Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jan 2016 22:28:18 +0000 (UTC)
From:      =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r294693 - in stable/10: . crypto/openssh secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd share/mk tools/build/options
Message-ID:  <201601242228.u0OMSIn7032949@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Sun Jan 24 22:28:18 2016
New Revision: 294693
URL: https://svnweb.freebsd.org/changeset/base/294693

Log:
  MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563)
  
  Remove the HPN and None cipher patches.

Deleted:
  stable/10/crypto/openssh/README.hpn
  stable/10/tools/build/options/WITH_OPENSSH_NONE_CIPHER
Modified:
  stable/10/UPDATING
  stable/10/crypto/openssh/auth-pam.c   (contents, props changed)
  stable/10/crypto/openssh/auth2-chall.c   (contents, props changed)
  stable/10/crypto/openssh/bufaux.c   (contents, props changed)
  stable/10/crypto/openssh/buffer.c   (contents, props changed)
  stable/10/crypto/openssh/buffer.h   (contents, props changed)
  stable/10/crypto/openssh/channels.c   (contents, props changed)
  stable/10/crypto/openssh/channels.h   (contents, props changed)
  stable/10/crypto/openssh/cipher.c   (contents, props changed)
  stable/10/crypto/openssh/clientloop.c   (contents, props changed)
  stable/10/crypto/openssh/compat.c   (contents, props changed)
  stable/10/crypto/openssh/compat.h   (contents, props changed)
  stable/10/crypto/openssh/configure.ac   (contents, props changed)
  stable/10/crypto/openssh/digest-libc.c   (contents, props changed)
  stable/10/crypto/openssh/freebsd-post-merge.sh   (contents, props changed)
  stable/10/crypto/openssh/freebsd-pre-merge.sh   (contents, props changed)
  stable/10/crypto/openssh/kex.c   (contents, props changed)
  stable/10/crypto/openssh/kex.h   (contents, props changed)
  stable/10/crypto/openssh/misc.c   (contents, props changed)
  stable/10/crypto/openssh/misc.h   (contents, props changed)
  stable/10/crypto/openssh/monitor.c   (contents, props changed)
  stable/10/crypto/openssh/monitor_wrap.c   (contents, props changed)
  stable/10/crypto/openssh/myproposal.h
  stable/10/crypto/openssh/packet.c
  stable/10/crypto/openssh/packet.h   (contents, props changed)
  stable/10/crypto/openssh/readconf.c
  stable/10/crypto/openssh/readconf.h
  stable/10/crypto/openssh/servconf.c
  stable/10/crypto/openssh/servconf.h   (contents, props changed)
  stable/10/crypto/openssh/serverloop.c   (contents, props changed)
  stable/10/crypto/openssh/session.c
  stable/10/crypto/openssh/sftp.1   (contents, props changed)
  stable/10/crypto/openssh/sftp.c   (contents, props changed)
  stable/10/crypto/openssh/ssh-agent.1
  stable/10/crypto/openssh/ssh.c
  stable/10/crypto/openssh/ssh_config   (contents, props changed)
  stable/10/crypto/openssh/ssh_config.5
  stable/10/crypto/openssh/ssh_namespace.h
  stable/10/crypto/openssh/sshconnect.c
  stable/10/crypto/openssh/sshconnect2.c   (contents, props changed)
  stable/10/crypto/openssh/sshd.c
  stable/10/crypto/openssh/sshd_config   (contents, props changed)
  stable/10/crypto/openssh/sshd_config.5
  stable/10/crypto/openssh/version.h
  stable/10/secure/lib/libssh/Makefile
  stable/10/secure/usr.bin/ssh/Makefile
  stable/10/secure/usr.sbin/sshd/Makefile
  stable/10/share/mk/bsd.own.mk
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/UPDATING
==============================================================================
--- stable/10/UPDATING	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/UPDATING	Sun Jan 24 22:28:18 2016	(r294693)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20160124:
+	The NONE and HPN patches has been removed from OpenSSH.  They are
+	still available in the security/openssh-portable port.
+
 20151214:
 	r292223 changed the internal interface between the nfsd.ko and
 	nfscommon.ko modules. As such, they must both be upgraded to-gether.

Modified: stable/10/crypto/openssh/auth-pam.c
==============================================================================
--- stable/10/crypto/openssh/auth-pam.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/auth-pam.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -45,7 +45,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* Based on $FreeBSD$ */
+/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
 
 #include <sys/types.h>

Modified: stable/10/crypto/openssh/auth2-chall.c
==============================================================================
--- stable/10/crypto/openssh/auth2-chall.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/auth2-chall.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -25,7 +25,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 

Modified: stable/10/crypto/openssh/bufaux.c
==============================================================================
--- stable/10/crypto/openssh/bufaux.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/bufaux.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -38,7 +38,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 

Modified: stable/10/crypto/openssh/buffer.c
==============================================================================
--- stable/10/crypto/openssh/buffer.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/buffer.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -13,7 +13,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/param.h>
 
@@ -27,7 +26,7 @@ __RCSID("$FreeBSD$");
 #include "log.h"
 
 #define	BUFFER_MAX_CHUNK	0x100000
-#define	BUFFER_MAX_LEN		0x4000000	/* 64MB */
+#define	BUFFER_MAX_LEN		0xa00000
 #define	BUFFER_ALLOCSZ		0x008000
 
 /* Initializes the buffer structure. */
@@ -167,13 +166,6 @@ buffer_len(const Buffer *buffer)
 	return buffer->end - buffer->offset;
 }
 
-/* Returns the maximum number of bytes of data that may be in the buffer. */
-u_int
-buffer_get_max_len(void)
-{
-	return (BUFFER_MAX_LEN);
-}
-
 /* Gets data from the beginning of the buffer. */
 
 int

Modified: stable/10/crypto/openssh/buffer.h
==============================================================================
--- stable/10/crypto/openssh/buffer.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/buffer.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -47,8 +46,6 @@ int	 buffer_get_ret(Buffer *, void *, u_
 int	 buffer_consume_ret(Buffer *, u_int);
 int	 buffer_consume_end_ret(Buffer *, u_int);
 
-u_int	 buffer_get_max_len(void);
-
 #include <openssl/bn.h>
 
 void    buffer_put_bignum(Buffer *, const BIGNUM *);

Modified: stable/10/crypto/openssh/channels.c
==============================================================================
--- stable/10/crypto/openssh/channels.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/channels.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -40,7 +40,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -174,11 +173,6 @@ static void port_open_helper(Channel *c,
 static int connect_next(struct channel_connect *);
 static void channel_connect_ctx_free(struct channel_connect *);
 
-/* -- HPN */
-
-static int hpn_disabled = 0;
-static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
-
 /* -- channel core */
 
 Channel *
@@ -325,7 +319,6 @@ channel_new(char *ctype, int type, int r
 	c->self = found;
 	c->type = type;
 	c->ctype = ctype;
-	c->dynamic_window = 0;
 	c->local_window = window;
 	c->local_window_max = window;
 	c->local_consumed = 0;
@@ -826,45 +819,10 @@ channel_pre_open_13(Channel *c, fd_set *
 		FD_SET(c->sock, writeset);
 }
 
-static u_int
-channel_tcpwinsz(void)
-{
-	u_int32_t tcpwinsz;
-	socklen_t optsz;
-	int ret, sd;
-	u_int maxlen;
-
-	/* If we are not on a socket return 128KB. */
-	if (!packet_connection_is_on_socket())
-		return (128 * 1024);
-
-	tcpwinsz = 0;
-	optsz = sizeof(tcpwinsz);
-	sd = packet_get_connection_in();
-	ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-
-	/* Return no more than the maximum buffer size. */
-	maxlen = buffer_get_max_len();
-	if ((ret == 0) && tcpwinsz > maxlen)
-		tcpwinsz = maxlen;
-	/* In case getsockopt() failed return a minimum. */
-	if (tcpwinsz == 0)
-		tcpwinsz = CHAN_TCP_WINDOW_DEFAULT;
-	debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd);
-	return (tcpwinsz);
-}
-
 static void
 channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
 {
-	u_int limit;
-
-	/* Check buffer limits. */
-	if (!c->tcpwinsz || c->dynamic_window > 0)
-		c->tcpwinsz = channel_tcpwinsz();
-
-	limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(),
-	    2 * c->tcpwinsz);
+	u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
 
 	if (c->istate == CHAN_INPUT_OPEN &&
 	    limit > 0 &&
@@ -1857,25 +1815,14 @@ channel_check_window(Channel *c)
 	    c->local_maxpacket*3) ||
 	    c->local_window < c->local_window_max/2) &&
 	    c->local_consumed > 0) {
-		u_int addition = 0;
-
-		/* Adjust max window size if we are in a dynamic environment. */
-		if (c->dynamic_window && c->tcpwinsz > c->local_window_max) {
-			/*
-			 * Grow the window somewhat aggressively to maintain
-			 * pressure.
-			 */
-			addition = 1.5 * (c->tcpwinsz - c->local_window_max);
-			c->local_window_max += addition;
-		}
 		packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
 		packet_put_int(c->remote_id);
-		packet_put_int(c->local_consumed + addition);
+		packet_put_int(c->local_consumed);
 		packet_send();
 		debug2("channel %d: window %d sent adjust %d",
 		    c->self, c->local_window,
 		    c->local_consumed);
-		c->local_window += c->local_consumed + addition;
+		c->local_window += c->local_consumed;
 		c->local_consumed = 0;
 	}
 	return 1;
@@ -2739,14 +2686,6 @@ channel_set_af(int af)
 	IPv4or6 = af;
 }
 
-void
-channel_set_hpn(int disabled, u_int buf_size)
-{
-	hpn_disabled = disabled;
-	buffer_size = buf_size;
-	debug("HPN Disabled: %d, HPN Buffer Size: %d",
-	    hpn_disabled, buffer_size);
-}
 
 /*
  * Determine whether or not a port forward listens to loopback, the
@@ -2924,18 +2863,10 @@ channel_setup_fwd_listener(int type, con
 			    *allocated_listen_port);
 		}
 
-		/*
-		 * Allocate a channel number for the socket.  Explicitly test
-		 * for hpn disabled option.  If true use smaller window size.
-		 */
-		if (hpn_disabled)
-			c = channel_new("port listener", type, sock, sock, -1,
-			    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-			    0, "port listener", 1);
-		else
-			c = channel_new("port listener", type, sock, sock, -1,
-			    buffer_size, CHAN_TCP_PACKET_DEFAULT,
-			    0, "port listener", 1);
+		/* Allocate a channel number for the socket. */
+		c = channel_new("port listener", type, sock, sock, -1,
+		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+		    0, "port listener", 1);
 		c->path = xstrdup(host);
 		c->host_port = port_to_connect;
 		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@@ -3583,16 +3514,10 @@ x11_create_display_inet(int x11_display_
 	*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
 	for (n = 0; n < num_socks; n++) {
 		sock = socks[n];
-		if (hpn_disabled)
-			nc = channel_new("x11 listener",
-			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-			    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-			    0, "X11 inet listener", 1);
-		else
-			nc = channel_new("x11 listener",
-			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-			    buffer_size, CHAN_X11_PACKET_DEFAULT,
-			    0, "X11 inet listener", 1);
+		nc = channel_new("x11 listener",
+		    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+		    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+		    0, "X11 inet listener", 1);
 		nc->single_connection = single_connection;
 		(*chanids)[n] = nc->self;
 	}

Modified: stable/10/crypto/openssh/channels.h
==============================================================================
--- stable/10/crypto/openssh/channels.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/channels.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -133,8 +132,6 @@ struct Channel {
 	u_int	local_window_max;
 	u_int	local_consumed;
 	u_int	local_maxpacket;
-	u_int	tcpwinsz;
-	int	dynamic_window;
 	int     extended_usage;
 	int	single_connection;
 
@@ -176,7 +173,6 @@ struct Channel {
 #define CHAN_TCP_WINDOW_DEFAULT	(64*CHAN_TCP_PACKET_DEFAULT)
 #define CHAN_X11_PACKET_DEFAULT	(16*1024)
 #define CHAN_X11_WINDOW_DEFAULT	(4*CHAN_X11_PACKET_DEFAULT)
-#define CHAN_HPN_MIN_WINDOW_DEFAULT	(2*1024*1024)
 
 /* possible input states */
 #define CHAN_INPUT_OPEN			0
@@ -310,8 +306,4 @@ void	 chan_rcvd_ieof(Channel *);
 void	 chan_write_failed(Channel *);
 void	 chan_obuf_empty(Channel *);
 
-/* hpn handler */
-
-void	channel_set_hpn(int, u_int);
-
 #endif

Modified: stable/10/crypto/openssh/cipher.c
==============================================================================
--- stable/10/crypto/openssh/cipher.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/cipher.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -36,7 +36,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 
@@ -225,12 +224,7 @@ ciphers_valid(const char *names)
 	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
 	    (p = strsep(&cp, CIPHER_SEP))) {
 		c = cipher_by_name(p);
-#ifdef NONE_CIPHER_ENABLED
-		if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
-		    c->number != SSH_CIPHER_NONE)) {
-#else
-		if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
-#endif
+		if (c == NULL || c->number != SSH_CIPHER_SSH2) {
 			debug("bad cipher %s [%s]", p, names);
 			free(cipher_list);
 			return 0;
@@ -485,9 +479,6 @@ cipher_get_keyiv(CipherContext *cc, u_ch
 	}
 
 	switch (c->number) {
-#ifdef	NONE_CIPHER_ENABLED
-	case SSH_CIPHER_NONE:
-#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
@@ -527,9 +518,6 @@ cipher_set_keyiv(CipherContext *cc, u_ch
 		return;
 
 	switch (c->number) {
-#ifdef	NONE_CIPHER_ENABLED
-	case SSH_CIPHER_NONE:
-#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:

Modified: stable/10/crypto/openssh/clientloop.c
==============================================================================
--- stable/10/crypto/openssh/clientloop.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/clientloop.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -60,7 +60,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -1892,14 +1891,9 @@ client_request_x11(const char *request_t
 	sock = x11_connect_display();
 	if (sock < 0)
 		return NULL;
-	if (options.hpn_disabled)
-		c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-		    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-		    0, "x11", 1);
-	else
-		c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-		    options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
-		    0, "x11", 1);
+	c = channel_new("x11",
+	    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
 	c->force_drain = 1;
 	return c;
 }
@@ -1919,16 +1913,10 @@ client_request_agent(const char *request
 	sock = ssh_get_authentication_socket();
 	if (sock < 0)
 		return NULL;
-	if (options.hpn_disabled)
-		c = channel_new("authentication agent connection",
-		    SSH_CHANNEL_OPEN, sock, sock, -1,
-		    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-		    "authentication agent connection", 1);
-	else
-		c = channel_new("authentication agent connection",
-		    SSH_CHANNEL_OPEN, sock, sock, -1,
-		    options.hpn_buffer_size, options.hpn_buffer_size, 0,
-		    "authentication agent connection", 1);
+	c = channel_new("authentication agent connection",
+	    SSH_CHANNEL_OPEN, sock, sock, -1,
+	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+	    "authentication agent connection", 1);
 	c->force_drain = 1;
 	return c;
 }
@@ -1955,14 +1943,8 @@ client_request_tun_fwd(int tun_mode, int
 		return -1;
 	}
 
-	if (options.hpn_disabled)
-		c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-		    0, "tun", 1);
-	else
-		c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
-		    0, "tun", 1);
+	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
 	c->datagram = 1;
 
 #if defined(SSH_TUN_FILTER)

Modified: stable/10/crypto/openssh/compat.c
==============================================================================
--- stable/10/crypto/openssh/compat.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/compat.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -24,7 +24,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 
@@ -178,16 +177,6 @@ compat_datafellows(const char *version)
 			datafellows = check[i].bugs;
 			debug("match: %s pat %s compat 0x%08x",
 			    version, check[i].pat, datafellows);
-			/*
-			 * Check to see if the remote side is OpenSSH and not
-			 * HPN.  It is utterly strange to check it from the
-			 * version string and expose the option that way.
-			 */
-			if (strstr(version,"OpenSSH") != NULL &&
-			    strstr(version,"hpn") == NULL) {
-				datafellows |= SSH_BUG_LARGEWINDOW;
-				debug("Remote is not HPN-aware");
-			}
 			return;
 		}
 	}

Modified: stable/10/crypto/openssh/compat.h
==============================================================================
--- stable/10/crypto/openssh/compat.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/compat.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -62,8 +61,6 @@
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
 #define SSH_BUG_CURVE25519PAD	0x10000000
 
-#define SSH_BUG_LARGEWINDOW	0x80000000
-
 void     enable_compat13(void);
 void     enable_compat20(void);
 void     compat_datafellows(const char *);

Modified: stable/10/crypto/openssh/configure.ac
==============================================================================
--- stable/10/crypto/openssh/configure.ac	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/configure.ac	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,4 +1,5 @@
 # $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $
+# $FreeBSD$
 #
 # Copyright (c) 1999-2004 Damien Miller
 #

Modified: stable/10/crypto/openssh/digest-libc.c
==============================================================================
--- stable/10/crypto/openssh/digest-libc.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/digest-libc.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -17,7 +17,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <limits.h>

Modified: stable/10/crypto/openssh/freebsd-post-merge.sh
==============================================================================
--- stable/10/crypto/openssh/freebsd-post-merge.sh	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/freebsd-post-merge.sh	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: stable/10/crypto/openssh/freebsd-post-merge.sh 263691 2014-03-24 19:15:13Z des $
+# $FreeBSD$
 #
 
 xargs perl -n -i -e '

Modified: stable/10/crypto/openssh/freebsd-pre-merge.sh
==============================================================================
--- stable/10/crypto/openssh/freebsd-pre-merge.sh	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/freebsd-pre-merge.sh	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: stable/10/crypto/openssh/freebsd-pre-merge.sh 263691 2014-03-24 19:15:13Z des $
+# $FreeBSD$
 #
 
 :>keywords

Modified: stable/10/crypto/openssh/kex.c
==============================================================================
--- stable/10/crypto/openssh/kex.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/kex.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -24,7 +24,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/param.h>
 
@@ -146,13 +145,8 @@ kex_names_valid(const char *names)
 	return 1;
 }
 
-/* put algorithm proposal into buffer. */
-#ifndef NONE_CIPHER_ENABLED
+/* put algorithm proposal into buffer */
 static void
-#else
-/* Also used in sshconnect2.c. */
-void
-#endif
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
 	u_int i;
@@ -466,9 +460,6 @@ kex_choose_conf(Kex *kex)
 	int nenc, nmac, ncomp;
 	u_int mode, ctos, need, dh_need, authlen;
 	int first_kex_follows, type;
-#ifdef	NONE_CIPHER_ENABLED
-	int auth_flag;
-#endif
 
 	my   = kex_buf2prop(&kex->my, NULL);
 	peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -492,10 +483,6 @@ kex_choose_conf(Kex *kex)
 	}
 
 	/* Algorithm Negotiation */
-#ifdef	NONE_CIPHER_ENABLED
-	auth_flag = packet_get_authentication_state();
-	debug ("AUTH STATE is %d", auth_flag);
-#endif
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		newkeys = xcalloc(1, sizeof(*newkeys));
 		kex->newkeys[mode] = newkeys;
@@ -510,17 +497,6 @@ kex_choose_conf(Kex *kex)
 		if (authlen == 0)
 			choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
 		choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
-#ifdef	NONE_CIPHER_ENABLED
-		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
-		if (strcmp(newkeys->enc.name, "none") == 0) {
-			debug("Requesting NONE. Authflag is %d", auth_flag);
-			if (auth_flag == 1)
-				debug("None requested post authentication.");
-			else
-				fatal("Pre-authentication none cipher requests "
-				    "are not allowed.");
-		}
-#endif
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,

Modified: stable/10/crypto/openssh/kex.h
==============================================================================
--- stable/10/crypto/openssh/kex.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/kex.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: kex.h,v 1.62 2014/01/27 18:58:14 markus Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -149,10 +148,6 @@ struct Kex {
 int	 kex_names_valid(const char *);
 char	*kex_alg_list(char);
 
-#ifdef	NONE_CIPHER_ENABLED
-void	 kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
-#endif
-
 Kex	*kex_setup(char *[PROPOSAL_MAX]);
 void	 kex_finish(Kex *);
 

Modified: stable/10/crypto/openssh/misc.c
==============================================================================
--- stable/10/crypto/openssh/misc.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/misc.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -25,7 +25,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -1037,34 +1036,3 @@ sock_set_v6only(int s)
 		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
 #endif
 }
-
-void
-sock_get_rcvbuf(int *size, int rcvbuf)
-{
-	int sock, socksize;
-	socklen_t socksizelen = sizeof(socksize);
-
-	/*
-	 * Create a socket but do not connect it.  We use it
-	 * only to get the rcv socket size.
-	 */
-	sock = socket(AF_INET6, SOCK_STREAM, 0);
-	if (sock < 0)
-		sock = socket(AF_INET, SOCK_STREAM, 0);
-	if (sock < 0)
-		return;
-
-	/*
-	 * If the tcp_rcv_buf option is set and passed in, attempt to set the
-	 *  buffer size to its value.
-	 */
-	if (rcvbuf)
-		setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf,
-		    sizeof(rcvbuf));
-
-	if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-	    &socksize, &socksizelen) == 0)
-		if (size != NULL)
-			*size = socksize;
-	close(sock);
-}

Modified: stable/10/crypto/openssh/misc.h
==============================================================================
--- stable/10/crypto/openssh/misc.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/misc.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: misc.h,v 1.50 2013/10/14 23:28:23 djm Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,7 +39,6 @@ time_t	 monotime(void);
 void	 lowercase(char *s);
 
 void	 sock_set_v6only(int);
-void	 sock_get_rcvbuf(int *, int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);

Modified: stable/10/crypto/openssh/monitor.c
==============================================================================
--- stable/10/crypto/openssh/monitor.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/monitor.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -26,7 +26,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/param.h>

Modified: stable/10/crypto/openssh/monitor_wrap.c
==============================================================================
--- stable/10/crypto/openssh/monitor_wrap.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/monitor_wrap.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -26,7 +26,6 @@
  */
 
 #include "includes.h"
-__RCSID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/uio.h>

Modified: stable/10/crypto/openssh/myproposal.h
==============================================================================
--- stable/10/crypto/openssh/myproposal.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/myproposal.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -110,10 +110,6 @@
 	"chacha20-poly1305@openssh.com," \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
-#ifdef	NONE_CIPHER_ENABLED
-#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
-	",none"
-#endif
 
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5-etm@openssh.com," \

Modified: stable/10/crypto/openssh/packet.c
==============================================================================
--- stable/10/crypto/openssh/packet.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/packet.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -202,9 +202,6 @@ struct session_state {
 };
 
 static struct session_state *active_state, *backup_state;
-#ifdef	NONE_CIPHER_ENABLED
-static int rekey_requested = 0;
-#endif
 
 static struct session_state *
 alloc_session_state(void)
@@ -1316,7 +1313,6 @@ packet_read_poll2(u_int32_t *seqnr_p)
 		    buffer_ptr(&active_state->input), block_size, 0, 0) != 0)
 			fatal("Decryption integrity check failed");
 		cp = buffer_ptr(&active_state->incoming_packet);
-
 		active_state->packlen = get_u32(cp);
 		if (active_state->packlen < 1 + 4 ||
 		    active_state->packlen > PACKET_MAX_SIZE) {
@@ -1943,26 +1939,12 @@ packet_send_ignore(int nbytes)
 	}
 }
 
-#ifdef	NONE_CIPHER_ENABLED
-void
-packet_request_rekeying(void)
-{
-	rekey_requested = 1;
-}
-#endif
-
 #define MAX_PACKETS	(1U<<31)
 int
 packet_need_rekeying(void)
 {
 	if (datafellows & SSH_BUG_NOREKEY)
 		return 0;
-#ifdef	NONE_CIPHER_ENABLED
-	if (rekey_requested == 1) {
-		rekey_requested = 0;
-		return 1;
-	}
-#endif
 	return
 	    (active_state->p_send.packets > MAX_PACKETS) ||
 	    (active_state->p_read.packets > MAX_PACKETS) ||
@@ -2074,11 +2056,3 @@ packet_restore_state(void)
 		add_recv_bytes(len);
 	}
 }
-
-#ifdef	NONE_CIPHER_ENABLED
-int
-packet_get_authentication_state(void)
-{
-	return (active_state->after_authentication);
-}
-#endif

Modified: stable/10/crypto/openssh/packet.h
==============================================================================
--- stable/10/crypto/openssh/packet.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/packet.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -1,5 +1,4 @@
 /* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
-/* $FreeBSD$ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -39,9 +38,6 @@ void     packet_set_interactive(int, int
 int      packet_is_interactive(void);
 void     packet_set_server(void);
 void     packet_set_authenticated(void);
-#ifdef	NONE_CIPHER_ENABLED
-int      packet_get_authentication_state(void);
-#endif
 
 void     packet_start(u_char);
 void     packet_put_char(int ch);
@@ -119,9 +115,6 @@ do { \
 } while (0)
 
 int	 packet_need_rekeying(void);
-#ifdef	NONE_CIPHER_ENABLED
-void	 packet_request_rekeying(void);
-#endif
 void	 packet_set_rekey_limits(u_int32_t, time_t);
 time_t	 packet_get_rekey_timeout(void);
 

Modified: stable/10/crypto/openssh/readconf.c
==============================================================================
--- stable/10/crypto/openssh/readconf.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/readconf.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -152,12 +152,8 @@ typedef enum {
 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
-	oIgnoredUnknownOption,
-	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
-#ifdef NONE_CIPHER_ENABLED
-	oNoneEnabled, oNoneSwitch,
-#endif
-	oVersionAddendum, oDeprecated, oUnsupported
+	oVersionAddendum,
+	oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -270,14 +266,10 @@ static struct {
 	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
 	{ "ignoreunknown", oIgnoreUnknown },
-	{ "hpndisabled", oHPNDisabled },
-	{ "hpnbuffersize", oHPNBufferSize },
-	{ "tcprcvbufpoll", oTcpRcvBufPoll },
-	{ "tcprcvbuf", oTcpRcvBuf },
-#ifdef	NONE_CIPHER_ENABLED
-	{ "noneenabled", oNoneEnabled },
-	{ "noneswitch", oNoneSwitch },
-#endif
+	{ "hpndisabled", oDeprecated },
+	{ "hpnbuffersize", oDeprecated },
+	{ "tcprcvbufpoll", oDeprecated },
+	{ "tcprcvbuf", oDeprecated },
 	{ "versionaddendum", oVersionAddendum },
 
 	{ NULL, oBadOption }
@@ -1359,47 +1351,6 @@ parse_int:
 		multistate_ptr = multistate_requesttty;
 		goto parse_multistate;
 
-	case oHPNDisabled:
-		intptr = &options->hpn_disabled;
-		goto parse_flag;
-
-	case oHPNBufferSize:
-		intptr = &options->hpn_buffer_size;
-		goto parse_int;
-
-	case oTcpRcvBufPoll:
-		intptr = &options->tcp_rcv_buf_poll;
-		goto parse_flag;
-
-	case oTcpRcvBuf:
-		intptr = &options->tcp_rcv_buf;
-		goto parse_int;
-
-#ifdef	NONE_CIPHER_ENABLED
-	case oNoneEnabled:
-		intptr = &options->none_enabled;
-		goto parse_flag;
-
-	/*
-	 * We check to see if the command comes from the command line or not.
-	 * If it does then enable it otherwise fail.  NONE must never be a
-	 * default configuration.
-	 */
-	case oNoneSwitch:
-		if (strcmp(filename,"command-line") == 0) {
-			intptr = &options->none_switch;
-			goto parse_flag;
-		} else {
-			debug("NoneSwitch directive found in %.200s.",
-			    filename);
-			error("NoneSwitch is found in %.200s.\n"
-			    "You may only use this configuration option "
-			    "from the command line", filename);
-			error("Continuing...");
-			return 0;
-		}
-#endif
-
 	case oVersionAddendum:
 		if (s == NULL)
 			fatal("%.200s line %d: Missing argument.", filename,
@@ -1655,14 +1606,6 @@ initialize_options(Options * options)
 	options->canonicalize_fallback_local = -1;
 	options->canonicalize_hostname = -1;
 	options->version_addendum = NULL;
-	options->hpn_disabled = -1;
-	options->hpn_buffer_size = -1;
-	options->tcp_rcv_buf_poll = -1;
-	options->tcp_rcv_buf = -1;
-#ifdef NONE_CIPHER_ENABLED
-	options->none_enabled = -1;
-	options->none_switch = -1;
-#endif
 }
 
 /*
@@ -1857,36 +1800,6 @@ fill_default_options(Options * options)
 	/* options->preferred_authentications will be set in ssh */
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
-	if (options->hpn_disabled == -1)
-		options->hpn_disabled = 0;
-	if (options->hpn_buffer_size > -1)
-	{
-		u_int maxlen;
-
-		/* If a user tries to set the size to 0 set it to 1KB. */
-		if (options->hpn_buffer_size == 0)
-			options->hpn_buffer_size = 1024;
-		/* Limit the buffer to BUFFER_MAX_LEN. */
-		maxlen = buffer_get_max_len();
-		if (options->hpn_buffer_size > (maxlen / 1024)) {
-			debug("User requested buffer larger than %ub: %ub. "
-			    "Request reverted to %ub", maxlen,
-			    options->hpn_buffer_size * 1024, maxlen);
-			options->hpn_buffer_size = maxlen;
-		}
-		debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
-	}
-	if (options->tcp_rcv_buf == 0)
-		options->tcp_rcv_buf = 1;
-	if (options->tcp_rcv_buf > -1)
-		options->tcp_rcv_buf *= 1024;
-	if (options->tcp_rcv_buf_poll == -1)
-		options->tcp_rcv_buf_poll = 1;
-#ifdef	NONE_CIPHER_ENABLED
-	/* options->none_enabled must not be set by default */
-	if (options->none_switch == -1)
-		options->none_switch = 0;
-#endif
 }
 
 /*

Modified: stable/10/crypto/openssh/readconf.h
==============================================================================
--- stable/10/crypto/openssh/readconf.h	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/readconf.h	Sun Jan 24 22:28:18 2016	(r294693)
@@ -154,21 +154,9 @@ typedef struct {
 	int	num_permitted_cnames;
 	struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
 
-	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
-
 	char   *version_addendum;	/* Appended to SSH banner */
 
-	int	hpn_disabled;	/* Switch to disable HPN buffer management. */
-	int	hpn_buffer_size;	/* User definable size for HPN buffer
-					 * window. */
-	int	tcp_rcv_buf_poll;	/* Option to poll recv buf every window
-					 * transfer. */
-	int	tcp_rcv_buf;	/* User switch to set tcp recv buffer. */
-
-#ifdef	NONE_CIPHER_ENABLED
-	int	none_enabled;	/* Allow none to be used */
-	int	none_switch;	/* Use none cipher */
-#endif
+	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
 #define SSH_CANONICALISE_NO	0

Modified: stable/10/crypto/openssh/servconf.c
==============================================================================
--- stable/10/crypto/openssh/servconf.c	Sun Jan 24 22:26:25 2016	(r294692)
+++ stable/10/crypto/openssh/servconf.c	Sun Jan 24 22:28:18 2016	(r294693)
@@ -155,12 +155,6 @@ initialize_server_options(ServerOptions 
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
-	options->hpn_disabled = -1;
-	options->hpn_buffer_size = -1;
-	options->tcp_rcv_buf_poll = -1;
-#ifdef	NONE_CIPHER_ENABLED
-	options->none_enabled = -1;
-#endif
 }
 
 void
@@ -321,38 +315,6 @@ fill_default_server_options(ServerOption
 	}
 #endif
 
-	if (options->hpn_disabled == -1)
-		options->hpn_disabled = 0;
-	if (options->hpn_buffer_size == -1) {
-		/*
-		 * HPN buffer size option not explicitly set.  Try to figure
-		 * out what value to use or resort to default.
-		 */
-		options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-		if (!options->hpn_disabled) {
-			sock_get_rcvbuf(&options->hpn_buffer_size, 0);
-			debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-		}
-	} else {
-		/*
-		 * In the case that the user sets both values in a
-		 * contradictory manner hpn_disabled overrrides hpn_buffer_size.
-		 */
-		if (options->hpn_disabled <= 0) {
-			u_int maxlen;
-
-			maxlen = buffer_get_max_len();
-			if (options->hpn_buffer_size == 0)
-				options->hpn_buffer_size = 1;
-			/* Limit the maximum buffer to BUFFER_MAX_LEN. */
-			if (options->hpn_buffer_size > maxlen / 1024)
-				options->hpn_buffer_size = maxlen;
-			else
-				options->hpn_buffer_size *= 1024;
-		} else {
-			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
-		}
-	}
 }
 
 /* Keyword tokens. */
@@ -388,10 +350,6 @@ typedef enum {
 	sKexAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent,
-	sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
-#ifdef NONE_CIPHER_ENABLED
-	sNoneEnabled,
-#endif
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -518,12 +476,10 @@ static struct {
 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
-	{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
-	{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
-	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
-#ifdef NONE_CIPHER_ENABLED
-	{ "noneenabled", sNoneEnabled, SSHCFG_ALL },
-#endif
+	{ "noneenabled", sUnsupported, SSHCFG_ALL },
+	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
+	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },
+	{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1670,24 +1626,6 @@ process_server_config_line(ServerOptions
 		}
 		return 0;
 
-	case sHPNDisabled:
-		intptr = &options->hpn_disabled;
-		goto parse_flag;
-
-	case sHPNBufferSize:

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601242228.u0OMSIn7032949>