subject:"CVS commit\: \[netbsd\-5\] src\/crypto\/dist\/ssh"

CVS commit: [netbsd-5] src/crypto/dist/ssh

2012-01-27 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Fri Jan 27 19:31:37 UTC 2012

Modified Files:
src/crypto/dist/ssh [netbsd-5]: auth-options.c

Log Message:
Pull up following revision(s) (requested by drochner in ticket #1717):
crypto/dist/ssh/auth-options.c  patch

Prevent minor information disclosure in ssh.
[drochner, ticket #1717]


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.8.1 src/crypto/dist/ssh/auth-options.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/auth-options.c
diff -u src/crypto/dist/ssh/auth-options.c:1.9 src/crypto/dist/ssh/auth-options.c:1.9.8.1
--- src/crypto/dist/ssh/auth-options.c:1.9	Sun Apr  6 23:38:19 2008
+++ src/crypto/dist/ssh/auth-options.c	Fri Jan 27 19:31:37 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-options.c,v 1.9 2008/04/06 23:38:19 christos Exp $	*/
+/*	$NetBSD: auth-options.c,v 1.9.8.1 2012/01/27 19:31:37 riz Exp $	*/
 /* $OpenBSD: auth-options.c,v 1.41 2008/03/26 21:28:14 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -12,7 +12,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth-options.c,v 1.9 2008/04/06 23:38:19 christos Exp $);
+__RCSID($NetBSD: auth-options.c,v 1.9.8.1 2012/01/27 19:31:37 riz Exp $);
 #include sys/types.h
 
 #include netdb.h
@@ -156,7 +156,7 @@ auth_parse_options(struct passwd *pw, ch
 goto bad_option;
 			}
 			forced_command[i] = '\0';
-			auth_debug_add(Forced command: %.900s, forced_command);
+			auth_debug_add(Forced command.);
 			opts++;
 			goto next_option;
 		}

CVS commit: [netbsd-5] src/crypto/dist/ssh

2010-11-20 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Sat Nov 20 18:27:50 UTC 2010

Modified Files:
src/crypto/dist/ssh [netbsd-5]: misc.c

Log Message:
Pull up following revision(s) (requested by jnemeth in ticket #1392):
crypto/external/bsd/openssh/dist/misc.c: revision 1.3
Fix tunnelling (ssh -w).  The kernel expects a device to be passed
to the socked, not a path.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.22.4.1 src/crypto/dist/ssh/misc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/misc.c
diff -u src/crypto/dist/ssh/misc.c:1.22 src/crypto/dist/ssh/misc.c:1.22.4.1
--- src/crypto/dist/ssh/misc.c:1.22	Wed Sep 17 15:45:50 2008
+++ src/crypto/dist/ssh/misc.c	Sat Nov 20 18:27:50 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: misc.c,v 1.22 2008/09/17 15:45:50 christos Exp $	*/
+/*	$NetBSD: misc.c,v 1.22.4.1 2010/11/20 18:27:50 riz Exp $	*/
 /* $OpenBSD: misc.c,v 1.67 2008/01/01 08:47:04 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: misc.c,v 1.22 2008/09/17 15:45:50 christos Exp $);
+__RCSID($NetBSD: misc.c,v 1.22.4.1 2010/11/20 18:27:50 riz Exp $);
 #include sys/types.h
 #include sys/ioctl.h
 #include sys/socket.h
@@ -680,6 +680,7 @@
 	debug(%s: %s mode %d fd %d, __func__, ifr.ifr_name, mode, fd);
 
 	/* Set the tunnel device operation mode */
+	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), %s%d, tunbase, tun);
 	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
 		goto failed;

CVS commit: [netbsd-5] src/crypto/dist/ssh

2010-05-19 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Thu May 20 05:25:30 UTC 2010

Modified Files:
src/crypto/dist/ssh [netbsd-5]: ssh_config ssh_config.5 sshd_config.5

Log Message:
Pull up following revision(s) (requested by drochner in ticket #1384):
crypto/external/bsd/openssh/dist/ssh_config.5: revision 1.3 via patch
crypto/external/bsd/openssh/dist/sshd_config.5: revision 1.4 via patch
crypto/external/bsd/openssh/dist/ssh_config: revision 1.3 via patch
Don't mention umac...@openssh.com MAC algorithm which is not enabled
in our SSH client and daemon as it causes crashes on architectures which
strict aligment requirements (e.g. NetBSD/sparc64).
This fixes PR bin/43221 by myself.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.6.1 src/crypto/dist/ssh/ssh_config
cvs rdiff -u -r1.16 -r1.16.8.1 src/crypto/dist/ssh/ssh_config.5
cvs rdiff -u -r1.15 -r1.15.8.1 src/crypto/dist/ssh/sshd_config.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/ssh_config
diff -u src/crypto/dist/ssh/ssh_config:1.14 src/crypto/dist/ssh/ssh_config:1.14.6.1
--- src/crypto/dist/ssh/ssh_config:1.14	Fri Apr 25 15:01:45 2008
+++ src/crypto/dist/ssh/ssh_config	Thu May 20 05:25:30 2010
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.14 2008/04/25 15:01:45 jmmv Exp $
+#	$NetBSD: ssh_config,v 1.14.6.1 2010/05/20 05:25:30 snj Exp $
 #	$OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -39,7 +39,7 @@
 #   Protocol 2,1
 #   Cipher 3des
 #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
-#   MACs hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160
+#   MACs hmac-md5,hmac-sha1,hmac-ripemd160
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any

Index: src/crypto/dist/ssh/ssh_config.5
diff -u src/crypto/dist/ssh/ssh_config.5:1.16 src/crypto/dist/ssh/ssh_config.5:1.16.8.1
--- src/crypto/dist/ssh/ssh_config.5:1.16	Sun Apr  6 23:38:20 2008
+++ src/crypto/dist/ssh/ssh_config.5	Thu May 20 05:25:30 2010
@@ -1,4 +1,4 @@
-.\	$NetBSD: ssh_config.5,v 1.16 2008/04/06 23:38:20 christos Exp $
+.\	$NetBSD: ssh_config.5,v 1.16.8.1 2010/05/20 05:25:30 snj Exp $
 .\  -*- nroff -*-
 .\
 .\ Author: Tatu Ylonen y...@cs.hut.fi
@@ -651,7 +651,7 @@
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac...@openssh.com,
+hmac-md5,hmac-sha1,
 hmac-ripemd160,hmac-sha1-96,hmac-md5-96
 .Ed
 .It Cm NoHostAuthenticationForLocalhost

Index: src/crypto/dist/ssh/sshd_config.5
diff -u src/crypto/dist/ssh/sshd_config.5:1.15 src/crypto/dist/ssh/sshd_config.5:1.15.8.1
--- src/crypto/dist/ssh/sshd_config.5:1.15	Sun Apr  6 23:38:20 2008
+++ src/crypto/dist/ssh/sshd_config.5	Thu May 20 05:25:30 2010
@@ -1,4 +1,4 @@
-.\	$NetBSD: sshd_config.5,v 1.15 2008/04/06 23:38:20 christos Exp $
+.\	$NetBSD: sshd_config.5,v 1.15.8.1 2010/05/20 05:25:30 snj Exp $
 .\  -*- nroff -*-
 .\
 .\ Author: Tatu Ylonen y...@cs.hut.fi
@@ -538,7 +538,7 @@
 Multiple algorithms must be comma-separated.
 The default is:
 .Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac...@openssh.com,
+hmac-md5,hmac-sha1,
 hmac-ripemd160,hmac-sha1-96,hmac-md5-96
 .Ed
 .It Cm Match

CVS commit: [netbsd-5] src/crypto/dist/ssh

2009-06-29 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Mon Jun 29 22:58:38 UTC 2009

Modified Files:
src/crypto/dist/ssh [netbsd-5]: cipher.c cipher.h packet.c

Log Message:
Pull up following revision(s) (requested by tonnerre in ticket #843):
crypto/dist/ssh/cipher.c: revision 1.22
crypto/dist/ssh/cipher.h: revision 1.3
crypto/dist/ssh/packet.c: revision 1.32
Add special handling for CBC cipher modes to make them appear less favorable
than CTR modes. Also, in order to avoid creating oracles unnecessarily,
change behavior in various situations from Drop connection to Ignore
packets up to 256kB. This affects CBC mode ciphers only.
Patch from OpenBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.21.4.1 src/crypto/dist/ssh/cipher.c
cvs rdiff -u -r1.2 -r1.2.24.1 src/crypto/dist/ssh/cipher.h
cvs rdiff -u -r1.30 -r1.30.4.1 src/crypto/dist/ssh/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/cipher.c
diff -u src/crypto/dist/ssh/cipher.c:1.21 src/crypto/dist/ssh/cipher.c:1.21.4.1
--- src/crypto/dist/ssh/cipher.c:1.21	Mon Jun 23 14:51:31 2008
+++ src/crypto/dist/ssh/cipher.c	Mon Jun 29 22:58:38 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $	*/
+/*	$NetBSD: cipher.c,v 1.21.4.1 2009/06/29 22:58:38 snj Exp $	*/
 /* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -37,7 +37,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $);
+__RCSID($NetBSD: cipher.c,v 1.21.4.1 2009/06/29 22:58:38 snj Exp $);
 #include sys/types.h
 
 #include openssl/md5.h
@@ -62,38 +62,39 @@
 	u_int	block_size;
 	u_int	key_len;
 	u_int	discard_len;
+	u_int	cbc_mode;
 	const EVP_CIPHER	*(*evptype)(void);
 } ciphers[] = {
-	{ none,		SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
-	{ des,		SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
-	{ 3des,		SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
-	{ blowfish,		SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
-
-	{ 3des-cbc,		SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
-	{ blowfish-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
-	{ cast128-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
-	{ arcfour,		SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
-	{ arcfour128,		SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
-	{ arcfour256,		SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
-	{ aes128-cbc,		SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
-	{ aes192-cbc,		SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
-	{ aes256-cbc,		SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+	{ none,		SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
+	{ des,		SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
+	{ 3des,		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
+	{ blowfish,		SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, evp_ssh1_bf },
+
+	{ 3des-cbc,		SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
+	{ blowfish-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
+	{ cast128-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
+	{ arcfour,		SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
+	{ arcfour128,		SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
+	{ arcfour256,		SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
+	{ aes128-cbc,		SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
+	{ aes192-cbc,		SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
+	{ aes256-cbc,		SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
 	{ rijndael-...@lysator.liu.se,
-SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
 #ifdef AES_CTR_MT
-	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt },
-	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt },
-	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt },
+	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_ctr_mt },
+	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_ctr_mt },
+	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_ctr_mt },
 #else
-	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
-	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
-	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
+	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
+	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
 #endif
 #ifdef ACSS
-	{ a...@openssh.org,	SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
+	{ a...@openssh.org,	SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
 #endif
 
-	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, NULL }
+	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
 };
 
 #ifndef ACSS
@@ -121,6 +122,12 @@
 }
 
 u_int
+cipher_is_cbc(const Cipher *c)
+{
+	return (c-cbc_mode);
+}
+
+u_int
 cipher_mask_ssh1(int client)
 {
 	u_int mask = 0;

Index: src/crypto/dist/ssh/cipher.h
diff -u src/crypto/dist/ssh/cipher.h:1.2 src/crypto/dist/ssh/cipher.h:1.2.24.1
---

CVS commit: [netbsd-5] src/crypto/dist/ssh

CVS commit: [netbsd-5] src/crypto/dist/ssh

CVS commit: [netbsd-5] src/crypto/dist/ssh

CVS commit: [netbsd-5] src/crypto/dist/ssh

4 matches

Site Navigation

Mail list logo

Footer information