CVS commit: src/crypto/dist/ssh

2009-07-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Jul 20 17:39:06 UTC 2009

Removed Files:
src/crypto/dist/ssh: HPN-README LICENCE Makefile Makefile.inc OVERVIEW
PROTOCOL PROTOCOL.agent README README.smartcard addrmatch.c
atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c
auth-options.c auth-options.h auth-pam.c auth-pam.h auth-passwd.c
auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth.h
auth1.c auth2-chall.c auth2-gss.c auth2-hostbased.c auth2-kbdint.c
auth2-krb5.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c
authfd.c authfd.h authfile.c authfile.h bufaux.c bufbn.c buffer.c
buffer.h canohost.c canohost.h channels.c channels.h cipher-3des1.c
cipher-bf1.c cipher-ctr-mt.c cipher-ctr.c cipher.c cipher.h
cleanup.c clientloop.c clientloop.h compat.c compat.h compress.c
compress.h crc32.c crc32.h deattack.c deattack.h dh.c dh.h
dispatch.c dispatch.h dns.c dns.h fatal.c fmt_scaled.c fmt_scaled.h
getpeereid.c getpeereid.h getrrsetbyname.c getrrsetbyname.h
groupaccess.c groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c
hostfile.c hostfile.h includes.h kex.c kex.h kexdh.c kexdhc.c
kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c key.h log.c log.h mac.c
mac.h match.c match.h md-sha256.c misc.c misc.h moduli moduli.5
moduli.c monitor.c monitor.h monitor_fdpass.c monitor_fdpass.h
monitor_mm.c monitor_mm.h monitor_wrap.c monitor_wrap.h msg.c msg.h
mux.c myproposal.h namespace.h nchan.c nchan.ms nchan2.ms
openssh2netbsd packet.c packet.h pathnames.h progressmeter.c
progressmeter.h random.c random.h readconf.c readconf.h readpass.c
readpassphrase.3 readpassphrase.c readpassphrase.h rsa.c rsa.h
scard.c scard.h scp.1 scp.c servconf.c servconf.h serverloop.c
serverloop.h session.c session.h sftp-client.c sftp-client.h
sftp-common.c sftp-common.h sftp-glob.c sftp-server-main.c
sftp-server.8 sftp-server.c sftp.1 sftp.c sftp.h ssh-add.1
ssh-add.c ssh-agent.1 ssh-agent.c ssh-dss.c ssh-gss.h ssh-keygen.1
ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8
ssh-keysign.c ssh-rsa.c ssh.1 ssh.c ssh.h ssh1.h ssh2.h ssh_config
ssh_config.5 sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c
sshd.8 sshd.c sshd_config sshd_config.5 sshlogin.c sshlogin.h
sshpty.c sshpty.h sshtty.c strtonum.c ttymodes.c ttymodes.h
uidswap.c uidswap.h umac.c umac.h uuencode.c uuencode.h version.h
xmalloc.c xmalloc.h
src/crypto/dist/ssh/lib: Makefile
src/crypto/dist/ssh/scard: Makefile Ssh.bin.uu Ssh.java
src/crypto/dist/ssh/scp: Makefile
src/crypto/dist/ssh/sftp: Makefile
src/crypto/dist/ssh/sftp-server: Makefile
src/crypto/dist/ssh/ssh: Makefile
src/crypto/dist/ssh/ssh-add: Makefile
src/crypto/dist/ssh/ssh-agent: Makefile
src/crypto/dist/ssh/ssh-keygen: Makefile
src/crypto/dist/ssh/ssh-keyscan: Makefile
src/crypto/dist/ssh/sshd: Makefile

Log Message:
ssh has moved (a long time ago)


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r0 src/crypto/dist/ssh/HPN-README \
src/crypto/dist/ssh/fmt_scaled.c src/crypto/dist/ssh/fmt_scaled.h \
src/crypto/dist/ssh/getpeereid.h
cvs rdiff -u -r1.4 -r0 src/crypto/dist/ssh/LICENCE \
src/crypto/dist/ssh/fatal.c src/crypto/dist/ssh/gss-serv-krb5.c \
src/crypto/dist/ssh/msg.h src/crypto/dist/ssh/rsa.c \
src/crypto/dist/ssh/scard.h src/crypto/dist/ssh/serverloop.h \
src/crypto/dist/ssh/sshconnect.h src/crypto/dist/ssh/uidswap.c
cvs rdiff -u -r1.1.1.1 -r0 src/crypto/dist/ssh/Makefile \
src/crypto/dist/ssh/Makefile.inc src/crypto/dist/ssh/PROTOCOL \
src/crypto/dist/ssh/PROTOCOL.agent
cvs rdiff -u -r1.1.1.4 -r0 src/crypto/dist/ssh/OVERVIEW
cvs rdiff -u -r1.1.1.5 -r0 src/crypto/dist/ssh/README \
src/crypto/dist/ssh/nchan.ms
cvs rdiff -u -r1.3 -r0 src/crypto/dist/ssh/README.smartcard \
src/crypto/dist/ssh/auth-pam.h src/crypto/dist/ssh/auth2-kbdint.c \
src/crypto/dist/ssh/cipher-ctr.c src/crypto/dist/ssh/cipher.h \
src/crypto/dist/ssh/deattack.h src/crypto/dist/ssh/dns.h \
src/crypto/dist/ssh/getpeereid.c src/crypto/dist/ssh/getrrsetbyname.c \
src/crypto/dist/ssh/key.h src/crypto/dist/ssh/match.h \
src/crypto/dist/ssh/md-sha256.c src/crypto/dist/ssh/monitor_fdpass.h \
src/crypto/dist/ssh/mux.c src/crypto/dist/ssh/namespace.h \
src/crypto/dist/ssh/ssh-gss.h src/crypto/dist/ssh/strtonum.c
cvs rdiff -u -r1.2 -r0 src/crypto/dist/ssh/addrmatch.c \
src/crypto/dist/ssh/authfd.h src/crypto/dist/ssh/authfile.h \
src/crypto/dist/ssh/cipher-3des1.c src/crypto/dist/ssh/cipher-bf1.c \

CVS commit: src/crypto/dist/ssh

2009-06-29 Thread Tonnerre Lombard 
Module Name:src
Committed By:   tonnerre
Date:   Mon Jun 29 22:52:13 UTC 2009

Modified Files:
src/crypto/dist/ssh: cipher.c cipher.h packet.c

Log Message:
Add special handling for CBC cipher modes to make them appear less favorable
than CTR modes. Also, in order to avoid creating oracles unnecessarily,
change behavior in various situations from Drop connection to Ignore
packets up to 256kB. This affects CBC mode ciphers only.

Patch from OpenBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ssh/cipher.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/dist/ssh/cipher.h
cvs rdiff -u -r1.31 -r1.32 src/crypto/dist/ssh/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/cipher.c
diff -u src/crypto/dist/ssh/cipher.c:1.21 src/crypto/dist/ssh/cipher.c:1.22
--- src/crypto/dist/ssh/cipher.c:1.21	Mon Jun 23 14:51:31 2008
+++ src/crypto/dist/ssh/cipher.c	Mon Jun 29 22:52:13 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $	*/
+/*	$NetBSD: cipher.c,v 1.22 2009/06/29 22:52:13 tonnerre Exp $	*/
 /* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -37,7 +37,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $);
+__RCSID($NetBSD: cipher.c,v 1.22 2009/06/29 22:52:13 tonnerre Exp $);
 #include sys/types.h
 
 #include openssl/md5.h
@@ -62,38 +62,39 @@
 	u_int	block_size;
 	u_int	key_len;
 	u_int	discard_len;
+	u_int	cbc_mode;
 	const EVP_CIPHER	*(*evptype)(void);
 } ciphers[] = {
-	{ none,		SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
-	{ des,		SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
-	{ 3des,		SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
-	{ blowfish,		SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
-
-	{ 3des-cbc,		SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
-	{ blowfish-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
-	{ cast128-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
-	{ arcfour,		SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
-	{ arcfour128,		SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
-	{ arcfour256,		SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
-	{ aes128-cbc,		SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
-	{ aes192-cbc,		SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
-	{ aes256-cbc,		SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+	{ none,		SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
+	{ des,		SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
+	{ 3des,		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
+	{ blowfish,		SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, evp_ssh1_bf },
+
+	{ 3des-cbc,		SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
+	{ blowfish-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
+	{ cast128-cbc,	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
+	{ arcfour,		SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
+	{ arcfour128,		SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
+	{ arcfour256,		SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
+	{ aes128-cbc,		SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
+	{ aes192-cbc,		SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
+	{ aes256-cbc,		SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
 	{ rijndael-...@lysator.liu.se,
-SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
 #ifdef AES_CTR_MT
-	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt },
-	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt },
-	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt },
+	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_ctr_mt },
+	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_ctr_mt },
+	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_ctr_mt },
 #else
-	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
-	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
-	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+	{ aes128-ctr,		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
+	{ aes192-ctr,		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
+	{ aes256-ctr,		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
 #endif
 #ifdef ACSS
-	{ a...@openssh.org,	SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
+	{ a...@openssh.org,	SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
 #endif
 
-	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, NULL }
+	{ NULL,			SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
 };
 
 #ifndef ACSS
@@ -121,6 +122,12 @@
 }
 
 u_int
+cipher_is_cbc(const Cipher *c)
+{
+	return (c-cbc_mode);
+}
+
+u_int
 cipher_mask_ssh1(int client)
 {
 	u_int mask = 0;

Index: src/crypto/dist/ssh/cipher.h
diff -u src/crypto/dist/ssh/cipher.h:1.2 src/crypto/dist/ssh/cipher.h:1.3
--- src/crypto/dist/ssh/cipher.h:1.2	Thu Sep 28 21:22:14 2006
+++ src/crypto/dist/ssh/cipher.h	Mon Jun 29 22:52:13 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: cipher.h,v 1.2 2006/09/28 21:22:14 christos Exp $	*/
+/*	$NetBSD: cipher.h,v 1.3 2009/06/29 22:52:13 tonnerre

CVS commit: src/crypto/dist/ssh

2009-05-23 Thread Arnaud Ysmal 
Module Name:src
Committed By:   stacktic
Date:   Sat May 23 14:43:36 UTC 2009

Modified Files:
src/crypto/dist/ssh: scp.c sshconnect2.c

Log Message:
Fixed strvisx usage (ok Christos@)


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/crypto/dist/ssh/scp.c \
src/crypto/dist/ssh/sshconnect2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/scp.c
diff -u src/crypto/dist/ssh/scp.c:1.35 src/crypto/dist/ssh/scp.c:1.36
--- src/crypto/dist/ssh/scp.c:1.35	Mon Feb 16 20:53:54 2009
+++ src/crypto/dist/ssh/scp.c	Sat May 23 14:43:36 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.35 2009/02/16 20:53:54 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $	*/
 /* $OpenBSD: scp.c,v 1.163 2008/06/13 18:55:22 dtucker Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: scp.c,v 1.35 2009/02/16 20:53:54 christos Exp $);
+__RCSID($NetBSD: scp.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $);
 #include sys/param.h
 #include sys/types.h
 #include sys/poll.h
@@ -631,7 +631,7 @@
 		if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0))  0)
 			goto syserr;
 		if (strchr(name, '\n') != NULL) {
-			strvisx(encname, name, sizeof(encname), VIS_NL);
+			strvisx(encname, name, len, VIS_NL);
 			name = encname;
 		}
 		if (fstat(fd, stb)  0) {
Index: src/crypto/dist/ssh/sshconnect2.c
diff -u src/crypto/dist/ssh/sshconnect2.c:1.35 src/crypto/dist/ssh/sshconnect2.c:1.36
--- src/crypto/dist/ssh/sshconnect2.c:1.35	Tue Apr 14 11:53:40 2009
+++ src/crypto/dist/ssh/sshconnect2.c	Sat May 23 14:43:36 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $);
+__RCSID($NetBSD: sshconnect2.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $);
 
 #include sys/queue.h
 
@@ -424,7 +424,7 @@
 		if (len  65536)
 			len = 65536;
 		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
-		strvisx(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
+		strvisx(msg, raw, len, VIS_SAFE|VIS_OCTAL);
 		fprintf(stderr, %s, msg);
 		xfree(msg);
 	}

CVS commit: src/crypto/dist/ssh

2009-04-14 Thread Alan Barrett 
Module Name:src
Committed By:   apb
Date:   Tue Apr 14 11:53:40 UTC 2009

Modified Files:
src/crypto/dist/ssh: sshconnect2.c

Log Message:
Fix two bugs in handling banners in sshconnect2:
1) If the length of the banner is zero, don't bother printing it.
   This can happen if the remote server has a zero-length /etc/issue
   file.  Previously, ssh would die with xmalloc: zero size.
2) strvisx() needs an extra byte for the nul terminator.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ssh/sshconnect2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ssh/sshconnect2.c
diff -u src/crypto/dist/ssh/sshconnect2.c:1.34 src/crypto/dist/ssh/sshconnect2.c:1.35
--- src/crypto/dist/ssh/sshconnect2.c:1.34	Mon Feb 16 20:53:55 2009
+++ src/crypto/dist/ssh/sshconnect2.c	Tue Apr 14 11:53:40 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $);
+__RCSID($NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $);
 
 #include sys/queue.h
 
@@ -420,11 +420,11 @@
 	debug3(input_userauth_banner);
 	raw = packet_get_string(len);
 	lang = packet_get_string(NULL);
-	if (options.log_level = SYSLOG_LEVEL_INFO) {
+	if (len  0  options.log_level = SYSLOG_LEVEL_INFO) {
 		if (len  65536)
 			len = 65536;
-		msg = xmalloc(len * 4); /* max expansion from strnvis() */
-		strvisx(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
+		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+		strvisx(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
 		fprintf(stderr, %s, msg);
 		xfree(msg);
 	}