,7 +2075,8 @@
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
printf("%s\n", iptos2str(o->ip_qos_bulk));
- printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval);
+ printf("rekeylimit %lld %d\n", (long long)o->rekey_limit,
+ o->rekey_interval);
channel_print_adm_permitted_opens();
}
Modified: vendor-crypto/openssh/dist/servconf.h
===================================================================
--- vendor-crypto/openssh/dist/servconf.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/servconf.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.112 2014/01/29 06:18:35 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -82,6 +82,7 @@
* searching at */
int x11_use_localhost; /* If true, use localhost for fake X11 server. */
char *xauth_location; /* Location of xauth program */
+ int permit_tty; /* If false, deny pty allocation */
int strict_modes; /* If true, require string home dir modes. */
int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
@@ -116,8 +117,6 @@
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
int challenge_response_authentication;
- int zero_knowledge_password_authentication;
- /* If true, permit jpake auth */
int permit_empty_passwd; /* If false, do not permit empty
* passwords. */
int permit_user_env; /* If true, read ~/.ssh/environment */
@@ -201,6 +200,9 @@
* Match sub-config and the main config, and must be sent from the
* privsep slave to the privsep master. We use a macro to ensure all
* the options are copied and the copies are done in the correct order.
+ *
+ * NB. an option must appear in servconf.c:copy_set_server_options() or
+ * COPY_MATCH_STRING_OPTS here but never both.
*/
#define COPY_MATCH_STRING_OPTS() do { \
M_CP_STROPT(banner); \
Modified: vendor-crypto/openssh/dist/serverloop.c
===================================================================
--- vendor-crypto/openssh/dist/serverloop.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/serverloop.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -304,7 +304,8 @@
if (compat20 &&
max_time_milliseconds == 0 && options.client_alive_interval) {
client_alive_scheduled = 1;
- max_time_milliseconds = options.client_alive_interval * 1000;
+ max_time_milliseconds =
+ (u_int64_t)options.client_alive_interval * 1000;
}
if (compat20) {
@@ -919,7 +920,7 @@
data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stdin_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
Modified: vendor-crypto/openssh/dist/session.c
===================================================================
--- vendor-crypto/openssh/dist/session.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/session.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -441,7 +441,7 @@
}
}
-#define USE_PIPES
+#define USE_PIPES 1
/*
* This is called to fork and execute a command when we have no tty. This
* will call do_child from the child, and server_loop from the parent after
@@ -794,27 +794,50 @@
do_exec(Session *s, const char *command)
{
int ret;
+ const char *forced = NULL;
+ char session_type[1024], *tty = NULL;
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
- if (IS_INTERNAL_SFTP(command)) {
- s->is_subsystem = s->is_subsystem ?
- SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
- } else if (s->is_subsystem)
- s->is_subsystem = SUBSYSTEM_EXT;
- debug("Forced command (config) '%.900s'", command);
+ forced = "(config)";
} else if (forced_command) {
original_command = command;
command = forced_command;
+ forced = "(key-option)";
+ }
+ if (forced != NULL) {
if (IS_INTERNAL_SFTP(command)) {
s->is_subsystem = s->is_subsystem ?
SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
} else if (s->is_subsystem)
s->is_subsystem = SUBSYSTEM_EXT;
- debug("Forced command (key option) '%.900s'", command);
+ snprintf(session_type, sizeof(session_type),
+ "forced-command %s '%.900s'", forced, command);
+ } else if (s->is_subsystem) {
+ snprintf(session_type, sizeof(session_type),
+ "subsystem '%.900s'", s->subsys);
+ } else if (command == NULL) {
+ snprintf(session_type, sizeof(session_type), "shell");
+ } else {
+ /* NB. we don't log unforced commands to preserve privacy */
+ snprintf(session_type, sizeof(session_type), "command");
}
+ if (s->ttyfd != -1) {
+ tty = s->tty;
+ if (strncmp(tty, "/dev/", 5) == 0)
+ tty += 5;
+ }
+
+ verbose("Starting session: %s%s%s for %s from %.200s port %d",
+ session_type,
+ tty == NULL ? "" : " on ",
+ tty == NULL ? "" : tty,
+ s->pw->pw_name,
+ get_remote_ipaddr(),
+ get_remote_port());
+
#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
@@ -955,6 +978,11 @@
u_int envsize;
u_int i, namelen;
+ if (strchr(name, '=') != NULL) {
+ error("Invalid environment variable \"%.100s\"", name);
+ return;
+ }
+
/*
* If we're passed an uninitialized list, allocate a single null
* entry before continuing.
@@ -1529,6 +1557,11 @@
*/
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
#else
+# ifdef USE_LIBIAF
+ if (set_id(pw->pw_name) != 0) {
+ fatal("set_id(%s) Failed", pw->pw_name);
+ }
+# endif /* USE_LIBIAF */
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@@ -1861,7 +1894,7 @@
fatal("%s: insane session id %d (max %d nalloc %d)",
__func__, id, options.max_sessions, sessions_nalloc);
}
- bzero(&sessions[id], sizeof(*sessions));
+ memset(&sessions[id], 0, sizeof(*sessions));
sessions[id].self = id;
sessions[id].used = 0;
sessions[id].chanid = -1;
@@ -2039,7 +2072,7 @@
u_int len;
int n_bytes;
- if (no_pty_flag) {
+ if (no_pty_flag || !options.permit_tty) {
debug("Allocating a pty not permitted for this authentication.");
return 0;
}
@@ -2100,15 +2133,16 @@
struct stat st;
u_int len;
int success = 0;
- char *prog, *cmd, *subsys = packet_get_string(&len);
+ char *prog, *cmd;
u_int i;
+ s->subsys = packet_get_string(&len);
packet_check_eom();
- logit("subsystem request for %.100s by user %s", subsys,
+ debug2("subsystem request for %.100s by user %s", s->subsys,
s->pw->pw_name);
for (i = 0; i < options.num_subsystems; i++) {
- if (strcmp(subsys, options.subsystem_name[i]) == 0) {
+ if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
prog = options.subsystem_command[i];
cmd = options.subsystem_args[i];
if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
@@ -2127,10 +2161,9 @@
}
if (!success)
- logit("subsystem request for %.100s failed, subsystem not found",
- subsys);
+ logit("subsystem request for %.100s by user %s failed, "
+ "subsystem not found", s->subsys, s->pw->pw_name);
- free(subsys);
return success;
}
@@ -2197,8 +2230,8 @@
char *name, *val;
u_int name_len, val_len, i;
- name = packet_get_string(&name_len);
- val = packet_get_string(&val_len);
+ name = packet_get_cstring(&name_len);
+ val = packet_get_cstring(&val_len);
packet_check_eom();
/* Don't set too many environment variables */
@@ -2481,6 +2514,7 @@
free(s->auth_display);
free(s->auth_data);
free(s->auth_proto);
+ free(s->subsys);
if (s->env != NULL) {
for (i = 0; i < s->num_env; i++) {
free(s->env[i].name);
Modified: vendor-crypto/openssh/dist/session.h
===================================================================
--- vendor-crypto/openssh/dist/session.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/session.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
+/* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -55,6 +55,7 @@
int chanid;
int *x11_chanids;
int is_subsystem;
+ char *subsys;
u_int num_env;
struct {
char *name;
Modified: vendor-crypto/openssh/dist/sftp-client.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-client.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-client.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.108 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.114 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -42,6 +42,7 @@
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -76,6 +77,7 @@
#define SFTP_EXT_STATVFS 0x00000002
#define SFTP_EXT_FSTATVFS 0x00000004
#define SFTP_EXT_HARDLINK 0x00000008
+#define SFTP_EXT_FSYNC 0x00000010
u_int exts;
u_int64_t limit_kbps;
struct bwlimit bwlimit_in, bwlimit_out;
@@ -308,7 +310,7 @@
SSH2_FXP_EXTENDED_REPLY, type);
}
- bzero(st, sizeof(*st));
+ memset(st, 0, sizeof(*st));
st->f_bsize = buffer_get_int64(&msg);
st->f_frsize = buffer_get_int64(&msg);
st->f_blocks = buffer_get_int64(&msg);
@@ -337,7 +339,8 @@
Buffer msg;
struct sftp_conn *ret;
- ret = xmalloc(sizeof(*ret));
+ ret = xcalloc(1, sizeof(*ret));
+ ret->msg_id = 1;
ret->fd_in = fd_in;
ret->fd_out = fd_out;
ret->transfer_buflen = transfer_buflen;
@@ -387,6 +390,10 @@
strcmp(value, "1") == 0) {
ret->exts |= SFTP_EXT_HARDLINK;
known = 1;
+ } else if (strcmp(name, "fsync at openssh.com") == 0 &&
+ strcmp(value, "1") == 0) {
+ ret->exts |= SFTP_EXT_FSYNC;
+ known = 1;
}
if (known) {
debug2("Server supports extension \"%s\" revision %s",
@@ -447,13 +454,17 @@
static int
-do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
+do_lsreaddir(struct sftp_conn *conn, char *path, int print_flag,
SFTP_DIRENT ***dir)
{
Buffer msg;
u_int count, type, id, handle_len, i, expected_id, ents = 0;
char *handle;
+ int status = SSH2_FX_FAILURE;
+ if (dir)
+ *dir = NULL;
+
id = conn->msg_id++;
buffer_init(&msg);
@@ -499,20 +510,12 @@
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
- int status = buffer_get_int(&msg);
-
+ status = buffer_get_int(&msg);
debug3("Received SSH2_FXP_STATUS %d", status);
-
- if (status == SSH2_FX_EOF) {
+ if (status == SSH2_FX_EOF)
break;
- } else {
- error("Couldn't read directory: %s",
- fx2txt(status));
- do_close(conn, handle, handle_len);
- free(handle);
- buffer_free(&msg);
- return(status);
- }
+ error("Couldn't read directory: %s", fx2txt(status));
+ goto out;
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
@@ -529,7 +532,7 @@
longname = buffer_get_string(&msg, NULL);
a = decode_attrib(&msg);
- if (printflag)
+ if (print_flag)
printf("%s\n", longname);
/*
@@ -540,10 +543,7 @@
if (strchr(filename, '/') != NULL) {
error("Server sent suspect path \"%s\" "
"during readdir of \"%s\"", filename, path);
- goto next;
- }
-
- if (dir) {
+ } else if (dir) {
*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
(*dir)[ents] = xcalloc(1, sizeof(***dir));
(*dir)[ents]->filename = xstrdup(filename);
@@ -551,24 +551,29 @@
memcpy(&(*dir)[ents]->a, a, sizeof(*a));
(*dir)[++ents] = NULL;
}
- next:
free(filename);
free(longname);
}
}
+ status = 0;
+ out:
buffer_free(&msg);
do_close(conn, handle, handle_len);
free(handle);
- /* Don't return partial matches on interrupt */
- if (interrupted && dir != NULL && *dir != NULL) {
+ if (status != 0 && dir != NULL) {
+ /* Don't return results on error */
free_sftp_dirents(*dir);
+ *dir = NULL;
+ } else if (interrupted && dir != NULL && *dir != NULL) {
+ /* Don't return partial matches on interrupt */
+ free_sftp_dirents(*dir);
*dir = xcalloc(1, sizeof(**dir));
**dir = NULL;
}
- return 0;
+ return status;
}
int
@@ -581,6 +586,8 @@
{
int i;
+ if (s == NULL)
+ return;
for (i = 0; s[i]; i++) {
free(s[i]->filename);
free(s[i]->longname);
@@ -605,7 +612,7 @@
}
int
-do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag)
+do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int print_flag)
{
u_int status, id;
@@ -614,7 +621,7 @@
strlen(path), a);
status = get_status(conn, id);
- if (status != SSH2_FX_OK && printflag)
+ if (status != SSH2_FX_OK && print_flag)
error("Couldn't create directory: %s", fx2txt(status));
return(status);
@@ -742,7 +749,7 @@
if (type == SSH2_FXP_STATUS) {
u_int status = buffer_get_int(&msg);
- error("Couldn't canonicalise: %s", fx2txt(status));
+ error("Couldn't canonicalize: %s", fx2txt(status));
buffer_free(&msg);
return NULL;
} else if (type != SSH2_FXP_NAME)
@@ -768,16 +775,18 @@
}
int
-do_rename(struct sftp_conn *conn, char *oldpath, char *newpath)
+do_rename(struct sftp_conn *conn, char *oldpath, char *newpath,
+ int force_legacy)
{
Buffer msg;
u_int status, id;
+ int use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
buffer_init(&msg);
/* Send rename request */
id = conn->msg_id++;
- if ((conn->exts & SFTP_EXT_POSIX_RENAME)) {
+ if (use_ext) {
buffer_put_char(&msg, SSH2_FXP_EXTENDED);
buffer_put_int(&msg, id);
buffer_put_cstring(&msg, "posix-rename at openssh.com");
@@ -789,8 +798,8 @@
buffer_put_cstring(&msg, newpath);
send_msg(conn, &msg);
debug3("Sent message %s \"%s\" -> \"%s\"",
- (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename at openssh.com" :
- "SSH2_FXP_RENAME", oldpath, newpath);
+ use_ext ? "posix-rename at openssh.com" : "SSH2_FXP_RENAME",
+ oldpath, newpath);
buffer_free(&msg);
status = get_status(conn, id);
@@ -866,6 +875,36 @@
return(status);
}
+int
+do_fsync(struct sftp_conn *conn, char *handle, u_int handle_len)
+{
+ Buffer msg;
+ u_int status, id;
+
+ /* Silently return if the extension is not supported */
+ if ((conn->exts & SFTP_EXT_FSYNC) == 0)
+ return -1;
+
+ buffer_init(&msg);
+
+ /* Send fsync request */
+ id = conn->msg_id++;
+
+ buffer_put_char(&msg, SSH2_FXP_EXTENDED);
+ buffer_put_int(&msg, id);
+ buffer_put_cstring(&msg, "fsync at openssh.com");
+ buffer_put_string(&msg, handle, handle_len);
+ send_msg(conn, &msg);
+ debug3("Sent message fsync at openssh.com I:%u", id);
+ buffer_free(&msg);
+
+ status = get_status(conn, id);
+ if (status != SSH2_FX_OK)
+ error("Couldn't sync file: %s", fx2txt(status));
+
+ return status;
+}
+
#ifdef notyet
char *
do_readlink(struct sftp_conn *conn, char *path)
@@ -988,7 +1027,7 @@
int
do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
- Attrib *a, int pflag, int resume)
+ Attrib *a, int preserve_flag, int resume_flag, int fsync_flag)
{
Attrib junk;
Buffer msg;
@@ -1051,8 +1090,8 @@
return(-1);
}
- local_fd = open(local_path, O_WRONLY | O_CREAT | (resume ? 0 : O_TRUNC),
- mode | S_IWUSR);
+ local_fd = open(local_path,
+ O_WRONLY | O_CREAT | (resume_flag ? 0 : O_TRUNC), mode | S_IWUSR);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
@@ -1059,13 +1098,17 @@
goto fail;
}
offset = highwater = 0;
- if (resume) {
+ if (resume_flag) {
if (fstat(local_fd, &st) == -1) {
error("Unable to stat local file \"%s\": %s",
local_path, strerror(errno));
goto fail;
}
- if ((size_t)st.st_size > size) {
+ if (st.st_size < 0) {
+ error("\"%s\" has negative size", local_path);
+ goto fail;
+ }
+ if ((u_int64_t)st.st_size > size) {
error("Unable to resume download of \"%s\": "
"local file is larger than remote", local_path);
fail:
@@ -1072,6 +1115,8 @@
do_close(conn, handle, handle_len);
buffer_free(&msg);
free(handle);
+ if (local_fd != -1)
+ close(local_fd);
return -1;
}
offset = highwater = st.st_size;
@@ -1209,7 +1254,7 @@
fatal("Transfer complete, but requests still in queue");
/* Truncate at highest contiguous point to avoid holes on interrupt */
if (read_error || write_error || interrupted) {
- if (reordered && resume) {
+ if (reordered && resume_flag) {
error("Unable to resume download of \"%s\": "
"server reordered requests", local_path);
}
@@ -1219,6 +1264,7 @@
if (read_error) {
error("Couldn't read from remote file \"%s\" : %s",
remote_path, fx2txt(status));
+ status = -1;
do_close(conn, handle, handle_len);
} else if (write_error) {
error("Couldn't write to \"%s\": %s", local_path,
@@ -1227,17 +1273,18 @@
do_close(conn, handle, handle_len);
} else {
status = do_close(conn, handle, handle_len);
- if (interrupted)
+ if (interrupted || status != SSH2_FX_OK)
status = -1;
/* Override umask and utimes if asked */
#ifdef HAVE_FCHMOD
- if (pflag && fchmod(local_fd, mode) == -1)
+ if (preserve_flag && fchmod(local_fd, mode) == -1)
#else
- if (pflag && chmod(local_path, mode) == -1)
+ if (preserve_flag && chmod(local_path, mode) == -1)
#endif /* HAVE_FCHMOD */
error("Couldn't set mode on \"%s\": %s", local_path,
strerror(errno));
- if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
+ if (preserve_flag &&
+ (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
struct timeval tv[2];
tv[0].tv_sec = a->atime;
tv[1].tv_sec = a->mtime;
@@ -1246,6 +1293,12 @@
error("Can't set times on \"%s\": %s",
local_path, strerror(errno));
}
+ if (fsync_flag) {
+ debug("syncing \"%s\"", local_path);
+ if (fsync(local_fd) == -1)
+ error("Couldn't sync file \"%s\": %s",
+ local_path, strerror(errno));
+ }
}
close(local_fd);
buffer_free(&msg);
@@ -1255,8 +1308,9 @@
}
static int
-download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
- Attrib *dirattrib, int pflag, int printflag, int depth, int resume)
+download_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
+ Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag,
+ int fsync_flag)
{
int i, ret = 0;
SFTP_DIRENT **dir_entries;
@@ -1277,7 +1331,7 @@
error("\"%s\" is not a directory", src);
return -1;
}
- if (printflag)
+ if (print_flag)
printf("Retrieving %s\n", src);
if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
@@ -1308,12 +1362,13 @@
strcmp(filename, "..") == 0)
continue;
if (download_dir_internal(conn, new_src, new_dst,
- &(dir_entries[i]->a), pflag, printflag,
- depth + 1, resume) == -1)
+ depth + 1, &(dir_entries[i]->a), preserve_flag,
+ print_flag, resume_flag, fsync_flag) == -1)
ret = -1;
} else if (S_ISREG(dir_entries[i]->a.perm) ) {
if (do_download(conn, new_src, new_dst,
- &(dir_entries[i]->a), pflag, resume) == -1) {
+ &(dir_entries[i]->a), preserve_flag,
+ resume_flag, fsync_flag) == -1) {
error("Download of file %s to %s failed",
new_src, new_dst);
ret = -1;
@@ -1325,7 +1380,7 @@
free(new_src);
}
- if (pflag) {
+ if (preserve_flag) {
if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
struct timeval tv[2];
tv[0].tv_sec = dirattrib->atime;
@@ -1346,18 +1401,19 @@
int
download_dir(struct sftp_conn *conn, char *src, char *dst,
- Attrib *dirattrib, int pflag, int printflag, int resume)
+ Attrib *dirattrib, int preserve_flag, int print_flag,
+ int resume_flag, int fsync_flag)
{
char *src_canon;
int ret;
if ((src_canon = do_realpath(conn, src)) == NULL) {
- error("Unable to canonicalise path \"%s\"", src);
+ error("Unable to canonicalize path \"%s\"", src);
return -1;
}
- ret = download_dir_internal(conn, src_canon, dst,
- dirattrib, pflag, printflag, 0, resume);
+ ret = download_dir_internal(conn, src_canon, dst, 0,
+ dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag);
free(src_canon);
return ret;
}
@@ -1364,7 +1420,7 @@
int
do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
- int pflag)
+ int preserve_flag, int fsync_flag)
{
int local_fd;
int status = SSH2_FX_OK;
@@ -1408,7 +1464,7 @@
a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
a.perm &= 0777;
- if (!pflag)
+ if (!preserve_flag)
a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
buffer_init(&msg);
@@ -1537,9 +1593,12 @@
}
/* Override umask and utimes if asked */
- if (pflag)
+ if (preserve_flag)
do_fsetstat(conn, handle, handle_len, &a);
+ if (fsync_flag)
+ (void)do_fsync(conn, handle, handle_len);
+
if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
status = -1;
free(handle);
@@ -1548,8 +1607,8 @@
}
static int
-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
- int pflag, int printflag, int depth)
+upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
+ int preserve_flag, int print_flag, int fsync_flag)
{
int ret = 0, status;
DIR *dirp;
@@ -1572,7 +1631,7 @@
error("\"%s\" is not a directory", src);
return -1;
}
- if (printflag)
+ if (print_flag)
printf("Entering %s\n", src);
attrib_clear(&a);
@@ -1580,7 +1639,7 @@
a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
a.perm &= 01777;
- if (!pflag)
+ if (!preserve_flag)
a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
status = do_mkdir(conn, dst, &a, 0);
@@ -1618,10 +1677,12 @@
continue;
if (upload_dir_internal(conn, new_src, new_dst,
- pflag, printflag, depth + 1) == -1)
+ depth + 1, preserve_flag, print_flag,
+ fsync_flag) == -1)
ret = -1;
} else if (S_ISREG(sb.st_mode)) {
- if (do_upload(conn, new_src, new_dst, pflag) == -1) {
+ if (do_upload(conn, new_src, new_dst,
+ preserve_flag, fsync_flag) == -1) {
error("Uploading of file %s to %s failed!",
new_src, new_dst);
ret = -1;
@@ -1639,18 +1700,20 @@
}
int
-upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
- int pflag)
+upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
+ int print_flag, int fsync_flag)
{
char *dst_canon;
int ret;
if ((dst_canon = do_realpath(conn, dst)) == NULL) {
- error("Unable to canonicalise path \"%s\"", dst);
+ error("Unable to canonicalize path \"%s\"", dst);
return -1;
}
- ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0);
+ ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag,
+ print_flag, fsync_flag);
+
free(dst_canon);
return ret;
}
Modified: vendor-crypto/openssh/dist/sftp-client.h
===================================================================
--- vendor-crypto/openssh/dist/sftp-client.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-client.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.24 2013/10/17 00:30:13 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
@@ -92,7 +92,7 @@
int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
/* Rename 'oldpath' to 'newpath' */
-int do_rename(struct sftp_conn *, char *, char *);
+int do_rename(struct sftp_conn *, char *, char *m, int force_legacy);
/* Link 'oldpath' to 'newpath' */
int do_hardlink(struct sftp_conn *, char *, char *);
@@ -100,31 +100,33 @@
/* Rename 'oldpath' to 'newpath' */
int do_symlink(struct sftp_conn *, char *, char *);
-/* XXX: add callbacks to do_download/do_upload so we can do progress meter */
+/* Call fsync() on open file 'handle' */
+int do_fsync(struct sftp_conn *conn, char *, u_int);
/*
* Download 'remote_path' to 'local_path'. Preserve permissions and times
* if 'pflag' is set
*/
-int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int);
+int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int, int);
/*
* Recursively download 'remote_directory' to 'local_directory'. Preserve
* times if 'pflag' is set
*/
-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int, int);
+int download_dir(struct sftp_conn *, char *, char *, Attrib *, int,
+ int, int, int);
/*
* Upload 'local_path' to 'remote_path'. Preserve permissions and times
* if 'pflag' is set
*/
-int do_upload(struct sftp_conn *, char *, char *, int);
+int do_upload(struct sftp_conn *, char *, char *, int, int);
/*
* Recursively upload 'local_directory' to 'remote_directory'. Preserve
* times if 'pflag' is set
*/
-int upload_dir(struct sftp_conn *, char *, char *, int, int);
+int upload_dir(struct sftp_conn *, char *, char *, int, int, int);
/* Concatenate paths, taking care of slashes. Caller must free result. */
char *path_append(char *, char *);
Modified: vendor-crypto/openssh/dist/sftp-common.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-common.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-common.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sftp-common.c,v 1.26 2014/01/09 03:26:00 guenther Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Damien Miller. All rights reserved.
@@ -33,6 +33,7 @@
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <stdarg.h>
@@ -194,6 +195,7 @@
char *user, *group;
char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
char sbuf[FMT_SCALED_STRSIZE];
+ time_t now;
strmode(st->st_mode, mode);
if (!remote) {
@@ -209,7 +211,9 @@
group = gbuf;
}
if (ltime != NULL) {
- if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
+ now = time(NULL);
+ if (now - (365*24*60*60)/2 < st->st_mtime &&
+ now >= st->st_mtime)
sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
else
sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
Modified: vendor-crypto/openssh/dist/sftp-glob.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-glob.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-glob.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-glob.c,v 1.25 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: sftp-glob.c,v 1.26 2013/11/08 11:15:19 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -23,6 +23,7 @@
#endif
#include <dirent.h>
+#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
Modified: vendor-crypto/openssh/dist/sftp-server.0
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-server.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -5,7 +5,9 @@
SYNOPSIS
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
+ [-P blacklisted_requests] [-p whitelisted_requests]
[-u umask]
+ sftp-server -Q protocol_feature
DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to
@@ -46,6 +48,26 @@
DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
levels of debugging output. The default is ERROR.
+ -P blacklisted_requests
+ Specify a comma-separated list of SFTP protocol requests that are
+ banned by the server. sftp-server will reply to any blacklisted
+ request with a failure. The -Q flag can be used to determine the
+ supported request types. If both a blacklist and a whitelist are
+ specified, then the blacklist is applied before the whitelist.
+
+ -p whitelisted_requests
+ Specify a comma-separated list of SFTP protocol requests that are
+ permitted by the server. All request types that are not on the
+ whitelist will be logged and replied to with a failure message.
+
+ Care must be taken when using this feature to ensure that
+ requests made implicitly by SFTP clients are permitted.
+
+ -Q protocol_feature
+ Query protocol features supported by sftp-server. At present the
+ only feature that may be queried is ``requests'', which may be
+ used for black or whitelisting (flags -P and -p respectively).
+
-R Places this instance of sftp-server into a read-only mode.
Attempts to open files for writing, as well as other operations
that change the state of the filesystem, will be denied.
@@ -70,4 +92,4 @@
AUTHORS
Markus Friedl <markus at openbsd.org>
-OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
+OpenBSD 5.5 October 14, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/sftp-server.8
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.8 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-server.8 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: sftp-server.8,v 1.25 2013/10/14 14:18:56 jmc Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: October 14 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@@ -30,11 +30,17 @@
.Nd SFTP server subsystem
.Sh SYNOPSIS
.Nm sftp-server
+.Bk -words
.Op Fl ehR
.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
+.Op Fl P Ar blacklisted_requests
+.Op Fl p Ar whitelisted_requests
.Op Fl u Ar umask
+.Ek
+.Nm
+.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
is a program that speaks the server side of SFTP protocol
@@ -93,6 +99,34 @@
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
+.It Fl P Ar blacklisted_requests
+Specify a comma-separated list of SFTP protocol requests that are banned by
+the server.
+.Nm
+will reply to any blacklisted request with a failure.
+The
+.Fl Q
+flag can be used to determine the supported request types.
+If both a blacklist and a whitelist are specified, then the blacklist is
+applied before the whitelist.
+.It Fl p Ar whitelisted_requests
+Specify a comma-separated list of SFTP protocol requests that are permitted
+by the server.
+All request types that are not on the whitelist will be logged and replied
+to with a failure message.
+.Pp
+Care must be taken when using this feature to ensure that requests made
+implicitly by SFTP clients are permitted.
+.It Fl Q Ar protocol_feature
+Query protocol features supported by
+.Nm .
+At present the only feature that may be queried is
+.Dq requests ,
+which may be used for black or whitelisting (flags
+.Fl P
+and
+.Fl p
+respectively).
.It Fl R
Places this instance of
.Nm
Modified: vendor-crypto/openssh/dist/sftp-server.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp-server.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.103 2014/01/17 06:23:24 dtucker Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -46,6 +46,7 @@
#include "buffer.h"
#include "log.h"
#include "misc.h"
+#include "match.h"
#include "uidswap.h"
#include "sftp.h"
@@ -57,24 +58,29 @@
#define get_string(lenp) buffer_get_string(&iqueue, lenp);
/* Our verbosity */
-LogLevel log_level = SYSLOG_LEVEL_ERROR;
+static LogLevel log_level = SYSLOG_LEVEL_ERROR;
/* Our client */
-struct passwd *pw = NULL;
-char *client_addr = NULL;
+static struct passwd *pw = NULL;
+static char *client_addr = NULL;
/* input and output queue */
-Buffer iqueue;
-Buffer oqueue;
+static Buffer iqueue;
+static Buffer oqueue;
/* Version of client */
-u_int version;
+static u_int version;
+/* SSH2_FXP_INIT received */
+static int init_done;
+
/* Disable writes */
-int readonly;
+static int readonly;
+/* Requests that are allowed/denied */
+static char *request_whitelist, *request_blacklist;
+
/* portable attributes, etc. */
-
typedef struct Stat Stat;
struct Stat {
@@ -83,7 +89,103 @@
Attrib attrib;
};
+/* Packet handlers */
+static void process_open(u_int32_t id);
+static void process_close(u_int32_t id);
+static void process_read(u_int32_t id);
+static void process_write(u_int32_t id);
+static void process_stat(u_int32_t id);
+static void process_lstat(u_int32_t id);
+static void process_fstat(u_int32_t id);
+static void process_setstat(u_int32_t id);
+static void process_fsetstat(u_int32_t id);
+static void process_opendir(u_int32_t id);
+static void process_readdir(u_int32_t id);
+static void process_remove(u_int32_t id);
+static void process_mkdir(u_int32_t id);
+static void process_rmdir(u_int32_t id);
+static void process_realpath(u_int32_t id);
+static void process_rename(u_int32_t id);
+static void process_readlink(u_int32_t id);
+static void process_symlink(u_int32_t id);
+static void process_extended_posix_rename(u_int32_t id);
+static void process_extended_statvfs(u_int32_t id);
+static void process_extended_fstatvfs(u_int32_t id);
+static void process_extended_hardlink(u_int32_t id);
+static void process_extended_fsync(u_int32_t id);
+static void process_extended(u_int32_t id);
+
+struct sftp_handler {
+ const char *name; /* user-visible name for fine-grained perms */
+ const char *ext_name; /* extended request name */
+ u_int type; /* packet type, for non extended packets */
+ void (*handler)(u_int32_t);
+ int does_write; /* if nonzero, banned for readonly mode */
+};
+
+struct sftp_handler handlers[] = {
+ /* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */
+ { "open", NULL, SSH2_FXP_OPEN, process_open, 0 },
+ { "close", NULL, SSH2_FXP_CLOSE, process_close, 0 },
+ { "read", NULL, SSH2_FXP_READ, process_read, 0 },
+ { "write", NULL, SSH2_FXP_WRITE, process_write, 1 },
+ { "lstat", NULL, SSH2_FXP_LSTAT, process_lstat, 0 },
+ { "fstat", NULL, SSH2_FXP_FSTAT, process_fstat, 0 },
+ { "setstat", NULL, SSH2_FXP_SETSTAT, process_setstat, 1 },
+ { "fsetstat", NULL, SSH2_FXP_FSETSTAT, process_fsetstat, 1 },
+ { "opendir", NULL, SSH2_FXP_OPENDIR, process_opendir, 0 },
+ { "readdir", NULL, SSH2_FXP_READDIR, process_readdir, 0 },
+ { "remove", NULL, SSH2_FXP_REMOVE, process_remove, 1 },
+ { "mkdir", NULL, SSH2_FXP_MKDIR, process_mkdir, 1 },
+ { "rmdir", NULL, SSH2_FXP_RMDIR, process_rmdir, 1 },
+ { "realpath", NULL, SSH2_FXP_REALPATH, process_realpath, 0 },
+ { "stat", NULL, SSH2_FXP_STAT, process_stat, 0 },
+ { "rename", NULL, SSH2_FXP_RENAME, process_rename, 1 },
+ { "readlink", NULL, SSH2_FXP_READLINK, process_readlink, 0 },
+ { "symlink", NULL, SSH2_FXP_SYMLINK, process_symlink, 1 },
+ { NULL, NULL, 0, NULL, 0 }
+};
+
+/* SSH2_FXP_EXTENDED submessages */
+struct sftp_handler extended_handlers[] = {
+ { "posix-rename", "posix-rename at openssh.com", 0,
+ process_extended_posix_rename, 1 },
+ { "statvfs", "statvfs at openssh.com", 0, process_extended_statvfs, 0 },
+ { "fstatvfs", "fstatvfs at openssh.com", 0, process_extended_fstatvfs, 0 },
+ { "hardlink", "hardlink at openssh.com", 0, process_extended_hardlink, 1 },
+ { "fsync", "fsync at openssh.com", 0, process_extended_fsync, 1 },
+ { NULL, NULL, 0, NULL, 0 }
+};
+
static int
+request_permitted(struct sftp_handler *h)
+{
+ char *result;
+
+ if (readonly && h->does_write) {
+ verbose("Refusing %s request in read-only mode", h->name);
+ return 0;
+ }
+ if (request_blacklist != NULL &&
+ ((result = match_list(h->name, request_blacklist, NULL))) != NULL) {
+ free(result);
+ verbose("Refusing blacklisted %s request", h->name);
+ return 0;
+ }
+ if (request_whitelist != NULL &&
+ ((result = match_list(h->name, request_whitelist, NULL))) != NULL) {
+ free(result);
+ debug2("Permitting whitelisted %s request", h->name);
+ return 1;
+ }
+ if (request_whitelist != NULL) {
+ verbose("Refusing non-whitelisted %s request", h->name);
+ return 0;
+ }
+ return 1;
+}
+
+static int
errno_to_portable(int unixerrno)
{
int ret = 0;
@@ -130,6 +232,8 @@
} else if (pflags & SSH2_FXF_WRITE) {
flags = O_WRONLY;
}
+ if (pflags & SSH2_FXF_APPEND)
+ flags |= O_APPEND;
if (pflags & SSH2_FXF_CREAT)
flags |= O_CREAT;
if (pflags & SSH2_FXF_TRUNC)
@@ -156,6 +260,8 @@
PAPPEND("READ")
if (pflags & SSH2_FXF_WRITE)
PAPPEND("WRITE")
+ if (pflags & SSH2_FXF_APPEND)
+ PAPPEND("APPEND")
if (pflags & SSH2_FXF_CREAT)
PAPPEND("CREATE")
if (pflags & SSH2_FXF_TRUNC)
@@ -179,6 +285,7 @@
int use;
DIR *dirp;
int fd;
+ int flags;
char *name;
u_int64_t bytes_read, bytes_write;
int next_unused;
@@ -202,7 +309,7 @@
}
static int
-handle_new(int use, const char *name, int fd, DIR *dirp)
+handle_new(int use, const char *name, int fd, int flags, DIR *dirp)
{
int i;
@@ -220,6 +327,7 @@
handles[i].use = use;
handles[i].dirp = dirp;
handles[i].fd = fd;
+ handles[i].flags = flags;
handles[i].name = xstrdup(name);
handles[i].bytes_read = handles[i].bytes_write = 0;
@@ -282,6 +390,14 @@
return -1;
}
+static int
+handle_to_flags(int handle)
+{
+ if (handle_is_ok(handle, HANDLE_FILE))
+ return handles[handle].flags;
+ return 0;
+}
+
static void
handle_update_read(int handle, ssize_t bytes)
{
@@ -538,19 +654,21 @@
/* hardlink extension */
buffer_put_cstring(&msg, "hardlink at openssh.com");
buffer_put_cstring(&msg, "1"); /* version */
+ /* fsync extension */
+ buffer_put_cstring(&msg, "fsync at openssh.com");
+ buffer_put_cstring(&msg, "1"); /* version */
send_msg(&msg);
buffer_free(&msg);
}
static void
-process_open(void)
+process_open(u_int32_t id)
{
- u_int32_t id, pflags;
+ u_int32_t pflags;
Attrib *a;
char *name;
int handle, fd, flags, mode, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
pflags = get_int(); /* portable flags */
debug3("request %u: open flags %d", id, pflags);
@@ -560,14 +678,16 @@
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
- ((flags & O_ACCMODE) == O_WRONLY || (flags & O_ACCMODE) == O_RDWR))
- status = SSH2_FX_PERMISSION_DENIED;
- else {
+ ((flags & O_ACCMODE) == O_WRONLY ||
+ (flags & O_ACCMODE) == O_RDWR)) {
+ verbose("Refusing open request in read-only mode");
+ status = SSH2_FX_PERMISSION_DENIED;
+ } else {
fd = open(name, flags, mode);
if (fd < 0) {
status = errno_to_portable(errno);
} else {
- handle = handle_new(HANDLE_FILE, name, fd, NULL);
+ handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
if (handle < 0) {
close(fd);
} else {
@@ -582,12 +702,10 @@
}
static void
-process_close(void)
+process_close(u_int32_t id)
{
- u_int32_t id;
int handle, ret, status = SSH2_FX_FAILURE;
- id = get_int();
handle = get_handle();
debug3("request %u: close handle %u", id, handle);
handle_log_close(handle, NULL);
@@ -597,14 +715,13 @@
}
static void
-process_read(void)
+process_read(u_int32_t id)
{
char buf[64*1024];
- u_int32_t id, len;
+ u_int32_t len;
int handle, fd, ret, status = SSH2_FX_FAILURE;
u_int64_t off;
- id = get_int();
handle = get_handle();
off = get_int64();
len = get_int();
@@ -638,15 +755,13 @@
}
static void
-process_write(void)
+process_write(u_int32_t id)
{
- u_int32_t id;
u_int64_t off;
u_int len;
int handle, fd, ret, status;
char *data;
- id = get_int();
handle = get_handle();
off = get_int64();
data = get_string(&len);
@@ -657,10 +772,9 @@
if (fd < 0)
status = SSH2_FX_FAILURE;
- else if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
else {
- if (lseek(fd, off, SEEK_SET) < 0) {
+ if (!(handle_to_flags(handle) & O_APPEND) &&
+ lseek(fd, off, SEEK_SET) < 0) {
status = errno_to_portable(errno);
error("process_write: seek failed");
} else {
@@ -683,15 +797,13 @@
}
static void
-process_do_stat(int do_lstat)
+process_do_stat(u_int32_t id, int do_lstat)
{
Attrib a;
struct stat st;
- u_int32_t id;
char *name;
int ret, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
debug3("request %u: %sstat", id, do_lstat ? "l" : "");
verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
@@ -709,26 +821,24 @@
}
static void
-process_stat(void)
+process_stat(u_int32_t id)
{
- process_do_stat(0);
+ process_do_stat(id, 0);
}
static void
-process_lstat(void)
+process_lstat(u_int32_t id)
{
- process_do_stat(1);
+ process_do_stat(id, 1);
}
static void
-process_fstat(void)
+process_fstat(u_int32_t id)
{
Attrib a;
struct stat st;
- u_int32_t id;
int fd, ret, handle, status = SSH2_FX_FAILURE;
- id = get_int();
handle = get_handle();
debug("request %u: fstat \"%s\" (handle %u)",
id, handle_to_name(handle), handle);
@@ -760,21 +870,15 @@
}
static void
-process_setstat(void)
+process_setstat(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
char *name;
int status = SSH2_FX_OK, ret;
- id = get_int();
name = get_string(NULL);
a = get_attrib();
debug("request %u: setstat name \"%s\"", id, name);
- if (readonly) {
- status = SSH2_FX_PERMISSION_DENIED;
- a->flags = 0;
- }
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
logit("set \"%s\" size %llu",
name, (unsigned long long)a->size);
@@ -811,14 +915,12 @@
}
static void
-process_fsetstat(void)
+process_fsetstat(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
int handle, fd, ret;
int status = SSH2_FX_OK;
- id = get_int();
handle = get_handle();
a = get_attrib();
debug("request %u: fsetstat handle %d", id, handle);
@@ -825,8 +927,6 @@
fd = handle_to_fd(handle);
if (fd < 0)
status = SSH2_FX_FAILURE;
- else if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
else {
char *name = handle_to_name(handle);
@@ -878,14 +978,12 @@
}
static void
-process_opendir(void)
+process_opendir(u_int32_t id)
{
DIR *dirp = NULL;
char *path;
int handle, status = SSH2_FX_FAILURE;
- u_int32_t id;
- id = get_int();
path = get_string(NULL);
debug3("request %u: opendir", id);
logit("opendir \"%s\"", path);
@@ -893,7 +991,7 @@
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
- handle = handle_new(HANDLE_DIR, path, 0, dirp);
+ handle = handle_new(HANDLE_DIR, path, 0, 0, dirp);
if (handle < 0) {
closedir(dirp);
} else {
@@ -908,15 +1006,13 @@
}
static void
-process_readdir(void)
+process_readdir(u_int32_t id)
{
DIR *dirp;
struct dirent *dp;
char *path;
int handle;
- u_int32_t id;
- id = get_int();
handle = get_handle();
debug("request %u: readdir \"%s\" (handle %d)", id,
handle_to_name(handle), handle);
@@ -964,36 +1060,28 @@
}
static void
-process_remove(void)
+process_remove(u_int32_t id)
{
char *name;
- u_int32_t id;
int status = SSH2_FX_FAILURE;
int ret;
- id = get_int();
name = get_string(NULL);
debug3("request %u: remove", id);
logit("remove name \"%s\"", name);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = unlink(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = unlink(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_mkdir(void)
+process_mkdir(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
char *name;
int ret, mode, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
@@ -1000,45 +1088,33 @@
a->perm & 07777 : 0777;
debug3("request %u: mkdir", id);
logit("mkdir name \"%s\" mode 0%o", name, mode);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = mkdir(name, mode);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = mkdir(name, mode);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_rmdir(void)
+process_rmdir(u_int32_t id)
{
- u_int32_t id;
char *name;
int ret, status;
- id = get_int();
name = get_string(NULL);
debug3("request %u: rmdir", id);
logit("rmdir name \"%s\"", name);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = rmdir(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = rmdir(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_realpath(void)
+process_realpath(u_int32_t id)
{
char resolvedname[MAXPATHLEN];
- u_int32_t id;
char *path;
- id = get_int();
path = get_string(NULL);
if (path[0] == '\0') {
free(path);
@@ -1058,22 +1134,18 @@
}
static void
-process_rename(void)
+process_rename(u_int32_t id)
{
- u_int32_t id;
char *oldpath, *newpath;
int status;
struct stat sb;
- id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
debug3("request %u: rename", id);
logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
status = SSH2_FX_FAILURE;
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else if (lstat(oldpath, &sb) == -1)
+ if (lstat(oldpath, &sb) == -1)
status = errno_to_portable(errno);
else if (S_ISREG(sb.st_mode)) {
/* Race-free rename of regular files */
@@ -1120,14 +1192,12 @@
}
static void
-process_readlink(void)
+process_readlink(u_int32_t id)
{
- u_int32_t id;
int len;
char buf[MAXPATHLEN];
char *path;
- id = get_int();
path = get_string(NULL);
debug3("request %u: readlink", id);
verbose("readlink \"%s\"", path);
@@ -1145,24 +1215,18 @@
}
static void
-process_symlink(void)
+process_symlink(u_int32_t id)
{
- u_int32_t id;
char *oldpath, *newpath;
int ret, status;
- id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
debug3("request %u: symlink", id);
logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
/* this will fail if 'newpath' exists */
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = symlink(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
@@ -1178,12 +1242,8 @@
newpath = get_string(NULL);
debug3("request %u: posix-rename", id);
logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = rename(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = rename(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
@@ -1196,8 +1256,8 @@
struct statvfs st;
path = get_string(NULL);
- debug3("request %u: statfs", id);
- logit("statfs \"%s\"", path);
+ debug3("request %u: statvfs", id);
+ logit("statvfs \"%s\"", path);
if (statvfs(path, &st) != 0)
send_status(id, errno_to_portable(errno));
@@ -1235,12 +1295,8 @@
newpath = get_string(NULL);
debug3("request %u: hardlink", id);
logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = link(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = link(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
@@ -1247,23 +1303,42 @@
}
static void
-process_extended(void)
+process_extended_fsync(u_int32_t id)
{
- u_int32_t id;
+ int handle, fd, ret, status = SSH2_FX_OP_UNSUPPORTED;
+
+ handle = get_handle();
+ debug3("request %u: fsync (handle %u)", id, handle);
+ verbose("fsync \"%s\"", handle_to_name(handle));
+ if ((fd = handle_to_fd(handle)) < 0)
+ status = SSH2_FX_NO_SUCH_FILE;
+ else if (handle_is_ok(handle, HANDLE_FILE)) {
+ ret = fsync(fd);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ }
+ send_status(id, status);
+}
+
+static void
+process_extended(u_int32_t id)
+{
char *request;
+ u_int i;
- id = get_int();
request = get_string(NULL);
- if (strcmp(request, "posix-rename at openssh.com") == 0)
- process_extended_posix_rename(id);
- else if (strcmp(request, "statvfs at openssh.com") == 0)
- process_extended_statvfs(id);
- else if (strcmp(request, "fstatvfs at openssh.com") == 0)
- process_extended_fstatvfs(id);
- else if (strcmp(request, "hardlink at openssh.com") == 0)
- process_extended_hardlink(id);
- else
+ for (i = 0; extended_handlers[i].handler != NULL; i++) {
+ if (strcmp(request, extended_handlers[i].ext_name) == 0) {
+ if (!request_permitted(&extended_handlers[i]))
+ send_status(id, SSH2_FX_PERMISSION_DENIED);
+ else
+ extended_handlers[i].handler(id);
+ break;
+ }
+ }
+ if (extended_handlers[i].handler == NULL) {
+ error("Unknown extended request \"%.100s\"", request);
send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
+ }
free(request);
}
@@ -1272,11 +1347,9 @@
static void
process(void)
{
- u_int msg_len;
- u_int buf_len;
- u_int consumed;
- u_int type;
+ u_int msg_len, buf_len, consumed, type, i;
u_char *cp;
+ u_int32_t id;
buf_len = buffer_len(&iqueue);
if (buf_len < 5)
@@ -1293,70 +1366,35 @@
buffer_consume(&iqueue, 4);
buf_len -= 4;
type = buffer_get_char(&iqueue);
+
switch (type) {
case SSH2_FXP_INIT:
process_init();
+ init_done = 1;
break;
- case SSH2_FXP_OPEN:
- process_open();
- break;
- case SSH2_FXP_CLOSE:
- process_close();
- break;
- case SSH2_FXP_READ:
- process_read();
- break;
- case SSH2_FXP_WRITE:
- process_write();
- break;
- case SSH2_FXP_LSTAT:
- process_lstat();
- break;
- case SSH2_FXP_FSTAT:
- process_fstat();
- break;
- case SSH2_FXP_SETSTAT:
- process_setstat();
- break;
- case SSH2_FXP_FSETSTAT:
- process_fsetstat();
- break;
- case SSH2_FXP_OPENDIR:
- process_opendir();
- break;
- case SSH2_FXP_READDIR:
- process_readdir();
- break;
- case SSH2_FXP_REMOVE:
- process_remove();
- break;
- case SSH2_FXP_MKDIR:
- process_mkdir();
- break;
- case SSH2_FXP_RMDIR:
- process_rmdir();
- break;
- case SSH2_FXP_REALPATH:
- process_realpath();
- break;
- case SSH2_FXP_STAT:
- process_stat();
- break;
- case SSH2_FXP_RENAME:
- process_rename();
- break;
- case SSH2_FXP_READLINK:
- process_readlink();
- break;
- case SSH2_FXP_SYMLINK:
- process_symlink();
- break;
case SSH2_FXP_EXTENDED:
- process_extended();
+ if (!init_done)
+ fatal("Received extended request before init");
+ id = get_int();
+ process_extended(id);
break;
default:
- error("Unknown message %d", type);
- break;
+ if (!init_done)
+ fatal("Received %u request before init", type);
+ id = get_int();
+ for (i = 0; handlers[i].handler != NULL; i++) {
+ if (type == handlers[i].type) {
+ if (!request_permitted(&handlers[i])) {
+ send_status(id,
+ SSH2_FX_PERMISSION_DENIED);
+ } else {
+ handlers[i].handler(id);
+ }
+ break;
+ }
+ }
+ if (handlers[i].handler == NULL)
+ error("Unknown message %u", type);
}
/* discard the remaining bytes from the current packet */
if (buf_len < buffer_len(&iqueue)) {
@@ -1365,7 +1403,7 @@
}
consumed = buf_len - buffer_len(&iqueue);
if (msg_len < consumed) {
- error("msg_len %d < consumed %d", msg_len, consumed);
+ error("msg_len %u < consumed %u", msg_len, consumed);
sftp_server_cleanup_exit(255);
}
if (msg_len > consumed)
@@ -1391,8 +1429,10 @@
fprintf(stderr,
"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
- "[-l log_level]\n\t[-u umask]\n",
- __progname);
+ "[-l log_level]\n\t[-P blacklisted_requests] "
+ "[-p whitelisted_requests] [-u umask]\n"
+ " %s -Q protocol_feature\n",
+ __progname, __progname);
exit(1);
}
@@ -1400,7 +1440,7 @@
sftp_server_main(int argc, char **argv, struct passwd *user_pw)
{
fd_set *rset, *wset;
- int in, out, max, ch, skipargs = 0, log_stderr = 0;
+ int i, in, out, max, ch, skipargs = 0, log_stderr = 0;
ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
char *cp, *homedir = NULL, buf[4*4096];
@@ -1414,8 +1454,20 @@
pw = pwcopy(user_pw);
- while (!skipargs && (ch = getopt(argc, argv, "d:f:l:u:cehR")) != -1) {
+ while (!skipargs && (ch = getopt(argc, argv,
+ "d:f:l:P:p:Q:u:cehR")) != -1) {
switch (ch) {
+ case 'Q':
+ if (strcasecmp(optarg, "requests") != 0) {
+ fprintf(stderr, "Invalid query type\n");
+ exit(1);
+ }
+ for (i = 0; handlers[i].handler != NULL; i++)
+ printf("%s\n", handlers[i].name);
+ for (i = 0; extended_handlers[i].handler != NULL; i++)
+ printf("%s\n", extended_handlers[i].name);
+ exit(0);
+ break;
case 'R':
readonly = 1;
break;
@@ -1445,6 +1497,16 @@
"u", user_pw->pw_name, (char *)NULL);
free(cp);
break;
+ case 'p':
+ if (request_whitelist != NULL)
+ fatal("Permitted requests already set");
+ request_whitelist = xstrdup(optarg);
+ break;
+ case 'P':
+ if (request_blacklist != NULL)
+ fatal("Refused requests already set");
+ request_blacklist = xstrdup(optarg);
+ break;
case 'u':
errno = 0;
mask = strtol(optarg, &cp, 8);
Modified: vendor-crypto/openssh/dist/sftp.0
===================================================================
--- vendor-crypto/openssh/dist/sftp.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -4,7 +4,7 @@
sftp - secure file transfer program
SYNOPSIS
- sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
+ sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
[-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
[-o ssh_option] [-P port] [-R num_requests] [-S program]
[-s subsystem | sftp_server] host
@@ -44,6 +44,11 @@
-6 Forces sftp to use IPv6 addresses only.
+ -a Attempt to continue interrupted downloads rather than overwriting
+ existing partial or complete copies of files. If the remote file
+ contents differ from the partial local copy then the resultant
+ file is likely to be corrupt.
+
-B buffer_size
Specify the size of the buffer that sftp uses when transferring
files. Larger buffers require fewer round trips at the cost of
@@ -74,6 +79,10 @@
Specifies an alternative per-user configuration file for ssh(1).
This option is directly passed to ssh(1).
+ -f Requests that files be flushed to disk immediately after
+ transfer. When uploading files, this feature is only enabled if
+ the server implements the "fsync at openssh.com" extension.
+
-i identity_file
Selects the file from which the identity (private key) for public
key authentication is read. This option is directly passed to
@@ -93,6 +102,11 @@
AddressFamily
BatchMode
BindAddress
+ CanonicalDomains
+ CanonicalizeFallbackLocal
+ CanonicalizeHostname
+ CanonicalizeMaxDots
+ CanonicalizePermittedCNAMEs
ChallengeResponseAuthentication
CheckHostIP
Cipher
@@ -209,7 +223,7 @@
exit Quit sftp.
- get [-aPpr] remote-path [local-path]
+ get [-afPpr] remote-path [local-path]
Retrieve the remote-path and store it on the local machine. If
the local path name is not specified, it is given the same name
it has on the remote machine. remote-path may contain glob(3)
@@ -220,9 +234,12 @@
If the -a flag is specified, then attempt to resume partial
transfers of existing files. Note that resumption assumes that
any partial copy of the local file matches the remote copy. If
- the remote file differs from the partial local copy then the
- resultant file is likely to be corrupt.
+ the remote file contents differ from the partial local copy then
+ the resultant file is likely to be corrupt.
+ If the -f flag is specified, then fsync(2) will be called after
+ the file transfer has completed to flush the file to disk.
+
If either the -P or -p flag is specified, then full file
permissions and access times are copied too.
@@ -293,7 +310,7 @@
progress
Toggle display of progress meter.
- put [-Ppr] local-path [remote-path]
+ put [-fPpr] local-path [remote-path]
Upload local-path and store it on the remote machine. If the
remote path name is not specified, it is given the same name it
has on the local machine. local-path may contain glob(3)
@@ -301,6 +318,11 @@
remote-path is specified, then remote-path must specify a
directory.
+ If the -f flag is specified, then a request will be sent to the
+ server to call fsync(2) after the file has been transferred.
+ Note that this is only supported by servers that implement the
+ "fsync at openssh.com" extension.
+
If either the -P or -p flag is specified, then full file
permissions and access times are copied too.
@@ -345,4 +367,4 @@
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
-OpenBSD 5.4 July 25, 2013 OpenBSD 5.4
+OpenBSD 5.5 October 20, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/sftp.1
===================================================================
--- vendor-crypto/openssh/dist/sftp.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.97 2013/10/20 09:51:26 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 25 2013 $
+.Dd $Mdocdate: October 20 2013 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -31,7 +31,7 @@
.Sh SYNOPSIS
.Nm sftp
.Bk -words
-.Op Fl 1246Cpqrv
+.Op Fl 1246aCfpqrv
.Op Fl B Ar buffer_size
.Op Fl b Ar batchfile
.Op Fl c Ar cipher
@@ -107,6 +107,11 @@
Forces
.Nm
to use IPv6 addresses only.
+.It Fl a
+Attempt to continue interrupted downloads rather than overwriting existing
+partial or complete copies of files.
+If the remote file contents differ from the partial local copy then the
+resultant file is likely to be corrupt.
.It Fl B Ar buffer_size
Specify the size of the buffer that
.Nm
@@ -159,6 +164,10 @@
.Xr ssh 1 .
This option is directly passed to
.Xr ssh 1 .
+.It Fl f
+Requests that files be flushed to disk immediately after transfer.
+When uploading files, this feature is only enabled if the server
+implements the "fsync at openssh.com" extension.
.It Fl i Ar identity_file
Selects the file from which the identity (private key) for public key
authentication is read.
@@ -184,6 +193,11 @@
.It AddressFamily
.It BatchMode
.It BindAddress
+.It CanonicalDomains
+.It CanonicalizeFallbackLocal
+.It CanonicalizeHostname
+.It CanonicalizeMaxDots
+.It CanonicalizePermittedCNAMEs
.It ChallengeResponseAuthentication
.It CheckHostIP
.It Cipher
@@ -343,7 +357,7 @@
Quit
.Nm sftp .
.It Xo Ic get
-.Op Fl aPpr
+.Op Fl afPpr
.Ar remote-path
.Op Ar local-path
.Xc
@@ -368,9 +382,16 @@
flag is specified, then attempt to resume partial transfers of existing files.
Note that resumption assumes that any partial copy of the local file matches
the remote copy.
-If the remote file differs from the partial local copy then the resultant file
-is likely to be corrupt.
+If the remote file contents differ from the partial local copy then the
+resultant file is likely to be corrupt.
.Pp
+If the
+.Fl f
+flag is specified, then
+.Xr fsync 2
+will be called after the file transfer has completed to flush the file
+to disk.
+.Pp
If either the
.Fl P
or
@@ -474,7 +495,7 @@
.It Ic progress
Toggle display of progress meter.
.It Xo Ic put
-.Op Fl Ppr
+.Op Fl fPpr
.Ar local-path
.Op Ar remote-path
.Xc
@@ -493,6 +514,14 @@
.Ar remote-path
must specify a directory.
.Pp
+If the
+.Fl f
+flag is specified, then a request will be sent to the server to call
+.Xr fsync 2
+after the file has been transferred.
+Note that this is only supported by servers that implement
+the "fsync at openssh.com" extension.
+.Pp
If either the
.Fl P
or
Modified: vendor-crypto/openssh/dist/sftp.c
===================================================================
--- vendor-crypto/openssh/dist/sftp.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sftp.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.148 2013/07/25 00:56:52 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.158 2013/11/20 20:54:10 deraadt Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -94,6 +94,9 @@
/* When this option is set, the file transfers will always preserve times */
int global_pflag = 0;
+/* When this option is set, transfers will have fsync() called on each file */
+int global_fflag = 0;
+
/* SIGINT received during command processing */
volatile sig_atomic_t interrupted = 0;
@@ -129,32 +132,34 @@
#define SORT_FLAGS (LS_NAME_SORT|LS_TIME_SORT|LS_SIZE_SORT)
/* Commands for interactive mode */
-#define I_CHDIR 1
-#define I_CHGRP 2
-#define I_CHMOD 3
-#define I_CHOWN 4
-#define I_DF 24
-#define I_GET 5
-#define I_HELP 6
-#define I_LCHDIR 7
-#define I_LINK 25
-#define I_LLS 8
-#define I_LMKDIR 9
-#define I_LPWD 10
-#define I_LS 11
-#define I_LUMASK 12
-#define I_MKDIR 13
-#define I_PUT 14
-#define I_PWD 15
-#define I_QUIT 16
-#define I_RENAME 17
-#define I_RM 18
-#define I_RMDIR 19
-#define I_SHELL 20
-#define I_SYMLINK 21
-#define I_VERSION 22
-#define I_PROGRESS 23
-#define I_REGET 26
+enum sftp_command {
+ I_CHDIR = 1,
+ I_CHGRP,
+ I_CHMOD,
+ I_CHOWN,
+ I_DF,
+ I_GET,
+ I_HELP,
+ I_LCHDIR,
+ I_LINK,
+ I_LLS,
+ I_LMKDIR,
+ I_LPWD,
+ I_LS,
+ I_LUMASK,
+ I_MKDIR,
+ I_PUT,
+ I_PWD,
+ I_QUIT,
+ I_RENAME,
+ I_RM,
+ I_RMDIR,
+ I_SHELL,
+ I_SYMLINK,
+ I_VERSION,
+ I_PROGRESS,
+ I_REGET,
+};
struct CMD {
const char *c;
@@ -357,7 +362,7 @@
static int
parse_getput_flags(const char *cmd, char **argv, int argc,
- int *aflag, int *pflag, int *rflag)
+ int *aflag, int *fflag, int *pflag, int *rflag)
{
extern int opterr, optind, optopt, optreset;
int ch;
@@ -365,12 +370,15 @@
optind = optreset = 1;
opterr = 0;
- *aflag = *rflag = *pflag = 0;
- while ((ch = getopt(argc, argv, "aPpRr")) != -1) {
+ *aflag = *fflag = *rflag = *pflag = 0;
+ while ((ch = getopt(argc, argv, "afPpRr")) != -1) {
switch (ch) {
case 'a':
*aflag = 1;
break;
+ case 'f':
+ *fflag = 1;
+ break;
case 'p':
case 'P':
*pflag = 1;
@@ -413,6 +421,30 @@
}
static int
+parse_rename_flags(const char *cmd, char **argv, int argc, int *lflag)
+{
+ extern int opterr, optind, optopt, optreset;
+ int ch;
+
+ optind = optreset = 1;
+ opterr = 0;
+
+ *lflag = 0;
+ while ((ch = getopt(argc, argv, "l")) != -1) {
+ switch (ch) {
+ case 'l':
+ *lflag = 1;
+ break;
+ default:
+ error("%s: Invalid flag -%c", cmd, optopt);
+ return -1;
+ }
+ }
+
+ return optind;
+}
+
+static int
parse_ls_flags(char **argv, int argc, int *lflag)
{
extern int opterr, optind, optopt, optreset;
@@ -493,6 +525,26 @@
}
static int
+parse_no_flags(const char *cmd, char **argv, int argc)
+{
+ extern int opterr, optind, optopt, optreset;
+ int ch;
+
+ optind = optreset = 1;
+ opterr = 0;
+
+ while ((ch = getopt(argc, argv, "")) != -1) {
+ switch (ch) {
+ default:
+ error("%s: Invalid flag -%c", cmd, optopt);
+ return -1;
+ }
+ }
+
+ return optind;
+}
+
+static int
is_dir(char *path)
{
struct stat sb;
@@ -528,7 +580,7 @@
static int
process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
- int pflag, int rflag, int resume)
+ int pflag, int rflag, int resume, int fflag)
{
char *abs_src = NULL;
char *abs_dst = NULL;
@@ -587,11 +639,13 @@
printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
- pflag || global_pflag, 1, resume) == -1)
+ pflag || global_pflag, 1, resume,
+ fflag || global_fflag) == -1)
err = -1;
} else {
if (do_download(conn, g.gl_pathv[i], abs_dst, NULL,
- pflag || global_pflag, resume) == -1)
+ pflag || global_pflag, resume,
+ fflag || global_fflag) == -1)
err = -1;
}
free(abs_dst);
@@ -606,7 +660,7 @@
static int
process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
- int pflag, int rflag)
+ int pflag, int rflag, int fflag)
{
char *tmp_dst = NULL;
char *abs_dst = NULL;
@@ -647,7 +701,7 @@
error("stat %s: %s", g.gl_pathv[i], strerror(errno));
continue;
}
-
+
tmp = xstrdup(g.gl_pathv[i]);
if ((filename = basename(tmp)) == NULL) {
error("basename %s: %s", tmp, strerror(errno));
@@ -673,11 +727,13 @@
printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
if (upload_dir(conn, g.gl_pathv[i], abs_dst,
- pflag || global_pflag, 1) == -1)
+ pflag || global_pflag, 1,
+ fflag || global_fflag) == -1)
err = -1;
} else {
if (do_upload(conn, g.gl_pathv[i], abs_dst,
- pflag || global_pflag) == -1)
+ pflag || global_pflag,
+ fflag || global_fflag) == -1)
err = -1;
}
}
@@ -975,7 +1031,7 @@
*
* If "lastquote" is not NULL, the quoting character used for the last
* argument is placed in *lastquote ("\0", "'" or "\"").
- *
+ *
* If "terminated" is not NULL, *terminated will be set to 1 when the
* last argument's quote has been properly terminated or 0 otherwise.
* This parameter is only of use if "sloppy" is set.
@@ -1009,7 +1065,7 @@
error("Too many arguments.");
return NULL;
}
- if (isspace(arg[i])) {
+ if (isspace((unsigned char)arg[i])) {
if (state == MA_UNQUOTED) {
/* Terminate current argument */
argvs[j++] = '\0';
@@ -1024,7 +1080,7 @@
state = q;
if (lastquote != NULL)
*lastquote = arg[i];
- } else if (state == MA_UNQUOTED)
+ } else if (state == MA_UNQUOTED)
state = q;
else if (state == q)
state = MA_UNQUOTED;
@@ -1130,9 +1186,9 @@
}
static int
-parse_args(const char **cpp, int *aflag, int *hflag, int *iflag, int *lflag,
- int *pflag, int *rflag, int *sflag, unsigned long *n_arg,
- char **path1, char **path2)
+parse_args(const char **cpp, int *ignore_errors, int *aflag, int *fflag,
+ int *hflag, int *iflag, int *lflag, int *pflag, int *rflag, int *sflag,
+ unsigned long *n_arg, char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
char *cp2, **argv;
@@ -1144,9 +1200,9 @@
cp = cp + strspn(cp, WHITESPACE);
/* Check for leading '-' (disable error processing) */
- *iflag = 0;
+ *ignore_errors = 0;
if (*cp == '-') {
- *iflag = 1;
+ *ignore_errors = 1;
cp++;
cp = cp + strspn(cp, WHITESPACE);
}
@@ -1176,7 +1232,8 @@
}
/* Get arguments and parse flags */
- *aflag = *lflag = *pflag = *rflag = *hflag = *n_arg = 0;
+ *aflag = *fflag = *hflag = *iflag = *lflag = *pflag = 0;
+ *rflag = *sflag = 0;
*path1 = *path2 = NULL;
optidx = 1;
switch (cmdnum) {
@@ -1184,7 +1241,7 @@
case I_REGET:
case I_PUT:
if ((optidx = parse_getput_flags(cmd, argv, argc,
- aflag, pflag, rflag)) == -1)
+ aflag, fflag, pflag, rflag)) == -1)
return -1;
/* Get first pathname (mandatory) */
if (argc - optidx < 1) {
@@ -1208,8 +1265,15 @@
case I_LINK:
if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1)
return -1;
+ goto parse_two_paths;
+ case I_RENAME:
+ if ((optidx = parse_rename_flags(cmd, argv, argc, lflag)) == -1)
+ return -1;
+ goto parse_two_paths;
case I_SYMLINK:
- case I_RENAME:
+ if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+ return -1;
+ parse_two_paths:
if (argc - optidx < 2) {
error("You must specify two paths after a %s "
"command.", cmd);
@@ -1227,6 +1291,8 @@
case I_CHDIR:
case I_LCHDIR:
case I_LMKDIR:
+ if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+ return -1;
/* Get pathname (mandatory) */
if (argc - optidx < 1) {
error("You must specify a path after a %s command.",
@@ -1268,6 +1334,8 @@
base = 8;
case I_CHOWN:
case I_CHGRP:
+ if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+ return -1;
/* Get numeric arg (mandatory) */
if (argc - optidx < 1)
goto need_num_arg;
@@ -1298,6 +1366,8 @@
case I_HELP:
case I_VERSION:
case I_PROGRESS:
+ if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+ return -1;
break;
default:
fatal("Command not implemented");
@@ -1312,8 +1382,8 @@
int err_abort)
{
char *path1, *path2, *tmp;
- int aflag = 0, hflag = 0, iflag = 0, lflag = 0, pflag = 0;
- int rflag = 0, sflag = 0;
+ int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, iflag = 0;
+ int lflag = 0, pflag = 0, rflag = 0, sflag = 0;
int cmdnum, i;
unsigned long n_arg = 0;
Attrib a, *aa;
@@ -1322,9 +1392,9 @@
glob_t g;
path1 = path2 = NULL;
- cmdnum = parse_args(&cmd, &aflag, &hflag, &iflag, &lflag, &pflag,
- &rflag, &sflag, &n_arg, &path1, &path2);
- if (iflag != 0)
+ cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag,
+ &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2);
+ if (ignore_errors != 0)
err_abort = 0;
memset(&g, 0, sizeof(g));
@@ -1343,20 +1413,22 @@
/* FALLTHROUGH */
case I_GET:
err = process_get(conn, path1, path2, *pwd, pflag,
- rflag, aflag);
+ rflag, aflag, fflag);
break;
case I_PUT:
- err = process_put(conn, path1, path2, *pwd, pflag, rflag);
+ err = process_put(conn, path1, path2, *pwd, pflag,
+ rflag, fflag);
break;
case I_RENAME:
path1 = make_absolute(path1, *pwd);
path2 = make_absolute(path2, *pwd);
- err = do_rename(conn, path1, path2);
+ err = do_rename(conn, path1, path2, lflag);
break;
case I_SYMLINK:
sflag = 1;
case I_LINK:
- path1 = make_absolute(path1, *pwd);
+ if (!sflag)
+ path1 = make_absolute(path1, *pwd);
path2 = make_absolute(path2, *pwd);
err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2);
break;
@@ -1567,7 +1639,7 @@
char *tmp;
/* Count entries for sort and find longest */
- for (y = 0; list[y]; y++)
+ for (y = 0; list[y]; y++)
m = MAX(m, strlen(list[y]));
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
@@ -1612,8 +1684,8 @@
for (y = 1; list[y]; y++) {
u_int x;
- for (x = 0; x < matchlen; x++)
- if (list[0][x] != list[y][x])
+ for (x = 0; x < matchlen; x++)
+ if (list[0][x] != list[y][x])
break;
matchlen = x;
@@ -1625,7 +1697,7 @@
tmp[matchlen] = '\0';
return tmp;
}
- }
+ }
return xstrdup(word);
}
@@ -1645,12 +1717,12 @@
if (cmd == NULL) {
for (y = 0; cmds[y].c; y++)
list[count++] = xstrdup(cmds[y].c);
-
+
list[count] = NULL;
complete_display(list, 0);
- for (y = 0; list[y] != NULL; y++)
- free(list[y]);
+ for (y = 0; list[y] != NULL; y++)
+ free(list[y]);
free(list);
return count;
}
@@ -1658,7 +1730,7 @@
/* Prepare subset of commands that start with "cmd" */
cmdlen = strlen(cmd);
for (y = 0; cmds[y].c; y++) {
- if (!strncasecmp(cmd, cmds[y].c, cmdlen))
+ if (!strncasecmp(cmd, cmds[y].c, cmdlen))
list[count++] = xstrdup(cmds[y].c);
}
list[count] = NULL;
@@ -1673,8 +1745,8 @@
if (count > 1)
complete_display(list, 0);
- for (y = 0; list[y]; y++)
- free(list[y]);
+ for (y = 0; list[y]; y++)
+ free(list[y]);
free(list);
if (tmp != NULL) {
@@ -1714,7 +1786,7 @@
return -1;
for (i = 0; cmds[i].c; i++) {
- if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c)))
+ if (!strncasecmp(cmd, cmds[i].c, strlen(cmds[i].c)))
return cmds[i].t;
}
@@ -1731,7 +1803,7 @@
u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs;
int clen;
const LineInfo *lf;
-
+
/* Glob from "file" location */
if (file == NULL)
tmp = xstrdup("*");
@@ -1745,9 +1817,9 @@
if (remote != LOCAL) {
tmp = make_absolute(tmp, remote_path);
remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
- } else
+ } else
glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g);
-
+
/* Determine length of pwd so we can trim completion display */
for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {
/* Terminate counting on first unescaped glob metacharacter */
@@ -1763,7 +1835,7 @@
}
free(tmp);
- if (g.gl_matchc == 0)
+ if (g.gl_matchc == 0)
goto out;
if (g.gl_matchc > 1)
@@ -1796,7 +1868,7 @@
if (tmplen > (filelen - cesc)) {
tmp2 = tmp + filelen - cesc;
- len = strlen(tmp2);
+ len = strlen(tmp2);
/* quote argument on way out */
for (i = 0; i < len; i += clen) {
if ((clen = mblen(tmp2 + i, len - i)) < 0 ||
@@ -1852,7 +1924,7 @@
static unsigned char
complete(EditLine *el, int ch)
{
- char **argv, *line, quote;
+ char **argv, *line, quote;
int argc, carg;
u_int cursor, len, terminated, ret = CC_ERROR;
const LineInfo *lf;
@@ -1891,7 +1963,7 @@
} else if (carg == 1 && cursor > 0 && line[cursor - 1] != ' ') {
/* Handle the command parsing */
if (complete_cmd_parse(el, argv[0], argc == carg,
- quote, terminated) != 0)
+ quote, terminated) != 0)
ret = CC_REDISPLAY;
} else if (carg >= 1) {
/* Handle file parsing */
@@ -1904,11 +1976,11 @@
if (remote != 0 &&
complete_match(el, complete_ctx->conn,
*complete_ctx->remote_pathp, filematch,
- remote, carg == argc, quote, terminated) != 0)
+ remote, carg == argc, quote, terminated) != 0)
ret = CC_REDISPLAY;
}
- free(line);
+ free(line);
return ret;
}
#endif /* USE_LIBEDIT */
@@ -1942,12 +2014,19 @@
el_source(el, NULL);
/* Tab Completion */
- el_set(el, EL_ADDFN, "ftp-complete",
+ el_set(el, EL_ADDFN, "ftp-complete",
"Context sensitive argument completion", complete);
complete_ctx.conn = conn;
complete_ctx.remote_pathp = &remote_path;
el_set(el, EL_CLIENTDATA, (void*)&complete_ctx);
el_set(el, EL_BIND, "^I", "ftp-complete", NULL);
+ /* enable ctrl-left-arrow and ctrl-right-arrow */
+ el_set(el, EL_BIND, "\\e[1;5C", "em-next-word", NULL);
+ el_set(el, EL_BIND, "\\e[5C", "em-next-word", NULL);
+ el_set(el, EL_BIND, "\\e[1;5D", "ed-prev-word", NULL);
+ el_set(el, EL_BIND, "\\e\\e[D", "ed-prev-word", NULL);
+ /* make ^w match ksh behaviour */
+ el_set(el, EL_BIND, "^w", "ed-delete-prev-word", NULL);
}
#endif /* USE_LIBEDIT */
@@ -2116,7 +2195,7 @@
extern char *__progname;
fprintf(stderr,
- "usage: %s [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
+ "usage: %s [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
" [-D sftp_server_path] [-F ssh_config] "
"[-i identity_file] [-l limit]\n"
" [-o ssh_option] [-P port] [-R num_requests] "
@@ -2164,7 +2243,7 @@
infile = stdin;
while ((ch = getopt(argc, argv,
- "1246ahpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
+ "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
switch (ch) {
/* Passed through to ssh(1) */
case '4':
@@ -2224,6 +2303,9 @@
quiet = batchmode = 1;
addargs(&args, "-obatchmode yes");
break;
+ case 'f':
+ global_fflag = 1;
+ break;
case 'p':
global_pflag = 1;
break;
Added: vendor-crypto/openssh/dist/smult_curve25519_ref.c
===================================================================
--- vendor-crypto/openssh/dist/smult_curve25519_ref.c (rev 0)
+++ vendor-crypto/openssh/dist/smult_curve25519_ref.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,265 @@
+/* $OpenBSD: smult_curve25519_ref.c,v 1.2 2013/11/02 22:02:14 markus Exp $ */
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
+
+static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; }
+ u += a[31] + b[31]; out[31] = u;
+}
+
+static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 218;
+ for (j = 0;j < 31;++j) {
+ u += a[j] + 65280 - b[j];
+ out[j] = u & 255;
+ u >>= 8;
+ }
+ u += a[31] - b[31];
+ out[31] = u;
+}
+
+static void squeeze(unsigned int a[32])
+{
+ unsigned int j;
+ unsigned int u;
+ u = 0;
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+ u += a[31]; a[31] = u & 127;
+ u = 19 * (u >> 7);
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+ u += a[31]; a[31] = u;
+}
+
+static const unsigned int minusp[32] = {
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128
+} ;
+
+static void freeze(unsigned int a[32])
+{
+ unsigned int aorig[32];
+ unsigned int j;
+ unsigned int negative;
+
+ for (j = 0;j < 32;++j) aorig[j] = a[j];
+ add(a,a,minusp);
+ negative = -((a[31] >> 7) & 1);
+ for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]);
+}
+
+static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+ unsigned int i;
+ unsigned int j;
+ unsigned int u;
+
+ for (i = 0;i < 32;++i) {
+ u = 0;
+ for (j = 0;j <= i;++j) u += a[j] * b[i - j];
+ for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j];
+ out[i] = u;
+ }
+ squeeze(out);
+}
+
+static void mult121665(unsigned int out[32],const unsigned int a[32])
+{
+ unsigned int j;
+ unsigned int u;
+
+ u = 0;
+ for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; }
+ u += 121665 * a[31]; out[31] = u & 127;
+ u = 19 * (u >> 7);
+ for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; }
+ u += out[j]; out[j] = u;
+}
+
+static void square(unsigned int out[32],const unsigned int a[32])
+{
+ unsigned int i;
+ unsigned int j;
+ unsigned int u;
+
+ for (i = 0;i < 32;++i) {
+ u = 0;
+ for (j = 0;j < i - j;++j) u += a[j] * a[i - j];
+ for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j];
+ u *= 2;
+ if ((i & 1) == 0) {
+ u += a[i / 2] * a[i / 2];
+ u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+ }
+ out[i] = u;
+ }
+ squeeze(out);
+}
+
+static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b)
+{
+ unsigned int j;
+ unsigned int t;
+ unsigned int bminus1;
+
+ bminus1 = b - 1;
+ for (j = 0;j < 64;++j) {
+ t = bminus1 & (r[j] ^ s[j]);
+ p[j] = s[j] ^ t;
+ q[j] = r[j] ^ t;
+ }
+}
+
+static void mainloop(unsigned int work[64],const unsigned char e[32])
+{
+ unsigned int xzm1[64];
+ unsigned int xzm[64];
+ unsigned int xzmb[64];
+ unsigned int xzm1b[64];
+ unsigned int xznb[64];
+ unsigned int xzn1b[64];
+ unsigned int a0[64];
+ unsigned int a1[64];
+ unsigned int b0[64];
+ unsigned int b1[64];
+ unsigned int c1[64];
+ unsigned int r[32];
+ unsigned int s[32];
+ unsigned int t[32];
+ unsigned int u[32];
+ unsigned int j;
+ unsigned int b;
+ int pos;
+
+ for (j = 0;j < 32;++j) xzm1[j] = work[j];
+ xzm1[32] = 1;
+ for (j = 33;j < 64;++j) xzm1[j] = 0;
+
+ xzm[0] = 1;
+ for (j = 1;j < 64;++j) xzm[j] = 0;
+
+ for (pos = 254;pos >= 0;--pos) {
+ b = e[pos / 8] >> (pos & 7);
+ b &= 1;
+ select(xzmb,xzm1b,xzm,xzm1,b);
+ add(a0,xzmb,xzmb + 32);
+ sub(a0 + 32,xzmb,xzmb + 32);
+ add(a1,xzm1b,xzm1b + 32);
+ sub(a1 + 32,xzm1b,xzm1b + 32);
+ square(b0,a0);
+ square(b0 + 32,a0 + 32);
+ mult(b1,a1,a0 + 32);
+ mult(b1 + 32,a1 + 32,a0);
+ add(c1,b1,b1 + 32);
+ sub(c1 + 32,b1,b1 + 32);
+ square(r,c1 + 32);
+ sub(s,b0,b0 + 32);
+ mult121665(t,s);
+ add(u,t,b0);
+ mult(xznb,b0,b0 + 32);
+ mult(xznb + 32,s,u);
+ square(xzn1b,c1);
+ mult(xzn1b + 32,r,work);
+ select(xzm,xzm1,xznb,xzn1b,b);
+ }
+
+ for (j = 0;j < 64;++j) work[j] = xzm[j];
+}
+
+static void recip(unsigned int out[32],const unsigned int z[32])
+{
+ unsigned int z2[32];
+ unsigned int z9[32];
+ unsigned int z11[32];
+ unsigned int z2_5_0[32];
+ unsigned int z2_10_0[32];
+ unsigned int z2_20_0[32];
+ unsigned int z2_50_0[32];
+ unsigned int z2_100_0[32];
+ unsigned int t0[32];
+ unsigned int t1[32];
+ int i;
+
+ /* 2 */ square(z2,z);
+ /* 4 */ square(t1,z2);
+ /* 8 */ square(t0,t1);
+ /* 9 */ mult(z9,t0,z);
+ /* 11 */ mult(z11,z9,z2);
+ /* 22 */ square(t0,z11);
+ /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+ /* 2^6 - 2^1 */ square(t0,z2_5_0);
+ /* 2^7 - 2^2 */ square(t1,t0);
+ /* 2^8 - 2^3 */ square(t0,t1);
+ /* 2^9 - 2^4 */ square(t1,t0);
+ /* 2^10 - 2^5 */ square(t0,t1);
+ /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+ /* 2^11 - 2^1 */ square(t0,z2_10_0);
+ /* 2^12 - 2^2 */ square(t1,t0);
+ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+ /* 2^21 - 2^1 */ square(t0,z2_20_0);
+ /* 2^22 - 2^2 */ square(t1,t0);
+ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+ /* 2^41 - 2^1 */ square(t1,t0);
+ /* 2^42 - 2^2 */ square(t0,t1);
+ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+ /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+ /* 2^51 - 2^1 */ square(t0,z2_50_0);
+ /* 2^52 - 2^2 */ square(t1,t0);
+ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+ /* 2^101 - 2^1 */ square(t1,z2_100_0);
+ /* 2^102 - 2^2 */ square(t0,t1);
+ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+ /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+ /* 2^201 - 2^1 */ square(t0,t1);
+ /* 2^202 - 2^2 */ square(t1,t0);
+ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+ /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+ /* 2^251 - 2^1 */ square(t1,t0);
+ /* 2^252 - 2^2 */ square(t0,t1);
+ /* 2^253 - 2^3 */ square(t1,t0);
+ /* 2^254 - 2^4 */ square(t0,t1);
+ /* 2^255 - 2^5 */ square(t1,t0);
+ /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+int crypto_scalarmult_curve25519(unsigned char *q,
+ const unsigned char *n,
+ const unsigned char *p)
+{
+ unsigned int work[96];
+ unsigned char e[32];
+ unsigned int i;
+ for (i = 0;i < 32;++i) e[i] = n[i];
+ e[0] &= 248;
+ e[31] &= 127;
+ e[31] |= 64;
+ for (i = 0;i < 32;++i) work[i] = p[i];
+ mainloop(work,e);
+ recip(work + 32,work + 32);
+ mult(work + 64,work,work + 32);
+ freeze(work + 64);
+ for (i = 0;i < 32;++i) q[i] = work[64 + i];
+ return 0;
+}
Modified: vendor-crypto/openssh/dist/ssh-add.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-add.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -11,11 +11,11 @@
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
- loading a private key, ssh-add will try to load corresponding certificate
- information from the filename obtained by appending -cert.pub to the name
- of the private key file. Alternative file names can be given on the
- command line.
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
+ ~/.ssh/identity. After loading a private key, ssh-add will try to load
+ corresponding certificate information from the filename obtained by
+ appending -cert.pub to the name of the private key file. Alternative
+ file names can be given on the command line.
If any file requires a passphrase, ssh-add asks for the passphrase from
the user. The passphrase is read from the user's tty. ssh-add retries
@@ -95,6 +95,10 @@
Contains the protocol version 2 ECDSA authentication identity of
the user.
+ ~/.ssh/id_ed25519
+ Contains the protocol version 2 ED25519 authentication identity
+ of the user.
+
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
@@ -116,4 +120,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.4 December 3, 2012 OpenBSD 5.4
+OpenBSD 5.5 December 7, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-add.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-add.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.58 2012/12/03 08:33:02 jmc Exp $
+.\" $OpenBSD: ssh-add.1,v 1.59 2013/12/07 11:58:46 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 3 2012 $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@@ -57,7 +57,8 @@
When run without arguments, it adds the files
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/identity .
After loading a private key,
@@ -169,6 +170,8 @@
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa
Contains the protocol version 2 ECDSA authentication identity of the user.
+.It Pa ~/.ssh/id_ed25519
+Contains the protocol version 2 ED25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.El
Modified: vendor-crypto/openssh/dist/ssh-add.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-add.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -73,6 +73,7 @@
#ifdef OPENSSL_HAS_ECC
_PATH_SSH_CLIENT_ID_ECDSA,
#endif
+ _PATH_SSH_CLIENT_ID_ED25519,
_PATH_SSH_CLIENT_IDENTITY,
NULL
};
@@ -89,7 +90,7 @@
clear_pass(void)
{
if (pass) {
- memset(pass, 0, strlen(pass));
+ explicit_bzero(pass, strlen(pass));
free(pass);
pass = NULL;
}
@@ -292,14 +293,17 @@
static int
update_card(AuthenticationConnection *ac, int add, const char *id)
{
- char *pin;
+ char *pin = NULL;
int ret = -1;
- pin = read_passphrase("Enter passphrase for PKCS#11: ", RP_ALLOW_STDIN);
- if (pin == NULL)
- return -1;
+ if (add) {
+ if ((pin = read_passphrase("Enter passphrase for PKCS#11: ",
+ RP_ALLOW_STDIN)) == NULL)
+ return -1;
+ }
- if (ssh_update_card(ac, add, id, pin, lifetime, confirm)) {
+ if (ssh_update_card(ac, add, id, pin == NULL ? "" : pin,
+ lifetime, confirm)) {
fprintf(stderr, "Card %s: %s\n",
add ? "added" : "removed", id);
ret = 0;
@@ -362,7 +366,7 @@
fprintf(stderr, "Passwords do not match.\n");
passok = 0;
}
- memset(p2, 0, strlen(p2));
+ explicit_bzero(p2, strlen(p2));
free(p2);
}
if (passok && ssh_lock_agent(ac, lock, p1)) {
@@ -370,7 +374,7 @@
ret = 0;
} else
fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
- memset(p1, 0, strlen(p1));
+ explicit_bzero(p1, strlen(p1));
free(p1);
return (ret);
}
Modified: vendor-crypto/openssh/dist/ssh-agent.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-agent.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -9,12 +9,12 @@
DESCRIPTION
ssh-agent is a program to hold private keys used for public key
- authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started
- in the beginning of an X-session or a login session, and all other
- windows or programs are started as clients to the ssh-agent program.
- Through use of environment variables the agent can be located and
- automatically used for authentication when logging in to other machines
- using ssh(1).
+ authentication (RSA, DSA, ECDSA, ED25519). The idea is that ssh-agent is
+ started in the beginning of an X-session or a login session, and all
+ other windows or programs are started as clients to the ssh-agent
+ program. Through use of environment variables the agent can be located
+ and automatically used for authentication when logging in to other
+ machines using ssh(1).
The options are as follows:
@@ -46,13 +46,14 @@
The agent initially does not have any private keys. Keys are added using
ssh-add(1). When executed without arguments, ssh-add(1) adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If
- the identity has a passphrase, ssh-add(1) asks for the passphrase on the
- terminal if it has one or from a small X11 program if running under X11.
- If neither of these is the case then the authentication will fail. It
- then sends the identity to the agent. Several identities can be stored
- in the agent; the agent can automatically use any of these identities.
- ssh-add -l displays the identities currently held by the agent.
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
+ ~/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks for
+ the passphrase on the terminal if it has one or from a small X11 program
+ if running under X11. If neither of these is the case then the
+ authentication will fail. It then sends the identity to the agent.
+ Several identities can be stored in the agent; the agent can
+ automatically use any of these identities. ssh-add -l displays the
+ identities currently held by the agent.
The idea is that the agent is run in the user's local PC, laptop, or
terminal. Authentication data need not be stored on any other machine,
@@ -100,6 +101,10 @@
Contains the protocol version 2 ECDSA authentication identity of
the user.
+ ~/.ssh/id_ed25519
+ Contains the protocol version 2 ED25519 authentication identity
+ of the user.
+
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
@@ -120,4 +125,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.4 November 21, 2010 OpenBSD 5.4
+OpenBSD 5.5 December 7, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-agent.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-agent.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.54 2013/12/07 11:58:46 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 21 2010 $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
@@ -53,7 +53,7 @@
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for public key authentication
-(RSA, DSA, ECDSA).
+(RSA, DSA, ECDSA, ED25519).
The idea is that
.Nm
is started in the beginning of an X-session or a login session, and
@@ -115,7 +115,8 @@
adds the files
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/identity .
If the identity has a passphrase,
@@ -190,6 +191,8 @@
Contains the protocol version 2 DSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa
Contains the protocol version 2 ECDSA authentication identity of the user.
+.It Pa ~/.ssh/id_ed25519
+Contains the protocol version 2 ED25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
Modified: vendor-crypto/openssh/dist/ssh-agent.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-agent.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -50,7 +50,6 @@
#include "openbsd-compat/sys-queue.h"
#include <openssl/evp.h>
-#include <openssl/md5.h>
#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
@@ -75,6 +74,7 @@
#include "compat.h"
#include "log.h"
#include "misc.h"
+#include "digest.h"
#ifdef ENABLE_PKCS11
#include "ssh-pkcs11.h"
@@ -248,7 +248,7 @@
Identity *id;
int i, len;
Buffer msg;
- MD5_CTX md;
+ struct ssh_digest_ctx *md;
Key *key;
buffer_init(&msg);
@@ -284,10 +284,12 @@
}
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
- MD5_Init(&md);
- MD5_Update(&md, buf, 32);
- MD5_Update(&md, session_id, 16);
- MD5_Final(mdbuf, &md);
+ if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+ ssh_digest_update(md, buf, 32) < 0 ||
+ ssh_digest_update(md, session_id, 16) < 0 ||
+ ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0)
+ fatal("%s: md5 failed", __func__);
+ ssh_digest_free(md);
/* Send the response. */
buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
@@ -464,16 +466,9 @@
Idtab *tab = idtab_lookup(version);
Identity *id;
int type, success = 0, confirm = 0;
- char *type_name, *comment;
+ char *comment;
time_t death = 0;
Key *k = NULL;
-#ifdef OPENSSL_HAS_ECC
- BIGNUM *exponent;
- EC_POINT *q;
- char *curve;
-#endif
- u_char *cert;
- u_int len;
switch (version) {
case 1:
@@ -490,119 +485,8 @@
/* Generate additional parameters */
rsa_generate_additional_parameters(k->rsa);
- break;
- case 2:
- type_name = buffer_get_string(&e->request, NULL);
- type = key_type_from_name(type_name);
- switch (type) {
- case KEY_DSA:
- k = key_new_private(type);
- buffer_get_bignum2(&e->request, k->dsa->p);
- buffer_get_bignum2(&e->request, k->dsa->q);
- buffer_get_bignum2(&e->request, k->dsa->g);
- buffer_get_bignum2(&e->request, k->dsa->pub_key);
- buffer_get_bignum2(&e->request, k->dsa->priv_key);
- break;
- case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- cert = buffer_get_string(&e->request, &len);
- if ((k = key_from_blob(cert, len)) == NULL)
- fatal("Certificate parse failed");
- free(cert);
- key_add_private(k);
- buffer_get_bignum2(&e->request, k->dsa->priv_key);
- break;
-#ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
- k = key_new_private(type);
- k->ecdsa_nid = key_ecdsa_nid_from_name(type_name);
- curve = buffer_get_string(&e->request, NULL);
- if (k->ecdsa_nid != key_curve_name_to_nid(curve))
- fatal("%s: curve names mismatch", __func__);
- free(curve);
- k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
- if (k->ecdsa == NULL)
- fatal("%s: EC_KEY_new_by_curve_name failed",
- __func__);
- q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
- if (q == NULL)
- fatal("%s: BN_new failed", __func__);
- if ((exponent = BN_new()) == NULL)
- fatal("%s: BN_new failed", __func__);
- buffer_get_ecpoint(&e->request,
- EC_KEY_get0_group(k->ecdsa), q);
- buffer_get_bignum2(&e->request, exponent);
- if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
- fatal("%s: EC_KEY_set_public_key failed",
- __func__);
- if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
- fatal("%s: EC_KEY_set_private_key failed",
- __func__);
- if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
- EC_KEY_get0_public_key(k->ecdsa)) != 0)
- fatal("%s: bad ECDSA public key", __func__);
- if (key_ec_validate_private(k->ecdsa) != 0)
- fatal("%s: bad ECDSA private key", __func__);
- BN_clear_free(exponent);
- EC_POINT_free(q);
- break;
- case KEY_ECDSA_CERT:
- cert = buffer_get_string(&e->request, &len);
- if ((k = key_from_blob(cert, len)) == NULL)
- fatal("Certificate parse failed");
- free(cert);
- key_add_private(k);
- if ((exponent = BN_new()) == NULL)
- fatal("%s: BN_new failed", __func__);
- buffer_get_bignum2(&e->request, exponent);
- if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
- fatal("%s: EC_KEY_set_private_key failed",
- __func__);
- if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
- EC_KEY_get0_public_key(k->ecdsa)) != 0 ||
- key_ec_validate_private(k->ecdsa) != 0)
- fatal("%s: bad ECDSA key", __func__);
- BN_clear_free(exponent);
- break;
-#endif /* OPENSSL_HAS_ECC */
- case KEY_RSA:
- k = key_new_private(type);
- buffer_get_bignum2(&e->request, k->rsa->n);
- buffer_get_bignum2(&e->request, k->rsa->e);
- buffer_get_bignum2(&e->request, k->rsa->d);
- buffer_get_bignum2(&e->request, k->rsa->iqmp);
- buffer_get_bignum2(&e->request, k->rsa->p);
- buffer_get_bignum2(&e->request, k->rsa->q);
- /* Generate additional parameters */
- rsa_generate_additional_parameters(k->rsa);
- break;
- case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- cert = buffer_get_string(&e->request, &len);
- if ((k = key_from_blob(cert, len)) == NULL)
- fatal("Certificate parse failed");
- free(cert);
- key_add_private(k);
- buffer_get_bignum2(&e->request, k->rsa->d);
- buffer_get_bignum2(&e->request, k->rsa->iqmp);
- buffer_get_bignum2(&e->request, k->rsa->p);
- buffer_get_bignum2(&e->request, k->rsa->q);
- break;
- default:
- free(type_name);
- buffer_clear(&e->request);
- goto send;
- }
- free(type_name);
- break;
- }
- /* enable blinding */
- switch (k->type) {
- case KEY_RSA:
- case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- case KEY_RSA1:
+ /* enable blinding */
if (RSA_blinding_on(k->rsa, NULL) != 1) {
error("process_add_identity: RSA_blinding_on failed");
key_free(k);
@@ -609,6 +493,13 @@
goto send;
}
break;
+ case 2:
+ k = key_private_deserialize(&e->request);
+ if (k == NULL) {
+ buffer_clear(&e->request);
+ goto send;
+ }
+ break;
}
comment = buffer_get_string(&e->request, NULL);
if (k == NULL) {
@@ -663,7 +554,7 @@
passwd = buffer_get_string(&e->request, NULL);
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
locked = 0;
- memset(lock_passwd, 0, strlen(lock_passwd));
+ explicit_bzero(lock_passwd, strlen(lock_passwd));
free(lock_passwd);
lock_passwd = NULL;
success = 1;
@@ -672,7 +563,7 @@
lock_passwd = xstrdup(passwd);
success = 1;
}
- memset(passwd, 0, strlen(passwd));
+ explicit_bzero(passwd, strlen(passwd));
free(passwd);
buffer_put_int(&e->output, 1);
@@ -771,6 +662,9 @@
tab = idtab_lookup(version);
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
nxt = TAILQ_NEXT(id, next);
+ /* Skip file--based keys */
+ if (id->provider == NULL)
+ continue;
if (!strcmp(provider, id->provider)) {
TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
Modified: vendor-crypto/openssh/dist/ssh-dss.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-dss.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-dss.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -38,6 +38,7 @@
#include "compat.h"
#include "log.h"
#include "key.h"
+#include "digest.h"
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
@@ -47,23 +48,24 @@
const u_char *data, u_int datalen)
{
DSA_SIG *sig;
- const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
- u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
- u_int rlen, slen, len, dlen;
+ u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
+ u_int rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
Buffer b;
- if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
- key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
- error("ssh_dss_sign: no DSA key");
+ if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
+ key->dsa == NULL) {
+ error("%s: no DSA key", __func__);
return -1;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: ssh_digest_memory failed", __func__);
+ return -1;
+ }
+
sig = DSA_do_sign(digest, dlen, key->dsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (sig == NULL) {
error("ssh_dss_sign: sign failed");
@@ -77,7 +79,7 @@
DSA_SIG_free(sig);
return -1;
}
- memset(sigblob, 0, SIGBLOB_LEN);
+ explicit_bzero(sigblob, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
@@ -110,16 +112,14 @@
const u_char *data, u_int datalen)
{
DSA_SIG *sig;
- const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
- u_char digest[EVP_MAX_MD_SIZE], *sigblob;
- u_int len, dlen;
+ u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob;
+ u_int len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
int rlen, ret;
Buffer b;
- if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
- key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
- error("ssh_dss_verify: no DSA key");
+ if (key == NULL || key_type_plain(key->type) != KEY_DSA ||
+ key->dsa == NULL) {
+ error("%s: no DSA key", __func__);
return -1;
}
@@ -135,7 +135,7 @@
buffer_append(&b, signature, signaturelen);
ktype = buffer_get_cstring(&b, NULL);
if (strcmp("ssh-dss", ktype) != 0) {
- error("ssh_dss_verify: cannot handle type %s", ktype);
+ error("%s: cannot handle type %s", __func__, ktype);
buffer_free(&b);
free(ktype);
return -1;
@@ -145,8 +145,8 @@
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
- error("ssh_dss_verify: "
- "remaining bytes in signature %d", rlen);
+ error("%s: remaining bytes in signature %d",
+ __func__, rlen);
free(sigblob);
return -1;
}
@@ -158,30 +158,32 @@
/* parse signature */
if ((sig = DSA_SIG_new()) == NULL)
- fatal("ssh_dss_verify: DSA_SIG_new failed");
+ fatal("%s: DSA_SIG_new failed", __func__);
if ((sig->r = BN_new()) == NULL)
- fatal("ssh_dss_verify: BN_new failed");
+ fatal("%s: BN_new failed", __func__);
if ((sig->s = BN_new()) == NULL)
fatal("ssh_dss_verify: BN_new failed");
if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
(BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
- fatal("ssh_dss_verify: BN_bin2bn failed");
+ fatal("%s: BN_bin2bn failed", __func__);
/* clean up */
- memset(sigblob, 0, len);
+ explicit_bzero(sigblob, len);
free(sigblob);
/* sha1 the data */
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: digest_memory failed", __func__);
+ return -1;
+ }
ret = DSA_do_verify(digest, dlen, sig, key->dsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
DSA_SIG_free(sig);
- debug("ssh_dss_verify: signature %s",
+ debug("%s: signature %s", __func__,
ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
return ret;
}
Modified: vendor-crypto/openssh/dist/ssh-ecdsa.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-ecdsa.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-ecdsa.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.10 2014/02/03 23:28:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -42,6 +42,7 @@
#include "compat.h"
#include "log.h"
#include "key.h"
+#include "digest.h"
int
ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
@@ -48,24 +49,30 @@
const u_char *data, u_int datalen)
{
ECDSA_SIG *sig;
- const EVP_MD *evp_md;
- EVP_MD_CTX md;
- u_char digest[EVP_MAX_MD_SIZE];
+ int hash_alg;
+ u_char digest[SSH_DIGEST_MAX_LENGTH];
u_int len, dlen;
Buffer b, bb;
- if (key == NULL || key->ecdsa == NULL ||
- (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) {
+ if (key == NULL || key_type_plain(key->type) != KEY_ECDSA ||
+ key->ecdsa == NULL) {
error("%s: no ECDSA key", __func__);
return -1;
}
- evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid);
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ hash_alg = key_ec_nid_to_hash_alg(key->ecdsa_nid);
+ if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
+ error("%s: bad hash algorithm %d", __func__, hash_alg);
+ return -1;
+ }
+ if (ssh_digest_memory(hash_alg, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: digest_memory failed", __func__);
+ return -1;
+ }
+
sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (sig == NULL) {
error("%s: sign failed", __func__);
@@ -97,20 +104,18 @@
const u_char *data, u_int datalen)
{
ECDSA_SIG *sig;
- const EVP_MD *evp_md;
- EVP_MD_CTX md;
- u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ int hash_alg;
+ u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob;
u_int len, dlen;
int rlen, ret;
Buffer b, bb;
char *ktype;
- if (key == NULL || key->ecdsa == NULL ||
- (key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) {
+ if (key == NULL || key_type_plain(key->type) != KEY_ECDSA ||
+ key->ecdsa == NULL) {
error("%s: no ECDSA key", __func__);
return -1;
}
- evp_md = key_ec_nid_to_evpmd(key->ecdsa_nid);
/* fetch signature */
buffer_init(&b);
@@ -135,9 +140,6 @@
/* parse signature */
if ((sig = ECDSA_SIG_new()) == NULL)
fatal("%s: ECDSA_SIG_new failed", __func__);
- if ((sig->r = BN_new()) == NULL ||
- (sig->s = BN_new()) == NULL)
- fatal("%s: BN_new failed", __func__);
buffer_init(&bb);
buffer_append(&bb, sigblob, len);
@@ -148,16 +150,23 @@
buffer_free(&bb);
/* clean up */
- memset(sigblob, 0, len);
+ explicit_bzero(sigblob, len);
free(sigblob);
/* hash the data */
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ hash_alg = key_ec_nid_to_hash_alg(key->ecdsa_nid);
+ if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
+ error("%s: bad hash algorithm %d", __func__, hash_alg);
+ return -1;
+ }
+ if (ssh_digest_memory(hash_alg, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: digest_memory failed", __func__);
+ return -1;
+ }
ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
ECDSA_SIG_free(sig);
Added: vendor-crypto/openssh/dist/ssh-ed25519.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-ed25519.c (rev 0)
+++ vendor-crypto/openssh/dist/ssh-ed25519.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,149 @@
+/* $OpenBSD: ssh-ed25519.c,v 1.3 2014/02/23 20:03:42 djm Exp $ */
+/*
+ * Copyright (c) 2013 Markus Friedl <markus at openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include "crypto_api.h"
+
+#include <limits.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "log.h"
+#include "buffer.h"
+#include "key.h"
+#include "ssh.h"
+
+int
+ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp,
+ const u_char *data, u_int datalen)
+{
+ u_char *sig;
+ u_int slen, len;
+ unsigned long long smlen;
+ int ret;
+ Buffer b;
+
+ if (key == NULL || key_type_plain(key->type) != KEY_ED25519 ||
+ key->ed25519_sk == NULL) {
+ error("%s: no ED25519 key", __func__);
+ return -1;
+ }
+
+ if (datalen >= UINT_MAX - crypto_sign_ed25519_BYTES) {
+ error("%s: datalen %u too long", __func__, datalen);
+ return -1;
+ }
+ smlen = slen = datalen + crypto_sign_ed25519_BYTES;
+ sig = xmalloc(slen);
+
+ if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
+ key->ed25519_sk)) != 0 || smlen <= datalen) {
+ error("%s: crypto_sign_ed25519 failed: %d", __func__, ret);
+ free(sig);
+ return -1;
+ }
+ /* encode signature */
+ buffer_init(&b);
+ buffer_put_cstring(&b, "ssh-ed25519");
+ buffer_put_string(&b, sig, smlen - datalen);
+ len = buffer_len(&b);
+ if (lenp != NULL)
+ *lenp = len;
+ if (sigp != NULL) {
+ *sigp = xmalloc(len);
+ memcpy(*sigp, buffer_ptr(&b), len);
+ }
+ buffer_free(&b);
+ explicit_bzero(sig, slen);
+ free(sig);
+
+ return 0;
+}
+
+int
+ssh_ed25519_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ const u_char *data, u_int datalen)
+{
+ Buffer b;
+ char *ktype;
+ u_char *sigblob, *sm, *m;
+ u_int len;
+ unsigned long long smlen, mlen;
+ int rlen, ret;
+
+ if (key == NULL || key_type_plain(key->type) != KEY_ED25519 ||
+ key->ed25519_pk == NULL) {
+ error("%s: no ED25519 key", __func__);
+ return -1;
+ }
+ buffer_init(&b);
+ buffer_append(&b, signature, signaturelen);
+ ktype = buffer_get_cstring(&b, NULL);
+ if (strcmp("ssh-ed25519", ktype) != 0) {
+ error("%s: cannot handle type %s", __func__, ktype);
+ buffer_free(&b);
+ free(ktype);
+ return -1;
+ }
+ free(ktype);
+ sigblob = buffer_get_string(&b, &len);
+ rlen = buffer_len(&b);
+ buffer_free(&b);
+ if (rlen != 0) {
+ error("%s: remaining bytes in signature %d", __func__, rlen);
+ free(sigblob);
+ return -1;
+ }
+ if (len > crypto_sign_ed25519_BYTES) {
+ error("%s: len %u > crypto_sign_ed25519_BYTES %u", __func__,
+ len, crypto_sign_ed25519_BYTES);
+ free(sigblob);
+ return -1;
+ }
+ smlen = len + datalen;
+ sm = xmalloc(smlen);
+ memcpy(sm, sigblob, len);
+ memcpy(sm+len, data, datalen);
+ mlen = smlen;
+ m = xmalloc(mlen);
+ if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
+ key->ed25519_pk)) != 0) {
+ debug2("%s: crypto_sign_ed25519_open failed: %d",
+ __func__, ret);
+ }
+ if (ret == 0 && mlen != datalen) {
+ debug2("%s: crypto_sign_ed25519_open "
+ "mlen != datalen (%llu != %u)", __func__, mlen, datalen);
+ ret = -1;
+ }
+ /* XXX compare 'm' and 'data' ? */
+
+ explicit_bzero(sigblob, len);
+ explicit_bzero(sm, smlen);
+ explicit_bzero(m, smlen); /* NB. mlen may be invalid if ret != 0 */
+ free(sigblob);
+ free(sm);
+ free(m);
+ debug("%s: signature %scorrect", __func__, (ret != 0) ? "in" : "");
+
+ /* translate return code carefully */
+ return (ret == 0) ? 1 : -1;
+}
Modified: vendor-crypto/openssh/dist/ssh-gss.h
===================================================================
--- vendor-crypto/openssh/dist/ssh-gss.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-gss.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
+/* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
@@ -104,6 +104,8 @@
void ssh_gssapi_set_oid(Gssctxt *, gss_OID);
void ssh_gssapi_supported_oids(gss_OID_set *);
ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
+void ssh_gssapi_prepare_supported_oids(void);
+OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *);
OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
Modified: vendor-crypto/openssh/dist/ssh-keygen.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keygen.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -4,7 +4,7 @@
ssh-keygen - authentication key generation, management and conversion
SYNOPSIS
- ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
+ ssh-keygen [-q] [-b bits] [-t type] [-N new_passphrase] [-C comment]
[-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
@@ -19,8 +19,8 @@
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
- ssh-keygen -T output_file -f input_file [-v] [-a num_trials]
- [-J num_lines] [-j start_line] [-K checkpt] [-W generator]
+ ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
+ [-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
@@ -32,10 +32,10 @@
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
- and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type
- of key to be generated is specified with the -t option. If invoked
- without any arguments, ssh-keygen will generate an RSA key for use in SSH
- protocol 2 connections.
+ and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+ The type of key to be generated is specified with the -t option. If
+ invoked without any arguments, ssh-keygen will generate an RSA key for
+ use in SSH protocol 2 connections.
ssh-keygen is also used to generate groups for use in Diffie-Hellman
group exchange (DH-GEX). See the MODULI GENERATION section for details.
@@ -46,9 +46,9 @@
Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/identity,
- ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the
- system administrator may use this to generate host keys, as seen in
- /etc/rc.
+ ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
+ Additionally, the system administrator may use this to generate host
+ keys, as seen in /etc/rc.
Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
@@ -79,16 +79,23 @@
The options are as follows:
- -A For each of the key types (rsa1, rsa, dsa and ecdsa) for which
- host keys do not exist, generate the host keys with the default
- key file path, an empty passphrase, default bits for the key
- type, and default comment. This is used by /etc/rc to generate
- new host keys.
+ -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
+ which host keys do not exist, generate the host keys with the
+ default key file path, an empty passphrase, default bits for the
+ key type, and default comment. This is used by /etc/rc to
+ generate new host keys.
- -a trials
- Specifies the number of primality tests to perform when screening
- DH-GEX candidates using the -T command.
+ -a rounds
+ When saving a new-format private key (i.e. an ed25519 key or any
+ SSH protocol 2 key when the -o flag is set), this option
+ specifies the number of KDF (key derivation function) rounds
+ used. Higher numbers result in slower passphrase verification
+ and increased resistance to brute-force password cracking (should
+ the keys be stolen).
+ When screening DH-GEX candidates ( using the -T command). This
+ option specifies the number of primality tests to perform.
+
-B Show the bubblebabble digest of specified private or public key
file.
@@ -100,7 +107,8 @@
the -b flag determines the key length by selecting from one of
three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
use bit lengths other than these three values for ECDSA keys will
- fail.
+ fail. ED25519 keys have a fixed length and the -b flag will be
+ ignored.
-C comment
Provides a new comment.
@@ -262,6 +270,12 @@
At present, no options are valid for host keys.
+ -o Causes ssh-keygen to save SSH protocol 2 private keys using the
+ new OpenSSH format rather than the more compatible PEM format.
+ The new format has increased resistance to brute-force password
+ cracking but is not supported by versions of OpenSSH prior to
+ 6.5. Ed25519 keys always use the new private key format.
+
-P passphrase
Provides the (old) passphrase.
@@ -301,8 +315,8 @@
-t type
Specifies the type of key to create. The possible values are
- ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa''
- for protocol version 2.
+ ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'',
+ ``ed25519'', or ``rsa'' for protocol version 2.
-u Update a KRL. When specified with -k, keys listed via the
command line are added to the existing KRL rather than a new KRL
@@ -441,7 +455,7 @@
KEY REVOCATION LISTS
ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
These binary files specify keys or certificates to be revoked using a
- compact format, taking as little a one bit per certificate if they are
+ compact format, taking as little as one bit per certificate if they are
being revoked by serial number.
KRLs may be generated using the -k flag. This option reads one or more
@@ -508,24 +522,26 @@
~/.ssh/id_dsa
~/.ssh/id_ecdsa
+ ~/.ssh/id_ed25519
~/.ssh/id_rsa
- Contains the protocol version 2 DSA, ECDSA or RSA authentication
- identity of the user. This file should not be readable by anyone
- but the user. It is possible to specify a passphrase when
- generating the key; that passphrase will be used to encrypt the
- private part of this file using 128-bit AES. This file is not
- automatically accessed by ssh-keygen but it is offered as the
- default file for the private key. ssh(1) will read this file
- when a login attempt is made.
+ Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+ authentication identity of the user. This file should not be
+ readable by anyone but the user. It is possible to specify a
+ passphrase when generating the key; that passphrase will be used
+ to encrypt the private part of this file using 128-bit AES. This
+ file is not automatically accessed by ssh-keygen but it is
+ offered as the default file for the private key. ssh(1) will
+ read this file when a login attempt is made.
~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
- Contains the protocol version 2 DSA, ECDSA or RSA public key for
- authentication. The contents of this file should be added to
- ~/.ssh/authorized_keys on all machines where the user wishes to
- log in using public key authentication. There is no need to keep
- the contents of this file secret.
+ Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public
+ key for authentication. The contents of this file should be
+ added to ~/.ssh/authorized_keys on all machines where the user
+ wishes to log in using public key authentication. There is no
+ need to keep the contents of this file secret.
/etc/moduli
Contains Diffie-Hellman groups used for DH-GEX. The file format
@@ -543,4 +559,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
+OpenBSD 5.5 February 5, 2014 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-keygen.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keygen.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 27 2013 $
+.Dd $Mdocdate: February 5 2014 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -46,7 +46,7 @@
.Nm ssh-keygen
.Op Fl q
.Op Fl b Ar bits
-.Fl t Ar type
+.Op Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
@@ -103,7 +103,7 @@
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl v
-.Op Fl a Ar num_trials
+.Op Fl a Ar rounds
.Op Fl J Ar num_lines
.Op Fl j Ar start_line
.Op Fl K Ar checkpt
@@ -139,8 +139,8 @@
generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
-can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
-keys for use by SSH protocol version 2.
+can create RSA keys for use by SSH protocol version 1 and
+DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
@@ -167,8 +167,9 @@
with public key authentication runs this once to create the authentication
key in
.Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_dsa ,
.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_dsa
+.Pa ~/.ssh/id_ed25519
or
.Pa ~/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
@@ -216,17 +217,27 @@
The options are as follows:
.Bl -tag -width Ds
.It Fl A
-For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
+for which host keys
do not exist, generate the host keys with the default key file path,
an empty passphrase, default bits for the key type, and default comment.
This is used by
.Pa /etc/rc
to generate new host keys.
-.It Fl a Ar trials
-Specifies the number of primality tests to perform when screening DH-GEX
-candidates using the
+.It Fl a Ar rounds
+When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
+2 key when the
+.Fl o
+flag is set), this option specifies the number of KDF (key derivation function)
+rounds used.
+Higher numbers result in slower passphrase verification and increased
+resistance to brute-force password cracking (should the keys be stolen).
+.Pp
+When screening DH-GEX candidates (
+using the
.Fl T
-command.
+command).
+This option specifies the number of primality tests to perform.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
@@ -240,6 +251,9 @@
curve sizes: 256, 384 or 521 bits.
Attempting to use bit lengths other than these three values for ECDSA keys
will fail.
+ED25519 keys have a fixed length and the
+.Fl b
+flag will be ignored.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
@@ -447,6 +461,14 @@
.El
.Pp
At present, no options are valid for host keys.
+.It Fl o
+Causes
+.Nm
+to save SSH protocol 2 private keys using the new OpenSSH format rather than
+the more compatible PEM format.
+The new format has increased resistance to brute-force password cracking
+but is not supported by versions of OpenSSH prior to 6.5.
+Ed25519 keys always use the new private key format.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl p
@@ -498,7 +520,8 @@
.Dq rsa1
for protocol version 1 and
.Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519 ,
or
.Dq rsa
for protocol version 2.
@@ -691,7 +714,7 @@
.Nm
is able to manage OpenSSH format Key Revocation Lists (KRLs).
These binary files specify keys or certificates to be revoked using a
-compact format, taking as little a one bit per certificate if they are being
+compact format, taking as little as one bit per certificate if they are being
revoked by serial number.
.Pp
KRLs may be generated using the
@@ -778,8 +801,10 @@
.Pp
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -792,8 +817,10 @@
.Pp
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
on all machines
Modified: vendor-crypto/openssh/dist/ssh-keygen.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keygen.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.241 2014/02/05 20:13:25 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -150,6 +150,18 @@
/* Load key from this PKCS#11 provider */
char *pkcs11provider = NULL;
+/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */
+int use_new_format = 0;
+
+/* Cipher for new-format private keys */
+char *new_format_cipher = NULL;
+
+/*
+ * Number of KDF rounds to derive new format keys /
+ * number of primality trials when screening moduli.
+ */
+int rounds = 0;
+
/* argv0 */
extern char *__progname;
@@ -185,7 +197,7 @@
}
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
- else if (type != KEY_ECDSA && *bitsp < 768)
+ else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
fatal("Key must at least be 768 bits");
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
fatal("Invalid ECDSA key length - valid lengths are "
@@ -221,6 +233,10 @@
case KEY_RSA:
name = _PATH_SSH_CLIENT_ID_RSA;
break;
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ name = _PATH_SSH_CLIENT_ID_ED25519;
+ break;
default:
fprintf(stderr, "bad key type\n");
exit(1);
@@ -251,7 +267,7 @@
pass = read_passphrase("Enter passphrase: ",
RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
- memset(pass, 0, strlen(pass));
+ explicit_bzero(pass, strlen(pass));
free(pass);
}
return prv;
@@ -884,6 +900,7 @@
#ifdef OPENSSL_HAS_ECC
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
#endif
+ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
{ NULL, NULL, NULL }
};
@@ -910,7 +927,6 @@
}
printf("%s ", key_types[i].key_type_display);
fflush(stdout);
- arc4random_stir();
type = key_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0;
@@ -924,7 +940,8 @@
public = key_from_private(private);
snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
hostname);
- if (!key_save_private(private, identity_file, "", comment)) {
+ if (!key_save_private(private, identity_file, "", comment,
+ use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
key_free(private);
key_free(public);
@@ -932,7 +949,6 @@
continue;
}
key_free(private);
- arc4random_stir();
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
@@ -1001,6 +1017,7 @@
char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
int ca;
+ int found_key = 0;
if (!have_identity) {
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -1103,11 +1120,13 @@
}
c = (strcmp(cp2, cp) == 0);
if (find_host && c) {
- printf("# Host %s found: "
- "line %d type %s%s\n", name,
- num, key_type(pub),
- ca ? " (CA key)" : "");
+ if (!quiet)
+ printf("# Host %s found: "
+ "line %d type %s%s\n", name,
+ num, key_type(pub),
+ ca ? " (CA key)" : "");
printhost(out, cp, pub, ca, 0);
+ found_key = 1;
}
if (delete_host) {
if (!c && !ca)
@@ -1124,12 +1143,14 @@
c = (match_hostname(name, cp,
strlen(cp)) == 1);
if (find_host && c) {
- printf("# Host %s found: "
- "line %d type %s%s\n", name,
- num, key_type(pub),
- ca ? " (CA key)" : "");
+ if (!quiet)
+ printf("# Host %s found: "
+ "line %d type %s%s\n", name,
+ num, key_type(pub),
+ ca ? " (CA key)" : "");
printhost(out, name, pub,
ca, hash_hosts && !ca);
+ found_key = 1;
}
if (delete_host) {
if (!c && !ca)
@@ -1205,7 +1226,7 @@
}
}
- exit(0);
+ exit (find_host && !found_key);
}
/*
@@ -1237,7 +1258,7 @@
RP_ALLOW_STDIN);
private = key_load_private(identity_file, old_passphrase,
&comment);
- memset(old_passphrase, 0, strlen(old_passphrase));
+ explicit_bzero(old_passphrase, strlen(old_passphrase));
free(old_passphrase);
if (private == NULL) {
printf("Bad passphrase.\n");
@@ -1259,8 +1280,8 @@
/* Verify that they are the same. */
if (strcmp(passphrase1, passphrase2) != 0) {
- memset(passphrase1, 0, strlen(passphrase1));
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase1, strlen(passphrase1));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase1);
free(passphrase2);
printf("Pass phrases do not match. Try again.\n");
@@ -1267,14 +1288,15 @@
exit(1);
}
/* Destroy the other copy. */
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase2);
}
/* Save the file using the new passphrase. */
- if (!key_save_private(private, identity_file, passphrase1, comment)) {
+ if (!key_save_private(private, identity_file, passphrase1, comment,
+ use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
key_free(private);
free(comment);
@@ -1281,7 +1303,7 @@
exit(1);
}
/* Destroy the passphrase and the copy of the key in memory. */
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
key_free(private); /* Destroys contents */
free(comment);
@@ -1353,7 +1375,7 @@
/* Try to load using the passphrase. */
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
printf("Bad passphrase.\n");
exit(1);
@@ -1374,7 +1396,7 @@
printf("Enter new comment: ");
fflush(stdout);
if (!fgets(new_comment, sizeof(new_comment), stdin)) {
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
key_free(private);
exit(1);
}
@@ -1382,15 +1404,16 @@
}
/* Save the file using the new passphrase. */
- if (!key_save_private(private, identity_file, passphrase, new_comment)) {
+ if (!key_save_private(private, identity_file, passphrase, new_comment,
+ use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
key_free(private);
free(comment);
exit(1);
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
public = key_from_private(private);
key_free(private);
@@ -1593,7 +1616,7 @@
if ((public = key_load_public(tmp, &comment)) == NULL)
fatal("%s: unable to open \"%s\"", __func__, tmp);
if (public->type != KEY_RSA && public->type != KEY_DSA &&
- public->type != KEY_ECDSA)
+ public->type != KEY_ECDSA && public->type != KEY_ED25519)
fatal("%s: key \"%s\" type %s cannot be certified",
__func__, tmp, key_type(public));
@@ -1693,7 +1716,7 @@
fatal("Invalid certificate time format %s", s);
}
- bzero(&tm, sizeof(tm));
+ memset(&tm, 0, sizeof(tm));
if (strptime(buf, fmt, &tm) == NULL)
fatal("Invalid certificate time %s", s);
if ((tt = mktime(&tm)) < 0)
@@ -1738,7 +1761,7 @@
cert_valid_from = parse_absolute_time(from);
if (*to == '-' || *to == '+')
- cert_valid_to = parse_relative_time(to, cert_valid_from);
+ cert_valid_to = parse_relative_time(to, now);
else
cert_valid_to = parse_absolute_time(to);
@@ -1963,7 +1986,7 @@
continue;
if (strncasecmp(cp, "serial:", 7) == 0) {
if (ca == NULL) {
- fatal("revoking certificated by serial number "
+ fatal("revoking certificates by serial number "
"requires specification of a CA key");
}
cp += 7;
@@ -2000,7 +2023,7 @@
}
} else if (strncasecmp(cp, "id:", 3) == 0) {
if (ca == NULL) {
- fatal("revoking certificated by key ID "
+ fatal("revoking certificates by key ID "
"requires specification of a CA key");
}
cp += 3;
@@ -2129,7 +2152,7 @@
fprintf(stderr, "usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -A Generate non-existent host keys for all key types.\n");
- fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
+ fprintf(stderr, " -a number Number of KDF rounds for new key format or moduli primality tests.\n");
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
fprintf(stderr, " -C comment Provide new comment.\n");
@@ -2157,6 +2180,7 @@
fprintf(stderr, " -N phrase Provide new passphrase.\n");
fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");
fprintf(stderr, " -O option Specify a certificate option.\n");
+ fprintf(stderr, " -o Enforce new private key format.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
fprintf(stderr, " -p Change passphrase of private key file.\n");
fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n");
@@ -2172,6 +2196,7 @@
fprintf(stderr, " -v Verbose.\n");
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -y Read private key file and print public key.\n");
+ fprintf(stderr, " -Z cipher Specify a cipher for new private key format.\n");
fprintf(stderr, " -z serial Specify a serial number.\n");
exit(1);
@@ -2190,7 +2215,7 @@
struct passwd *pw;
struct stat st;
int opt, type, fd;
- u_int32_t memory = 0, generator_wanted = 0, trials = 100;
+ u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
@@ -2222,8 +2247,9 @@
exit(1);
}
- while ((opt = getopt(argc, argv, "ABHLQXceghiklpquvxy"
- "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
+ /* Remaining characters: EUYdw */
+ while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
+ "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
switch (opt) {
case 'A':
gen_all_hostkeys = 1;
@@ -2281,6 +2307,9 @@
case 'n':
cert_principals = optarg;
break;
+ case 'o':
+ use_new_format = 1;
+ break;
case 'p':
change_passphrase = 1;
break;
@@ -2308,6 +2337,9 @@
case 'O':
add_cert_option(optarg);
break;
+ case 'Z':
+ new_format_cipher = optarg;
+ break;
case 'C':
identity_comment = optarg;
break;
@@ -2366,9 +2398,9 @@
optarg, errstr);
break;
case 'a':
- trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
+ rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
- fatal("Invalid number of trials: %s (%s)",
+ fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
case 'M':
@@ -2527,7 +2559,8 @@
fatal("Couldn't open moduli file \"%s\": %s",
out_file, strerror(errno));
}
- if (prime_test(in, out, trials, generator_wanted, checkpoint,
+ if (prime_test(in, out, rounds == 0 ? 100 : rounds,
+ generator_wanted, checkpoint,
start_lineno, lines_to_process) != 0)
fatal("modulus screening failed");
return (0);
@@ -2538,8 +2571,6 @@
return (0);
}
- arc4random_stir();
-
if (key_type_name == NULL)
key_type_name = "rsa";
@@ -2601,8 +2632,8 @@
* The passphrases do not match. Clear them and
* retry.
*/
- memset(passphrase1, 0, strlen(passphrase1));
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase1, strlen(passphrase1));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase1);
free(passphrase2);
printf("Passphrases do not match. Try again.\n");
@@ -2609,7 +2640,7 @@
goto passphrase_again;
}
/* Clear the other copy of the passphrase. */
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase2);
}
@@ -2621,19 +2652,19 @@
}
/* Save the key with the given passphrase and comment. */
- if (!key_save_private(private, identity_file, passphrase1, comment)) {
+ if (!key_save_private(private, identity_file, passphrase1, comment,
+ use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
exit(1);
}
/* Clear the passphrase. */
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
/* Clear the private key and the random number generator. */
key_free(private);
- arc4random_stir();
if (!quiet)
printf("Your identification has been saved in %s.\n", identity_file);
Modified: vendor-crypto/openssh/dist/ssh-keyscan.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keyscan.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -27,9 +27,10 @@
-6 Forces ssh-keyscan to use IPv6 addresses only.
-f file
- Read hosts or addrlist namelist pairs from this file, one per
+ Read hosts or ``addrlist namelist'' pairs from file, one per
line. If - is supplied instead of a filename, ssh-keyscan will
- read hosts or addrlist namelist pairs from the standard input.
+ read hosts or ``addrlist namelist'' pairs from the standard
+ input.
-H Hash all hostnames and addresses in the output. Hashed names may
be used normally by ssh and sshd, but they do not reveal
@@ -48,9 +49,9 @@
-t type
Specifies the type of the key to fetch from the scanned hosts.
The possible values are ``rsa1'' for protocol version 1 and
- ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2. Multiple
- values may be specified by separating them with commas. The
- default is to fetch ``rsa'' and ``ecdsa'' keys.
+ ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa'' for protocol version
+ 2. Multiple values may be specified by separating them with
+ commas. The default is to fetch ``rsa'' and ``ecdsa'' keys.
-v Verbose mode. Causes ssh-keyscan to print debugging messages
about its progress.
@@ -77,7 +78,7 @@
host-or-namelist keytype base64-encoded-key
Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
- ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
+ ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', ``ssh-dss'' or ``ssh-rsa''.
/etc/ssh/ssh_known_hosts
@@ -106,4 +107,4 @@
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
-OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
+OpenBSD 5.5 January 28, 2014 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-keyscan.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keyscan.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.31 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.34 2014/01/28 14:13:39 jmc Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: January 28 2014 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -56,14 +56,16 @@
to use IPv6 addresses only.
.It Fl f Ar file
Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
+.Dq addrlist namelist
+pairs from
+.Ar file ,
+one per line.
If
.Pa -
is supplied instead of a filename,
.Nm
will read hosts or
-.Pa addrlist namelist
+.Dq addrlist namelist
pairs from the standard input.
.It Fl H
Hash all hostnames and addresses in the output.
@@ -78,7 +80,7 @@
.It Fl T Ar timeout
Set the timeout for connection attempts.
If
-.Pa timeout
+.Ar timeout
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
closed and the host in question considered unavailable.
@@ -89,7 +91,8 @@
.Dq rsa1
for protocol version 1 and
.Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519 ,
or
.Dq rsa
for protocol version 2.
@@ -116,27 +119,28 @@
can help in the detection of tampered keyfiles or man in the middle
attacks which have begun after the ssh_known_hosts file was created.
.Sh FILES
-.Pa Input format:
+Input format:
.Bd -literal
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
.Ed
.Pp
-.Pa Output format for rsa1 keys:
+Output format for rsa1 keys:
.Bd -literal
host-or-namelist bits exponent modulus
.Ed
.Pp
-.Pa Output format for rsa, dsa and ecdsa keys:
+Output format for rsa, dsa and ecdsa keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
.Ed
.Pp
Where
-.Pa keytype
+.Ar keytype
is either
.Dq ecdsa-sha2-nistp256 ,
.Dq ecdsa-sha2-nistp384 ,
.Dq ecdsa-sha2-nistp521 ,
+.Dq ssh-ed25519 ,
.Dq ssh-dss
or
.Dq ssh-rsa .
@@ -143,10 +147,8 @@
.Pp
.Pa /etc/ssh/ssh_known_hosts
.Sh EXAMPLES
-Print the
-.Pa rsa
-host key for machine
-.Pa hostname :
+Print the rsa host key for machine
+.Ar hostname :
.Bd -literal
$ ssh-keyscan hostname
.Ed
Modified: vendor-crypto/openssh/dist/ssh-keyscan.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keyscan.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.89 2013/12/06 13:39:49 markus Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
*
@@ -56,6 +56,7 @@
#define KT_DSA 2
#define KT_RSA 4
#define KT_ECDSA 8
+#define KT_ED25519 16
int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
@@ -245,9 +246,11 @@
packet_set_connection(c->c_fd, c->c_fd);
enable_compat20();
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
- "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" :
- "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ c->c_keytype == KT_DSA ? "ssh-dss" :
+ (c->c_keytype == KT_RSA ? "ssh-rsa" :
+ (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
+ "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
c->c_kex = kex_setup(myproposal);
c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
@@ -254,6 +257,7 @@
c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
c->c_kex->verify_host_key = hostjump;
if (!(j = setjmp(kexjmp))) {
@@ -574,7 +578,7 @@
if (name == NULL)
return;
- for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) {
+ for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
@@ -681,6 +685,9 @@
case KEY_RSA:
get_keytypes |= KT_RSA;
break;
+ case KEY_ED25519:
+ get_keytypes |= KT_ED25519;
+ break;
case KEY_UNSPEC:
fatal("unknown key type %s", tname);
}
Modified: vendor-crypto/openssh/dist/ssh-keysign.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keysign.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -25,6 +25,7 @@
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature. They should be owned by root,
@@ -34,6 +35,7 @@
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
+ /etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public
certificate information corresponding with the private keys
@@ -48,4 +50,4 @@
AUTHORS
Markus Friedl <markus at openbsd.org>
-OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
+OpenBSD 5.5 December 7, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-keysign.8
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.8 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keysign.8 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@@ -63,6 +63,7 @@
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
+.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature.
@@ -74,6 +75,7 @@
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
+.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
Modified: vendor-crypto/openssh/dist/ssh-keysign.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-keysign.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.37 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.39 2013/12/06 13:39:49 markus Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -150,7 +150,7 @@
{
Buffer b;
Options options;
-#define NUM_KEYTYPES 3
+#define NUM_KEYTYPES 4
Key *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
@@ -169,6 +169,7 @@
i = 0;
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+ key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */
@@ -179,7 +180,6 @@
permanently_set_uid(pw);
seed_rng();
- arc4random_stir();
#ifdef DEBUG_SSH_KEYSIGN
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
@@ -187,7 +187,7 @@
/* verify that ssh-keysign is enabled by the admin */
initialize_options(&options);
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", &options, 0);
fill_default_options(&options);
if (options.enable_ssh_keysign != 1)
fatal("ssh-keysign not enabled in %s",
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -22,4 +22,4 @@
AUTHORS
Markus Friedl <markus at openbsd.org>
-OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
+OpenBSD 5.5 July 16, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.7 2013/12/02 02:56:17 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -127,7 +127,8 @@
buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
buffer_put_int(&msg, nkeys);
for (i = 0; i < nkeys; i++) {
- key_to_blob(keys[i], &blob, &blen);
+ if (key_to_blob(keys[i], &blob, &blen) == 0)
+ continue;
buffer_put_string(&msg, blob, blen);
buffer_put_cstring(&msg, name);
free(blob);
Modified: vendor-crypto/openssh/dist/ssh-pkcs11.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-pkcs11.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.8 2013/07/12 00:20:00 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.11 2013/11/13 13:48:20 markus Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -31,6 +31,8 @@
#include "openbsd-compat/sys-queue.h"
+#include <openssl/x509.h>
+
#define CRYPTOKI_COMPAT
#include "pkcs11.h"
@@ -225,7 +227,7 @@
CK_OBJECT_HANDLE obj;
CK_ULONG tlen = 0;
CK_RV rv;
- CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;
+ CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;
CK_BBOOL true_val = CK_TRUE;
CK_MECHANISM mech = {
CKM_RSA_PKCS, NULL_PTR, 0
@@ -238,8 +240,6 @@
char *pin, prompt[1024];
int rval = -1;
- /* some compilers complain about non-constant initializer so we
- use NULL in CK_ATTRIBUTE above and set the values here */
key_filter[0].pValue = &private_key_class;
key_filter[2].pValue = &true_val;
@@ -384,36 +384,75 @@
* add 'wrapped' public keys to the 'keysp' array and increment nkeys.
* keysp points to an (possibly empty) array with *nkeys keys.
*/
+static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG,
+ CK_ATTRIBUTE [], CK_ATTRIBUTE [3], Key ***, int *)
+ __attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE))));
+
static int
-pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp,
- int *nkeys)
+pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
+ Key ***keysp, int *nkeys)
{
+ CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
+ CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
+ CK_ATTRIBUTE pubkey_filter[] = {
+ { CKA_CLASS, NULL, sizeof(pubkey_class) }
+ };
+ CK_ATTRIBUTE cert_filter[] = {
+ { CKA_CLASS, NULL, sizeof(cert_class) }
+ };
+ CK_ATTRIBUTE pubkey_attribs[] = {
+ { CKA_ID, NULL, 0 },
+ { CKA_MODULUS, NULL, 0 },
+ { CKA_PUBLIC_EXPONENT, NULL, 0 }
+ };
+ CK_ATTRIBUTE cert_attribs[] = {
+ { CKA_ID, NULL, 0 },
+ { CKA_SUBJECT, NULL, 0 },
+ { CKA_VALUE, NULL, 0 }
+ };
+ pubkey_filter[0].pValue = &pubkey_class;
+ cert_filter[0].pValue = &cert_class;
+
+ if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs,
+ keysp, nkeys) < 0 ||
+ pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs,
+ keysp, nkeys) < 0)
+ return (-1);
+ return (0);
+}
+
+static int
+pkcs11_key_included(Key ***keysp, int *nkeys, Key *key)
+{
+ int i;
+
+ for (i = 0; i < *nkeys; i++)
+ if (key_equal(key, (*keysp)[i]))
+ return (1);
+ return (0);
+}
+
+static int
+pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
+ CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
+ Key ***keysp, int *nkeys)
+{
Key *key;
RSA *rsa;
+ X509 *x509;
+ EVP_PKEY *evp;
int i;
+ const u_char *cp;
CK_RV rv;
CK_OBJECT_HANDLE obj;
CK_ULONG nfound;
CK_SESSION_HANDLE session;
CK_FUNCTION_LIST *f;
- CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
- CK_ATTRIBUTE pubkey_filter[] = {
- { CKA_CLASS, NULL, sizeof(pubkey_class) }
- };
- CK_ATTRIBUTE attribs[] = {
- { CKA_ID, NULL, 0 },
- { CKA_MODULUS, NULL, 0 },
- { CKA_PUBLIC_EXPONENT, NULL, 0 }
- };
- /* some compilers complain about non-constant initializer so we
- use NULL in CK_ATTRIBUTE above and set the value here */
- pubkey_filter[0].pValue = &pubkey_class;
-
f = p->function_list;
session = p->slotinfo[slotidx].session;
/* setup a filter the looks for public keys */
- if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) {
+ if ((rv = f->C_FindObjectsInit(session, filter, 1)) != CKR_OK) {
error("C_FindObjectsInit failed: %lu", rv);
return (-1);
}
@@ -441,23 +480,50 @@
/* allocate buffers for attributes */
for (i = 0; i < 3; i++)
attribs[i].pValue = xmalloc(attribs[i].ulValueLen);
- /* retrieve ID, modulus and public exponent of RSA key */
+ /*
+ * retrieve ID, modulus and public exponent of RSA key,
+ * or ID, subject and value for certificates.
+ */
+ rsa = NULL;
if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
!= CKR_OK) {
error("C_GetAttributeValue failed: %lu", rv);
- } else if ((rsa = RSA_new()) == NULL) {
- error("RSA_new failed");
+ } else if (attribs[1].type == CKA_MODULUS ) {
+ if ((rsa = RSA_new()) == NULL) {
+ error("RSA_new failed");
+ } else {
+ rsa->n = BN_bin2bn(attribs[1].pValue,
+ attribs[1].ulValueLen, NULL);
+ rsa->e = BN_bin2bn(attribs[2].pValue,
+ attribs[2].ulValueLen, NULL);
+ }
} else {
- rsa->n = BN_bin2bn(attribs[1].pValue,
- attribs[1].ulValueLen, NULL);
- rsa->e = BN_bin2bn(attribs[2].pValue,
- attribs[2].ulValueLen, NULL);
- if (rsa->n && rsa->e &&
- pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
- key = key_new(KEY_UNSPEC);
- key->rsa = rsa;
- key->type = KEY_RSA;
- key->flags |= KEY_FLAG_EXT;
+ cp = attribs[2].pValue;
+ if ((x509 = X509_new()) == NULL) {
+ error("X509_new failed");
+ } else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen)
+ == NULL) {
+ error("d2i_X509 failed");
+ } else if ((evp = X509_get_pubkey(x509)) == NULL ||
+ evp->type != EVP_PKEY_RSA ||
+ evp->pkey.rsa == NULL) {
+ debug("X509_get_pubkey failed or no rsa");
+ } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa))
+ == NULL) {
+ error("RSAPublicKey_dup");
+ }
+ if (x509)
+ X509_free(x509);
+ }
+ if (rsa && rsa->n && rsa->e &&
+ pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
+ key = key_new(KEY_UNSPEC);
+ key->rsa = rsa;
+ key->type = KEY_RSA;
+ key->flags |= KEY_FLAG_EXT;
+ if (pkcs11_key_included(keysp, nkeys, key)) {
+ key_free(key);
+ } else {
/* expand key array and add key */
*keysp = xrealloc(*keysp, *nkeys + 1,
sizeof(Key *));
@@ -464,9 +530,9 @@
(*keysp)[*nkeys] = key;
*nkeys = *nkeys + 1;
debug("have %d keys", *nkeys);
- } else {
- RSA_free(rsa);
}
+ } else if (rsa) {
+ RSA_free(rsa);
}
for (i = 0; i < 3; i++)
free(attribs[i].pValue);
Modified: vendor-crypto/openssh/dist/ssh-rsa.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-rsa.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-rsa.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus at openbsd.org>
*
@@ -32,6 +32,7 @@
#include "compat.h"
#include "misc.h"
#include "ssh.h"
+#include "digest.h"
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
@@ -40,37 +41,41 @@
ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
const u_char *data, u_int datalen)
{
- const EVP_MD *evp_md;
- EVP_MD_CTX md;
- u_char digest[EVP_MAX_MD_SIZE], *sig;
+ int hash_alg;
+ u_char digest[SSH_DIGEST_MAX_LENGTH], *sig;
u_int slen, dlen, len;
int ok, nid;
Buffer b;
- if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA &&
- key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) {
- error("ssh_rsa_sign: no RSA key");
+ if (key == NULL || key_type_plain(key->type) != KEY_RSA ||
+ key->rsa == NULL) {
+ error("%s: no RSA key", __func__);
return -1;
}
- nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
- if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
- error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+
+ /* hash the data */
+ hash_alg = SSH_DIGEST_SHA1;
+ nid = NID_sha1;
+ if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
+ error("%s: bad hash algorithm %d", __func__, hash_alg);
return -1;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ if (ssh_digest_memory(hash_alg, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: ssh_digest_memory failed", __func__);
+ return -1;
+ }
slen = RSA_size(key->rsa);
sig = xmalloc(slen);
ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (ok != 1) {
int ecode = ERR_get_error();
- error("ssh_rsa_sign: RSA_sign failed: %s",
+ error("%s: RSA_sign failed: %s", __func__,
ERR_error_string(ecode, NULL));
free(sig);
return -1;
@@ -79,9 +84,9 @@
u_int diff = slen - len;
debug("slen %u > len %u", slen, len);
memmove(sig + diff, sig, len);
- memset(sig, 0, diff);
+ explicit_bzero(sig, diff);
} else if (len > slen) {
- error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
+ error("%s: slen %u slen2 %u", __func__, slen, len);
free(sig);
return -1;
}
@@ -97,7 +102,7 @@
memcpy(*sigp, buffer_ptr(&b), len);
}
buffer_free(&b);
- memset(sig, 's', slen);
+ explicit_bzero(sig, slen);
free(sig);
return 0;
@@ -108,21 +113,22 @@
const u_char *data, u_int datalen)
{
Buffer b;
- const EVP_MD *evp_md;
- EVP_MD_CTX md;
+ int hash_alg;
char *ktype;
- u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob;
u_int len, dlen, modlen;
- int rlen, ret, nid;
+ int rlen, ret;
- if (key == NULL || key->rsa == NULL || (key->type != KEY_RSA &&
- key->type != KEY_RSA_CERT && key->type != KEY_RSA_CERT_V00)) {
- error("ssh_rsa_verify: no RSA key");
+ if (key == NULL || key_type_plain(key->type) != KEY_RSA ||
+ key->rsa == NULL) {
+ error("%s: no RSA key", __func__);
return -1;
}
+
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- error("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
- BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
+ error("%s: RSA modulus too small: %d < minimum %d bits",
+ __func__, BN_num_bits(key->rsa->n),
+ SSH_RSA_MINIMUM_MODULUS_SIZE);
return -1;
}
buffer_init(&b);
@@ -129,7 +135,7 @@
buffer_append(&b, signature, signaturelen);
ktype = buffer_get_cstring(&b, NULL);
if (strcmp("ssh-rsa", ktype) != 0) {
- error("ssh_rsa_verify: cannot handle type %s", ktype);
+ error("%s: cannot handle type %s", __func__, ktype);
buffer_free(&b);
free(ktype);
return -1;
@@ -139,7 +145,7 @@
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
- error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
+ error("%s: remaining bytes in signature %d", __func__, rlen);
free(sigblob);
return -1;
}
@@ -146,33 +152,36 @@
/* RSA_verify expects a signature of RSA_size */
modlen = RSA_size(key->rsa);
if (len > modlen) {
- error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
+ error("%s: len %u > modlen %u", __func__, len, modlen);
free(sigblob);
return -1;
} else if (len < modlen) {
u_int diff = modlen - len;
- debug("ssh_rsa_verify: add padding: modlen %u > len %u",
+ debug("%s: add padding: modlen %u > len %u", __func__,
modlen, len);
sigblob = xrealloc(sigblob, 1, modlen);
memmove(sigblob + diff, sigblob, len);
- memset(sigblob, 0, diff);
+ explicit_bzero(sigblob, diff);
len = modlen;
}
- nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
- if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
- error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
- free(sigblob);
+ /* hash the data */
+ hash_alg = SSH_DIGEST_SHA1;
+ if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
+ error("%s: bad hash algorithm %d", __func__, hash_alg);
return -1;
}
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, data, datalen);
- EVP_DigestFinal(&md, digest, &dlen);
+ if (ssh_digest_memory(hash_alg, data, datalen,
+ digest, sizeof(digest)) != 0) {
+ error("%s: ssh_digest_memory failed", __func__);
+ return -1;
+ }
- ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
- memset(digest, 'd', sizeof(digest));
- memset(sigblob, 's', len);
+ ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
+ key->rsa);
+ explicit_bzero(digest, sizeof(digest));
+ explicit_bzero(sigblob, len);
free(sigblob);
- debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
+ debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");
return ret;
}
@@ -193,21 +202,9 @@
0x05, 0x00, /* NULL */
0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
};
-/*
- * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
- * rsadsi(113549) digestAlgorithm(2) 5 }
- */
-static const u_char id_md5[] = {
- 0x30, 0x20, /* type Sequence, length 0x20 (32) */
- 0x30, 0x0c, /* type Sequence, length 0x09 */
- 0x06, 0x08, /* type OID, length 0x05 */
- 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
- 0x05, 0x00, /* NULL */
- 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
-};
static int
-openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
+openssh_RSA_verify(int hash_alg, u_char *hash, u_int hashlen,
u_char *sigbuf, u_int siglen, RSA *rsa)
{
u_int ret, rsasize, oidlen = 0, hlen = 0;
@@ -216,17 +213,12 @@
u_char *decrypted = NULL;
ret = 0;
- switch (type) {
- case NID_sha1:
+ switch (hash_alg) {
+ case SSH_DIGEST_SHA1:
oid = id_sha1;
oidlen = sizeof(id_sha1);
hlen = 20;
break;
- case NID_md5:
- oid = id_md5;
- oidlen = sizeof(id_md5);
- hlen = 16;
- break;
default:
goto done;
}
Modified: vendor-crypto/openssh/dist/ssh-sandbox.h
===================================================================
--- vendor-crypto/openssh/dist/ssh-sandbox.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh-sandbox.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -15,9 +15,10 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+struct monitor;
struct ssh_sandbox;
-struct ssh_sandbox *ssh_sandbox_init(void);
+struct ssh_sandbox *ssh_sandbox_init(struct monitor *);
void ssh_sandbox_child(struct ssh_sandbox *);
void ssh_sandbox_parent_finish(struct ssh_sandbox *);
void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
Modified: vendor-crypto/openssh/dist/ssh.0
===================================================================
--- vendor-crypto/openssh/dist/ssh.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -9,9 +9,9 @@
[-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
+ [-Q cipher | cipher-auth | mac | kex | key]
[-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
- ssh -Q protocol_feature
DESCRIPTION
ssh (SSH client) is a program for logging into a remote machine and for
@@ -142,13 +142,13 @@
-i identity_file
Selects a file from which the identity (private key) for public
key authentication is read. The default is ~/.ssh/identity for
- protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
- ~/.ssh/id_rsa for protocol version 2. Identity files may also be
- specified on a per-host basis in the configuration file. It is
- possible to have multiple -i options (and multiple identities
- specified in configuration files). ssh will also try to load
- certificate information from the filename obtained by appending
- -cert.pub to identity filenames.
+ protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
+ ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
+ Identity files may also be specified on a per-host basis in the
+ configuration file. It is possible to have multiple -i options
+ (and multiple identities specified in configuration files). ssh
+ will also try to load certificate information from the filename
+ obtained by appending -cert.pub to identity filenames.
-K Enables GSSAPI-based authentication and forwarding (delegation)
of GSSAPI credentials to the server.
@@ -222,6 +222,11 @@
AddressFamily
BatchMode
BindAddress
+ CanonicalDomains
+ CanonicalizeFallbackLocal
+ CanonicalizeHostname
+ CanonicalizeMaxDots
+ CanonicalizePermittedCNAMEs
ChallengeResponseAuthentication
CheckHostIP
Cipher
@@ -261,6 +266,7 @@
LocalForward
LogLevel
MACs
+ Match
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
@@ -270,6 +276,7 @@
PreferredAuthentications
Protocol
ProxyCommand
+ ProxyUseFdpass
PubkeyAuthentication
RekeyLimit
RemoteForward
@@ -294,13 +301,12 @@
Port to connect to on the remote host. This can be specified on
a per-host basis in the configuration file.
- -Q protocol_feature
+ -Q cipher | cipher-auth | mac | kex | key
Queries ssh for the algorithms supported for the specified
- version 2 protocol_feature. The queriable features are:
- ``cipher'' (supported symmetric ciphers), ``MAC'' (supported
- message integrity codes), ``KEX'' (key exchange algorithms),
- ``key'' (key types). Protocol features are treated case-
- insensitively.
+ version 2. The available features are: cipher (supported
+ symmetric ciphers), cipher-auth (supported symmetric ciphers that
+ support authenticated encryption), mac (supported message
+ integrity codes), kex (key exchange algorithms), key (key types).
-q Quiet mode. Causes most warning and diagnostic messages to be
suppressed.
@@ -440,9 +446,10 @@
creates a public/private key pair for authentication purposes. The
server knows the public key, and only the user knows the private key.
ssh implements public key authentication protocol automatically, using
- one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to
- using only RSA keys, but protocol 2 may use any. The HISTORY section of
- ssl(8) contains a brief discussion of the DSA and RSA algorithms.
+ one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is
+ restricted to using only RSA keys, but protocol 2 may use any. The
+ HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
+ algorithms.
The file ~/.ssh/authorized_keys lists the public keys that are permitted
for logging in. When the user logs in, the ssh program tells the server
@@ -452,10 +459,11 @@
The user creates his/her key pair by running ssh-keygen(1). This stores
the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
- 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2
- RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
- ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2
- ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+ 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
+ ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
+ ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
+ ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
+ ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
directory. The user should then copy the public key to
~/.ssh/authorized_keys in his/her home directory on the remote machine.
The authorized_keys file corresponds to the conventional ~/.rhosts file,
@@ -791,11 +799,11 @@
for the user, and not accessible by others.
~/.ssh/authorized_keys
- Lists the public keys (DSA/ECDSA/RSA) that can be used for
- logging in as this user. The format of this file is described in
- the sshd(8) manual page. This file is not highly sensitive, but
- the recommended permissions are read/write for the user, and not
- accessible by others.
+ Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+ for logging in as this user. The format of this file is
+ described in the sshd(8) manual page. This file is not highly
+ sensitive, but the recommended permissions are read/write for the
+ user, and not accessible by others.
~/.ssh/config
This is the per-user configuration file. The file format and
@@ -810,6 +818,7 @@
~/.ssh/identity
~/.ssh/id_dsa
~/.ssh/id_ecdsa
+ ~/.ssh/id_ed25519
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
@@ -822,6 +831,7 @@
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
@@ -853,6 +863,7 @@
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys and are
used for host-based authentication. If protocol version 1 is
@@ -932,4 +943,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.4 July 18, 2013 OpenBSD 5.4
+OpenBSD 5.5 December 7, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh.1
===================================================================
--- vendor-crypto/openssh/dist/ssh.1 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh.1 2014-10-11 16:33:18 UTC (rev 6863)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $
-.Dd $Mdocdate: July 18 2013 $
+.\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSH 1
.Os
.Sh NAME
@@ -58,6 +58,7 @@
.Op Fl O Ar ctl_cmd
.Op Fl o Ar option
.Op Fl p Ar port
+.Op Fl Q Cm cipher | cipher-auth | mac | kex | key
.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
.Op Fl S Ar ctl_path
.Op Fl W Ar host : Ns Ar port
@@ -65,8 +66,6 @@
.Oo Ar user Ns @ Oc Ns Ar hostname
.Op Ar command
.Ek
-.Nm
-.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
(SSH client) is a program for logging into a remote machine and for
@@ -280,7 +279,8 @@
.Pa ~/.ssh/identity
for protocol version 1, and
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
@@ -417,6 +417,11 @@
.It AddressFamily
.It BatchMode
.It BindAddress
+.It CanonicalDomains
+.It CanonicalizeFallbackLocal
+.It CanonicalizeHostname
+.It CanonicalizeMaxDots
+.It CanonicalizePermittedCNAMEs
.It ChallengeResponseAuthentication
.It CheckHostIP
.It Cipher
@@ -456,6 +461,7 @@
.It LocalForward
.It LogLevel
.It MACs
+.It Match
.It NoHostAuthenticationForLocalhost
.It NumberOfPasswordPrompts
.It PasswordAuthentication
@@ -465,6 +471,7 @@
.It PreferredAuthentications
.It Protocol
.It ProxyCommand
+.It ProxyUseFdpass
.It PubkeyAuthentication
.It RekeyLimit
.It RemoteForward
@@ -489,21 +496,21 @@
Port to connect to on the remote host.
This can be specified on a
per-host basis in the configuration file.
-.It Fl Q Ar protocol_feature
+.It Fl Q Cm cipher | cipher-auth | mac | kex | key
Queries
.Nm
-for the algorithms supported for the specified version 2
-.Ar protocol_feature .
-The queriable features are:
-.Dq cipher
+for the algorithms supported for the specified version 2.
+The available features are:
+.Ar cipher
(supported symmetric ciphers),
-.Dq MAC
+.Ar cipher-auth
+(supported symmetric ciphers that support authenticated encryption),
+.Ar mac
(supported message integrity codes),
-.Dq KEX
+.Ar kex
(key exchange algorithms),
-.Dq key
+.Ar key
(key types).
-Protocol features are treated case-insensitively.
.It Fl q
Quiet mode.
Causes most warning and diagnostic messages to be suppressed.
@@ -751,7 +758,7 @@
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
-using one of the DSA, ECDSA or RSA algorithms.
+using one of the DSA, ECDSA, ED25519 or RSA algorithms.
Protocol 1 is restricted to using only RSA keys,
but protocol 2 may use any.
The HISTORY section of
@@ -778,6 +785,8 @@
(protocol 2 DSA),
.Pa ~/.ssh/id_ecdsa
(protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519
+(protocol 2 ED25519),
or
.Pa ~/.ssh/id_rsa
(protocol 2 RSA)
@@ -788,6 +797,8 @@
(protocol 2 DSA),
.Pa ~/.ssh/id_ecdsa.pub
(protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519.pub
+(protocol 2 ED25519),
or
.Pa ~/.ssh/id_rsa.pub
(protocol 2 RSA)
@@ -827,9 +838,12 @@
Protocol 2 allows multiple challenges and responses;
protocol 1 is restricted to just one challenge/response.
Examples of challenge-response authentication include
-BSD Authentication (see
+.Bx
+Authentication (see
.Xr login.conf 5 )
-and PAM (some non-OpenBSD systems).
+and PAM (some
+.Pf non- Ox
+systems).
.Pp
Finally, if other authentication methods fail,
.Nm
@@ -1324,8 +1338,8 @@
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as
-this user.
+Lists the public keys (DSA, ECDSA, ED25519, RSA)
+that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
manual page.
@@ -1347,6 +1361,7 @@
.It Pa ~/.ssh/identity
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
Contains the private key for authentication.
These files
@@ -1361,6 +1376,7 @@
.It Pa ~/.ssh/identity.pub
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the public key for authentication.
These files are not
@@ -1400,6 +1416,7 @@
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
+.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys
and are used for host-based authentication.
Modified: vendor-crypto/openssh/dist/ssh.c
===================================================================
--- vendor-crypto/openssh/dist/ssh.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -199,11 +199,11 @@
"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
" [-F configfile] [-I pkcs11] [-i identity_file]\n"
-" [-L [bind_address:]port:host:hostport] [-Q protocol_feature]\n"
-" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
-" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
-" [-W host:port] [-w local_tun[:remote_tun]]\n"
-" [user@]hostname [command]\n"
+" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
+" [-O ctl_cmd] [-o option] [-p port]\n"
+" [-Q cipher | cipher-auth | mac | kex | key]\n"
+" [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]\n"
+" [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
);
exit(255);
}
@@ -232,6 +232,180 @@
}
/*
+ * Attempt to resolve a host name / port to a set of addresses and
+ * optionally return any CNAMEs encountered along the way.
+ * Returns NULL on failure.
+ * NB. this function must operate with a options having undefined members.
+ */
+static struct addrinfo *
+resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
+{
+ char strport[NI_MAXSERV];
+ struct addrinfo hints, *res;
+ int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1;
+
+ if (port <= 0)
+ port = default_ssh_port();
+
+ snprintf(strport, sizeof strport, "%u", port);
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = options.address_family == -1 ?
+ AF_UNSPEC : options.address_family;
+ hints.ai_socktype = SOCK_STREAM;
+ if (cname != NULL)
+ hints.ai_flags = AI_CANONNAME;
+ if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
+ if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
+ loglevel = SYSLOG_LEVEL_ERROR;
+ do_log2(loglevel, "%s: Could not resolve hostname %.100s: %s",
+ __progname, name, ssh_gai_strerror(gaierr));
+ return NULL;
+ }
+ if (cname != NULL && res->ai_canonname != NULL) {
+ if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
+ error("%s: host \"%s\" cname \"%s\" too long (max %lu)",
+ __func__, name, res->ai_canonname, (u_long)clen);
+ if (clen > 0)
+ *cname = '\0';
+ }
+ }
+ return res;
+}
+
+/*
+ * Check whether the cname is a permitted replacement for the hostname
+ * and perform the replacement if it is.
+ * NB. this function must operate with a options having undefined members.
+ */
+static int
+check_follow_cname(char **namep, const char *cname)
+{
+ int i;
+ struct allowed_cname *rule;
+
+ if (*cname == '\0' || options.num_permitted_cnames == 0 ||
+ strcmp(*namep, cname) == 0)
+ return 0;
+ if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
+ return 0;
+ /*
+ * Don't attempt to canonicalize names that will be interpreted by
+ * a proxy unless the user specifically requests so.
+ */
+ if (!option_clear_or_none(options.proxy_command) &&
+ options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
+ return 0;
+ debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
+ for (i = 0; i < options.num_permitted_cnames; i++) {
+ rule = options.permitted_cnames + i;
+ if (match_pattern_list(*namep, rule->source_list,
+ strlen(rule->source_list), 1) != 1 ||
+ match_pattern_list(cname, rule->target_list,
+ strlen(rule->target_list), 1) != 1)
+ continue;
+ verbose("Canonicalized DNS aliased hostname "
+ "\"%s\" => \"%s\"", *namep, cname);
+ free(*namep);
+ *namep = xstrdup(cname);
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Attempt to resolve the supplied hostname after applying the user's
+ * canonicalization rules. Returns the address list for the host or NULL
+ * if no name was found after canonicalization.
+ * NB. this function must operate with a options having undefined members.
+ */
+static struct addrinfo *
+resolve_canonicalize(char **hostp, int port)
+{
+ int i, ndots;
+ char *cp, *fullhost, cname_target[NI_MAXHOST];
+ struct addrinfo *addrs;
+
+ if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
+ return NULL;
+
+ /*
+ * Don't attempt to canonicalize names that will be interpreted by
+ * a proxy unless the user specifically requests so.
+ */
+ if (!option_clear_or_none(options.proxy_command) &&
+ options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
+ return NULL;
+
+ /* Don't apply canonicalization to sufficiently-qualified hostnames */
+ ndots = 0;
+ for (cp = *hostp; *cp != '\0'; cp++) {
+ if (*cp == '.')
+ ndots++;
+ }
+ if (ndots > options.canonicalize_max_dots) {
+ debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)",
+ __func__, *hostp, options.canonicalize_max_dots);
+ return NULL;
+ }
+ /* Attempt each supplied suffix */
+ for (i = 0; i < options.num_canonical_domains; i++) {
+ *cname_target = '\0';
+ xasprintf(&fullhost, "%s.%s.", *hostp,
+ options.canonical_domains[i]);
+ debug3("%s: attempting \"%s\" => \"%s\"", __func__,
+ *hostp, fullhost);
+ if ((addrs = resolve_host(fullhost, port, 0,
+ cname_target, sizeof(cname_target))) == NULL) {
+ free(fullhost);
+ continue;
+ }
+ /* Remove trailing '.' */
+ fullhost[strlen(fullhost) - 1] = '\0';
+ /* Follow CNAME if requested */
+ if (!check_follow_cname(&fullhost, cname_target)) {
+ debug("Canonicalized hostname \"%s\" => \"%s\"",
+ *hostp, fullhost);
+ }
+ free(*hostp);
+ *hostp = fullhost;
+ return addrs;
+ }
+ if (!options.canonicalize_fallback_local)
+ fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
+ debug2("%s: host %s not found in any suffix", __func__, *hostp);
+ return NULL;
+}
+
+/*
+ * Read per-user configuration file. Ignore the system wide config
+ * file if the user specifies a config file on the command line.
+ */
+static void
+process_config_files(struct passwd *pw)
+{
+ char buf[MAXPATHLEN];
+ int r;
+
+ if (config != NULL) {
+ if (strcasecmp(config, "none") != 0 &&
+ !read_config_file(config, pw, host, &options,
+ SSHCONF_USERCONF))
+ fatal("Can't open user config file %.100s: "
+ "%.100s", config, strerror(errno));
+ } else {
+ r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
+ _PATH_SSH_USER_CONFFILE);
+ if (r > 0 && (size_t)r < sizeof(buf))
+ (void)read_config_file(buf, pw, host, &options,
+ SSHCONF_CHECKPERM|SSHCONF_USERCONF);
+
+ /* Read systemwide configuration file after user config. */
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, host,
+ &options, 0);
+ }
+}
+
+/*
* Main program for the ssh client.
*/
int
@@ -240,14 +414,14 @@
int i, r, opt, exit_status, use_syslog;
char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile;
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
+ char cname[NI_MAXHOST];
struct stat st;
struct passwd *pw;
- int dummy, timeout_ms;
+ int timeout_ms;
extern int optind, optreset;
extern char *optarg;
-
- struct servent *sp;
Forward fwd;
+ struct addrinfo *addrs = NULL;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@@ -389,16 +563,22 @@
case 'P': /* deprecated */
options.use_privileged_port = 0;
break;
- case 'Q': /* deprecated */
+ case 'Q':
cp = NULL;
- if (strcasecmp(optarg, "cipher") == 0)
- cp = cipher_alg_list();
- else if (strcasecmp(optarg, "mac") == 0)
- cp = mac_alg_list();
- else if (strcasecmp(optarg, "kex") == 0)
- cp = kex_alg_list();
- else if (strcasecmp(optarg, "key") == 0)
- cp = key_alg_list();
+ if (strcmp(optarg, "cipher") == 0)
+ cp = cipher_alg_list('\n', 0);
+ else if (strcmp(optarg, "cipher-auth") == 0)
+ cp = cipher_alg_list('\n', 1);
+ else if (strcmp(optarg, "mac") == 0)
+ cp = mac_alg_list('\n');
+ else if (strcmp(optarg, "kex") == 0)
+ cp = kex_alg_list('\n');
+ else if (strcmp(optarg, "key") == 0)
+ cp = key_alg_list(0, 0);
+ else if (strcmp(optarg, "key-cert") == 0)
+ cp = key_alg_list(1, 0);
+ else if (strcmp(optarg, "key-plain") == 0)
+ cp = key_alg_list(0, 1);
if (cp == NULL)
fatal("Unsupported query \"%s\"", optarg);
printf("%s\n", cp);
@@ -595,10 +775,9 @@
options.request_tty = REQUEST_TTY_NO;
break;
case 'o':
- dummy = 1;
line = xstrdup(optarg);
- if (process_config_line(&options, host ? host : "",
- line, "command-line", 0, &dummy, SSHCONF_USERCONF)
+ if (process_config_line(&options, pw, host ? host : "",
+ line, "command-line", 0, NULL, SSHCONF_USERCONF)
!= 0)
exit(255);
free(line);
@@ -633,9 +812,9 @@
usage();
options.user = p;
*cp = '\0';
- host = ++cp;
+ host = xstrdup(++cp);
} else
- host = *av;
+ host = xstrdup(*av);
if (ac > 1) {
optind = optreset = 1;
goto again;
@@ -647,6 +826,8 @@
if (!host)
usage();
+ host_arg = xstrdup(host);
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
@@ -697,32 +878,76 @@
if (debug_flag)
logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
+ /* Parse the configuration files */
+ process_config_files(pw);
+
+ /* Hostname canonicalisation needs a few options filled. */
+ fill_default_options_for_canonicalization(&options);
+
+ /* If the user has replaced the hostname then take it into use now */
+ if (options.hostname != NULL) {
+ /* NB. Please keep in sync with readconf.c:match_cfg_line() */
+ cp = percent_expand(options.hostname,
+ "h", host, (char *)NULL);
+ free(host);
+ host = cp;
+ }
+
+ /* If canonicalization requested then try to apply it */
+ lowercase(host);
+ if (options.canonicalize_hostname != SSH_CANONICALISE_NO)
+ addrs = resolve_canonicalize(&host, options.port);
+
/*
- * Read per-user configuration file. Ignore the system wide config
- * file if the user specifies a config file on the command line.
+ * If CanonicalizePermittedCNAMEs have been specified but
+ * other canonicalization did not happen (by not being requested
+ * or by failing with fallback) then the hostname may still be changed
+ * as a result of CNAME following.
+ *
+ * Try to resolve the bare hostname name using the system resolver's
+ * usual search rules and then apply the CNAME follow rules.
+ *
+ * Skip the lookup if a ProxyCommand is being used unless the user
+ * has specifically requested canonicalisation for this case via
+ * CanonicalizeHostname=always
*/
- if (config != NULL) {
- if (strcasecmp(config, "none") != 0 &&
- !read_config_file(config, host, &options, SSHCONF_USERCONF))
- fatal("Can't open user config file %.100s: "
- "%.100s", config, strerror(errno));
- } else {
- r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
- _PATH_SSH_USER_CONFFILE);
- if (r > 0 && (size_t)r < sizeof(buf))
- (void)read_config_file(buf, host, &options,
- SSHCONF_CHECKPERM|SSHCONF_USERCONF);
+ if (addrs == NULL && options.num_permitted_cnames != 0 &&
+ (option_clear_or_none(options.proxy_command) ||
+ options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
+ if ((addrs = resolve_host(host, options.port, 1,
+ cname, sizeof(cname))) == NULL)
+ cleanup_exit(255); /* resolve_host logs the error */
+ check_follow_cname(&host, cname);
+ }
- /* Read systemwide configuration file after user config. */
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
- &options, 0);
+ /*
+ * If the target hostname has changed as a result of canonicalisation
+ * then re-parse the configuration files as new stanzas may match.
+ */
+ if (strcasecmp(host_arg, host) != 0) {
+ debug("Hostname has changed; re-reading configuration");
+ process_config_files(pw);
}
/* Fill configuration defaults. */
fill_default_options(&options);
+ if (options.port == 0)
+ options.port = default_ssh_port();
channel_set_af(options.address_family);
+ /* Tidy and check options */
+ if (options.host_key_alias != NULL)
+ lowercase(options.host_key_alias);
+ if (options.proxy_command != NULL &&
+ strcmp(options.proxy_command, "-") == 0 &&
+ options.proxy_use_fdpass)
+ fatal("ProxyCommand=- and ProxyUseFDPass are incompatible");
+#ifndef HAVE_CYGWIN
+ if (original_effective_uid != 0)
+ options.use_privileged_port = 0;
+#endif
+
/* reinit */
log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
@@ -751,19 +976,6 @@
if (options.user == NULL)
options.user = xstrdup(pw->pw_name);
- /* Get default port if port has not been set. */
- if (options.port == 0) {
- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
- options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
- }
-
- /* preserve host name given on command line for %n expansion */
- host_arg = host;
- if (options.hostname != NULL) {
- host = percent_expand(options.hostname,
- "h", host, (char *)NULL);
- }
-
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("gethostname: %s", strerror(errno));
strlcpy(shorthost, thishost, sizeof(shorthost));
@@ -781,24 +993,6 @@
free(cp);
}
- /* force lowercase for hostkey matching */
- if (options.host_key_alias != NULL) {
- for (p = options.host_key_alias; *p; p++)
- if (isupper(*p))
- *p = (char)tolower(*p);
- }
-
- if (options.proxy_command != NULL &&
- strcmp(options.proxy_command, "none") == 0) {
- free(options.proxy_command);
- options.proxy_command = NULL;
- }
- if (options.control_path != NULL &&
- strcmp(options.control_path, "none") == 0) {
- free(options.control_path);
- options.control_path = NULL;
- }
-
if (options.control_path != NULL) {
cp = tilde_expand_filename(options.control_path,
original_real_uid);
@@ -814,20 +1008,31 @@
if (options.control_path != NULL)
muxclient(options.control_path);
+ /*
+ * If hostname canonicalisation was not enabled, then we may not
+ * have yet resolved the hostname. Do so now.
+ */
+ if (addrs == NULL && options.proxy_command == NULL) {
+ if ((addrs = resolve_host(host, options.port, 1,
+ cname, sizeof(cname))) == NULL)
+ cleanup_exit(255); /* resolve_host logs the error */
+ }
+
timeout_ms = options.connection_timeout * 1000;
/* Open a connection to the remote host. */
- if (ssh_connect(host, &hostaddr, options.port,
- options.address_family, options.connection_attempts, &timeout_ms,
- options.tcp_keep_alive,
-#ifdef HAVE_CYGWIN
- options.use_privileged_port,
-#else
- original_effective_uid == 0 && options.use_privileged_port,
-#endif
- options.proxy_command) != 0)
- exit(255);
+ if (ssh_connect(host, addrs, &hostaddr, options.port,
+ options.address_family, options.connection_attempts,
+ &timeout_ms, options.tcp_keep_alive,
+ options.use_privileged_port) != 0)
+ exit(255);
+ if (addrs != NULL)
+ freeaddrinfo(addrs);
+
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
+
if (timeout_ms > 0)
debug3("timeout: %d ms remain after connect", timeout_ms);
@@ -844,7 +1049,7 @@
sensitive_data.external_keysign = 0;
if (options.rhosts_rsa_authentication ||
options.hostbased_authentication) {
- sensitive_data.nkeys = 7;
+ sensitive_data.nkeys = 9;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
for (i = 0; i < sensitive_data.nkeys; i++)
@@ -861,21 +1066,26 @@
#endif
sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
- sensitive_data.keys[4] = key_load_private_type(KEY_DSA,
+ sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+ _PATH_HOST_ED25519_KEY_FILE, "", NULL);
+ sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
#ifdef OPENSSL_HAS_ECC
- sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+ sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA,
_PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
#endif
- sensitive_data.keys[6] = key_load_private_type(KEY_RSA,
+ sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
+ sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
+ _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
PRIV_END;
if (options.hostbased_authentication == 1 &&
sensitive_data.keys[0] == NULL &&
- sensitive_data.keys[4] == NULL &&
sensitive_data.keys[5] == NULL &&
- sensitive_data.keys[6] == NULL) {
+ sensitive_data.keys[6] == NULL &&
+ sensitive_data.keys[7] == NULL &&
+ sensitive_data.keys[8] == NULL) {
sensitive_data.keys[1] = key_load_cert(
_PATH_HOST_DSA_KEY_FILE);
#ifdef OPENSSL_HAS_ECC
@@ -884,14 +1094,18 @@
#endif
sensitive_data.keys[3] = key_load_cert(
_PATH_HOST_RSA_KEY_FILE);
- sensitive_data.keys[4] = key_load_public(
+ sensitive_data.keys[4] = key_load_cert(
+ _PATH_HOST_ED25519_KEY_FILE);
+ sensitive_data.keys[5] = key_load_public(
_PATH_HOST_DSA_KEY_FILE, NULL);
#ifdef OPENSSL_HAS_ECC
- sensitive_data.keys[5] = key_load_public(
+ sensitive_data.keys[6] = key_load_public(
_PATH_HOST_ECDSA_KEY_FILE, NULL);
#endif
- sensitive_data.keys[6] = key_load_public(
+ sensitive_data.keys[7] = key_load_public(
_PATH_HOST_RSA_KEY_FILE, NULL);
+ sensitive_data.keys[8] = key_load_public(
+ _PATH_HOST_ED25519_KEY_FILE, NULL);
sensitive_data.external_keysign = 1;
}
}
@@ -1091,7 +1305,7 @@
if (stdio_forward_host == NULL)
return;
- if (!compat20)
+ if (!compat20)
fatal("stdio forwarding require Protocol 2");
debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port);
@@ -1263,7 +1477,7 @@
char *proto, *data;
/* Get reasonable local authentication information. */
client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted,
+ options.forward_x11_trusted,
options.forward_x11_timeout,
&proto, &data);
/* Request forwarding with authentication spoofing. */
@@ -1539,8 +1753,8 @@
#endif /* PKCS11 */
n_ids = 0;
- bzero(identity_files, sizeof(identity_files));
- bzero(identity_keys, sizeof(identity_keys));
+ memset(identity_files, 0, sizeof(identity_files));
+ memset(identity_keys, 0, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
@@ -1615,9 +1829,9 @@
memcpy(options.identity_files, identity_files, sizeof(identity_files));
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
- bzero(pwname, strlen(pwname));
+ explicit_bzero(pwname, strlen(pwname));
free(pwname);
- bzero(pwdir, strlen(pwdir));
+ explicit_bzero(pwdir, strlen(pwdir));
free(pwdir);
}
@@ -1635,4 +1849,3 @@
signal(sig, main_sigchld_handler);
errno = save_errno;
}
-
Modified: vendor-crypto/openssh/dist/ssh2.h
===================================================================
--- vendor-crypto/openssh/dist/ssh2.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh2.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh2.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -115,12 +115,6 @@
#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
#define SSH2_MSG_USERAUTH_INFO_REQUEST 60
#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61
-#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1 60
-#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1 61
-#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2 62
-#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2 63
-#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM 64
-#define SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM 65
/* connection protocol: generic */
Modified: vendor-crypto/openssh/dist/ssh_config
===================================================================
--- vendor-crypto/openssh/dist/ssh_config 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh_config 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
+# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
Modified: vendor-crypto/openssh/dist/ssh_config.0
===================================================================
--- vendor-crypto/openssh/dist/ssh_config.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh_config.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -38,8 +38,8 @@
The possible keywords and their meanings are as follows (note that
keywords are case-insensitive and arguments are case-sensitive):
- Host Restricts the following declarations (up to the next Host
- keyword) to be only for those hosts that match one of the
+ Host Restricts the following declarations (up to the next Host or
+ Match keyword) to be only for those hosts that match one of the
patterns given after the keyword. If more than one pattern is
provided, they should be separated by whitespace. A single `*'
as a pattern can be used to provide global defaults for all
@@ -55,6 +55,37 @@
See PATTERNS for more information on patterns.
+ Match Restricts the following declarations (up to the next Host or
+ Match keyword) to be used only when the conditions following the
+ Match keyword are satisfied. Match conditions are specified
+ using one or more keyword/criteria pairs or the single token all
+ which matches all criteria. The available keywords are: exec,
+ host, originalhost, user, and localuser.
+
+ The exec keyword executes the specified command under the user's
+ shell. If the command returns a zero exit status then the
+ condition is considered true. Commands containing whitespace
+ characters must be quoted. The following character sequences in
+ the command will be expanded prior to execution: `%L' will be
+ substituted by the first component of the local host name, `%l'
+ will be substituted by the local host name (including any domain
+ name), `%h' will be substituted by the target host name, `%n'
+ will be substituted by the original target host name specified on
+ the command-line, `%p' the destination port, `%r' by the remote
+ login username, and `%u' by the username of the user running
+ ssh(1).
+
+ The other keywords' criteria must be single entries or comma-
+ separated lists and may use the wildcard and negation operators
+ described in the PATTERNS section. The criteria for the host
+ keyword are matched against the target hostname, after any
+ substitution by the Hostname option. The originalhost keyword
+ matches against the hostname as it was specified on the command-
+ line. The user keyword matches against the target username on
+ the remote host. The localuser keyword matches against the name
+ of the local user running ssh(1) (this keyword may be useful in
+ system-wide ssh_config files).
+
AddressFamily
Specifies which address family to use when connecting. Valid
arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
@@ -72,6 +103,54 @@
one address. Note that this option does not work if
UsePrivilegedPort is set to ``yes''.
+ CanonicalDomains
+ When CanonicalizeHostname is enabled, this option specifies the
+ list of domain suffixes in which to search for the specified
+ destination host.
+
+ CanonicalizeFallbackLocal
+ Specifies whether to fail with an error when hostname
+ canonicalization fails. The default, ``yes'', will attempt to
+ look up the unqualified hostname using the system resolver's
+ search rules. A value of ``no'' will cause ssh(1) to fail
+ instantly if CanonicalizeHostname is enabled and the target
+ hostname cannot be found in any of the domains specified by
+ CanonicalDomains.
+
+ CanonicalizeHostname
+ Controls whether explicit hostname canonicalization is performed.
+ The default, ``no'', is not to perform any name rewriting and let
+ the system resolver handle all hostname lookups. If set to
+ ``yes'' then, for connections that do not use a ProxyCommand,
+ ssh(1) will attempt to canonicalize the hostname specified on the
+ command line using the CanonicalDomains suffixes and
+ CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is
+ set to ``always'', then canonicalization is applied to proxied
+ connections too.
+
+ If this option is enabled and canonicalisation results in the
+ target hostname changing, then the configuration files are
+ processed again using the new target name to pick up any new
+ configuration in matching Host stanzas.
+
+ CanonicalizeMaxDots
+ Specifies the maximum number of dot characters in a hostname
+ before canonicalization is disabled. The default, ``1'', allows
+ a single dot (i.e. hostname.subdomain).
+
+ CanonicalizePermittedCNAMEs
+ Specifies rules to determine whether CNAMEs should be followed
+ when canonicalizing hostnames. The rules consist of one or more
+ arguments of source_domain_list:target_domain_list, where
+ source_domain_list is a pattern-list of domains that may follow
+ CNAMEs in canonicalization, and target_domain_list is a pattern-
+ list of domains that they may resolve to.
+
+ For example, ``*.a.example.com:*.b.example.com,*.c.example.com''
+ will allow hostnames matching ``*.a.example.com'' to be
+ canonicalized to names in the ``*.b.example.com'' or
+ ``*.c.example.com'' domains.
+
ChallengeResponseAuthentication
Specifies whether to use challenge-response authentication. The
argument to this keyword must be ``yes'' or ``no''. The default
@@ -95,18 +174,25 @@
Ciphers
Specifies the ciphers allowed for protocol version 2 in order of
preference. Multiple ciphers must be comma-separated. The
- supported ciphers are ``3des-cbc'', ``aes128-cbc'',
- ``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
- ``aes256-ctr'', ``aes128-gcm at openssh.com'',
- ``aes256-gcm at openssh.com'', ``arcfour128'', ``arcfour256'',
- ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default
- is:
+ supported ciphers are:
+ ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
+ ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
+ ``aes128-gcm at openssh.com'', ``aes256-gcm at openssh.com'',
+ ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
+ ``cast128-cbc'', and ``chacha20-poly1305 at openssh.com''.
+
+ The default is:
+
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+ chacha20-poly1305 at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
+ The list of available ciphers may also be obtained using the -Q
+ option of ssh(1).
+
ClearAllForwardings
Specifies that all local, remote, and dynamic port forwardings
specified in the configuration files or on the command line be
@@ -174,9 +260,9 @@
name, `%l' will be substituted by the local host name (including
any domain name), `%h' will be substituted by the target host
name, `%n' will be substituted by the original target host name
- specified on the command line, `%p' the port, `%r' by the remote
- login username, and `%u' by the username of the user running
- ssh(1). It is recommended that any ControlPath used for
+ specified on the command line, `%p' the destination port, `%r' by
+ the remote login username, and `%u' by the username of the user
+ running ssh(1). It is recommended that any ControlPath used for
opportunistic connection sharing include at least %h, %p, and %r.
This ensures that shared connections are uniquely identified.
@@ -331,10 +417,11 @@
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
+ ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-rsa,ssh-dss
+ ssh-ed25519,ssh-rsa,ssh-dss
If hostkeys are known for the destination host then this default
is modified to prefer their algorithms.
@@ -364,14 +451,15 @@
default is ``no''.
IdentityFile
- Specifies a file from which the user's DSA, ECDSA or RSA
+ Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA
authentication identity is read. The default is ~/.ssh/identity
- for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
- ~/.ssh/id_rsa for protocol version 2. Additionally, any
- identities represented by the authentication agent will be used
- for authentication unless IdentitiesOnly is set. ssh(1) will try
- to load certificate information from the filename obtained by
- appending -cert.pub to the path of a specified IdentityFile.
+ for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
+ ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
+ Additionally, any identities represented by the authentication
+ agent will be used for authentication unless IdentitiesOnly is
+ set. ssh(1) will try to load certificate information from the
+ filename obtained by appending -cert.pub to the path of a
+ specified IdentityFile.
The file name may use the tilde syntax to refer to a user's home
directory or one of the following escape characters: `%d' (local
@@ -426,6 +514,7 @@
Specifies the available KEX (Key Exchange) algorithms. Multiple
algorithms must be comma-separated. The default is:
+ curve25519-sha256 at libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
@@ -557,6 +646,11 @@
ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
+ ProxyUseFdpass
+ Specifies that ProxyCommand will pass a connected file descriptor
+ back to ssh(1) instead of continuing to execute and pass data.
+ The default is ``no''.
+
PubkeyAuthentication
Specifies whether to try public key authentication. The argument
to this keyword must be ``yes'' or ``no''. The default is
@@ -763,7 +857,7 @@
A pattern-list is a comma-separated list of patterns. Patterns within
pattern-lists may be negated by preceding them with an exclamation mark
(`!'). For example, to allow a key to be used from anywhere within an
- organisation except from the ``dialup'' pool, the following entry (in
+ organization except from the ``dialup'' pool, the following entry (in
authorized_keys) could be used:
from="!*.dialup.example.com,*.example.com"
@@ -792,4 +886,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
+OpenBSD 5.5 February 23, 2014 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/ssh_config.5
===================================================================
--- vendor-crypto/openssh/dist/ssh_config.5 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/ssh_config.5 2014-10-11 16:33:18 UTC (rev 6863)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $
-.Dd $Mdocdate: June 27 2013 $
+.\" $OpenBSD: ssh_config.5,v 1.185 2014/02/23 20:11:36 djm Exp $
+.Dd $Mdocdate: February 23 2014 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -100,6 +100,8 @@
.It Cm Host
Restricts the following declarations (up to the next
.Cm Host
+or
+.Cm Match
keyword) to be only for those hosts that match one of the patterns
given after the keyword.
If more than one pattern is provided, they should be separated by whitespace.
@@ -124,6 +126,73 @@
See
.Sx PATTERNS
for more information on patterns.
+.It Cm Match
+Restricts the following declarations (up to the next
+.Cm Host
+or
+.Cm Match
+keyword) to be used only when the conditions following the
+.Cm Match
+keyword are satisfied.
+Match conditions are specified using one or more keyword/criteria pairs
+or the single token
+.Cm all
+which matches all criteria.
+The available keywords are:
+.Cm exec ,
+.Cm host ,
+.Cm originalhost ,
+.Cm user ,
+and
+.Cm localuser .
+.Pp
+The
+.Cm exec
+keyword executes the specified command under the user's shell.
+If the command returns a zero exit status then the condition is considered true.
+Commands containing whitespace characters must be quoted.
+The following character sequences in the command will be expanded prior to
+execution:
+.Ql %L
+will be substituted by the first component of the local host name,
+.Ql %l
+will be substituted by the local host name (including any domain name),
+.Ql %h
+will be substituted by the target host name,
+.Ql %n
+will be substituted by the original target host name
+specified on the command-line,
+.Ql %p
+the destination port,
+.Ql %r
+by the remote login username, and
+.Ql %u
+by the username of the user running
+.Xr ssh 1 .
+.Pp
+The other keywords' criteria must be single entries or comma-separated
+lists and may use the wildcard and negation operators described in the
+.Sx PATTERNS
+section.
+The criteria for the
+.Cm host
+keyword are matched against the target hostname, after any substitution
+by the
+.Cm Hostname
+option.
+The
+.Cm originalhost
+keyword matches against the hostname as it was specified on the command-line.
+The
+.Cm user
+keyword matches against the target username on the remote host.
+The
+.Cm localuser
+keyword matches against the name of the local user running
+.Xr ssh 1
+(this keyword may be useful in system-wide
+.Nm
+files).
.It Cm AddressFamily
Specifies which address family to use when connecting.
Valid arguments are
@@ -152,6 +221,81 @@
.Cm UsePrivilegedPort
is set to
.Dq yes .
+.It Cm CanonicalDomains
+When
+.Cm CanonicalizeHostname
+is enabled, this option specifies the list of domain suffixes in which to
+search for the specified destination host.
+.It Cm CanonicalizeFallbackLocal
+Specifies whether to fail with an error when hostname canonicalization fails.
+The default,
+.Dq yes ,
+will attempt to look up the unqualified hostname using the system resolver's
+search rules.
+A value of
+.Dq no
+will cause
+.Xr ssh 1
+to fail instantly if
+.Cm CanonicalizeHostname
+is enabled and the target hostname cannot be found in any of the domains
+specified by
+.Cm CanonicalDomains .
+.It Cm CanonicalizeHostname
+Controls whether explicit hostname canonicalization is performed.
+The default,
+.Dq no ,
+is not to perform any name rewriting and let the system resolver handle all
+hostname lookups.
+If set to
+.Dq yes
+then, for connections that do not use a
+.Cm ProxyCommand ,
+.Xr ssh 1
+will attempt to canonicalize the hostname specified on the command line
+using the
+.Cm CanonicalDomains
+suffixes and
+.Cm CanonicalizePermittedCNAMEs
+rules.
+If
+.Cm CanonicalizeHostname
+is set to
+.Dq always ,
+then canonicalization is applied to proxied connections too.
+.Pp
+If this option is enabled and canonicalisation results in the target hostname
+changing, then the configuration files are processed again using the new
+target name to pick up any new configuration in matching
+.Cm Host
+stanzas.
+.It Cm CanonicalizeMaxDots
+Specifies the maximum number of dot characters in a hostname before
+canonicalization is disabled.
+The default,
+.Dq 1 ,
+allows a single dot (i.e. hostname.subdomain).
+.It Cm CanonicalizePermittedCNAMEs
+Specifies rules to determine whether CNAMEs should be followed when
+canonicalizing hostnames.
+The rules consist of one or more arguments of
+.Ar source_domain_list : Ns Ar target_domain_list ,
+where
+.Ar source_domain_list
+is a pattern-list of domains that may follow CNAMEs in canonicalization,
+and
+.Ar target_domain_list
+is a pattern-list of domains that they may resolve to.
+.Pp
+For example,
+.Dq *.a.example.com:*.b.example.com,*.c.example.com
+will allow hostnames matching
+.Dq *.a.example.com
+to be canonicalized to names in the
+.Dq *.b.example.com
+or
+.Dq *.c.example.com
+domains.
.It Cm ChallengeResponseAuthentication
Specifies whether to use challenge-response authentication.
The argument to this keyword must be
@@ -196,7 +340,8 @@
Specifies the ciphers allowed for protocol version 2
in order of preference.
Multiple ciphers must be comma-separated.
-The supported ciphers are
+The supported ciphers are:
+.Pp
.Dq 3des-cbc ,
.Dq aes128-cbc ,
.Dq aes192-cbc ,
@@ -210,15 +355,23 @@
.Dq arcfour256 ,
.Dq arcfour ,
.Dq blowfish-cbc ,
+.Dq cast128-cbc ,
and
-.Dq cast128-cbc .
+.Dq chacha20-poly1305 at openssh.com .
+.Pp
The default is:
.Bd -literal -offset 3n
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+chacha20-poly1305 at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
.Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1 .
.It Cm ClearAllForwardings
Specifies that all local, remote, and dynamic port forwardings
specified in the configuration files or on the command line be
@@ -327,7 +480,7 @@
will be substituted by the original target host name
specified on the command line,
.Ql %p
-the port,
+the destination port,
.Ql %r
by the remote login username, and
.Ql %u
@@ -571,10 +724,11 @@
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
+ssh-ed25519-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-rsa,ssh-dss
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
@@ -616,13 +770,14 @@
The default is
.Dq no .
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA or RSA authentication
+Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication
identity is read.
The default is
.Pa ~/.ssh/identity
for protocol version 1, and
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
@@ -735,6 +890,7 @@
Multiple algorithms must be comma-separated.
The default is:
.Bd -literal -offset indent
+curve25519-sha256 at libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
@@ -937,6 +1093,14 @@
.Bd -literal -offset 3n
ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
.Ed
+.It Cm ProxyUseFdpass
+Specifies that
+.Cm ProxyCommand
+will pass a connected file descriptor back to
+.Xr ssh 1
+instead of continuing to execute and pass data.
+The default is
+.Dq no .
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be
@@ -1298,7 +1462,7 @@
by preceding them with an exclamation mark
.Pq Sq !\& .
For example,
-to allow a key to be used from anywhere within an organisation
+to allow a key to be used from anywhere within an organization
except from the
.Dq dialup
pool,
Modified: vendor-crypto/openssh/dist/sshconnect.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshconnect.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.238 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.246 2014/02/06 22:21:01 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -59,6 +59,7 @@
#include "misc.h"
#include "dns.h"
#include "roaming.h"
+#include "monitor_fdpass.h"
#include "ssh2.h"
#include "version.h"
@@ -78,47 +79,122 @@
static int show_other_keys(struct hostkeys *, Key *);
static void warn_changed_key(Key *);
+/* Expand a proxy command */
+static char *
+expand_proxy_command(const char *proxy_command, const char *user,
+ const char *host, int port)
+{
+ char *tmp, *ret, strport[NI_MAXSERV];
+
+ snprintf(strport, sizeof strport, "%d", port);
+ xasprintf(&tmp, "exec %s", proxy_command);
+ ret = percent_expand(tmp, "h", host, "p", strport,
+ "r", options.user, (char *)NULL);
+ free(tmp);
+ return ret;
+}
+
/*
+ * Connect to the given ssh server using a proxy command that passes a
+ * a connected fd back to us.
+ */
+static int
+ssh_proxy_fdpass_connect(const char *host, u_short port,
+ const char *proxy_command)
+{
+ char *command_string;
+ int sp[2], sock;
+ pid_t pid;
+ char *shell;
+
+ if ((shell = getenv("SHELL")) == NULL)
+ shell = _PATH_BSHELL;
+
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0)
+ fatal("Could not create socketpair to communicate with "
+ "proxy dialer: %.100s", strerror(errno));
+
+ command_string = expand_proxy_command(proxy_command, options.user,
+ host, port);
+ debug("Executing proxy dialer command: %.500s", command_string);
+
+ /* Fork and execute the proxy command. */
+ if ((pid = fork()) == 0) {
+ char *argv[10];
+
+ /* Child. Permanently give up superuser privileges. */
+ permanently_drop_suid(original_real_uid);
+
+ close(sp[1]);
+ /* Redirect stdin and stdout. */
+ if (sp[0] != 0) {
+ if (dup2(sp[0], 0) < 0)
+ perror("dup2 stdin");
+ }
+ if (sp[0] != 1) {
+ if (dup2(sp[0], 1) < 0)
+ perror("dup2 stdout");
+ }
+ if (sp[0] >= 2)
+ close(sp[0]);
+
+ /*
+ * Stderr is left as it is so that error messages get
+ * printed on the user's terminal.
+ */
+ argv[0] = shell;
+ argv[1] = "-c";
+ argv[2] = command_string;
+ argv[3] = NULL;
+
+ /*
+ * Execute the proxy command.
+ * Note that we gave up any extra privileges above.
+ */
+ execv(argv[0], argv);
+ perror(argv[0]);
+ exit(1);
+ }
+ /* Parent. */
+ if (pid < 0)
+ fatal("fork failed: %.100s", strerror(errno));
+ close(sp[0]);
+ free(command_string);
+
+ if ((sock = mm_receive_fd(sp[1])) == -1)
+ fatal("proxy dialer did not pass back a connection");
+
+ while (waitpid(pid, NULL, 0) == -1)
+ if (errno != EINTR)
+ fatal("Couldn't wait for child: %s", strerror(errno));
+
+ /* Set the connection file descriptors. */
+ packet_set_connection(sock, sock);
+
+ return 0;
+}
+
+/*
* Connect to the given ssh server using a proxy command.
*/
static int
ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
{
- char *command_string, *tmp;
+ char *command_string;
int pin[2], pout[2];
pid_t pid;
- char *shell, strport[NI_MAXSERV];
+ char *shell;
- if (!strcmp(proxy_command, "-")) {
- packet_set_connection(STDIN_FILENO, STDOUT_FILENO);
- packet_set_timeout(options.server_alive_interval,
- options.server_alive_count_max);
- return 0;
- }
-
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
shell = _PATH_BSHELL;
- /* Convert the port number into a string. */
- snprintf(strport, sizeof strport, "%hu", port);
-
- /*
- * Build the final command string in the buffer by making the
- * appropriate substitutions to the given proxy command.
- *
- * Use "exec" to avoid "sh -c" processes on some platforms
- * (e.g. Solaris)
- */
- xasprintf(&tmp, "exec %s", proxy_command);
- command_string = percent_expand(tmp, "h", host, "p", strport,
- "r", options.user, (char *)NULL);
- free(tmp);
-
/* Create pipes for communicating with the proxy. */
if (pipe(pin) < 0 || pipe(pout) < 0)
fatal("Could not create pipes to communicate with the proxy: %.100s",
strerror(errno));
+ command_string = expand_proxy_command(proxy_command, options.user,
+ host, port);
debug("Executing proxy command: %.500s", command_string);
/* Fork and execute the proxy command. */
@@ -170,8 +246,6 @@
/* Set the connection file descriptors. */
packet_set_connection(pout[0], pin[1]);
- packet_set_timeout(options.server_alive_interval,
- options.server_alive_count_max);
/* Indicate OK return */
return 0;
@@ -194,55 +268,59 @@
static int
ssh_create_socket(int privileged, struct addrinfo *ai)
{
- int sock, gaierr;
- struct addrinfo hints, *res;
+ int sock, r, gaierr;
+ struct addrinfo hints, *res = NULL;
- /*
- * If we are running as root and want to connect to a privileged
- * port, bind our own socket to a privileged port.
- */
- if (privileged) {
- int p = IPPORT_RESERVED - 1;
- PRIV_START;
- sock = rresvport_af(&p, ai->ai_family);
- PRIV_END;
- if (sock < 0)
- error("rresvport: af=%d %.100s", ai->ai_family,
- strerror(errno));
- else
- debug("Allocated local port %d.", p);
- return sock;
- }
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (sock < 0) {
- error("socket: %.100s", strerror(errno));
+ error("socket: %s", strerror(errno));
return -1;
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL)
+ if (options.bind_address == NULL && !privileged)
return sock;
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = ai->ai_family;
- hints.ai_socktype = ai->ai_socktype;
- hints.ai_protocol = ai->ai_protocol;
- hints.ai_flags = AI_PASSIVE;
- gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
- if (gaierr) {
- error("getaddrinfo: %s: %s", options.bind_address,
- ssh_gai_strerror(gaierr));
- close(sock);
- return -1;
+ if (options.bind_address) {
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = ai->ai_family;
+ hints.ai_socktype = ai->ai_socktype;
+ hints.ai_protocol = ai->ai_protocol;
+ hints.ai_flags = AI_PASSIVE;
+ gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+ if (gaierr) {
+ error("getaddrinfo: %s: %s", options.bind_address,
+ ssh_gai_strerror(gaierr));
+ close(sock);
+ return -1;
+ }
}
- if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
- error("bind: %s: %s", options.bind_address, strerror(errno));
- close(sock);
+ /*
+ * If we are running as root and want to connect to a privileged
+ * port, bind our own socket to a privileged port.
+ */
+ if (privileged) {
+ PRIV_START;
+ r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
+ PRIV_END;
+ if (r < 0) {
+ error("bindresvport_sa: af=%d %s", ai->ai_family,
+ strerror(errno));
+ goto fail;
+ }
+ } else {
+ if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+ error("bind: %s: %s", options.bind_address,
+ strerror(errno));
+ fail:
+ close(sock);
+ freeaddrinfo(res);
+ return -1;
+ }
+ }
+ if (res != NULL)
freeaddrinfo(res);
- return -1;
- }
- freeaddrinfo(res);
return sock;
}
@@ -340,33 +418,18 @@
* and %p substituted for host and port, respectively) to use to contact
* the daemon.
*/
-int
-ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
- u_short port, int family, int connection_attempts, int *timeout_ms,
- int want_keepalive, int needpriv, const char *proxy_command)
+static int
+ssh_connect_direct(const char *host, struct addrinfo *aitop,
+ struct sockaddr_storage *hostaddr, u_short port, int family,
+ int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)
{
- int gaierr;
int on = 1;
int sock = -1, attempt;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- struct addrinfo hints, *ai, *aitop;
+ struct addrinfo *ai;
debug2("ssh_connect: needpriv %d", needpriv);
- /* If a proxy command is given, connect using it. */
- if (proxy_command != NULL)
- return ssh_proxy_connect(host, port, proxy_command);
-
- /* No proxy command. */
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = family;
- hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%u", port);
- if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
- fatal("%s: Could not resolve hostname %.100s: %s", __progname,
- host, ssh_gai_strerror(gaierr));
-
for (attempt = 0; attempt < connection_attempts; attempt++) {
if (attempt > 0) {
/* Sleep a moment before retrying. */
@@ -378,7 +441,8 @@
* sequence until the connection succeeds.
*/
for (ai = aitop; ai; ai = ai->ai_next) {
- if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ if (ai->ai_family != AF_INET &&
+ ai->ai_family != AF_INET6)
continue;
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
@@ -411,8 +475,6 @@
break; /* Successful connection. */
}
- freeaddrinfo(aitop);
-
/* Return failure if we didn't get a successful connection. */
if (sock == -1) {
error("ssh: connect to host %s port %s: %s",
@@ -430,12 +492,28 @@
/* Set the connection. */
packet_set_connection(sock, sock);
- packet_set_timeout(options.server_alive_interval,
- options.server_alive_count_max);
return 0;
}
+int
+ssh_connect(const char *host, struct addrinfo *addrs,
+ struct sockaddr_storage *hostaddr, u_short port, int family,
+ int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)
+{
+ if (options.proxy_command == NULL) {
+ return ssh_connect_direct(host, addrs, hostaddr, port, family,
+ connection_attempts, timeout_ms, want_keepalive, needpriv);
+ } else if (strcmp(options.proxy_command, "-") == 0) {
+ packet_set_connection(STDIN_FILENO, STDOUT_FILENO);
+ return 0; /* Always succeeds */
+ } else if (options.proxy_use_fdpass) {
+ return ssh_proxy_fdpass_connect(host, port,
+ options.proxy_command);
+ }
+ return ssh_proxy_connect(host, port, options.proxy_command);
+}
+
static void
send_client_banner(int connection_out, int minor1)
{
@@ -587,6 +665,12 @@
fatal("Protocol major versions differ: %d vs. %d",
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
remote_major);
+ if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
+ fatal("Server version \"%.100s\" uses unsafe key agreement; "
+ "refusing connection", remote_version);
+ if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
+ logit("Server version \"%.100s\" uses unsafe RSA signature "
+ "scheme; disabling use of RSA keys", remote_version);
if (!client_banner_sent)
send_client_banner(connection_out, minor1);
chop(server_version_string);
@@ -1176,7 +1260,7 @@
ssh_login(Sensitive *sensitive, const char *orighost,
struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
{
- char *host, *cp;
+ char *host;
char *server_user, *local_user;
local_user = xstrdup(pw->pw_name);
@@ -1184,9 +1268,7 @@
/* Convert the user-supplied hostname into all lowercase. */
host = xstrdup(orighost);
- for (cp = host; *cp; cp++)
- if (isupper(*cp))
- *cp = (char)tolower(*cp);
+ lowercase(host);
/* Exchange protocol version identification strings with the server. */
ssh_exchange_identification(timeout_ms);
@@ -1220,7 +1302,7 @@
padded = xcalloc(1, size);
strlcpy(padded, password, size);
packet_put_string(padded, size);
- memset(padded, 0, size);
+ explicit_bzero(padded, size);
free(padded);
}
@@ -1228,7 +1310,14 @@
static int
show_other_keys(struct hostkeys *hostkeys, Key *key)
{
- int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -1};
+ int type[] = {
+ KEY_RSA1,
+ KEY_RSA,
+ KEY_DSA,
+ KEY_ECDSA,
+ KEY_ED25519,
+ -1
+ };
int i, ret = 0;
char *fp, *ra;
const struct hostkey_entry *found;
Modified: vendor-crypto/openssh/dist/sshconnect.h
===================================================================
--- vendor-crypto/openssh/dist/sshconnect.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshconnect.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.27 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -31,9 +31,9 @@
int external_keysign;
};
-int
-ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
- int *, int, int, const char *);
+struct addrinfo;
+int ssh_connect(const char *, struct addrinfo *, struct sockaddr_storage *,
+ u_short, int, int, int *, int, int);
void ssh_kill_proxy_command(void);
void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
Modified: vendor-crypto/openssh/dist/sshconnect1.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect1.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshconnect1.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -19,7 +19,6 @@
#include <sys/socket.h>
#include <openssl/bn.h>
-#include <openssl/md5.h>
#include <stdarg.h>
#include <stdio.h>
@@ -47,6 +46,7 @@
#include "canohost.h"
#include "hostfile.h"
#include "auth.h"
+#include "digest.h"
/* Session id for the current session. */
u_char session_id[16];
@@ -120,7 +120,7 @@
* return a wrong value.
*/
logit("Authentication agent failed to decrypt challenge.");
- memset(response, 0, sizeof(response));
+ explicit_bzero(response, sizeof(response));
}
key_free(key);
debug("Sending response to RSA challenge.");
@@ -161,7 +161,7 @@
respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
{
u_char buf[32], response[16];
- MD5_CTX md;
+ struct ssh_digest_ctx *md;
int i, len;
/* Decrypt the challenge using the private key. */
@@ -179,10 +179,12 @@
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
- MD5_Init(&md);
- MD5_Update(&md, buf, 32);
- MD5_Update(&md, session_id, 16);
- MD5_Final(response, &md);
+ if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+ ssh_digest_update(md, buf, 32) < 0 ||
+ ssh_digest_update(md, session_id, 16) < 0 ||
+ ssh_digest_final(md, response, sizeof(response)) < 0)
+ fatal("%s: md5 failed", __func__);
+ ssh_digest_free(md);
debug("Sending response to host key RSA challenge.");
@@ -193,9 +195,9 @@
packet_send();
packet_write_wait();
- memset(buf, 0, sizeof(buf));
- memset(response, 0, sizeof(response));
- memset(&md, 0, sizeof(md));
+ explicit_bzero(buf, sizeof(buf));
+ explicit_bzero(response, sizeof(response));
+ explicit_bzero(&md, sizeof(md));
}
/*
@@ -269,7 +271,7 @@
debug2("no passphrase given, try next key");
quit = 1;
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if (private != NULL || quit)
break;
@@ -425,7 +427,7 @@
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
ssh_put_password(response);
- memset(response, 0, strlen(response));
+ explicit_bzero(response, strlen(response));
free(response);
packet_send();
packet_write_wait();
@@ -458,7 +460,7 @@
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_send();
packet_write_wait();
@@ -542,9 +544,6 @@
derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
- /* Generate a session key. */
- arc4random_stir();
-
/*
* Generate an encryption key for the session. The key is a 256 bit
* random number, interpreted as a 32-byte key, with the least
@@ -653,8 +652,11 @@
/* Set the encryption key. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
- /* We will no longer need the session key here. Destroy any extra copies. */
- memset(session_key, 0, sizeof(session_key));
+ /*
+ * We will no longer need the session key here.
+ * Destroy any extra copies.
+ */
+ explicit_bzero(session_key, sizeof(session_key));
/*
* Expect a success message from the server. Note that this message
Modified: vendor-crypto/openssh/dist/sshconnect2.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect2.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshconnect2.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -70,8 +70,6 @@
#include "pathnames.h"
#include "uidswap.h"
#include "hostfile.h"
-#include "schnorr.h"
-#include "jpake.h"
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -188,11 +186,12 @@
}
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
- options.hostkeyalgorithms;
+ compat_pkalg_proposal(options.hostkeyalgorithms);
else {
/* Prefer algorithms that we already have keys for */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
- order_hostkeyalgs(host, hostaddr, port);
+ compat_pkalg_proposal(
+ order_hostkeyalgs(host, hostaddr, port));
}
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
@@ -208,6 +207,7 @@
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ kex->kex[KEX_C25519_SHA256] = kexc25519_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
@@ -287,9 +287,6 @@
void input_userauth_info_req(int, u_int32_t, void *);
void input_userauth_pk_ok(int, u_int32_t, void *);
void input_userauth_passwd_changereq(int, u_int32_t, void *);
-void input_userauth_jpake_server_step1(int, u_int32_t, void *);
-void input_userauth_jpake_server_step2(int, u_int32_t, void *);
-void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
int userauth_none(Authctxt *);
int userauth_pubkey(Authctxt *);
@@ -296,10 +293,7 @@
int userauth_passwd(Authctxt *);
int userauth_kbdint(Authctxt *);
int userauth_hostbased(Authctxt *);
-int userauth_jpake(Authctxt *);
-void userauth_jpake_cleanup(Authctxt *);
-
#ifdef GSSAPI
int userauth_gssapi(Authctxt *authctxt);
void input_gssapi_response(int type, u_int32_t, void *);
@@ -338,13 +332,6 @@
NULL,
&options.pubkey_authentication,
NULL},
-#ifdef JPAKE
- {"jpake-01 at openssh.com",
- userauth_jpake,
- userauth_jpake_cleanup,
- &options.zero_knowledge_password_authentication,
- &options.batch_mode},
-#endif
{"keyboard-interactive",
userauth_kbdint,
NULL,
@@ -882,7 +869,7 @@
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_add_padding(64);
packet_send();
@@ -928,7 +915,7 @@
authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
password = NULL;
while (password == NULL) {
@@ -945,16 +932,16 @@
authctxt->server_user, host);
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
- memset(retype, 0, strlen(retype));
+ explicit_bzero(retype, strlen(retype));
free(retype);
}
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_add_padding(64);
packet_send();
@@ -963,209 +950,6 @@
&input_userauth_passwd_changereq);
}
-#ifdef JPAKE
-static char *
-pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
-{
- /* OpenBSD crypt(3) handles all of these */
- if (strcmp(crypt_scheme, "crypt") == 0 ||
- strcmp(crypt_scheme, "bcrypt") == 0 ||
- strcmp(crypt_scheme, "md5crypt") == 0 ||
- strcmp(crypt_scheme, "crypt-extended") == 0)
- return xstrdup(crypt(password, salt));
- error("%s: unsupported password encryption scheme \"%.100s\"",
- __func__, crypt_scheme);
- return NULL;
-}
-
-static BIGNUM *
-jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
- const char *salt)
-{
- char prompt[256], *password, *crypted;
- u_char *secret;
- u_int secret_len;
- BIGNUM *ret;
-
- snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
- authctxt->server_user, authctxt->host);
- password = read_passphrase(prompt, 0);
-
- if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
- logit("Disabling %s authentication", authctxt->method->name);
- authctxt->method->enabled = NULL;
- /* Continue with an empty password to fail gracefully */
- crypted = xstrdup("");
- }
-
-#ifdef JPAKE_DEBUG
- debug3("%s: salt = %s", __func__, salt);
- debug3("%s: scheme = %s", __func__, crypt_scheme);
- debug3("%s: crypted = %s", __func__, crypted);
-#endif
-
- if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
- &secret, &secret_len) != 0)
- fatal("%s: hash_buffer", __func__);
-
- bzero(password, strlen(password));
- bzero(crypted, strlen(crypted));
- free(password);
- free(crypted);
-
- if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
- fatal("%s: BN_bin2bn (secret)", __func__);
- bzero(secret, secret_len);
- free(secret);
-
- return ret;
-}
-
-/* ARGSUSED */
-void
-input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->methoddata;
- u_char *x3_proof, *x4_proof, *x2_s_proof;
- u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
- char *crypt_scheme, *salt;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
-
- if ((pctx->g_x3 = BN_new()) == NULL ||
- (pctx->g_x4 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- /* Fetch step 1 values */
- crypt_scheme = packet_get_string(NULL);
- salt = packet_get_string(NULL);
- pctx->server_id = packet_get_string(&pctx->server_id_len);
- packet_get_bignum2(pctx->g_x3);
- packet_get_bignum2(pctx->g_x4);
- x3_proof = packet_get_string(&x3_proof_len);
- x4_proof = packet_get_string(&x4_proof_len);
- packet_check_eom();
-
- JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
-
- /* Obtain password and derive secret */
- pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
- bzero(crypt_scheme, strlen(crypt_scheme));
- bzero(salt, strlen(salt));
- free(crypt_scheme);
- free(salt);
- JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
-
- /* Calculate step 2 values */
- jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
- pctx->g_x3, pctx->g_x4, pctx->x2,
- pctx->server_id, pctx->server_id_len,
- pctx->client_id, pctx->client_id_len,
- x3_proof, x3_proof_len,
- x4_proof, x4_proof_len,
- &pctx->a,
- &x2_s_proof, &x2_s_proof_len);
-
- bzero(x3_proof, x3_proof_len);
- bzero(x4_proof, x4_proof_len);
- free(x3_proof);
- free(x4_proof);
-
- JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
-
- /* Send values for step 2 */
- packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
- packet_put_bignum2(pctx->a);
- packet_put_string(x2_s_proof, x2_s_proof_len);
- packet_send();
-
- bzero(x2_s_proof, x2_s_proof_len);
- free(x2_s_proof);
-
- /* Expect step 2 packet from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
- input_userauth_jpake_server_step2);
-}
-
-/* ARGSUSED */
-void
-input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->methoddata;
- u_char *x4_s_proof;
- u_int x4_s_proof_len;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
-
- if ((pctx->b = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- /* Fetch step 2 values */
- packet_get_bignum2(pctx->b);
- x4_s_proof = packet_get_string(&x4_s_proof_len);
- packet_check_eom();
-
- JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
-
- /* Derive shared key and calculate confirmation hash */
- jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
- pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
- pctx->client_id, pctx->client_id_len,
- pctx->server_id, pctx->server_id_len,
- session_id2, session_id2_len,
- x4_s_proof, x4_s_proof_len,
- &pctx->k,
- &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
-
- bzero(x4_s_proof, x4_s_proof_len);
- free(x4_s_proof);
-
- JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
-
- /* Send key confirmation proof */
- packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
- packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
- packet_send();
-
- /* Expect confirmation from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
- input_userauth_jpake_server_confirm);
-}
-
-/* ARGSUSED */
-void
-input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- struct jpake_ctx *pctx = authctxt->methoddata;
-
- /* Disable this message */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
-
- pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
- packet_check_eom();
-
- JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
-
- /* Verify expected confirmation hash */
- if (jpake_check_confirm(pctx->k,
- pctx->server_id, pctx->server_id_len,
- session_id2, session_id2_len,
- pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
- debug("%s: %s success", __func__, authctxt->method->name);
- else {
- debug("%s: confirmation mismatch", __func__);
- /* XXX stash this so if auth succeeds then we can warn/kill */
- }
-
- userauth_jpake_cleanup(authctxt);
-}
-#endif /* JPAKE */
-
static int
identity_sign(Identity *id, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
@@ -1342,7 +1126,7 @@
debug2("no passphrase given, try next key");
quit = 1;
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if (private != NULL || quit)
break;
@@ -1406,7 +1190,7 @@
/* If IdentitiesOnly set and key not found then don't use it */
if (!found && options.identities_only) {
TAILQ_REMOVE(&files, id, next);
- bzero(id, sizeof(*id));
+ explicit_bzero(id, sizeof(*id));
free(id);
}
}
@@ -1488,17 +1272,31 @@
* encrypted keys we cannot do this and have to load the
* private key instead
*/
- if (id->key && id->key->type != KEY_RSA1) {
- debug("Offering %s public key: %s", key_type(id->key),
- id->filename);
- sent = send_pubkey_test(authctxt, id);
- } else if (id->key == NULL) {
+ if (id->key != NULL) {
+ if (key_type_plain(id->key->type) == KEY_RSA &&
+ (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ debug("Skipped %s key %s for RSA/MD5 server",
+ key_type(id->key), id->filename);
+ } else if (id->key->type != KEY_RSA1) {
+ debug("Offering %s public key: %s",
+ key_type(id->key), id->filename);
+ sent = send_pubkey_test(authctxt, id);
+ }
+ } else {
debug("Trying private key: %s", id->filename);
id->key = load_identity_file(id->filename,
id->userprovided);
if (id->key != NULL) {
id->isprivate = 1;
- sent = sign_and_send_pubkey(authctxt, id);
+ if (key_type_plain(id->key->type) == KEY_RSA &&
+ (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ debug("Skipped %s key %s for RSA/MD5 "
+ "server", key_type(id->key),
+ id->filename);
+ } else {
+ sent = sign_and_send_pubkey(
+ authctxt, id);
+ }
key_free(id->key);
id->key = NULL;
}
@@ -1587,7 +1385,7 @@
response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
- memset(response, 0, strlen(response));
+ explicit_bzero(response, strlen(response));
free(response);
free(prompt);
}
@@ -1757,7 +1555,7 @@
packet_put_cstring(chost);
packet_put_cstring(authctxt->local_user);
packet_put_string(signature, slen);
- memset(signature, 's', slen);
+ explicit_bzero(signature, slen);
free(signature);
free(chost);
free(pkalg);
@@ -1767,79 +1565,6 @@
return 1;
}
-#ifdef JPAKE
-int
-userauth_jpake(Authctxt *authctxt)
-{
- struct jpake_ctx *pctx;
- u_char *x1_proof, *x2_proof;
- u_int x1_proof_len, x2_proof_len;
- static int attempt = 0; /* XXX share with userauth_password's? */
-
- if (attempt++ >= options.number_of_password_prompts)
- return 0;
- if (attempt != 1)
- error("Permission denied, please try again.");
-
- if (authctxt->methoddata != NULL)
- fatal("%s: authctxt->methoddata already set (%p)",
- __func__, authctxt->methoddata);
-
- authctxt->methoddata = pctx = jpake_new();
-
- /*
- * Send request immediately, to get the protocol going while
- * we do the initial computations.
- */
- packet_start(SSH2_MSG_USERAUTH_REQUEST);
- packet_put_cstring(authctxt->server_user);
- packet_put_cstring(authctxt->service);
- packet_put_cstring(authctxt->method->name);
- packet_send();
- packet_write_wait();
-
- jpake_step1(pctx->grp,
- &pctx->client_id, &pctx->client_id_len,
- &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
- &x1_proof, &x1_proof_len,
- &x2_proof, &x2_proof_len);
-
- JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
-
- packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
- packet_put_string(pctx->client_id, pctx->client_id_len);
- packet_put_bignum2(pctx->g_x1);
- packet_put_bignum2(pctx->g_x2);
- packet_put_string(x1_proof, x1_proof_len);
- packet_put_string(x2_proof, x2_proof_len);
- packet_send();
-
- bzero(x1_proof, x1_proof_len);
- bzero(x2_proof, x2_proof_len);
- free(x1_proof);
- free(x2_proof);
-
- /* Expect step 1 packet from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
- input_userauth_jpake_server_step1);
- dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
- &input_userauth_success_unexpected);
-
- return 1;
-}
-
-void
-userauth_jpake_cleanup(Authctxt *authctxt)
-{
- debug3("%s: clean up", __func__);
- if (authctxt->methoddata != NULL) {
- jpake_free(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
- dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
-}
-#endif /* JPAKE */
-
/* find auth method */
/*
Modified: vendor-crypto/openssh/dist/sshd.0
===================================================================
--- vendor-crypto/openssh/dist/sshd.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -82,10 +82,11 @@
be given if sshd is not run as root (as the normal host key files
are normally not readable by anyone but root). The default is
/etc/ssh/ssh_host_key for protocol version 1, and
- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
- /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible
- to have multiple host key files for the different protocol
- versions and host key algorithms.
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
+ /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
+ protocol version 2. It is possible to have multiple host key
+ files for the different protocol versions and host key
+ algorithms.
-i Specifies that sshd is being run from inetd(8). sshd is normally
not run from inetd because it needs to generate the server key
@@ -147,9 +148,9 @@
AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
use protocol 2 only, though this can be changed via the Protocol option
- in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol
- 1 only supports RSA keys. For both protocols, each host has a host-
- specific key, normally 2048 bits, used to identify the host.
+ in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+ protocol 1 only supports RSA keys. For both protocols, each host has a
+ host-specific key, normally 2048 bits, used to identify the host.
Forward security for protocol 1 is provided through an additional server
key, normally 768 bits, generated when the server starts. This key is
@@ -278,15 +279,15 @@
give the RSA key for protocol version 1; the comment field is not used
for anything (but may be convenient for the user to identify the key).
For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
- ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or
- ``ssh-rsa''.
+ ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'',
+ ``ssh-dss'' or ``ssh-rsa''.
Note that lines in this file are usually several hundred bytes long
(because of the size of the public key encoding) up to a limit of 8
kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
kilobits. You don't want to type them in; instead, copy the
- identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit
- it.
+ identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
+ file and edit it.
sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
2 keys of 768 bits.
@@ -512,11 +513,11 @@
for the user, and not accessible by others.
~/.ssh/authorized_keys
- Lists the public keys (DSA/ECDSA/RSA) that can be used for
- logging in as this user. The format of this file is described
- above. The content of the file is not highly sensitive, but the
- recommended permissions are read/write for the user, and not
- accessible by others.
+ Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+ for logging in as this user. The format of this file is
+ described above. The content of the file is not highly
+ sensitive, but the recommended permissions are read/write for the
+ user, and not accessible by others.
If this file, the ~/.ssh directory, or the user's home directory
are writable by other users, then the file could be modified or
@@ -574,6 +575,7 @@
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys. These
files should only be owned by root, readable only by root, and
@@ -583,6 +585,7 @@
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key.pub
+ /etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key.pub
These files contain the public parts of the host keys. These
files should be world-readable but writable only by root. Their
@@ -637,4 +640,4 @@
System security is not improved unless rshd, rlogind, and rexecd are
disabled (thus completely disabling rlogin and rsh into the machine).
-OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
+OpenBSD 5.5 December 7, 2013 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/sshd.8
===================================================================
--- vendor-crypto/openssh/dist/sshd.8 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd.8 2014-10-11 16:33:18 UTC (rev 6863)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $
-.Dd $Mdocdate: June 27 2013 $
+.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -175,7 +175,8 @@
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key
+.Pa /etc/ssh/ssh_host_ecdsa_key .
+.Pa /etc/ssh/ssh_host_ed25519_key
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
@@ -280,7 +281,7 @@
.Cm Protocol
option in
.Xr sshd_config 5 .
-Protocol 2 supports DSA, ECDSA and RSA keys;
+Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
each host has a host-specific key,
@@ -494,6 +495,7 @@
.Dq ecdsa-sha2-nistp256 ,
.Dq ecdsa-sha2-nistp384 ,
.Dq ecdsa-sha2-nistp521 ,
+.Dq ssh-ed25519 ,
.Dq ssh-dss
or
.Dq ssh-rsa .
@@ -506,6 +508,7 @@
.Pa identity.pub ,
.Pa id_dsa.pub ,
.Pa id_ecdsa.pub ,
+.Pa id_ed25519.pub ,
or the
.Pa id_rsa.pub
file and edit it.
@@ -805,8 +808,8 @@
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in
-as this user.
+Lists the public keys (DSA, ECDSA, ED25519, RSA)
+that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
@@ -886,6 +889,7 @@
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
+.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not
@@ -897,6 +901,7 @@
.It Pa /etc/ssh/ssh_host_key.pub
.It Pa /etc/ssh/ssh_host_dsa_key.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
+.It Pa /etc/ssh/ssh_host_ed25519_key.pub
.It Pa /etc/ssh/ssh_host_rsa_key.pub
These files contain the public parts of the host keys.
These files should be world-readable but writable only by
Modified: vendor-crypto/openssh/dist/sshd.c
===================================================================
--- vendor-crypto/openssh/dist/sshd.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -74,7 +74,6 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
-#include <openssl/md5.h>
#include <openssl/rand.h>
#include "openbsd-compat/openssl-compat.h"
@@ -96,6 +95,7 @@
#include "uidswap.h"
#include "compat.h"
#include "cipher.h"
+#include "digest.h"
#include "key.h"
#include "kex.h"
#include "dh.h"
@@ -315,6 +315,7 @@
sighup_restart(void)
{
logit("Received SIGHUP; restarting.");
+ platform_pre_restart();
close_listen_socks();
close_startup_pipes();
alarm(0); /* alarm timer persists across exec */
@@ -371,7 +372,7 @@
*/
if (getpgid(0) == getpid()) {
signal(SIGTERM, SIG_IGN);
- killpg(0, SIGTERM);
+ kill(0, SIGTERM);
}
/* Log error and exit. */
@@ -397,7 +398,6 @@
verbose("RSA key generation complete.");
arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
- arc4random_stir();
}
/*ARGSUSED*/
@@ -480,10 +480,11 @@
&remote_major, &remote_minor, remote_version) != 3) {
s = "Protocol mismatch.\n";
(void) atomicio(vwrite, sock_out, s, strlen(s));
+ logit("Bad protocol version identification '%.100s' "
+ "from %s port %d", client_version_string,
+ get_remote_ipaddr(), get_remote_port());
close(sock_in);
close(sock_out);
- logit("Bad protocol version identification '%.100s' from %s",
- client_version_string, get_remote_ipaddr());
cleanup_exit(255);
}
debug("Client protocol version %d.%d; client software version %.100s",
@@ -491,17 +492,24 @@
compat_datafellows(remote_version);
- if (datafellows & SSH_BUG_PROBE) {
+ if ((datafellows & SSH_BUG_PROBE) != 0) {
logit("probed from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
cleanup_exit(255);
}
-
- if (datafellows & SSH_BUG_SCANNER) {
+ if ((datafellows & SSH_BUG_SCANNER) != 0) {
logit("scanned from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
cleanup_exit(255);
}
+ if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
+ logit("Client version \"%.100s\" uses unsafe RSA signature "
+ "scheme; disabling use of RSA keys", remote_version);
+ }
+ if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
+ fatal("Client version \"%.100s\" uses unsafe key agreement; "
+ "refusing connection", remote_version);
+ }
mismatch = 0;
switch (remote_major) {
@@ -571,7 +579,7 @@
}
}
sensitive_data.ssh1_host_key = NULL;
- memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
+ explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
}
/* Demote private to public keys for network child */
@@ -610,9 +618,16 @@
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
+#ifdef GSSAPI
+ /* Cache supported mechanism OIDs for later use */
+ if (options.gss_authentication)
+ ssh_gssapi_prepare_supported_oids();
+#endif
+
arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
demote_sensitive_data();
@@ -651,7 +666,7 @@
pmonitor->m_pkex = &xxx_kex;
if (use_privsep == PRIVSEP_ON)
- box = ssh_sandbox_init();
+ box = ssh_sandbox_init(pmonitor);
pid = fork();
if (pid == -1) {
fatal("fork of unprivileged child failed");
@@ -747,6 +762,7 @@
arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
/* Drop privileges */
do_setusercontext(authctxt->pw);
@@ -782,6 +798,7 @@
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+ case KEY_ED25519:
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
@@ -798,6 +815,7 @@
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
+ case KEY_ED25519_CERT:
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
@@ -825,6 +843,7 @@
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
+ case KEY_ED25519_CERT:
key = sensitive_data.host_certificates[i];
break;
default:
@@ -1139,6 +1158,7 @@
struct sockaddr_storage from;
socklen_t fromlen;
pid_t pid;
+ u_char rnd[256];
/* setup fd set for accept */
fdset = NULL;
@@ -1339,6 +1359,9 @@
* from that of the child
*/
arc4random_stir();
+ arc4random_buf(rnd, sizeof(rnd));
+ RAND_seed(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
}
/* child process check (or debug mode) */
@@ -1640,7 +1663,8 @@
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
} else {
- memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+ explicit_bzero(privsep_pw->pw_passwd,
+ strlen(privsep_pw->pw_passwd));
privsep_pw = pwcopy(privsep_pw);
free(privsep_pw->pw_passwd);
privsep_pw->pw_passwd = xstrdup("*");
@@ -1693,6 +1717,7 @@
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+ case KEY_ED25519:
sensitive_data.have_ssh2_key = 1;
break;
}
@@ -1859,9 +1884,6 @@
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
- /* Initialize the random number generator. */
- arc4random_stir();
-
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)
@@ -1933,13 +1955,14 @@
dup2(STDIN_FILENO, STDOUT_FILENO);
if (startup_pipe == -1)
close(REEXEC_STARTUP_PIPE_FD);
- else
+ else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
+ close(startup_pipe);
+ startup_pipe = REEXEC_STARTUP_PIPE_FD;
+ }
dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
close(config_s[1]);
- if (startup_pipe != -1)
- close(startup_pipe);
execv(rexec_argv[0], rexec_argv);
@@ -1950,8 +1973,6 @@
options.log_facility, log_stderr);
/* Clean up fds */
- startup_pipe = REEXEC_STARTUP_PIPE_FD;
- close(config_s[1]);
close(REEXEC_CONFIG_PASS_FD);
newsock = sock_out = sock_in = dup(STDIN_FILENO);
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
@@ -2033,7 +2054,9 @@
#endif /* LIBWRAP */
/* Log the connection. */
- verbose("Connection from %.500s port %d", remote_ip, remote_port);
+ verbose("Connection from %s port %d on %s port %d",
+ remote_ip, remote_port,
+ get_local_ipaddr(sock_in), get_local_port());
/*
* We don't want to listen forever unless the other side
@@ -2325,7 +2348,7 @@
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;
} else {
- memset(session_key, 0, sizeof(session_key));
+ explicit_bzero(session_key, sizeof(session_key));
BN_bn2bin(session_key_int,
session_key + sizeof(session_key) - len);
@@ -2344,20 +2367,26 @@
if (rsafail) {
int bytes = BN_num_bytes(session_key_int);
u_char *buf = xmalloc(bytes);
- MD5_CTX md;
+ struct ssh_digest_ctx *md;
logit("do_connection: generating a fake encryption key");
BN_bn2bin(session_key_int, buf);
- MD5_Init(&md);
- MD5_Update(&md, buf, bytes);
- MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
- MD5_Final(session_key, &md);
- MD5_Init(&md);
- MD5_Update(&md, session_key, 16);
- MD5_Update(&md, buf, bytes);
- MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
- MD5_Final(session_key + 16, &md);
- memset(buf, 0, bytes);
+ if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+ ssh_digest_update(md, buf, bytes) < 0 ||
+ ssh_digest_update(md, sensitive_data.ssh1_cookie,
+ SSH_SESSION_KEY_LENGTH) < 0 ||
+ ssh_digest_final(md, session_key, sizeof(session_key)) < 0)
+ fatal("%s: md5 failed", __func__);
+ ssh_digest_free(md);
+ if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
+ ssh_digest_update(md, session_key, 16) < 0 ||
+ ssh_digest_update(md, sensitive_data.ssh1_cookie,
+ SSH_SESSION_KEY_LENGTH) < 0 ||
+ ssh_digest_final(md, session_key + 16,
+ sizeof(session_key) - 16) < 0)
+ fatal("%s: md5 failed", __func__);
+ ssh_digest_free(md);
+ explicit_bzero(buf, bytes);
free(buf);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
@@ -2375,7 +2404,7 @@
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
/* Destroy our copy of the session key. It is no longer needed. */
- memset(session_key, 0, sizeof(session_key));
+ explicit_bzero(session_key, sizeof(session_key));
debug("Received session key; encryption turned on.");
@@ -2437,7 +2466,8 @@
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
+ list_hostkey_types());
/* start key exchange */
kex = kex_setup(myproposal);
@@ -2446,6 +2476,7 @@
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ kex->kex[KEX_C25519_SHA256] = kexc25519_server;
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
Modified: vendor-crypto/openssh/dist/sshd_config
===================================================================
--- vendor-crypto/openssh/dist/sshd_config 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd_config 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
+# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -24,6 +24,7 @@
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@@ -84,8 +85,8 @@
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
@@ -101,6 +102,7 @@
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
+#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
@@ -127,4 +129,5 @@
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
+# PermitTTY no
# ForceCommand cvs server
Modified: vendor-crypto/openssh/dist/sshd_config.0
===================================================================
--- vendor-crypto/openssh/dist/sshd_config.0 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd_config.0 2014-10-11 16:33:18 UTC (rev 6863)
@@ -198,18 +198,25 @@
Ciphers
Specifies the ciphers allowed for protocol version 2. Multiple
- ciphers must be comma-separated. The supported ciphers are
+ ciphers must be comma-separated. The supported ciphers are:
+
``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
``aes128-gcm at openssh.com'', ``aes256-gcm at openssh.com'',
``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
- and ``cast128-cbc''. The default is:
+ ``cast128-cbc'', and ``chacha20-poly1305 at openssh.com''.
+ The default is:
+
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+ chacha20-poly1305 at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
+ The list of available ciphers may also be obtained using the -Q
+ option of ssh(1).
+
ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without sshd(8) receiving any messages back from the client.
@@ -325,15 +332,15 @@
HostKey
Specifies a file containing a private host key used by SSH. The
default is /etc/ssh/ssh_host_key for protocol version 1, and
- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
- /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that
- sshd(8) will refuse to use a file if it is group/world-
- accessible. It is possible to have multiple host key files.
- ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or
- ``rsa'' are used for version 2 of the SSH protocol. It is also
- possible to specify public host key files instead. In this case
- operations on the private key will be delegated to an
- ssh-agent(1).
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
+ /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
+ protocol version 2. Note that sshd(8) will refuse to use a file
+ if it is group/world-accessible. It is possible to have multiple
+ host key files. ``rsa1'' keys are used for version 1 and
+ ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2
+ of the SSH protocol. It is also possible to specify public host
+ key files instead. In this case operations on the private key
+ will be delegated to an ssh-agent(1).
HostKeyAgent
Identifies the UNIX-domain socket used to communicate with an
@@ -367,6 +374,12 @@
interactive sessions and ``throughput'' for non-interactive
sessions.
+ KbdInteractiveAuthentication
+ Specifies whether to allow keyboard-interactive authentication.
+ The argument to this keyword must be ``yes'' or ``no''. The
+ default is to use whatever value ChallengeResponseAuthentication
+ is set to (by default ``yes'').
+
KerberosAuthentication
Specifies whether the password provided by the user for
PasswordAuthentication will be validated through the Kerberos
@@ -391,11 +404,14 @@
KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Multiple
algorithms must be comma-separated. The default is
- ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'',
- ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'',
- ``diffie-hellman-group-exchange-sha1'',
- ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''.
+ curve25519-sha256 at libssh.org,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ diffie-hellman-group-exchange-sha256,
+ diffie-hellman-group-exchange-sha1,
+ diffie-hellman-group14-sha1,
+ diffie-hellman-group1-sha1
+
KeyRegenerationInterval
In protocol version 1, the ephemeral server key is automatically
regenerated after this many seconds (if it has been used). The
@@ -450,14 +466,16 @@
Match Introduces a conditional block. If all of the criteria on the
Match line are satisfied, the keywords on the following lines
override those set in the global section of the config file,
- until either another Match line or the end of the file.
+ until either another Match line or the end of the file. If a
+ keyword appears in multiple Match blocks that are satisified,
+ only the first instance of the keyword is applied.
- The arguments to Match are one or more criteria-pattern pairs.
- The available criteria are User, Group, Host, LocalAddress,
- LocalPort, and Address. The match patterns may consist of single
- entries or comma-separated lists and may use the wildcard and
- negation operators described in the PATTERNS section of
- ssh_config(5).
+ The arguments to Match are one or more criteria-pattern pairs or
+ the single token All which matches all criteria. The available
+ criteria are User, Group, Host, LocalAddress, LocalPort, and
+ Address. The match patterns may consist of single entries or
+ comma-separated lists and may use the wildcard and negation
+ operators described in the PATTERNS section of ssh_config(5).
The patterns in an Address criteria may additionally contain
addresses to match in CIDR address/masklen format, e.g.
@@ -477,10 +495,10 @@
HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
KbdInteractiveAuthentication, KerberosAuthentication,
MaxAuthTries, MaxSessions, PasswordAuthentication,
- PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel,
- PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication,
- RSAAuthentication, X11DisplayOffset, X11Forwarding and
- X11UseLocalHost.
+ PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY,
+ PermitTunnel, PubkeyAuthentication, RekeyLimit,
+ RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset,
+ X11Forwarding and X11UseLocalHost.
MaxAuthTries
Specifies the maximum number of authentication attempts permitted
@@ -551,6 +569,10 @@
``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits
both ``point-to-point'' and ``ethernet''. The default is ``no''.
+ PermitTTY
+ Specifies whether pty(4) allocation is permitted. The default is
+ ``yes''.
+
PermitUserEnvironment
Specifies whether ~/.ssh/environment and environment= options in
~/.ssh/authorized_keys are processed by sshd(8). The default is
@@ -810,4 +832,4 @@
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
-OpenBSD 5.4 July 19, 2013 OpenBSD 5.4
+OpenBSD 5.5 February 27, 2014 OpenBSD 5.5
Modified: vendor-crypto/openssh/dist/sshd_config.5
===================================================================
--- vendor-crypto/openssh/dist/sshd_config.5 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshd_config.5 2014-10-11 16:33:18 UTC (rev 6863)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $
-.Dd $Mdocdate: July 19 2013 $
+.\" $OpenBSD: sshd_config.5,v 1.172 2014/02/27 22:47:07 djm Exp $
+.Dd $Mdocdate: February 27 2014 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -335,7 +335,8 @@
.It Cm Ciphers
Specifies the ciphers allowed for protocol version 2.
Multiple ciphers must be comma-separated.
-The supported ciphers are
+The supported ciphers are:
+.Pp
.Dq 3des-cbc ,
.Dq aes128-cbc ,
.Dq aes192-cbc ,
@@ -349,15 +350,23 @@
.Dq arcfour256 ,
.Dq arcfour ,
.Dq blowfish-cbc ,
+.Dq cast128-cbc ,
and
-.Dq cast128-cbc .
+.Dq chacha20-poly1305 at openssh.com .
+.Pp
The default is:
.Bd -literal -offset 3n
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+chacha20-poly1305 at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
.Ed
+.Pp
+The list of available ciphers may also be obtained using the
+.Fl Q
+option of
+.Xr ssh 1 .
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
@@ -531,7 +540,8 @@
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key
+.Pa /etc/ssh/ssh_host_ecdsa_key ,
+.Pa /etc/ssh/ssh_host_ed25519_key
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
@@ -542,7 +552,8 @@
.Dq rsa1
keys are used for version 1 and
.Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519
or
.Dq rsa
are used for version 2 of the SSH protocol.
@@ -622,6 +633,17 @@
for interactive sessions and
.Dq throughput
for non-interactive sessions.
+.It Cm KbdInteractiveAuthentication
+Specifies whether to allow keyboard-interactive authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to use whatever value
+.Cm ChallengeResponseAuthentication
+is set to
+(by default
+.Dq yes ) .
.It Cm KerberosAuthentication
Specifies whether the password provided by the user for
.Cm PasswordAuthentication
@@ -651,13 +673,14 @@
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
The default is
-.Dq ecdh-sha2-nistp256 ,
-.Dq ecdh-sha2-nistp384 ,
-.Dq ecdh-sha2-nistp521 ,
-.Dq diffie-hellman-group-exchange-sha256 ,
-.Dq diffie-hellman-group-exchange-sha1 ,
-.Dq diffie-hellman-group14-sha1 ,
-.Dq diffie-hellman-group1-sha1 .
+.Bd -literal -offset indent
+curve25519-sha256 at libssh.org,
+ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+diffie-hellman-group-exchange-sha256,
+diffie-hellman-group-exchange-sha1,
+diffie-hellman-group14-sha1,
+diffie-hellman-group1-sha1
+.Ed
.It Cm KeyRegenerationInterval
In protocol version 1, the ephemeral server key is automatically regenerated
after this many seconds (if it has been used).
@@ -747,10 +770,16 @@
set in the global section of the config file, until either another
.Cm Match
line or the end of the file.
+If a keyword appears in multiple
+.Cm Match
+blocks that are satisified, only the first instance of the keyword is
+applied.
.Pp
The arguments to
.Cm Match
-are one or more criteria-pattern pairs.
+are one or more criteria-pattern pairs or the single token
+.Cm All
+which matches all criteria.
The available criteria are
.Cm User ,
.Cm Group ,
@@ -811,6 +840,7 @@
.Cm PermitEmptyPasswords ,
.Cm PermitOpen ,
.Cm PermitRootLogin ,
+.Cm PermitTTY ,
.Cm PermitTunnel ,
.Cm PubkeyAuthentication ,
.Cm RekeyLimit ,
@@ -940,6 +970,12 @@
.Dq ethernet .
The default is
.Dq no .
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 4
+allocation is permitted.
+The default is
+.Dq yes .
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment
Modified: vendor-crypto/openssh/dist/sshlogin.c
===================================================================
--- vendor-crypto/openssh/dist/sshlogin.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/sshlogin.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.27 2011/01/11 06:06:09 djm Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.28 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
Modified: vendor-crypto/openssh/dist/uidswap.c
===================================================================
--- vendor-crypto/openssh/dist/uidswap.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/uidswap.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: uidswap.c,v 1.36 2013/11/08 11:15:19 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -20,6 +20,7 @@
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
+#include <stdlib.h>
#include <grp.h>
@@ -133,7 +134,9 @@
void
permanently_drop_suid(uid_t uid)
{
+#ifndef HAVE_CYGWIN
uid_t old_uid = getuid();
+#endif
debug("permanently_drop_suid: %u", (u_int)uid);
if (setresuid(uid, uid, uid) < 0)
@@ -196,8 +199,10 @@
void
permanently_set_uid(struct passwd *pw)
{
+#ifndef HAVE_CYGWIN
uid_t old_uid = getuid();
gid_t old_gid = getgid();
+#endif
if (pw == NULL)
fatal("permanently_set_uid: no user given");
Added: vendor-crypto/openssh/dist/verify.c
===================================================================
--- vendor-crypto/openssh/dist/verify.c (rev 0)
+++ vendor-crypto/openssh/dist/verify.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -0,0 +1,49 @@
+/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Author: Daniel J. Bernstein
+ * Copied from nacl-20110221/crypto_verify/32/ref/verify.c
+ */
+
+#include "includes.h"
+
+#include "crypto_api.h"
+
+int crypto_verify_32(const unsigned char *x,const unsigned char *y)
+{
+ unsigned int differentbits = 0;
+#define F(i) differentbits |= x[i] ^ y[i];
+ F(0)
+ F(1)
+ F(2)
+ F(3)
+ F(4)
+ F(5)
+ F(6)
+ F(7)
+ F(8)
+ F(9)
+ F(10)
+ F(11)
+ F(12)
+ F(13)
+ F(14)
+ F(15)
+ F(16)
+ F(17)
+ F(18)
+ F(19)
+ F(20)
+ F(21)
+ F(22)
+ F(23)
+ F(24)
+ F(25)
+ F(26)
+ F(27)
+ F(28)
+ F(29)
+ F(30)
+ F(31)
+ return (1 & ((differentbits - 1) >> 8)) - 1;
+}
Modified: vendor-crypto/openssh/dist/version.h
===================================================================
--- vendor-crypto/openssh/dist/version.h 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/version.h 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.68 2013/11/08 01:38:11 djm Exp $ */
+/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
-#define SSH_VERSION "OpenSSH_6.4"
+#define SSH_VERSION "OpenSSH_6.6"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Modified: vendor-crypto/openssh/dist/xmalloc.c
===================================================================
--- vendor-crypto/openssh/dist/xmalloc.c 2014-10-11 16:23:48 UTC (rev 6862)
+++ vendor-crypto/openssh/dist/xmalloc.c 2014-10-11 16:33:18 UTC (rev 6863)
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: xmalloc.c,v 1.29 2014/01/04 17:50:55 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -33,7 +33,7 @@
fatal("xmalloc: zero size");
ptr = malloc(size);
if (ptr == NULL)
- fatal("xmalloc: out of memory (allocating %lu bytes)", (u_long) size);
+ fatal("xmalloc: out of memory (allocating %zu bytes)", size);
return ptr;
}
@@ -48,8 +48,8 @@
fatal("xcalloc: nmemb * size > SIZE_T_MAX");
ptr = calloc(nmemb, size);
if (ptr == NULL)
- fatal("xcalloc: out of memory (allocating %lu bytes)",
- (u_long)(size * nmemb));
+ fatal("xcalloc: out of memory (allocating %zu bytes)",
+ size * nmemb);
return ptr;
}
@@ -68,8 +68,8 @@
else
new_ptr = realloc(ptr, new_size);
if (new_ptr == NULL)
- fatal("xrealloc: out of memory (new_size %lu bytes)",
- (u_long) new_size);
+ fatal("xrealloc: out of memory (new_size %zu bytes)",
+ new_size);
return new_ptr;
}
More information about the Midnightbsd-cvs
mailing list