Date: Sun, 24 Jan 2016 22:28:18 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r294693 - in stable/10: . crypto/openssh secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options Message-ID: <201601242228.u0OMSIn7032949@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Sun Jan 24 22:28:18 2016 New Revision: 294693 URL: https://svnweb.freebsd.org/changeset/base/294693 Log: MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563) Remove the HPN and None cipher patches. Deleted: stable/10/crypto/openssh/README.hpn stable/10/tools/build/options/WITH_OPENSSH_NONE_CIPHER Modified: stable/10/UPDATING stable/10/crypto/openssh/auth-pam.c (contents, props changed) stable/10/crypto/openssh/auth2-chall.c (contents, props changed) stable/10/crypto/openssh/bufaux.c (contents, props changed) stable/10/crypto/openssh/buffer.c (contents, props changed) stable/10/crypto/openssh/buffer.h (contents, props changed) stable/10/crypto/openssh/channels.c (contents, props changed) stable/10/crypto/openssh/channels.h (contents, props changed) stable/10/crypto/openssh/cipher.c (contents, props changed) stable/10/crypto/openssh/clientloop.c (contents, props changed) stable/10/crypto/openssh/compat.c (contents, props changed) stable/10/crypto/openssh/compat.h (contents, props changed) stable/10/crypto/openssh/configure.ac (contents, props changed) stable/10/crypto/openssh/digest-libc.c (contents, props changed) stable/10/crypto/openssh/freebsd-post-merge.sh (contents, props changed) stable/10/crypto/openssh/freebsd-pre-merge.sh (contents, props changed) stable/10/crypto/openssh/kex.c (contents, props changed) stable/10/crypto/openssh/kex.h (contents, props changed) stable/10/crypto/openssh/misc.c (contents, props changed) stable/10/crypto/openssh/misc.h (contents, props changed) stable/10/crypto/openssh/monitor.c (contents, props changed) stable/10/crypto/openssh/monitor_wrap.c (contents, props changed) stable/10/crypto/openssh/myproposal.h stable/10/crypto/openssh/packet.c stable/10/crypto/openssh/packet.h (contents, props changed) stable/10/crypto/openssh/readconf.c stable/10/crypto/openssh/readconf.h stable/10/crypto/openssh/servconf.c stable/10/crypto/openssh/servconf.h (contents, props changed) stable/10/crypto/openssh/serverloop.c (contents, props changed) stable/10/crypto/openssh/session.c stable/10/crypto/openssh/sftp.1 (contents, props changed) stable/10/crypto/openssh/sftp.c (contents, props changed) stable/10/crypto/openssh/ssh-agent.1 stable/10/crypto/openssh/ssh.c stable/10/crypto/openssh/ssh_config (contents, props changed) stable/10/crypto/openssh/ssh_config.5 stable/10/crypto/openssh/ssh_namespace.h stable/10/crypto/openssh/sshconnect.c stable/10/crypto/openssh/sshconnect2.c (contents, props changed) stable/10/crypto/openssh/sshd.c stable/10/crypto/openssh/sshd_config (contents, props changed) stable/10/crypto/openssh/sshd_config.5 stable/10/crypto/openssh/version.h stable/10/secure/lib/libssh/Makefile stable/10/secure/usr.bin/ssh/Makefile stable/10/secure/usr.sbin/sshd/Makefile stable/10/share/mk/bsd.own.mk Directory Properties: stable/10/ (props changed) Modified: stable/10/UPDATING ============================================================================== --- stable/10/UPDATING Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/UPDATING Sun Jan 24 22:28:18 2016 (r294693) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20160124: + The NONE and HPN patches has been removed from OpenSSH. They are + still available in the security/openssh-portable port. + 20151214: r292223 changed the internal interface between the nfsd.ko and nfscommon.ko modules. As such, they must both be upgraded to-gether. Modified: stable/10/crypto/openssh/auth-pam.c ============================================================================== --- stable/10/crypto/openssh/auth-pam.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/auth-pam.c Sun Jan 24 22:28:18 2016 (r294693) @@ -45,7 +45,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* Based on $FreeBSD$ */ +/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" #include <sys/types.h> Modified: stable/10/crypto/openssh/auth2-chall.c ============================================================================== --- stable/10/crypto/openssh/auth2-chall.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/auth2-chall.c Sun Jan 24 22:28:18 2016 (r294693) @@ -25,7 +25,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> Modified: stable/10/crypto/openssh/bufaux.c ============================================================================== --- stable/10/crypto/openssh/bufaux.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/bufaux.c Sun Jan 24 22:28:18 2016 (r294693) @@ -38,7 +38,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> Modified: stable/10/crypto/openssh/buffer.c ============================================================================== --- stable/10/crypto/openssh/buffer.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/buffer.c Sun Jan 24 22:28:18 2016 (r294693) @@ -13,7 +13,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/param.h> @@ -27,7 +26,7 @@ __RCSID("$FreeBSD$"); #include "log.h" #define BUFFER_MAX_CHUNK 0x100000 -#define BUFFER_MAX_LEN 0x4000000 /* 64MB */ +#define BUFFER_MAX_LEN 0xa00000 #define BUFFER_ALLOCSZ 0x008000 /* Initializes the buffer structure. */ @@ -167,13 +166,6 @@ buffer_len(const Buffer *buffer) return buffer->end - buffer->offset; } -/* Returns the maximum number of bytes of data that may be in the buffer. */ -u_int -buffer_get_max_len(void) -{ - return (BUFFER_MAX_LEN); -} - /* Gets data from the beginning of the buffer. */ int Modified: stable/10/crypto/openssh/buffer.h ============================================================================== --- stable/10/crypto/openssh/buffer.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/buffer.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */ -/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -47,8 +46,6 @@ int buffer_get_ret(Buffer *, void *, u_ int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); -u_int buffer_get_max_len(void); - #include <openssl/bn.h> void buffer_put_bignum(Buffer *, const BIGNUM *); Modified: stable/10/crypto/openssh/channels.c ============================================================================== --- stable/10/crypto/openssh/channels.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/channels.c Sun Jan 24 22:28:18 2016 (r294693) @@ -40,7 +40,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/ioctl.h> @@ -174,11 +173,6 @@ static void port_open_helper(Channel *c, static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); -/* -- HPN */ - -static int hpn_disabled = 0; -static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT; - /* -- channel core */ Channel * @@ -325,7 +319,6 @@ channel_new(char *ctype, int type, int r c->self = found; c->type = type; c->ctype = ctype; - c->dynamic_window = 0; c->local_window = window; c->local_window_max = window; c->local_consumed = 0; @@ -826,45 +819,10 @@ channel_pre_open_13(Channel *c, fd_set * FD_SET(c->sock, writeset); } -static u_int -channel_tcpwinsz(void) -{ - u_int32_t tcpwinsz; - socklen_t optsz; - int ret, sd; - u_int maxlen; - - /* If we are not on a socket return 128KB. */ - if (!packet_connection_is_on_socket()) - return (128 * 1024); - - tcpwinsz = 0; - optsz = sizeof(tcpwinsz); - sd = packet_get_connection_in(); - ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - - /* Return no more than the maximum buffer size. */ - maxlen = buffer_get_max_len(); - if ((ret == 0) && tcpwinsz > maxlen) - tcpwinsz = maxlen; - /* In case getsockopt() failed return a minimum. */ - if (tcpwinsz == 0) - tcpwinsz = CHAN_TCP_WINDOW_DEFAULT; - debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd); - return (tcpwinsz); -} - static void channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) { - u_int limit; - - /* Check buffer limits. */ - if (!c->tcpwinsz || c->dynamic_window > 0) - c->tcpwinsz = channel_tcpwinsz(); - - limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(), - 2 * c->tcpwinsz); + u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); if (c->istate == CHAN_INPUT_OPEN && limit > 0 && @@ -1857,25 +1815,14 @@ channel_check_window(Channel *c) c->local_maxpacket*3) || c->local_window < c->local_window_max/2) && c->local_consumed > 0) { - u_int addition = 0; - - /* Adjust max window size if we are in a dynamic environment. */ - if (c->dynamic_window && c->tcpwinsz > c->local_window_max) { - /* - * Grow the window somewhat aggressively to maintain - * pressure. - */ - addition = 1.5 * (c->tcpwinsz - c->local_window_max); - c->local_window_max += addition; - } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); packet_put_int(c->remote_id); - packet_put_int(c->local_consumed + addition); + packet_put_int(c->local_consumed); packet_send(); debug2("channel %d: window %d sent adjust %d", c->self, c->local_window, c->local_consumed); - c->local_window += c->local_consumed + addition; + c->local_window += c->local_consumed; c->local_consumed = 0; } return 1; @@ -2739,14 +2686,6 @@ channel_set_af(int af) IPv4or6 = af; } -void -channel_set_hpn(int disabled, u_int buf_size) -{ - hpn_disabled = disabled; - buffer_size = buf_size; - debug("HPN Disabled: %d, HPN Buffer Size: %d", - hpn_disabled, buffer_size); -} /* * Determine whether or not a port forward listens to loopback, the @@ -2924,18 +2863,10 @@ channel_setup_fwd_listener(int type, con *allocated_listen_port); } - /* - * Allocate a channel number for the socket. Explicitly test - * for hpn disabled option. If true use smaller window size. - */ - if (hpn_disabled) - c = channel_new("port listener", type, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); - else - c = channel_new("port listener", type, sock, sock, -1, - buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + /* Allocate a channel number for the socket. */ + c = channel_new("port listener", type, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); @@ -3583,16 +3514,10 @@ x11_create_display_inet(int x11_display_ *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (hpn_disabled) - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); - else - nc = channel_new("x11 listener", - SSH_CHANNEL_X11_LISTENER, sock, sock, -1, - buffer_size, CHAN_X11_PACKET_DEFAULT, - 0, "X11 inet listener", 1); + nc = channel_new("x11 listener", + SSH_CHANNEL_X11_LISTENER, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, + 0, "X11 inet listener", 1); nc->single_connection = single_connection; (*chanids)[n] = nc->self; } Modified: stable/10/crypto/openssh/channels.h ============================================================================== --- stable/10/crypto/openssh/channels.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/channels.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */ -/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -133,8 +132,6 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; - u_int tcpwinsz; - int dynamic_window; int extended_usage; int single_connection; @@ -176,7 +173,6 @@ struct Channel { #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) -#define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024) /* possible input states */ #define CHAN_INPUT_OPEN 0 @@ -310,8 +306,4 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); -/* hpn handler */ - -void channel_set_hpn(int, u_int); - #endif Modified: stable/10/crypto/openssh/cipher.c ============================================================================== --- stable/10/crypto/openssh/cipher.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/cipher.c Sun Jan 24 22:28:18 2016 (r294693) @@ -36,7 +36,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> @@ -225,12 +224,7 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); -#ifdef NONE_CIPHER_ENABLED - if (c == NULL || (c->number != SSH_CIPHER_SSH2 && - c->number != SSH_CIPHER_NONE)) { -#else - if (c == NULL || (c->number != SSH_CIPHER_SSH2)) { -#endif + if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); free(cipher_list); return 0; @@ -485,9 +479,6 @@ cipher_get_keyiv(CipherContext *cc, u_ch } switch (c->number) { -#ifdef NONE_CIPHER_ENABLED - case SSH_CIPHER_NONE: -#endif case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -527,9 +518,6 @@ cipher_set_keyiv(CipherContext *cc, u_ch return; switch (c->number) { -#ifdef NONE_CIPHER_ENABLED - case SSH_CIPHER_NONE: -#endif case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: Modified: stable/10/crypto/openssh/clientloop.c ============================================================================== --- stable/10/crypto/openssh/clientloop.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/clientloop.c Sun Jan 24 22:28:18 2016 (r294693) @@ -60,7 +60,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/ioctl.h> @@ -1892,14 +1891,9 @@ client_request_x11(const char *request_t sock = x11_connect_display(); if (sock < 0) return NULL; - if (options.hpn_disabled) - c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, "x11", 1); - else - c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, - options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, - 0, "x11", 1); + c = channel_new("x11", + SSH_CHANNEL_X11_OPEN, sock, sock, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); c->force_drain = 1; return c; } @@ -1919,16 +1913,10 @@ client_request_agent(const char *request sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; - if (options.hpn_disabled) - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, - "authentication agent connection", 1); - else - c = channel_new("authentication agent connection", - SSH_CHANNEL_OPEN, sock, sock, -1, - options.hpn_buffer_size, options.hpn_buffer_size, 0, - "authentication agent connection", 1); + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, + "authentication agent connection", 1); c->force_drain = 1; return c; } @@ -1955,14 +1943,8 @@ client_request_tun_fwd(int tun_mode, int return -1; } - if (options.hpn_disabled) - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, "tun", 1); - else - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, - options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "tun", 1); + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; #if defined(SSH_TUN_FILTER) Modified: stable/10/crypto/openssh/compat.c ============================================================================== --- stable/10/crypto/openssh/compat.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/compat.c Sun Jan 24 22:28:18 2016 (r294693) @@ -24,7 +24,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> @@ -178,16 +177,6 @@ compat_datafellows(const char *version) datafellows = check[i].bugs; debug("match: %s pat %s compat 0x%08x", version, check[i].pat, datafellows); - /* - * Check to see if the remote side is OpenSSH and not - * HPN. It is utterly strange to check it from the - * version string and expose the option that way. - */ - if (strstr(version,"OpenSSH") != NULL && - strstr(version,"hpn") == NULL) { - datafellows |= SSH_BUG_LARGEWINDOW; - debug("Remote is not HPN-aware"); - } return; } } Modified: stable/10/crypto/openssh/compat.h ============================================================================== --- stable/10/crypto/openssh/compat.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/compat.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */ -/* $FreeBSD$ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -62,8 +61,6 @@ #define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_CURVE25519PAD 0x10000000 -#define SSH_BUG_LARGEWINDOW 0x80000000 - void enable_compat13(void); void enable_compat20(void); void compat_datafellows(const char *); Modified: stable/10/crypto/openssh/configure.ac ============================================================================== --- stable/10/crypto/openssh/configure.ac Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/configure.ac Sun Jan 24 22:28:18 2016 (r294693) @@ -1,4 +1,5 @@ # $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $ +# $FreeBSD$ # # Copyright (c) 1999-2004 Damien Miller # Modified: stable/10/crypto/openssh/digest-libc.c ============================================================================== --- stable/10/crypto/openssh/digest-libc.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/digest-libc.c Sun Jan 24 22:28:18 2016 (r294693) @@ -17,7 +17,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <limits.h> Modified: stable/10/crypto/openssh/freebsd-post-merge.sh ============================================================================== --- stable/10/crypto/openssh/freebsd-post-merge.sh Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/freebsd-post-merge.sh Sun Jan 24 22:28:18 2016 (r294693) @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: stable/10/crypto/openssh/freebsd-post-merge.sh 263691 2014-03-24 19:15:13Z des $ +# $FreeBSD$ # xargs perl -n -i -e ' Modified: stable/10/crypto/openssh/freebsd-pre-merge.sh ============================================================================== --- stable/10/crypto/openssh/freebsd-pre-merge.sh Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/freebsd-pre-merge.sh Sun Jan 24 22:28:18 2016 (r294693) @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: stable/10/crypto/openssh/freebsd-pre-merge.sh 263691 2014-03-24 19:15:13Z des $ +# $FreeBSD$ # :>keywords Modified: stable/10/crypto/openssh/kex.c ============================================================================== --- stable/10/crypto/openssh/kex.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/kex.c Sun Jan 24 22:28:18 2016 (r294693) @@ -24,7 +24,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/param.h> @@ -146,13 +145,8 @@ kex_names_valid(const char *names) return 1; } -/* put algorithm proposal into buffer. */ -#ifndef NONE_CIPHER_ENABLED +/* put algorithm proposal into buffer */ static void -#else -/* Also used in sshconnect2.c. */ -void -#endif kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { u_int i; @@ -466,9 +460,6 @@ kex_choose_conf(Kex *kex) int nenc, nmac, ncomp; u_int mode, ctos, need, dh_need, authlen; int first_kex_follows, type; -#ifdef NONE_CIPHER_ENABLED - int auth_flag; -#endif my = kex_buf2prop(&kex->my, NULL); peer = kex_buf2prop(&kex->peer, &first_kex_follows); @@ -492,10 +483,6 @@ kex_choose_conf(Kex *kex) } /* Algorithm Negotiation */ -#ifdef NONE_CIPHER_ENABLED - auth_flag = packet_get_authentication_state(); - debug ("AUTH STATE is %d", auth_flag); -#endif for (mode = 0; mode < MODE_MAX; mode++) { newkeys = xcalloc(1, sizeof(*newkeys)); kex->newkeys[mode] = newkeys; @@ -510,17 +497,6 @@ kex_choose_conf(Kex *kex) if (authlen == 0) choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]); choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); -#ifdef NONE_CIPHER_ENABLED - debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); - if (strcmp(newkeys->enc.name, "none") == 0) { - debug("Requesting NONE. Authflag is %d", auth_flag); - if (auth_flag == 1) - debug("None requested post authentication."); - else - fatal("Pre-authentication none cipher requests " - "are not allowed."); - } -#endif debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, Modified: stable/10/crypto/openssh/kex.h ============================================================================== --- stable/10/crypto/openssh/kex.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/kex.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */ -/* $FreeBSD$ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -149,10 +148,6 @@ struct Kex { int kex_names_valid(const char *); char *kex_alg_list(char); -#ifdef NONE_CIPHER_ENABLED -void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]); -#endif - Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); Modified: stable/10/crypto/openssh/misc.c ============================================================================== --- stable/10/crypto/openssh/misc.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/misc.c Sun Jan 24 22:28:18 2016 (r294693) @@ -25,7 +25,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/ioctl.h> @@ -1037,34 +1036,3 @@ sock_set_v6only(int s) error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); #endif } - -void -sock_get_rcvbuf(int *size, int rcvbuf) -{ - int sock, socksize; - socklen_t socksizelen = sizeof(socksize); - - /* - * Create a socket but do not connect it. We use it - * only to get the rcv socket size. - */ - sock = socket(AF_INET6, SOCK_STREAM, 0); - if (sock < 0) - sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - return; - - /* - * If the tcp_rcv_buf option is set and passed in, attempt to set the - * buffer size to its value. - */ - if (rcvbuf) - setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf, - sizeof(rcvbuf)); - - if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF, - &socksize, &socksizelen) == 0) - if (size != NULL) - *size = socksize; - close(sock); -} Modified: stable/10/crypto/openssh/misc.h ============================================================================== --- stable/10/crypto/openssh/misc.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/misc.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: misc.h,v 1.50 2013/10/14 23:28:23 djm Exp $ */ -/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -40,7 +39,6 @@ time_t monotime(void); void lowercase(char *s); void sock_set_v6only(int); -void sock_get_rcvbuf(int *, int); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int); Modified: stable/10/crypto/openssh/monitor.c ============================================================================== --- stable/10/crypto/openssh/monitor.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/monitor.c Sun Jan 24 22:28:18 2016 (r294693) @@ -26,7 +26,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/param.h> Modified: stable/10/crypto/openssh/monitor_wrap.c ============================================================================== --- stable/10/crypto/openssh/monitor_wrap.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/monitor_wrap.c Sun Jan 24 22:28:18 2016 (r294693) @@ -26,7 +26,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include <sys/types.h> #include <sys/uio.h> Modified: stable/10/crypto/openssh/myproposal.h ============================================================================== --- stable/10/crypto/openssh/myproposal.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/myproposal.h Sun Jan 24 22:28:18 2016 (r294693) @@ -110,10 +110,6 @@ "chacha20-poly1305@openssh.com," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#ifdef NONE_CIPHER_ENABLED -#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ - ",none" -#endif #define KEX_DEFAULT_MAC \ "hmac-md5-etm@openssh.com," \ Modified: stable/10/crypto/openssh/packet.c ============================================================================== --- stable/10/crypto/openssh/packet.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/packet.c Sun Jan 24 22:28:18 2016 (r294693) @@ -202,9 +202,6 @@ struct session_state { }; static struct session_state *active_state, *backup_state; -#ifdef NONE_CIPHER_ENABLED -static int rekey_requested = 0; -#endif static struct session_state * alloc_session_state(void) @@ -1316,7 +1313,6 @@ packet_read_poll2(u_int32_t *seqnr_p) buffer_ptr(&active_state->input), block_size, 0, 0) != 0) fatal("Decryption integrity check failed"); cp = buffer_ptr(&active_state->incoming_packet); - active_state->packlen = get_u32(cp); if (active_state->packlen < 1 + 4 || active_state->packlen > PACKET_MAX_SIZE) { @@ -1943,26 +1939,12 @@ packet_send_ignore(int nbytes) } } -#ifdef NONE_CIPHER_ENABLED -void -packet_request_rekeying(void) -{ - rekey_requested = 1; -} -#endif - #define MAX_PACKETS (1U<<31) int packet_need_rekeying(void) { if (datafellows & SSH_BUG_NOREKEY) return 0; -#ifdef NONE_CIPHER_ENABLED - if (rekey_requested == 1) { - rekey_requested = 0; - return 1; - } -#endif return (active_state->p_send.packets > MAX_PACKETS) || (active_state->p_read.packets > MAX_PACKETS) || @@ -2074,11 +2056,3 @@ packet_restore_state(void) add_recv_bytes(len); } } - -#ifdef NONE_CIPHER_ENABLED -int -packet_get_authentication_state(void) -{ - return (active_state->after_authentication); -} -#endif Modified: stable/10/crypto/openssh/packet.h ============================================================================== --- stable/10/crypto/openssh/packet.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/packet.h Sun Jan 24 22:28:18 2016 (r294693) @@ -1,5 +1,4 @@ /* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */ -/* $FreeBSD$ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -39,9 +38,6 @@ void packet_set_interactive(int, int int packet_is_interactive(void); void packet_set_server(void); void packet_set_authenticated(void); -#ifdef NONE_CIPHER_ENABLED -int packet_get_authentication_state(void); -#endif void packet_start(u_char); void packet_put_char(int ch); @@ -119,9 +115,6 @@ do { \ } while (0) int packet_need_rekeying(void); -#ifdef NONE_CIPHER_ENABLED -void packet_request_rekeying(void); -#endif void packet_set_rekey_limits(u_int32_t, time_t); time_t packet_get_rekey_timeout(void); Modified: stable/10/crypto/openssh/readconf.c ============================================================================== --- stable/10/crypto/openssh/readconf.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/readconf.c Sun Jan 24 22:28:18 2016 (r294693) @@ -152,12 +152,8 @@ typedef enum { oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, - oIgnoredUnknownOption, - oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf, -#ifdef NONE_CIPHER_ENABLED - oNoneEnabled, oNoneSwitch, -#endif - oVersionAddendum, oDeprecated, oUnsupported + oVersionAddendum, + oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -270,14 +266,10 @@ static struct { { "canonicalizemaxdots", oCanonicalizeMaxDots }, { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, { "ignoreunknown", oIgnoreUnknown }, - { "hpndisabled", oHPNDisabled }, - { "hpnbuffersize", oHPNBufferSize }, - { "tcprcvbufpoll", oTcpRcvBufPoll }, - { "tcprcvbuf", oTcpRcvBuf }, -#ifdef NONE_CIPHER_ENABLED - { "noneenabled", oNoneEnabled }, - { "noneswitch", oNoneSwitch }, -#endif + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, + { "tcprcvbuf", oDeprecated }, { "versionaddendum", oVersionAddendum }, { NULL, oBadOption } @@ -1359,47 +1351,6 @@ parse_int: multistate_ptr = multistate_requesttty; goto parse_multistate; - case oHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case oHPNBufferSize: - intptr = &options->hpn_buffer_size; - goto parse_int; - - case oTcpRcvBufPoll: - intptr = &options->tcp_rcv_buf_poll; - goto parse_flag; - - case oTcpRcvBuf: - intptr = &options->tcp_rcv_buf; - goto parse_int; - -#ifdef NONE_CIPHER_ENABLED - case oNoneEnabled: - intptr = &options->none_enabled; - goto parse_flag; - - /* - * We check to see if the command comes from the command line or not. - * If it does then enable it otherwise fail. NONE must never be a - * default configuration. - */ - case oNoneSwitch: - if (strcmp(filename,"command-line") == 0) { - intptr = &options->none_switch; - goto parse_flag; - } else { - debug("NoneSwitch directive found in %.200s.", - filename); - error("NoneSwitch is found in %.200s.\n" - "You may only use this configuration option " - "from the command line", filename); - error("Continuing..."); - return 0; - } -#endif - case oVersionAddendum: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, @@ -1655,14 +1606,6 @@ initialize_options(Options * options) options->canonicalize_fallback_local = -1; options->canonicalize_hostname = -1; options->version_addendum = NULL; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; - options->tcp_rcv_buf_poll = -1; - options->tcp_rcv_buf = -1; -#ifdef NONE_CIPHER_ENABLED - options->none_enabled = -1; - options->none_switch = -1; -#endif } /* @@ -1857,36 +1800,6 @@ fill_default_options(Options * options) /* options->preferred_authentications will be set in ssh */ if (options->version_addendum == NULL) options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - if (options->hpn_buffer_size > -1) - { - u_int maxlen; - - /* If a user tries to set the size to 0 set it to 1KB. */ - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1024; - /* Limit the buffer to BUFFER_MAX_LEN. */ - maxlen = buffer_get_max_len(); - if (options->hpn_buffer_size > (maxlen / 1024)) { - debug("User requested buffer larger than %ub: %ub. " - "Request reverted to %ub", maxlen, - options->hpn_buffer_size * 1024, maxlen); - options->hpn_buffer_size = maxlen; - } - debug("hpn_buffer_size set to %d", options->hpn_buffer_size); - } - if (options->tcp_rcv_buf == 0) - options->tcp_rcv_buf = 1; - if (options->tcp_rcv_buf > -1) - options->tcp_rcv_buf *= 1024; - if (options->tcp_rcv_buf_poll == -1) - options->tcp_rcv_buf_poll = 1; -#ifdef NONE_CIPHER_ENABLED - /* options->none_enabled must not be set by default */ - if (options->none_switch == -1) - options->none_switch = 0; -#endif } /* Modified: stable/10/crypto/openssh/readconf.h ============================================================================== --- stable/10/crypto/openssh/readconf.h Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/readconf.h Sun Jan 24 22:28:18 2016 (r294693) @@ -154,21 +154,9 @@ typedef struct { int num_permitted_cnames; struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; - char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ - char *version_addendum; /* Appended to SSH banner */ - int hpn_disabled; /* Switch to disable HPN buffer management. */ - int hpn_buffer_size; /* User definable size for HPN buffer - * window. */ - int tcp_rcv_buf_poll; /* Option to poll recv buf every window - * transfer. */ - int tcp_rcv_buf; /* User switch to set tcp recv buffer. */ - -#ifdef NONE_CIPHER_ENABLED - int none_enabled; /* Allow none to be used */ - int none_switch; /* Use none cipher */ -#endif + char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; #define SSH_CANONICALISE_NO 0 Modified: stable/10/crypto/openssh/servconf.c ============================================================================== --- stable/10/crypto/openssh/servconf.c Sun Jan 24 22:26:25 2016 (r294692) +++ stable/10/crypto/openssh/servconf.c Sun Jan 24 22:28:18 2016 (r294693) @@ -155,12 +155,6 @@ initialize_server_options(ServerOptions options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; - options->hpn_disabled = -1; - options->hpn_buffer_size = -1; - options->tcp_rcv_buf_poll = -1; -#ifdef NONE_CIPHER_ENABLED - options->none_enabled = -1; -#endif } void @@ -321,38 +315,6 @@ fill_default_server_options(ServerOption } #endif - if (options->hpn_disabled == -1) - options->hpn_disabled = 0; - if (options->hpn_buffer_size == -1) { - /* - * HPN buffer size option not explicitly set. Try to figure - * out what value to use or resort to default. - */ - options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; - if (!options->hpn_disabled) { - sock_get_rcvbuf(&options->hpn_buffer_size, 0); - debug ("HPN Buffer Size: %d", options->hpn_buffer_size); - } - } else { - /* - * In the case that the user sets both values in a - * contradictory manner hpn_disabled overrrides hpn_buffer_size. - */ - if (options->hpn_disabled <= 0) { - u_int maxlen; - - maxlen = buffer_get_max_len(); - if (options->hpn_buffer_size == 0) - options->hpn_buffer_size = 1; - /* Limit the maximum buffer to BUFFER_MAX_LEN. */ - if (options->hpn_buffer_size > maxlen / 1024) - options->hpn_buffer_size = maxlen; - else - options->hpn_buffer_size *= 1024; - } else { - options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - } - } } /* Keyword tokens. */ @@ -388,10 +350,6 @@ typedef enum { sKexAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, - sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll, -#ifdef NONE_CIPHER_ENABLED - sNoneEnabled, -#endif sDeprecated, sUnsupported } ServerOpCodes; @@ -518,12 +476,10 @@ static struct { { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, - { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, - { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, - { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, -#ifdef NONE_CIPHER_ENABLED - { "noneenabled", sNoneEnabled, SSHCFG_ALL }, -#endif + { "noneenabled", sUnsupported, SSHCFG_ALL }, + { "hpndisabled", sDeprecated, SSHCFG_ALL }, + { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, + { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -1670,24 +1626,6 @@ process_server_config_line(ServerOptions } return 0; - case sHPNDisabled: - intptr = &options->hpn_disabled; - goto parse_flag; - - case sHPNBufferSize: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601242228.u0OMSIn7032949>