Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jan 2016 14:38:20 +0000 (UTC)
From:      =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r294325 - in head: . crypto/openssh
Message-ID:  <201601191438.u0JEcKBZ020172@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Tue Jan 19 14:38:20 2016
New Revision: 294325
URL: https://svnweb.freebsd.org/changeset/base/294325

Log:
  As previously threatened, remove the HPN patch from OpenSSH.

Deleted:
  head/crypto/openssh/README.hpn
Modified:
  head/UPDATING
  head/crypto/openssh/buffer.c
  head/crypto/openssh/buffer.h
  head/crypto/openssh/channels.c
  head/crypto/openssh/channels.h
  head/crypto/openssh/clientloop.c
  head/crypto/openssh/compat.c
  head/crypto/openssh/compat.h
  head/crypto/openssh/misc.c
  head/crypto/openssh/misc.h
  head/crypto/openssh/readconf.c
  head/crypto/openssh/readconf.h
  head/crypto/openssh/servconf.c
  head/crypto/openssh/servconf.h
  head/crypto/openssh/serverloop.c
  head/crypto/openssh/session.c
  head/crypto/openssh/sftp.1
  head/crypto/openssh/sftp.c
  head/crypto/openssh/ssh-agent.1
  head/crypto/openssh/ssh.c
  head/crypto/openssh/ssh_config
  head/crypto/openssh/ssh_config.5
  head/crypto/openssh/ssh_namespace.h
  head/crypto/openssh/sshconnect.c
  head/crypto/openssh/sshd.c
  head/crypto/openssh/sshd_config
  head/crypto/openssh/sshd_config.5
  head/crypto/openssh/version.h

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/UPDATING	Tue Jan 19 14:38:20 2016	(r294325)
@@ -31,6 +31,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20160119:
+	The NONE and HPN patches has been removed from OpenSSH.  They are
+	still available in the security/openssh-portable port.
+
 20160113:
 	With the addition of ypldap(8), a new _ypldap user is now required
 	during installworld. "mergemaster -p" can be used to add the user

Modified: head/crypto/openssh/buffer.c
==============================================================================
--- head/crypto/openssh/buffer.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/buffer.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -27,7 +27,7 @@ __RCSID("$FreeBSD$");
 #include "log.h"
 
 #define	BUFFER_MAX_CHUNK	0x100000
-#define	BUFFER_MAX_LEN		0x4000000	/* 64MB */
+#define	BUFFER_MAX_LEN		0xa00000
 #define	BUFFER_ALLOCSZ		0x008000
 
 /* Initializes the buffer structure. */
@@ -167,13 +167,6 @@ buffer_len(const Buffer *buffer)
 	return buffer->end - buffer->offset;
 }
 
-/* Returns the maximum number of bytes of data that may be in the buffer. */
-u_int
-buffer_get_max_len(void)
-{
-	return (BUFFER_MAX_LEN);
-}
-
 /* Gets data from the beginning of the buffer. */
 
 int

Modified: head/crypto/openssh/buffer.h
==============================================================================
--- head/crypto/openssh/buffer.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/buffer.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -47,8 +47,6 @@ int	 buffer_get_ret(Buffer *, void *, u_
 int	 buffer_consume_ret(Buffer *, u_int);
 int	 buffer_consume_end_ret(Buffer *, u_int);
 
-u_int	 buffer_get_max_len(void);
-
 #include <openssl/bn.h>
 
 void    buffer_put_bignum(Buffer *, const BIGNUM *);

Modified: head/crypto/openssh/channels.c
==============================================================================
--- head/crypto/openssh/channels.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/channels.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -174,11 +174,6 @@ static void port_open_helper(Channel *c,
 static int connect_next(struct channel_connect *);
 static void channel_connect_ctx_free(struct channel_connect *);
 
-/* -- HPN */
-
-static int hpn_disabled = 0;
-static u_int buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
-
 /* -- channel core */
 
 Channel *
@@ -325,7 +320,6 @@ channel_new(char *ctype, int type, int r
 	c->self = found;
 	c->type = type;
 	c->ctype = ctype;
-	c->dynamic_window = 0;
 	c->local_window = window;
 	c->local_window_max = window;
 	c->local_consumed = 0;
@@ -826,45 +820,10 @@ channel_pre_open_13(Channel *c, fd_set *
 		FD_SET(c->sock, writeset);
 }
 
-static u_int
-channel_tcpwinsz(void)
-{
-	u_int32_t tcpwinsz;
-	socklen_t optsz;
-	int ret, sd;
-	u_int maxlen;
-
-	/* If we are not on a socket return 128KB. */
-	if (!packet_connection_is_on_socket())
-		return (128 * 1024);
-
-	tcpwinsz = 0;
-	optsz = sizeof(tcpwinsz);
-	sd = packet_get_connection_in();
-	ret = getsockopt(sd, SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-
-	/* Return no more than the maximum buffer size. */
-	maxlen = buffer_get_max_len();
-	if ((ret == 0) && tcpwinsz > maxlen)
-		tcpwinsz = maxlen;
-	/* In case getsockopt() failed return a minimum. */
-	if (tcpwinsz == 0)
-		tcpwinsz = CHAN_TCP_WINDOW_DEFAULT;
-	debug2("tcpwinsz: %d for connection: %d", tcpwinsz, sd);
-	return (tcpwinsz);
-}
-
 static void
 channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
 {
-	u_int limit;
-
-	/* Check buffer limits. */
-	if (!c->tcpwinsz || c->dynamic_window > 0)
-		c->tcpwinsz = channel_tcpwinsz();
-
-	limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(),
-	    2 * c->tcpwinsz);
+	u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
 
 	if (c->istate == CHAN_INPUT_OPEN &&
 	    limit > 0 &&
@@ -1857,25 +1816,14 @@ channel_check_window(Channel *c)
 	    c->local_maxpacket*3) ||
 	    c->local_window < c->local_window_max/2) &&
 	    c->local_consumed > 0) {
-		u_int addition = 0;
-
-		/* Adjust max window size if we are in a dynamic environment. */
-		if (c->dynamic_window && c->tcpwinsz > c->local_window_max) {
-			/*
-			 * Grow the window somewhat aggressively to maintain
-			 * pressure.
-			 */
-			addition = 1.5 * (c->tcpwinsz - c->local_window_max);
-			c->local_window_max += addition;
-		}
 		packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
 		packet_put_int(c->remote_id);
-		packet_put_int(c->local_consumed + addition);
+		packet_put_int(c->local_consumed);
 		packet_send();
 		debug2("channel %d: window %d sent adjust %d",
 		    c->self, c->local_window,
 		    c->local_consumed);
-		c->local_window += c->local_consumed + addition;
+		c->local_window += c->local_consumed;
 		c->local_consumed = 0;
 	}
 	return 1;
@@ -2739,14 +2687,6 @@ channel_set_af(int af)
 	IPv4or6 = af;
 }
 
-void
-channel_set_hpn(int disabled, u_int buf_size)
-{
-	hpn_disabled = disabled;
-	buffer_size = buf_size;
-	debug("HPN Disabled: %d, HPN Buffer Size: %d",
-	    hpn_disabled, buffer_size);
-}
 
 /*
  * Determine whether or not a port forward listens to loopback, the
@@ -2924,18 +2864,10 @@ channel_setup_fwd_listener(int type, con
 			    *allocated_listen_port);
 		}
 
-		/*
-		 * Allocate a channel number for the socket.  Explicitly test
-		 * for hpn disabled option.  If true use smaller window size.
-		 */
-		if (hpn_disabled)
-			c = channel_new("port listener", type, sock, sock, -1,
-			    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-			    0, "port listener", 1);
-		else
-			c = channel_new("port listener", type, sock, sock, -1,
-			    buffer_size, CHAN_TCP_PACKET_DEFAULT,
-			    0, "port listener", 1);
+		/* Allocate a channel number for the socket. */
+		c = channel_new("port listener", type, sock, sock, -1,
+		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+		    0, "port listener", 1);
 		c->path = xstrdup(host);
 		c->host_port = port_to_connect;
 		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
@@ -3583,16 +3515,10 @@ x11_create_display_inet(int x11_display_
 	*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
 	for (n = 0; n < num_socks; n++) {
 		sock = socks[n];
-		if (hpn_disabled)
-			nc = channel_new("x11 listener",
-			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-			    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-			    0, "X11 inet listener", 1);
-		else
-			nc = channel_new("x11 listener",
-			    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
-			    buffer_size, CHAN_X11_PACKET_DEFAULT,
-			    0, "X11 inet listener", 1);
+		nc = channel_new("x11 listener",
+		    SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+		    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+		    0, "X11 inet listener", 1);
 		nc->single_connection = single_connection;
 		(*chanids)[n] = nc->self;
 	}

Modified: head/crypto/openssh/channels.h
==============================================================================
--- head/crypto/openssh/channels.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/channels.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -133,8 +133,6 @@ struct Channel {
 	u_int	local_window_max;
 	u_int	local_consumed;
 	u_int	local_maxpacket;
-	u_int	tcpwinsz;
-	int	dynamic_window;
 	int     extended_usage;
 	int	single_connection;
 
@@ -176,7 +174,6 @@ struct Channel {
 #define CHAN_TCP_WINDOW_DEFAULT	(64*CHAN_TCP_PACKET_DEFAULT)
 #define CHAN_X11_PACKET_DEFAULT	(16*1024)
 #define CHAN_X11_WINDOW_DEFAULT	(4*CHAN_X11_PACKET_DEFAULT)
-#define CHAN_HPN_MIN_WINDOW_DEFAULT	(2*1024*1024)
 
 /* possible input states */
 #define CHAN_INPUT_OPEN			0
@@ -310,8 +307,4 @@ void	 chan_rcvd_ieof(Channel *);
 void	 chan_write_failed(Channel *);
 void	 chan_obuf_empty(Channel *);
 
-/* hpn handler */
-
-void	channel_set_hpn(int, u_int);
-
 #endif

Modified: head/crypto/openssh/clientloop.c
==============================================================================
--- head/crypto/openssh/clientloop.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/clientloop.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -1892,14 +1892,9 @@ client_request_x11(const char *request_t
 	sock = x11_connect_display();
 	if (sock < 0)
 		return NULL;
-	if (options.hpn_disabled)
-		c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-		    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-		    0, "x11", 1);
-	else
-		c = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-		    options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
-		    0, "x11", 1);
+	c = channel_new("x11",
+	    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
 	c->force_drain = 1;
 	return c;
 }
@@ -1919,16 +1914,10 @@ client_request_agent(const char *request
 	sock = ssh_get_authentication_socket();
 	if (sock < 0)
 		return NULL;
-	if (options.hpn_disabled)
-		c = channel_new("authentication agent connection",
-		    SSH_CHANNEL_OPEN, sock, sock, -1,
-		    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-		    "authentication agent connection", 1);
-	else
-		c = channel_new("authentication agent connection",
-		    SSH_CHANNEL_OPEN, sock, sock, -1,
-		    options.hpn_buffer_size, options.hpn_buffer_size, 0,
-		    "authentication agent connection", 1);
+	c = channel_new("authentication agent connection",
+	    SSH_CHANNEL_OPEN, sock, sock, -1,
+	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+	    "authentication agent connection", 1);
 	c->force_drain = 1;
 	return c;
 }
@@ -1955,14 +1944,8 @@ client_request_tun_fwd(int tun_mode, int
 		return -1;
 	}
 
-	if (options.hpn_disabled)
-		c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-		    0, "tun", 1);
-	else
-		c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
-		    0, "tun", 1);
+	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
 	c->datagram = 1;
 
 #if defined(SSH_TUN_FILTER)

Modified: head/crypto/openssh/compat.c
==============================================================================
--- head/crypto/openssh/compat.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/compat.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -178,16 +178,6 @@ compat_datafellows(const char *version)
 			datafellows = check[i].bugs;
 			debug("match: %s pat %s compat 0x%08x",
 			    version, check[i].pat, datafellows);
-			/*
-			 * Check to see if the remote side is OpenSSH and not
-			 * HPN.  It is utterly strange to check it from the
-			 * version string and expose the option that way.
-			 */
-			if (strstr(version,"OpenSSH") != NULL &&
-			    strstr(version,"hpn") == NULL) {
-				datafellows |= SSH_BUG_LARGEWINDOW;
-				debug("Remote is not HPN-aware");
-			}
 			return;
 		}
 	}

Modified: head/crypto/openssh/compat.h
==============================================================================
--- head/crypto/openssh/compat.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/compat.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -62,8 +62,6 @@
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
 #define SSH_BUG_CURVE25519PAD	0x10000000
 
-#define SSH_BUG_LARGEWINDOW	0x80000000
-
 void     enable_compat13(void);
 void     enable_compat20(void);
 void     compat_datafellows(const char *);

Modified: head/crypto/openssh/misc.c
==============================================================================
--- head/crypto/openssh/misc.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/misc.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -1037,34 +1037,3 @@ sock_set_v6only(int s)
 		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
 #endif
 }
-
-void
-sock_get_rcvbuf(int *size, int rcvbuf)
-{
-	int sock, socksize;
-	socklen_t socksizelen = sizeof(socksize);
-
-	/*
-	 * Create a socket but do not connect it.  We use it
-	 * only to get the rcv socket size.
-	 */
-	sock = socket(AF_INET6, SOCK_STREAM, 0);
-	if (sock < 0)
-		sock = socket(AF_INET, SOCK_STREAM, 0);
-	if (sock < 0)
-		return;
-
-	/*
-	 * If the tcp_rcv_buf option is set and passed in, attempt to set the
-	 *  buffer size to its value.
-	 */
-	if (rcvbuf)
-		setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&rcvbuf,
-		    sizeof(rcvbuf));
-
-	if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-	    &socksize, &socksizelen) == 0)
-		if (size != NULL)
-			*size = socksize;
-	close(sock);
-}

Modified: head/crypto/openssh/misc.h
==============================================================================
--- head/crypto/openssh/misc.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/misc.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -40,7 +40,6 @@ time_t	 monotime(void);
 void	 lowercase(char *s);
 
 void	 sock_set_v6only(int);
-void	 sock_get_rcvbuf(int *, int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);

Modified: head/crypto/openssh/readconf.c
==============================================================================
--- head/crypto/openssh/readconf.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/readconf.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -152,9 +152,8 @@ typedef enum {
 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
-	oIgnoredUnknownOption,
-	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
-	oVersionAddendum, oDeprecated, oUnsupported
+	oVersionAddendum,
+	oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -267,10 +266,6 @@ static struct {
 	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
 	{ "ignoreunknown", oIgnoreUnknown },
-	{ "hpndisabled", oHPNDisabled },
-	{ "hpnbuffersize", oHPNBufferSize },
-	{ "tcprcvbufpoll", oTcpRcvBufPoll },
-	{ "tcprcvbuf", oTcpRcvBuf },
 	{ "versionaddendum", oVersionAddendum },
 
 	{ NULL, oBadOption }
@@ -1352,22 +1347,6 @@ parse_int:
 		multistate_ptr = multistate_requesttty;
 		goto parse_multistate;
 
-	case oHPNDisabled:
-		intptr = &options->hpn_disabled;
-		goto parse_flag;
-
-	case oHPNBufferSize:
-		intptr = &options->hpn_buffer_size;
-		goto parse_int;
-
-	case oTcpRcvBufPoll:
-		intptr = &options->tcp_rcv_buf_poll;
-		goto parse_flag;
-
-	case oTcpRcvBuf:
-		intptr = &options->tcp_rcv_buf;
-		goto parse_int;
-
 	case oVersionAddendum:
 		if (s == NULL)
 			fatal("%.200s line %d: Missing argument.", filename,
@@ -1623,10 +1602,6 @@ initialize_options(Options * options)
 	options->canonicalize_fallback_local = -1;
 	options->canonicalize_hostname = -1;
 	options->version_addendum = NULL;
-	options->hpn_disabled = -1;
-	options->hpn_buffer_size = -1;
-	options->tcp_rcv_buf_poll = -1;
-	options->tcp_rcv_buf = -1;
 }
 
 /*
@@ -1821,31 +1796,6 @@ fill_default_options(Options * options)
 	/* options->preferred_authentications will be set in ssh */
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
-	if (options->hpn_disabled == -1)
-		options->hpn_disabled = 0;
-	if (options->hpn_buffer_size > -1)
-	{
-		u_int maxlen;
-
-		/* If a user tries to set the size to 0 set it to 1KB. */
-		if (options->hpn_buffer_size == 0)
-			options->hpn_buffer_size = 1024;
-		/* Limit the buffer to BUFFER_MAX_LEN. */
-		maxlen = buffer_get_max_len();
-		if (options->hpn_buffer_size > (maxlen / 1024)) {
-			debug("User requested buffer larger than %ub: %ub. "
-			    "Request reverted to %ub", maxlen,
-			    options->hpn_buffer_size * 1024, maxlen);
-			options->hpn_buffer_size = maxlen;
-		}
-		debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
-	}
-	if (options->tcp_rcv_buf == 0)
-		options->tcp_rcv_buf = 1;
-	if (options->tcp_rcv_buf > -1)
-		options->tcp_rcv_buf *= 1024;
-	if (options->tcp_rcv_buf_poll == -1)
-		options->tcp_rcv_buf_poll = 1;
 }
 
 /*

Modified: head/crypto/openssh/readconf.h
==============================================================================
--- head/crypto/openssh/readconf.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/readconf.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -153,17 +153,9 @@ typedef struct {
 	int	num_permitted_cnames;
 	struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
 
-	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
-
 	char   *version_addendum;	/* Appended to SSH banner */
 
-	int	hpn_disabled;	/* Switch to disable HPN buffer management. */
-	int	hpn_buffer_size;	/* User definable size for HPN buffer
-					 * window. */
-	int	tcp_rcv_buf_poll;	/* Option to poll recv buf every window
-					 * transfer. */
-	int	tcp_rcv_buf;	/* User switch to set tcp recv buffer. */
-
+	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
 #define SSH_CANONICALISE_NO	0

Modified: head/crypto/openssh/servconf.c
==============================================================================
--- head/crypto/openssh/servconf.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/servconf.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -155,9 +155,6 @@ initialize_server_options(ServerOptions 
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
-	options->hpn_disabled = -1;
-	options->hpn_buffer_size = -1;
-	options->tcp_rcv_buf_poll = -1;
 }
 
 void
@@ -318,38 +315,6 @@ fill_default_server_options(ServerOption
 	}
 #endif
 
-	if (options->hpn_disabled == -1)
-		options->hpn_disabled = 0;
-	if (options->hpn_buffer_size == -1) {
-		/*
-		 * HPN buffer size option not explicitly set.  Try to figure
-		 * out what value to use or resort to default.
-		 */
-		options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-		if (!options->hpn_disabled) {
-			sock_get_rcvbuf(&options->hpn_buffer_size, 0);
-			debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-		}
-	} else {
-		/*
-		 * In the case that the user sets both values in a
-		 * contradictory manner hpn_disabled overrrides hpn_buffer_size.
-		 */
-		if (options->hpn_disabled <= 0) {
-			u_int maxlen;
-
-			maxlen = buffer_get_max_len();
-			if (options->hpn_buffer_size == 0)
-				options->hpn_buffer_size = 1;
-			/* Limit the maximum buffer to BUFFER_MAX_LEN. */
-			if (options->hpn_buffer_size > maxlen / 1024)
-				options->hpn_buffer_size = maxlen;
-			else
-				options->hpn_buffer_size *= 1024;
-		} else {
-			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
-		}
-	}
 }
 
 /* Keyword tokens. */
@@ -385,7 +350,6 @@ typedef enum {
 	sKexAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent,
-	sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -512,9 +476,6 @@ static struct {
 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
-	{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
-	{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
-	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1661,18 +1622,6 @@ process_server_config_line(ServerOptions
 		}
 		return 0;
 
-	case sHPNDisabled:
-		intptr = &options->hpn_disabled;
-		goto parse_flag;
-
-	case sHPNBufferSize:
-		intptr = &options->hpn_buffer_size;
-		goto parse_int;
-
-	case sTcpRcvBufPoll:
-		intptr = &options->tcp_rcv_buf_poll;
-		goto parse_flag;
-
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);

Modified: head/crypto/openssh/servconf.h
==============================================================================
--- head/crypto/openssh/servconf.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/servconf.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -181,10 +181,6 @@ typedef struct {
 
 	char   *version_addendum;	/* Appended to SSH banner */
 
-	int	hpn_disabled;		/* Disable HPN functionality. */
-	int	hpn_buffer_size;	/* Set HPN buffer size - default 2MB.*/
-	int	tcp_rcv_buf_poll;	/* Poll TCP rcv window in autotuning
-					 * kernels. */
 	u_int	num_auth_methods;
 	char   *auth_methods[MAX_AUTH_METHODS];
 }       ServerOptions;

Modified: head/crypto/openssh/serverloop.c
==============================================================================
--- head/crypto/openssh/serverloop.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/serverloop.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -1016,14 +1016,8 @@ server_request_tun(void)
 	sock = tun_open(tun, mode);
 	if (sock < 0)
 		goto done;
-	if (options.hpn_disabled)
-		c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
-		    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-		    "tun", 1);
-	else
-		c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
-		    options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
-		    "tun", 1);
+	c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
 	c->datagram = 1;
 #if defined(SSH_TUN_FILTER)
 	if (mode == SSH_TUNMODE_POINTOPOINT)
@@ -1059,8 +1053,6 @@ server_request_session(void)
 	c = channel_new("session", SSH_CHANNEL_LARVAL,
 	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
 	    0, "server-session", 1);
-	if (!options.hpn_disabled && options.tcp_rcv_buf_poll)
-		c->dynamic_window = 1;
 	if (session_open(the_authctxt, c->self) != 1) {
 		debug("session open failed, free channel %d", c->self);
 		channel_free(c);

Modified: head/crypto/openssh/session.c
==============================================================================
--- head/crypto/openssh/session.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/session.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -237,10 +237,7 @@ auth_input_request_forwarding(struct pas
 		goto authsock_err;
 	}
 
-	/*
-	 * Allocate a channel for the authentication agent socket.
-	 * Ignore HPN on that one given no improvement expected.
-	 */
+	/* Allocate a channel for the authentication agent socket. */
 	nc = channel_new("auth socket",
 	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
 	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
@@ -2346,14 +2343,10 @@ session_set_fds(Session *s, int fdin, in
 	 */
 	if (s->chanid == -1)
 		fatal("no channel for session %d", s->self);
-	if (options.hpn_disabled)
-		channel_set_fds(s->chanid, fdout, fdin, fderr,
-		    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
-		    1, is_tty, CHAN_SES_WINDOW_DEFAULT);
-	else
-		channel_set_fds(s->chanid, fdout, fdin, fderr,
-		    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
-		    1, is_tty, options.hpn_buffer_size);
+	channel_set_fds(s->chanid,
+	    fdout, fdin, fderr,
+	    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+	    1, is_tty, CHAN_SES_WINDOW_DEFAULT);
 }
 
 /*

Modified: head/crypto/openssh/sftp.1
==============================================================================
--- head/crypto/openssh/sftp.1	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/sftp.1	Tue Jan 19 14:38:20 2016	(r294325)
@@ -261,8 +261,7 @@ diagnostic messages from
 Specify how many requests may be outstanding at any one time.
 Increasing this may slightly improve file transfer speed
 but will increase memory usage.
-The default is 256 outstanding requests providing for 8MB
-of outstanding data with a 32KB buffer.
+The default is 64 outstanding requests.
 .It Fl r
 Recursively copy entire directories when uploading and downloading.
 Note that

Modified: head/crypto/openssh/sftp.c
==============================================================================
--- head/crypto/openssh/sftp.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/sftp.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -69,7 +69,7 @@ typedef void EditLine;
 #include "sftp-client.h"
 
 #define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
-#define DEFAULT_NUM_REQUESTS	256	/* # concurrent outstanding requests */
+#define DEFAULT_NUM_REQUESTS	64	/* # concurrent outstanding requests */
 
 /* File to read commands from */
 FILE* infile;

Modified: head/crypto/openssh/ssh-agent.1
==============================================================================
--- head/crypto/openssh/ssh-agent.1	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/ssh-agent.1	Tue Jan 19 14:38:20 2016	(r294325)
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 7, 2013
+.Dd $Mdocdate: December 7 2013 $
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME

Modified: head/crypto/openssh/ssh.c
==============================================================================
--- head/crypto/openssh/ssh.c	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/ssh.c	Tue Jan 19 14:38:20 2016	(r294325)
@@ -633,13 +633,11 @@ main(int ac, char **av)
 		case 'V':
 			if (options.version_addendum &&
 			    *options.version_addendum != '\0')
-				fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE,
-				    options.hpn_disabled ? "" : SSH_VERSION_HPN,
+				fprintf(stderr, "%s %s, %s\n", SSH_RELEASE,
 				    options.version_addendum,
 				    SSLeay_version(SSLEAY_VERSION));
 			else
-				fprintf(stderr, "%s%s, %s\n", SSH_RELEASE,
-				    options.hpn_disabled ? "" : SSH_VERSION_HPN,
+				fprintf(stderr, "%s, %s\n", SSH_RELEASE,
 				    SSLeay_version(SSLEAY_VERSION));
 			if (opt == 'V')
 				exit(0);
@@ -1657,46 +1655,9 @@ ssh_session2_open(void)
 	if (!isatty(err))
 		set_nonblock(err);
 
-	/*
-	 * We need to check to see what to do about buffer sizes here.
-	 * - In an HPN to non-HPN connection we want to limit the window size to
-	 *   something reasonable in case the far side has the large window bug.
-	 * - In an HPN to HPN connection we want to use the max window size but
-	 *   allow the user to override it.
-	 * - Lastly if HPN is disabled then use the ssh standard window size.
-	 *
-	 * We cannot just do a getsockopt() here and set the ssh window to that
-	 * as in case of autotuning of socket buffers the window would get stuck
-	 * at the initial buffer size, generally less than 96k.  Therefore we
-	 * need to set the maximum ssh window size to the maximum HPN buffer
-	 * size unless the user has set TcpRcvBufPoll to no.  In that case we
-	 * can just set the window to the minimum of HPN buffer size and TCP
-	 * receive buffer size.
-	 */
-	if (tty_flag)
-		options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
-	else
-		options.hpn_buffer_size = CHAN_HPN_MIN_WINDOW_DEFAULT;
-
-	if (datafellows & SSH_BUG_LARGEWINDOW) {
-		debug("HPN to Non-HPN Connection");
-	} else if (options.tcp_rcv_buf_poll <= 0) {
-		sock_get_rcvbuf(&options.hpn_buffer_size, 0);
-		debug("HPNBufferSize set to TCP RWIN: %d",
-		    options.hpn_buffer_size);
-	} else if (options.tcp_rcv_buf > 0) {
-		sock_get_rcvbuf(&options.hpn_buffer_size,
-		    options.tcp_rcv_buf);
-		debug("HPNBufferSize set to user TCPRcvBuf: %d",
-		    options.hpn_buffer_size);
-	}
-	debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
-	channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-	window = options.hpn_buffer_size;
-
+	window = CHAN_SES_WINDOW_DEFAULT;
 	packetmax = CHAN_SES_PACKET_DEFAULT;
 	if (tty_flag) {
-		window = CHAN_SES_WINDOW_DEFAULT;
 		window >>= 1;
 		packetmax >>= 1;
 	}
@@ -1704,10 +1665,6 @@ ssh_session2_open(void)
 	    "session", SSH_CHANNEL_OPENING, in, out, err,
 	    window, packetmax, CHAN_EXTENDED_WRITE,
 	    "client-session", /*nonblock*/0);
-	if (!options.hpn_disabled && options.tcp_rcv_buf_poll > 0) {
-		c->dynamic_window = 1;
-		debug("Enabled Dynamic Window Scaling\n");
-	}
 
 	debug3("ssh_session2_open: channel_new: %d", c->self);
 

Modified: head/crypto/openssh/ssh_config
==============================================================================
--- head/crypto/openssh/ssh_config	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/ssh_config	Tue Jan 19 14:38:20 2016	(r294325)
@@ -48,4 +48,4 @@
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
 #   VerifyHostKeyDNS yes
-#   VersionAddendum FreeBSD-20140420
+#   VersionAddendum FreeBSD-20160119

Modified: head/crypto/openssh/ssh_config.5
==============================================================================
--- head/crypto/openssh/ssh_config.5	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/ssh_config.5	Tue Jan 19 14:38:20 2016	(r294325)
@@ -1423,7 +1423,7 @@ See also VERIFYING HOST KEYS in
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20140420 .
+.Dq FreeBSD-20160119 .
 The value
 .Dq none
 may be used to disable this.

Modified: head/crypto/openssh/ssh_namespace.h
==============================================================================
--- head/crypto/openssh/ssh_namespace.h	Tue Jan 19 14:25:22 2016	(r294324)
+++ head/crypto/openssh/ssh_namespace.h	Tue Jan 19 14:38:20 2016	(r294325)
@@ -7,7 +7,11 @@
  *
  * A list of symbols which need munging is obtained as follows:
  *
- * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort -u
+ # nm libprivatessh.a | LC_ALL=C awk '
+     /^[0-9a-z]+ [Tt] [A-Za-z_][0-9A-Za-z_]*$/ && $3 !~ /^ssh_/ {
+         printf("#define %-39s ssh_%s\n", $3, $3)
+     }' | unexpand -a | LC_ALL=C sort -u
+ *
  * $FreeBSD$
  */
 
@@ -20,9 +24,13 @@
 #define a2port					ssh_a2port
 #define a2tun					ssh_a2tun
 #define add_host_to_hostfile			ssh_add_host_to_hostfile
+#define add_p1p1				ssh_add_p1p1
 #define addargs					ssh_addargs
 #define addr_match_cidr_list			ssh_addr_match_cidr_list
 #define addr_match_list				ssh_addr_match_list
+#define addr_netmatch				ssh_addr_netmatch
+#define addr_pton				ssh_addr_pton
+#define addr_pton_cidr				ssh_addr_pton_cidr
 #define ask_permission				ssh_ask_permission
 #define atomicio				ssh_atomicio
 #define atomicio6				ssh_atomicio6
@@ -31,7 +39,10 @@
 #define auth_request_forwarding			ssh_auth_request_forwarding
 #define bandwidth_limit				ssh_bandwidth_limit
 #define bandwidth_limit_init			ssh_bandwidth_limit_init
+#define barrett_reduce				ssh_barrett_reduce
+#define bcrypt_hash				ssh_bcrypt_hash
 #define bcrypt_pbkdf				ssh_bcrypt_pbkdf
+#define bf_ssh1_cipher				ssh_bf_ssh1_cipher
 #define blf_cbc_decrypt				ssh_blf_cbc_decrypt
 #define blf_cbc_encrypt				ssh_blf_cbc_encrypt
 #define blf_dec					ssh_blf_dec
@@ -70,7 +81,6 @@
 #define buffer_get_int64			ssh_buffer_get_int64
 #define buffer_get_int64_ret			ssh_buffer_get_int64_ret
 #define buffer_get_int_ret			ssh_buffer_get_int_ret
-#define buffer_get_max_len			ssh_buffer_get_max_len
 #define buffer_get_ret				ssh_buffer_get_ret
 #define buffer_get_short			ssh_buffer_get_short
 #define buffer_get_short_ret			ssh_buffer_get_short_ret
@@ -95,6 +105,7 @@
 #define buffer_put_short			ssh_buffer_put_short
 #define buffer_put_string			ssh_buffer_put_string
 #define buffer_uncompress			ssh_buffer_uncompress
+#define cert_free				ssh_cert_free
 #define chacha_encrypt_bytes			ssh_chacha_encrypt_bytes
 #define chacha_ivsetup				ssh_chacha_ivsetup
 #define chacha_keysetup				ssh_chacha_keysetup
@@ -109,6 +120,10 @@
 #define chan_rcvd_ieof				ssh_chan_rcvd_ieof
 #define chan_rcvd_oclose			ssh_chan_rcvd_oclose
 #define chan_read_failed			ssh_chan_read_failed
+#define chan_send_eof2				ssh_chan_send_eof2
+#define chan_send_oclose1			ssh_chan_send_oclose1
+#define chan_shutdown_read			ssh_chan_shutdown_read
+#define chan_shutdown_write			ssh_chan_shutdown_write
 #define chan_write_failed			ssh_chan_write_failed
 #define channel_add_adm_permitted_opens		ssh_channel_add_adm_permitted_opens
 #define channel_add_permitted_opens		ssh_channel_add_permitted_opens
@@ -121,6 +136,7 @@
 #define channel_clear_permitted_opens		ssh_channel_clear_permitted_opens
 #define channel_close_all			ssh_channel_close_all
 #define channel_close_fd			ssh_channel_close_fd
+#define channel_close_fds			ssh_channel_close_fds
 #define channel_connect_by_listen_address	ssh_channel_connect_by_listen_address
 #define channel_connect_stdio_fwd		ssh_channel_connect_stdio_fwd
 #define channel_connect_to			ssh_channel_connect_to
@@ -128,6 +144,8 @@
 #define channel_find_open			ssh_channel_find_open
 #define channel_free				ssh_channel_free
 #define channel_free_all			ssh_channel_free_all
+#define channel_fwd_bind_addr			ssh_channel_fwd_bind_addr
+#define channel_handler				ssh_channel_handler
 #define channel_input_close			ssh_channel_input_close
 #define channel_input_close_confirmation	ssh_channel_input_close_confirmation
 #define channel_input_data			ssh_channel_input_data
@@ -146,11 +164,28 @@
 #define channel_open_message			ssh_channel_open_message
 #define channel_output_poll			ssh_channel_output_poll
 #define channel_permit_all_opens		ssh_channel_permit_all_opens
-#define channel_post				ssh_channel_post
-#define channel_pre				ssh_channel_pre
+#define channel_post_auth_listener		ssh_channel_post_auth_listener
+#define channel_post_connecting			ssh_channel_post_connecting
+#define channel_post_mux_client			ssh_channel_post_mux_client
+#define channel_post_mux_listener		ssh_channel_post_mux_listener
+#define channel_post_open			ssh_channel_post_open
+#define channel_post_output_drain_13		ssh_channel_post_output_drain_13
+#define channel_post_port_listener		ssh_channel_post_port_listener
+#define channel_post_x11_listener		ssh_channel_post_x11_listener
+#define channel_pre_connecting			ssh_channel_pre_connecting
+#define channel_pre_dynamic			ssh_channel_pre_dynamic
+#define channel_pre_input_draining		ssh_channel_pre_input_draining
+#define channel_pre_listener			ssh_channel_pre_listener
+#define channel_pre_mux_client			ssh_channel_pre_mux_client
+#define channel_pre_open			ssh_channel_pre_open
+#define channel_pre_open_13			ssh_channel_pre_open_13
+#define channel_pre_output_draining		ssh_channel_pre_output_draining
+#define channel_pre_x11_open			ssh_channel_pre_x11_open
+#define channel_pre_x11_open_13			ssh_channel_pre_x11_open_13
 #define channel_prepare_select			ssh_channel_prepare_select
 #define channel_print_adm_permitted_opens	ssh_channel_print_adm_permitted_opens
 #define channel_register_cleanup		ssh_channel_register_cleanup
+#define channel_register_fds			ssh_channel_register_fds
 #define channel_register_filter			ssh_channel_register_filter
 #define channel_register_open_confirm		ssh_channel_register_open_confirm
 #define channel_register_status_confirm		ssh_channel_register_status_confirm
@@ -161,14 +196,17 @@
 #define channel_send_window_changes		ssh_channel_send_window_changes
 #define channel_set_af				ssh_channel_set_af
 #define channel_set_fds				ssh_channel_set_fds
-#define channel_set_hpn				ssh_channel_set_hpn
+#define channel_setup_fwd_listener		ssh_channel_setup_fwd_listener
 #define channel_setup_local_fwd_listener	ssh_channel_setup_local_fwd_listener
 #define channel_setup_remote_fwd_listener	ssh_channel_setup_remote_fwd_listener
 #define channel_still_open			ssh_channel_still_open
 #define channel_stop_listening			ssh_channel_stop_listening
 #define channel_update_permitted_opens		ssh_channel_update_permitted_opens
+#define check_crc				ssh_check_crc
+#define check_hostkeys_by_key_or_type		ssh_check_hostkeys_by_key_or_type
 #define check_key_in_hostkeys			ssh_check_key_in_hostkeys
 #define choose_dh				ssh_choose_dh
+#define choose_t				ssh_choose_t
 #define chop					ssh_chop
 #define cipher_alg_list				ssh_cipher_alg_list
 #define cipher_authlen				ssh_cipher_authlen
@@ -198,15 +236,17 @@
 #define cleanup_exit				ssh_cleanup_exit
 #define clear_cached_addr			ssh_clear_cached_addr
 #define colon					ssh_colon
-#define compat13				ssh_compat13
-#define compat20				ssh_compat20
+#define compare					ssh_compare
+#define compare_gps				ssh_compare_gps
 #define compat_cipher_proposal			ssh_compat_cipher_proposal
 #define compat_datafellows			ssh_compat_datafellows
+#define compat_kex_proposal			ssh_compat_kex_proposal
 #define compat_pkalg_proposal			ssh_compat_pkalg_proposal
+#define connect_next				ssh_connect_next
+#define connect_to				ssh_connect_to
 #define convtime				ssh_convtime
 #define crypto_hash_sha512			ssh_crypto_hash_sha512
 #define crypto_hashblocks_sha512		ssh_crypto_hashblocks_sha512
-#define crypto_scalarmult_curve25519		ssh_crypto_scalarmult_curve25519
 #define crypto_sign_ed25519			ssh_crypto_sign_ed25519
 #define crypto_sign_ed25519_keypair		ssh_crypto_sign_ed25519_keypair
 #define crypto_sign_ed25519_open		ssh_crypto_sign_ed25519_open
@@ -227,7 +267,6 @@
 #define crypto_sign_ed25519_ref_fe25519_square	ssh_crypto_sign_ed25519_ref_fe25519_square
 #define crypto_sign_ed25519_ref_fe25519_sub	ssh_crypto_sign_ed25519_ref_fe25519_sub
 #define crypto_sign_ed25519_ref_fe25519_unpack	ssh_crypto_sign_ed25519_ref_fe25519_unpack
-#define crypto_sign_ed25519_ref_ge25519_base	ssh_crypto_sign_ed25519_ref_ge25519_base
 #define crypto_sign_ed25519_ref_isneutral_vartime ssh_crypto_sign_ed25519_ref_isneutral_vartime
 #define crypto_sign_ed25519_ref_pack		ssh_crypto_sign_ed25519_ref_pack
 #define crypto_sign_ed25519_ref_sc25519_2interleave2 ssh_crypto_sign_ed25519_ref_sc25519_2interleave2
@@ -248,8 +287,7 @@
 #define crypto_sign_ed25519_ref_shortsc25519_from16bytes ssh_crypto_sign_ed25519_ref_shortsc25519_from16bytes
 #define crypto_sign_ed25519_ref_unpackneg_vartime ssh_crypto_sign_ed25519_ref_unpackneg_vartime
 #define crypto_verify_32			ssh_crypto_verify_32
-#define current_keys				ssh_current_keys
-#define datafellows				ssh_datafellows
+#define dbl_p1p1				ssh_dbl_p1p1
 #define debug					ssh_debug
 #define debug2					ssh_debug2
 #define debug3					ssh_debug3
@@ -264,8 +302,6 @@
 #define dh_new_group14				ssh_dh_new_group14
 #define dh_new_group_asc			ssh_dh_new_group_asc
 #define dh_pub_is_valid				ssh_dh_pub_is_valid
-#define digests					ssh_digests
-#define dispatch				ssh_dispatch
 #define dispatch_init				ssh_dispatch_init
 #define dispatch_protocol_error			ssh_dispatch_protocol_error
 #define dispatch_protocol_ignore		ssh_dispatch_protocol_ignore
@@ -283,6 +319,7 @@
 #define explicit_bzero				ssh_explicit_bzero
 #define export_dns_rr				ssh_export_dns_rr
 #define fatal					ssh_fatal
+#define filter_proposal				ssh_filter_proposal
 #define fmt_scaled				ssh_fmt_scaled
 #define free_hostkeys				ssh_free_hostkeys
 #define freeargs				ssh_freeargs
@@ -298,20 +335,27 @@
 #define get_remote_name_or_ip			ssh_get_remote_name_or_ip
 #define get_remote_port				ssh_get_remote_port
 #define get_sock_port				ssh_get_sock_port
+#define get_socket_address			ssh_get_socket_address
 #define get_u16					ssh_get_u16
 #define get_u32					ssh_get_u32
 #define get_u64					ssh_get_u64
 #define getrrsetbyname				ssh_getrrsetbyname
 #define glob					ssh_glob
+#define glob0					ssh_glob0
+#define glob2					ssh_glob2
+#define globexp1				ssh_globexp1
+#define globextend				ssh_globextend
 #define globfree				ssh_globfree
 #define host_hash				ssh_host_hash
 #define hostfile_read_key			ssh_hostfile_read_key
 #define hpdelim					ssh_hpdelim
-#define incoming_stream				ssh_incoming_stream
 #define init_hostkeys				ssh_init_hostkeys
 #define iptos2str				ssh_iptos2str
 #define ipv64_normalise_mapped			ssh_ipv64_normalise_mapped
+#define is_key_revoked				ssh_is_key_revoked
+#define kex_alg_by_name				ssh_kex_alg_by_name
 #define kex_alg_list				ssh_kex_alg_list
+#define kex_buf2prop				ssh_kex_buf2prop
 #define kex_c25519_hash				ssh_kex_c25519_hash
 #define kex_derive_keys				ssh_kex_derive_keys
 #define kex_derive_keys_bn			ssh_kex_derive_keys_bn
@@ -321,6 +365,8 @@
 #define kex_get_newkeys				ssh_kex_get_newkeys
 #define kex_input_kexinit			ssh_kex_input_kexinit
 #define kex_names_valid				ssh_kex_names_valid
+#define kex_prop_free				ssh_kex_prop_free
+#define kex_protocol_error			ssh_kex_protocol_error
 #define kex_send_kexinit			ssh_kex_send_kexinit
 #define kex_setup				ssh_kex_setup
 #define kexc25519_client			ssh_kexc25519_client

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601191438.u0JEcKBZ020172>