From owner-svn-src-user@FreeBSD.ORG Fri Jun 17 20:55:35 2011 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FCF7106564A; Fri, 17 Jun 2011 20:55:35 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6624F8FC08; Fri, 17 Jun 2011 20:55:35 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p5HKtZDK006702; Fri, 17 Jun 2011 20:55:35 GMT (envelope-from brooks@svn.freebsd.org) Received: (from brooks@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p5HKtZMT006688; Fri, 17 Jun 2011 20:55:35 GMT (envelope-from brooks@svn.freebsd.org) Message-Id: <201106172055.p5HKtZMT006688@svn.freebsd.org> From: Brooks Davis Date: Fri, 17 Jun 2011 20:55:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r223204 - user/brooks/openssh-hpn X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2011 20:55:35 -0000 Author: brooks Date: Fri Jun 17 20:55:35 2011 New Revision: 223204 URL: http://svn.freebsd.org/changeset/base/223204 Log: Wrap all the NONE cipher support from HPN in #ifdef NONE_CIPHER_ENABLED. Note that this does not include all references to it in the source. Modified: user/brooks/openssh-hpn/cipher.c user/brooks/openssh-hpn/kex.c user/brooks/openssh-hpn/kex.h user/brooks/openssh-hpn/myproposal.h user/brooks/openssh-hpn/packet.c user/brooks/openssh-hpn/packet.h user/brooks/openssh-hpn/readconf.c user/brooks/openssh-hpn/readconf.h user/brooks/openssh-hpn/servconf.c user/brooks/openssh-hpn/servconf.h user/brooks/openssh-hpn/ssh.c user/brooks/openssh-hpn/sshconnect2.c user/brooks/openssh-hpn/sshd.c Modified: user/brooks/openssh-hpn/cipher.c ============================================================================== --- user/brooks/openssh-hpn/cipher.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/cipher.c Fri Jun 17 20:55:35 2011 (r223204) @@ -163,8 +163,12 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); +#ifdef NONE_CIPHER_ENABLED if (c == NULL || (c->number != SSH_CIPHER_SSH2 && c->number != SSH_CIPHER_NONE)) { +#else + if (c == NULL || (c->number != SSH_CIPHER_SSH2)) { +#endif debug("bad cipher %s [%s]", p, names); xfree(cipher_list); return 0; @@ -338,7 +342,9 @@ cipher_get_keyiv(CipherContext *cc, u_ch int evplen; switch (c->number) { +#ifdef NONE_CIPHER_ENABLED case SSH_CIPHER_NONE: +#endif case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -373,7 +379,9 @@ cipher_set_keyiv(CipherContext *cc, u_ch int evplen = 0; switch (c->number) { +#ifdef NONE_CIPHER_ENABLED case SSH_CIPHER_NONE: +#endif case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: Modified: user/brooks/openssh-hpn/kex.c ============================================================================== --- user/brooks/openssh-hpn/kex.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/kex.c Fri Jun 17 20:55:35 2011 (r223204) @@ -90,8 +90,13 @@ kex_names_valid(const char *names) return 1; } -/* Put algorithm proposal into buffer. Also used in sshconnect2.c. */ +/* Put algorithm proposal into buffer. */ +#ifndef NONE_CIPHER_ENABLED +static void +#else +/* Also used in sshconnect2.c. */ void +#endif kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { u_int i; @@ -407,7 +412,9 @@ kex_choose_conf(Kex *kex) int nenc, nmac, ncomp; u_int mode, ctos, need; int first_kex_follows, type; +#ifdef NONE_CIPHER_ENABLED int auth_flag; +#endif my = kex_buf2prop(&kex->my, NULL); peer = kex_buf2prop(&kex->peer, &first_kex_follows); @@ -431,8 +438,10 @@ kex_choose_conf(Kex *kex) } /* Algorithm Negotiation */ +#ifdef NONE_CIPHER_ENABLED auth_flag = packet_get_authentication_state(); debug ("AUTH STATE is %d", auth_flag); +#endif for (mode = 0; mode < MODE_MAX; mode++) { newkeys = xcalloc(1, sizeof(*newkeys)); kex->newkeys[mode] = newkeys; @@ -444,6 +453,7 @@ kex_choose_conf(Kex *kex) choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]); choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]); choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); +#ifdef NONE_CIPHER_ENABLED debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); if (strcmp(newkeys->enc.name, "none") == 0) { debug("Requesting NONE. Authflag is %d", auth_flag); @@ -453,6 +463,7 @@ kex_choose_conf(Kex *kex) fatal("Pre-authentication none cipher requests " "are not allowed."); } +#endif debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, Modified: user/brooks/openssh-hpn/kex.h ============================================================================== --- user/brooks/openssh-hpn/kex.h Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/kex.h Fri Jun 17 20:55:35 2011 (r223204) @@ -140,7 +140,9 @@ struct Kex { int kex_names_valid(const char *); +#ifdef NONE_CIPHER_ENABLED void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]); +#endif Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); Modified: user/brooks/openssh-hpn/myproposal.h ============================================================================== --- user/brooks/openssh-hpn/myproposal.h Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/myproposal.h Fri Jun 17 20:55:35 2011 (r223204) @@ -75,8 +75,10 @@ "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" +#ifdef NONE_CIPHER_ENABLED #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ ",none" +#endif #define KEX_DEFAULT_MAC \ "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ Modified: user/brooks/openssh-hpn/packet.c ============================================================================== --- user/brooks/openssh-hpn/packet.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/packet.c Fri Jun 17 20:55:35 2011 (r223204) @@ -195,7 +195,9 @@ struct session_state { }; static struct session_state *active_state, *backup_state; +#ifdef NONE_CIPHER_ENABLED static int rekey_requested = 0; +#endif static struct session_state * alloc_session_state(void) @@ -1862,11 +1864,13 @@ packet_send_ignore(int nbytes) } } +#ifdef NONE_CIPHER_ENABLED void packet_request_rekeying(void) { rekey_requested = 1; } +#endif #define MAX_PACKETS (1U<<31) int @@ -1874,10 +1878,12 @@ packet_need_rekeying(void) { if (datafellows & SSH_BUG_NOREKEY) return 0; +#ifdef NONE_CIPHER_ENABLED if (rekey_requested == 1) { rekey_requested = 0; return 1; } +#endif return (active_state->p_send.packets > MAX_PACKETS) || (active_state->p_read.packets > MAX_PACKETS) || @@ -1970,8 +1976,10 @@ packet_restore_state(void) } } +#ifdef NONE_CIPHER_ENABLED int packet_get_authentication_state(void) { return (active_state->after_authentication); } +#endif Modified: user/brooks/openssh-hpn/packet.h ============================================================================== --- user/brooks/openssh-hpn/packet.h Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/packet.h Fri Jun 17 20:55:35 2011 (r223204) @@ -38,7 +38,9 @@ void packet_set_interactive(int, int int packet_is_interactive(void); void packet_set_server(void); void packet_set_authenticated(void); +#ifdef NONE_CIPHER_ENABLED int packet_get_authentication_state(void); +#endif void packet_start(u_char); void packet_put_char(int ch); @@ -118,7 +120,9 @@ do { \ } while (0) int packet_need_rekeying(void); +#ifdef NONE_CIPHER_ENABLED void packet_request_rekeying(void); +#endif void packet_set_rekey_limit(u_int32_t); void packet_backup_state(void); Modified: user/brooks/openssh-hpn/readconf.c ============================================================================== --- user/brooks/openssh-hpn/readconf.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/readconf.c Fri Jun 17 20:55:35 2011 (r223204) @@ -136,7 +136,9 @@ typedef enum { oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, oKexAlgorithms, oIPQoS, oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf, +#ifdef NONE_CIPHER_ENABLED oNoneEnabled, oNoneSwitch, +#endif oDeprecated, oUnsupported } OpCodes; @@ -251,8 +253,10 @@ static struct { { "hpnbuffersize", oHPNBufferSize }, { "tcprcvbufpoll", oTcpRcvBufPoll }, { "tcprcvbuf", oTcpRcvBuf }, +#ifdef NONE_CIPHER_ENABLED { "noneenabled", oNoneEnabled }, { "noneswitch", oNoneSwitch }, +#endif { NULL, oBadOption } }; @@ -1021,6 +1025,7 @@ parse_int: intptr = &options->tcp_rcv_buf; goto parse_int; +#ifdef NONE_CIPHER_ENABLED case oNoneEnabled: intptr = &options->none_enabled; goto parse_flag; @@ -1043,6 +1048,7 @@ parse_int: error("Continuing..."); return 0; } +#endif case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", @@ -1208,8 +1214,10 @@ initialize_options(Options * options) options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; options->tcp_rcv_buf = -1; +#ifdef NONE_CIPHER_ENABLED options->none_enabled = -1; options->none_switch = -1; +#endif } /* @@ -1399,9 +1407,11 @@ fill_default_options(Options * options) options->tcp_rcv_buf *= 1024; if (options->tcp_rcv_buf_poll == -1) options->tcp_rcv_buf_poll = 1; +#ifdef NONE_CIPHER_ENABLED /* options->none_enabled must not be set by default */ if (options->none_switch == -1) options->none_switch = 0; +#endif } /* Modified: user/brooks/openssh-hpn/readconf.h ============================================================================== --- user/brooks/openssh-hpn/readconf.h Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/readconf.h Fri Jun 17 20:55:35 2011 (r223204) @@ -139,9 +139,10 @@ typedef struct { * transfer. */ int tcp_rcv_buf; /* User switch to set tcp recv buffer. */ +#ifdef NONE_CIPHER_ENABLED int none_enabled; /* Allow none to be used */ int none_switch; /* Use none cipher */ - +#endif } Options; #define SSHCTL_MASTER_NO 0 Modified: user/brooks/openssh-hpn/servconf.c ============================================================================== --- user/brooks/openssh-hpn/servconf.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/servconf.c Fri Jun 17 20:55:35 2011 (r223204) @@ -142,7 +142,9 @@ initialize_server_options(ServerOptions options->hpn_disabled = -1; options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; +#ifdef NONE_CIPHER_ENABLED options->none_enabled = -1; +#endif } void @@ -492,7 +494,9 @@ static struct { { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, +#ifdef NONE_CIPHER_ENABLED { "noneenabled", sNoneEnabled, SSHCFG_ALL }, +#endif { NULL, sBadOption, 0 } }; @@ -1451,9 +1455,11 @@ process_server_config_line(ServerOptions intptr = &options->tcp_rcv_buf_poll; goto parse_flag; +#ifdef NONE_CIPHER_ENABLED case sNoneEnabled: intptr = &options->none_enabled; goto parse_flag; +#endif case sDeprecated: logit("%s line %d: Deprecated option %s", Modified: user/brooks/openssh-hpn/servconf.h ============================================================================== --- user/brooks/openssh-hpn/servconf.h Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/servconf.h Fri Jun 17 20:55:35 2011 (r223204) @@ -166,7 +166,9 @@ typedef struct { int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning * kernels. */ +#ifdef NONE_CIPHER_ENABLED int none_enabled; /* Enable NONE cipher switch. */ +#endif } ServerOptions; void initialize_server_options(ServerOptions *); Modified: user/brooks/openssh-hpn/ssh.c ============================================================================== --- user/brooks/openssh-hpn/ssh.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/ssh.c Fri Jun 17 20:55:35 2011 (r223204) @@ -545,6 +545,7 @@ main(int ac, char **av) break; case 'T': no_tty_flag = 1; +#ifdef NONE_CIPHER_ENABLED /* * Ensure that the user does not try to backdoor a * NONE cipher switch on an interactive session by @@ -552,6 +553,7 @@ main(int ac, char **av) * session without a tty. */ options.none_switch = 0; +#endif break; case 'o': dummy = 1; Modified: user/brooks/openssh-hpn/sshconnect2.c ============================================================================== --- user/brooks/openssh-hpn/sshconnect2.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/sshconnect2.c Fri Jun 17 20:55:35 2011 (r223204) @@ -81,6 +81,7 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; +#ifdef NONE_CIPHER_ENABLED extern Kex *xxx_kex; /* @@ -89,6 +90,7 @@ extern Kex *xxx_kex; */ extern int tty_flag; +#endif /* * SSH2 key exchange @@ -427,6 +429,7 @@ ssh_userauth2(const char *local_user, co pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); +#ifdef NONE_CIPHER_ENABLED /* * If the user explicitly requests to use the none cipher enable it * post authentication and only if the right conditions are met: both @@ -448,6 +451,7 @@ ssh_userauth2(const char *local_user, co "a TTY is allocated\n"); } } +#endif debug("Authentication succeeded (%s).", authctxt.method->name); } Modified: user/brooks/openssh-hpn/sshd.c ============================================================================== --- user/brooks/openssh-hpn/sshd.c Fri Jun 17 20:54:32 2011 (r223203) +++ user/brooks/openssh-hpn/sshd.c Fri Jun 17 20:55:35 2011 (r223204) @@ -2291,10 +2291,12 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; +#ifdef NONE_CIPHER_ENABLED } else if (options.none_enabled == 1) { debug ("WARNING: None cipher enabled"); myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE; +#endif } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);