CVS commit: src/crypto/dist/ssh
Module Name:src Committed By: christos Date: Mon Jul 20 17:39:06 UTC 2009 Removed Files: src/crypto/dist/ssh: HPN-README LICENCE Makefile Makefile.inc OVERVIEW PROTOCOL PROTOCOL.agent README README.smartcard addrmatch.c atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c auth-options.h auth-pam.c auth-pam.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-hostbased.c auth2-kbdint.c auth2-krb5.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c authfile.h bufaux.c bufbn.c buffer.c buffer.h canohost.c canohost.h channels.c channels.h cipher-3des1.c cipher-bf1.c cipher-ctr-mt.c cipher-ctr.c cipher.c cipher.h cleanup.c clientloop.c clientloop.h compat.c compat.h compress.c compress.h crc32.c crc32.h deattack.c deattack.h dh.c dh.h dispatch.c dispatch.h dns.c dns.h fatal.c fmt_scaled.c fmt_scaled.h getpeereid.c getpeereid.h getrrsetbyname.c getrrsetbyname.h groupaccess.c groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c hostfile.h includes.h kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c key.h log.c log.h mac.c mac.h match.c match.h md-sha256.c misc.c misc.h moduli moduli.5 moduli.c monitor.c monitor.h monitor_fdpass.c monitor_fdpass.h monitor_mm.c monitor_mm.h monitor_wrap.c monitor_wrap.h msg.c msg.h mux.c myproposal.h namespace.h nchan.c nchan.ms nchan2.ms openssh2netbsd packet.c packet.h pathnames.h progressmeter.c progressmeter.h random.c random.h readconf.c readconf.h readpass.c readpassphrase.3 readpassphrase.c readpassphrase.h rsa.c rsa.h scard.c scard.h scp.1 scp.c servconf.c servconf.h serverloop.c serverloop.h session.c session.h sftp-client.c sftp-client.h sftp-common.c sftp-common.h sftp-glob.c sftp-server-main.c sftp-server.8 sftp-server.c sftp.1 sftp.c sftp.h ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-dss.c ssh-gss.h ssh-keygen.1 ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh-keysign.c ssh-rsa.c ssh.1 ssh.c ssh.h ssh1.h ssh2.h ssh_config ssh_config.5 sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config sshd_config.5 sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c strtonum.c ttymodes.c ttymodes.h uidswap.c uidswap.h umac.c umac.h uuencode.c uuencode.h version.h xmalloc.c xmalloc.h src/crypto/dist/ssh/lib: Makefile src/crypto/dist/ssh/scard: Makefile Ssh.bin.uu Ssh.java src/crypto/dist/ssh/scp: Makefile src/crypto/dist/ssh/sftp: Makefile src/crypto/dist/ssh/sftp-server: Makefile src/crypto/dist/ssh/ssh: Makefile src/crypto/dist/ssh/ssh-add: Makefile src/crypto/dist/ssh/ssh-agent: Makefile src/crypto/dist/ssh/ssh-keygen: Makefile src/crypto/dist/ssh/ssh-keyscan: Makefile src/crypto/dist/ssh/sshd: Makefile Log Message: ssh has moved (a long time ago) To generate a diff of this commit: cvs rdiff -u -r1.1 -r0 src/crypto/dist/ssh/HPN-README \ src/crypto/dist/ssh/fmt_scaled.c src/crypto/dist/ssh/fmt_scaled.h \ src/crypto/dist/ssh/getpeereid.h cvs rdiff -u -r1.4 -r0 src/crypto/dist/ssh/LICENCE \ src/crypto/dist/ssh/fatal.c src/crypto/dist/ssh/gss-serv-krb5.c \ src/crypto/dist/ssh/msg.h src/crypto/dist/ssh/rsa.c \ src/crypto/dist/ssh/scard.h src/crypto/dist/ssh/serverloop.h \ src/crypto/dist/ssh/sshconnect.h src/crypto/dist/ssh/uidswap.c cvs rdiff -u -r1.1.1.1 -r0 src/crypto/dist/ssh/Makefile \ src/crypto/dist/ssh/Makefile.inc src/crypto/dist/ssh/PROTOCOL \ src/crypto/dist/ssh/PROTOCOL.agent cvs rdiff -u -r1.1.1.4 -r0 src/crypto/dist/ssh/OVERVIEW cvs rdiff -u -r1.1.1.5 -r0 src/crypto/dist/ssh/README \ src/crypto/dist/ssh/nchan.ms cvs rdiff -u -r1.3 -r0 src/crypto/dist/ssh/README.smartcard \ src/crypto/dist/ssh/auth-pam.h src/crypto/dist/ssh/auth2-kbdint.c \ src/crypto/dist/ssh/cipher-ctr.c src/crypto/dist/ssh/cipher.h \ src/crypto/dist/ssh/deattack.h src/crypto/dist/ssh/dns.h \ src/crypto/dist/ssh/getpeereid.c src/crypto/dist/ssh/getrrsetbyname.c \ src/crypto/dist/ssh/key.h src/crypto/dist/ssh/match.h \ src/crypto/dist/ssh/md-sha256.c src/crypto/dist/ssh/monitor_fdpass.h \ src/crypto/dist/ssh/mux.c src/crypto/dist/ssh/namespace.h \ src/crypto/dist/ssh/ssh-gss.h src/crypto/dist/ssh/strtonum.c cvs rdiff -u -r1.2 -r0 src/crypto/dist/ssh/addrmatch.c \ src/crypto/dist/ssh/authfd.h src/crypto/dist/ssh/authfile.h \ src/crypto/dist/ssh/cipher-3des1.c src/crypto/dist/ssh/cipher-bf1.c \
CVS commit: src/crypto/dist/ssh
Module Name:src Committed By: tonnerre Date: Mon Jun 29 22:52:13 UTC 2009 Modified Files: src/crypto/dist/ssh: cipher.c cipher.h packet.c Log Message: Add special handling for CBC cipher modes to make them appear less favorable than CTR modes. Also, in order to avoid creating oracles unnecessarily, change behavior in various situations from Drop connection to Ignore packets up to 256kB. This affects CBC mode ciphers only. Patch from OpenBSD. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ssh/cipher.c cvs rdiff -u -r1.2 -r1.3 src/crypto/dist/ssh/cipher.h cvs rdiff -u -r1.31 -r1.32 src/crypto/dist/ssh/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ssh/cipher.c diff -u src/crypto/dist/ssh/cipher.c:1.21 src/crypto/dist/ssh/cipher.c:1.22 --- src/crypto/dist/ssh/cipher.c:1.21 Mon Jun 23 14:51:31 2008 +++ src/crypto/dist/ssh/cipher.c Mon Jun 29 22:52:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $ */ +/* $NetBSD: cipher.c,v 1.22 2009/06/29 22:52:13 tonnerre Exp $ */ /* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -37,7 +37,7 @@ */ #include includes.h -__RCSID($NetBSD: cipher.c,v 1.21 2008/06/23 14:51:31 christos Exp $); +__RCSID($NetBSD: cipher.c,v 1.22 2009/06/29 22:52:13 tonnerre Exp $); #include sys/types.h #include openssl/md5.h @@ -62,38 +62,39 @@ u_int block_size; u_int key_len; u_int discard_len; + u_int cbc_mode; const EVP_CIPHER *(*evptype)(void); } ciphers[] = { - { none, SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, - { des, SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, - { 3des, SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, - { blowfish, SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, - - { 3des-cbc, SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, - { blowfish-cbc, SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, - { cast128-cbc, SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, - { arcfour, SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, - { arcfour128, SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, - { arcfour256, SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, - { aes128-cbc, SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, - { aes192-cbc, SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, - { aes256-cbc, SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, + { none, SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, + { des, SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, + { 3des, SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, + { blowfish, SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, evp_ssh1_bf }, + + { 3des-cbc, SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, + { blowfish-cbc, SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc }, + { cast128-cbc, SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc }, + { arcfour, SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 }, + { arcfour128, SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 }, + { arcfour256, SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 }, + { aes128-cbc, SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc }, + { aes192-cbc, SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc }, + { aes256-cbc, SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, { rijndael-...@lysator.liu.se, -SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, +SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, #ifdef AES_CTR_MT - { aes128-ctr, SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_ctr_mt }, - { aes192-ctr, SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_ctr_mt }, - { aes256-ctr, SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_ctr_mt }, + { aes128-ctr, SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_ctr_mt }, + { aes192-ctr, SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_ctr_mt }, + { aes256-ctr, SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_ctr_mt }, #else - { aes128-ctr, SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, - { aes192-ctr, SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, - { aes256-ctr, SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, + { aes128-ctr, SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, + { aes192-ctr, SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, + { aes256-ctr, SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, #endif #ifdef ACSS - { a...@openssh.org, SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, + { a...@openssh.org, SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, #endif - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL } }; #ifndef ACSS @@ -121,6 +122,12 @@ } u_int +cipher_is_cbc(const Cipher *c) +{ + return (c-cbc_mode); +} + +u_int cipher_mask_ssh1(int client) { u_int mask = 0; Index: src/crypto/dist/ssh/cipher.h diff -u src/crypto/dist/ssh/cipher.h:1.2 src/crypto/dist/ssh/cipher.h:1.3 --- src/crypto/dist/ssh/cipher.h:1.2 Thu Sep 28 21:22:14 2006 +++ src/crypto/dist/ssh/cipher.h Mon Jun 29 22:52:13 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: cipher.h,v 1.2 2006/09/28 21:22:14 christos Exp $ */ +/* $NetBSD: cipher.h,v 1.3 2009/06/29 22:52:13 tonnerre
CVS commit: src/crypto/dist/ssh
Module Name:src Committed By: stacktic Date: Sat May 23 14:43:36 UTC 2009 Modified Files: src/crypto/dist/ssh: scp.c sshconnect2.c Log Message: Fixed strvisx usage (ok Christos@) To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/crypto/dist/ssh/scp.c \ src/crypto/dist/ssh/sshconnect2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ssh/scp.c diff -u src/crypto/dist/ssh/scp.c:1.35 src/crypto/dist/ssh/scp.c:1.36 --- src/crypto/dist/ssh/scp.c:1.35 Mon Feb 16 20:53:54 2009 +++ src/crypto/dist/ssh/scp.c Sat May 23 14:43:36 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: scp.c,v 1.35 2009/02/16 20:53:54 christos Exp $ */ +/* $NetBSD: scp.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $ */ /* $OpenBSD: scp.c,v 1.163 2008/06/13 18:55:22 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which @@ -73,7 +73,7 @@ */ #include includes.h -__RCSID($NetBSD: scp.c,v 1.35 2009/02/16 20:53:54 christos Exp $); +__RCSID($NetBSD: scp.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $); #include sys/param.h #include sys/types.h #include sys/poll.h @@ -631,7 +631,7 @@ if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) 0) goto syserr; if (strchr(name, '\n') != NULL) { - strvisx(encname, name, sizeof(encname), VIS_NL); + strvisx(encname, name, len, VIS_NL); name = encname; } if (fstat(fd, stb) 0) { Index: src/crypto/dist/ssh/sshconnect2.c diff -u src/crypto/dist/ssh/sshconnect2.c:1.35 src/crypto/dist/ssh/sshconnect2.c:1.36 --- src/crypto/dist/ssh/sshconnect2.c:1.35 Tue Apr 14 11:53:40 2009 +++ src/crypto/dist/ssh/sshconnect2.c Sat May 23 14:43:36 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $ */ +/* $NetBSD: sshconnect2.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $); +__RCSID($NetBSD: sshconnect2.c,v 1.36 2009/05/23 14:43:36 stacktic Exp $); #include sys/queue.h @@ -424,7 +424,7 @@ if (len 65536) len = 65536; msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ - strvisx(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); + strvisx(msg, raw, len, VIS_SAFE|VIS_OCTAL); fprintf(stderr, %s, msg); xfree(msg); }
CVS commit: src/crypto/dist/ssh
Module Name:src Committed By: apb Date: Tue Apr 14 11:53:40 UTC 2009 Modified Files: src/crypto/dist/ssh: sshconnect2.c Log Message: Fix two bugs in handling banners in sshconnect2: 1) If the length of the banner is zero, don't bother printing it. This can happen if the remote server has a zero-length /etc/issue file. Previously, ssh would die with xmalloc: zero size. 2) strvisx() needs an extra byte for the nul terminator. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/crypto/dist/ssh/sshconnect2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/ssh/sshconnect2.c diff -u src/crypto/dist/ssh/sshconnect2.c:1.34 src/crypto/dist/ssh/sshconnect2.c:1.35 --- src/crypto/dist/ssh/sshconnect2.c:1.34 Mon Feb 16 20:53:55 2009 +++ src/crypto/dist/ssh/sshconnect2.c Tue Apr 14 11:53:40 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $ */ +/* $NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $); +__RCSID($NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $); #include sys/queue.h @@ -420,11 +420,11 @@ debug3(input_userauth_banner); raw = packet_get_string(len); lang = packet_get_string(NULL); - if (options.log_level = SYSLOG_LEVEL_INFO) { + if (len 0 options.log_level = SYSLOG_LEVEL_INFO) { if (len 65536) len = 65536; - msg = xmalloc(len * 4); /* max expansion from strnvis() */ - strvisx(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL); + msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ + strvisx(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); fprintf(stderr, %s, msg); xfree(msg); }