Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ssh Resolve conflicts.
details: https://anonhg.NetBSD.org/src/rev/1246f6ea28d5
branches: trunk
changeset: 573869:1246f6ea28d5
user: christos <christos%NetBSD.org@localhost>
date: Sun Feb 13 05:57:25 2005 +0000
description:
Resolve conflicts.
diffstat:
crypto/dist/ssh/LICENCE | 23 +-
crypto/dist/ssh/README.smartcard | 12 +-
crypto/dist/ssh/RFC.nroff | 1780 -------------------------------------
crypto/dist/ssh/atomicio.c | 40 +-
crypto/dist/ssh/atomicio.h | 12 +-
crypto/dist/ssh/auth-chall.c | 13 +-
crypto/dist/ssh/auth-krb4.c | 370 -------
crypto/dist/ssh/auth-krb5.c | 25 +-
crypto/dist/ssh/auth-options.c | 8 +-
crypto/dist/ssh/auth-passwd.c | 92 +-
crypto/dist/ssh/auth-rh-rsa.c | 13 +-
crypto/dist/ssh/auth-rhosts.c | 12 +-
crypto/dist/ssh/auth-rsa.c | 20 +-
crypto/dist/ssh/auth.c | 42 +-
crypto/dist/ssh/auth.h | 39 +-
crypto/dist/ssh/auth1.c | 146 +--
crypto/dist/ssh/auth2-chall.c | 9 +-
crypto/dist/ssh/auth2-hostbased.c | 12 +-
crypto/dist/ssh/auth2-krb5.c | 70 -
crypto/dist/ssh/auth2-none.c | 21 +-
crypto/dist/ssh/auth2-passwd.c | 25 +-
crypto/dist/ssh/auth2-pubkey.c | 21 +-
crypto/dist/ssh/auth2.c | 52 +-
crypto/dist/ssh/authfd.c | 59 +-
crypto/dist/ssh/authfile.c | 30 +-
crypto/dist/ssh/bufaux.c | 47 +-
crypto/dist/ssh/buffer.c | 11 +-
crypto/dist/ssh/canohost.c | 89 +-
crypto/dist/ssh/channels.c | 470 ++++++--
crypto/dist/ssh/channels.h | 14 +-
crypto/dist/ssh/cipher.c | 414 +-------
crypto/dist/ssh/clientloop.c | 625 +++++++++++-
crypto/dist/ssh/clientloop.h | 8 +-
crypto/dist/ssh/compat.c | 13 +-
crypto/dist/ssh/compress.c | 16 +-
crypto/dist/ssh/deattack.c | 6 +-
crypto/dist/ssh/dh.c | 51 +-
crypto/dist/ssh/dh.h | 5 +-
crypto/dist/ssh/dispatch.c | 6 +-
crypto/dist/ssh/dns.c | 3 +-
crypto/dist/ssh/fatal.c | 8 +-
crypto/dist/ssh/groupaccess.c | 6 +-
crypto/dist/ssh/hostfile.c | 14 +-
crypto/dist/ssh/hostfile.h | 8 +-
crypto/dist/ssh/includes.h | 5 +-
crypto/dist/ssh/kex.c | 53 +-
crypto/dist/ssh/kexdhc.c | 17 +-
crypto/dist/ssh/kexdhs.c | 17 +-
crypto/dist/ssh/kexgexc.c | 15 +-
crypto/dist/ssh/key.c | 56 +-
crypto/dist/ssh/log.c | 101 +-
crypto/dist/ssh/log.h | 13 +-
crypto/dist/ssh/mac.c | 8 +-
crypto/dist/ssh/misc.c | 55 +-
crypto/dist/ssh/misc.h | 27 +-
crypto/dist/ssh/moduli | 159 ---
crypto/dist/ssh/moduli.5 | 165 ---
crypto/dist/ssh/monitor.c | 284 ++++-
crypto/dist/ssh/monitor.h | 10 +-
crypto/dist/ssh/monitor_fdpass.c | 16 +-
crypto/dist/ssh/monitor_mm.c | 8 +-
crypto/dist/ssh/monitor_mm.h | 4 +-
crypto/dist/ssh/monitor_wrap.c | 156 ++-
crypto/dist/ssh/monitor_wrap.h | 17 +-
crypto/dist/ssh/mpaux.c | 48 -
crypto/dist/ssh/mpaux.h | 23 -
crypto/dist/ssh/msg.c | 45 +-
crypto/dist/ssh/msg.h | 6 +-
crypto/dist/ssh/nchan.c | 68 +-
crypto/dist/ssh/nchan2.ms | 10 +-
crypto/dist/ssh/packet.c | 84 +-
crypto/dist/ssh/packet.h | 8 +-
crypto/dist/ssh/pathnames.h | 10 +-
crypto/dist/ssh/progressmeter.c | 424 ++++----
crypto/dist/ssh/radix.c | 160 ---
crypto/dist/ssh/radix.h | 29 -
crypto/dist/ssh/readconf.c | 238 +++-
crypto/dist/ssh/readconf.h | 29 +-
crypto/dist/ssh/readpass.h | 20 -
crypto/dist/ssh/readpassphrase.3 | 118 --
crypto/dist/ssh/readpassphrase.c | 133 --
crypto/dist/ssh/readpassphrase.h | 47 -
crypto/dist/ssh/rijndael.c | 140 +-
crypto/dist/ssh/scard.c | 15 +-
crypto/dist/ssh/scard.h | 5 +-
crypto/dist/ssh/scp.c | 160 +-
crypto/dist/ssh/servconf.c | 213 ++-
crypto/dist/ssh/servconf.h | 35 +-
crypto/dist/ssh/serverloop.c | 90 +-
crypto/dist/ssh/session.c | 437 +++++---
crypto/dist/ssh/session.h | 18 +-
crypto/dist/ssh/sftp-client.c | 98 +-
crypto/dist/ssh/sftp-client.h | 34 +-
crypto/dist/ssh/sftp-common.c | 18 +-
crypto/dist/ssh/sftp-common.h | 12 +-
crypto/dist/ssh/sftp-glob.c | 42 +-
crypto/dist/ssh/sftp-glob.h | 38 -
crypto/dist/ssh/sftp-int.c | 1146 -----------------------
crypto/dist/ssh/sftp-int.h | 28 -
crypto/dist/ssh/sftp-server.c | 92 +-
crypto/dist/ssh/sftp.1 | 236 +++-
crypto/dist/ssh/sftp.c | 1375 +++++++++++++++++++++++++++-
crypto/dist/ssh/ssh-add.1 | 47 +-
crypto/dist/ssh/ssh-add.c | 18 +-
crypto/dist/ssh/ssh-agent.1 | 34 +-
crypto/dist/ssh/ssh-agent.c | 57 +-
crypto/dist/ssh/ssh-dss.c | 24 +-
crypto/dist/ssh/ssh-keygen.1 | 156 ++-
crypto/dist/ssh/ssh-keygen.c | 148 ++-
crypto/dist/ssh/ssh-keyscan.1 | 59 +-
crypto/dist/ssh/ssh-keyscan.c | 25 +-
crypto/dist/ssh/ssh-keysign.8 | 8 +-
crypto/dist/ssh/ssh-keysign.c | 15 +-
crypto/dist/ssh/ssh-rsa.c | 45 +-
crypto/dist/ssh/ssh.1 | 634 ++++++++-----
crypto/dist/ssh/ssh.c | 512 +++++++---
crypto/dist/ssh/ssh.h | 7 +-
crypto/dist/ssh/ssh1.h | 10 +-
crypto/dist/ssh/ssh_config | 7 +-
crypto/dist/ssh/ssh_config.5 | 290 ++++-
crypto/dist/ssh/sshconnect.c | 207 +++-
crypto/dist/ssh/sshconnect1.c | 44 +-
crypto/dist/ssh/sshconnect2.c | 639 +++++++++---
crypto/dist/ssh/sshd.8 | 126 +-
crypto/dist/ssh/sshd.c | 512 +++++++---
crypto/dist/ssh/sshd_config | 33 +-
crypto/dist/ssh/sshd_config.5 | 173 ++-
crypto/dist/ssh/sshlogin.c | 90 +-
crypto/dist/ssh/sshpty.c | 163 +--
crypto/dist/ssh/sshpty.h | 8 +-
crypto/dist/ssh/sshtty.c | 21 +-
crypto/dist/ssh/sshtty.h | 49 -
crypto/dist/ssh/tildexpand.c | 8 +-
crypto/dist/ssh/tildexpand.h | 16 -
crypto/dist/ssh/tree.h | 669 -------------
crypto/dist/ssh/ttymodes.c | 6 +-
crypto/dist/ssh/uuencode.c | 8 +-
crypto/dist/ssh/version.h | 8 +-
138 files changed, 7517 insertions(+), 9037 deletions(-)
diffs (truncated from 26263 to 300 lines):
diff -r 295820ac4817 -r 1246f6ea28d5 crypto/dist/ssh/LICENCE
--- a/crypto/dist/ssh/LICENCE Sun Feb 13 05:54:27 2005 +0000
+++ b/crypto/dist/ssh/LICENCE Sun Feb 13 05:57:25 2005 +0000
@@ -45,16 +45,16 @@
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office worldwide. More
information can be found e.g. at "http://www.cs.hut.fi/crypto";.
-
+
The legal status of this program is some combination of all these
permissions and restrictions. Use only at your own responsibility.
You will be responsible for any legal consequences yourself; I am not
making any claims whether possessing or using this is legal or not in
your country, and I am not taking any responsibility on your behalf.
-
-
- NO WARRANTY
-
+
+
+ NO WARRANTY
+
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
@@ -64,7 +64,7 @@
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
-
+
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
@@ -112,15 +112,15 @@
with the following license:
* @version 3.0 (December 2000)
- *
+ *
* Optimised ANSI C code for the Rijndael cipher (now AES)
- *
+ *
* @author Vincent Rijmen <vincent.rijmen%esat.kuleuven.ac.be@localhost>
* @author Antoon Bosselaers <antoon.bosselaers%esat.kuleuven.ac.be@localhost>
* @author Paulo Barreto <paulo.barreto%terra.com.br@localhost>
- *
+ *
* This code is hereby placed in the public domain.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -222,6 +222,7 @@
Wesley Griffin
Per Allansson
Nils Nordman
+ Simon Wilkinson
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -244,4 +245,4 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
------
-$OpenBSD: LICENCE,v 1.15 2003/06/12 12:22:47 djm Exp $
+$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $
diff -r 295820ac4817 -r 1246f6ea28d5 crypto/dist/ssh/README.smartcard
--- a/crypto/dist/ssh/README.smartcard Sun Feb 13 05:54:27 2005 +0000
+++ b/crypto/dist/ssh/README.smartcard Sun Feb 13 05:57:25 2005 +0000
@@ -27,8 +27,8 @@
sectok> login -d
sectok> jload /usr/libdata/ssh/Ssh.bin
sectok> setpass
- Enter new AUT0 passphrase:
- Re-enter passphrase:
+ Enter new AUT0 passphrase:
+ Re-enter passphrase:
sectok> quit
Do not forget the passphrase. There is no way to
@@ -59,9 +59,9 @@
$ sectok
sectok> login -d
- sectok> acl 0012 world: w
- world: w
- AUT0: w inval
+ sectok> acl 0012 world: w
+ world: w
+ AUT0: w inval
sectok> quit
If you do this, anyone who has access to your card
@@ -70,4 +70,4 @@
-markus,
Tue Jul 17 23:54:51 CEST 2001
-$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $
+$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $
diff -r 295820ac4817 -r 1246f6ea28d5 crypto/dist/ssh/RFC.nroff
--- a/crypto/dist/ssh/RFC.nroff Sun Feb 13 05:54:27 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1780 +0,0 @@
-.\" -*- nroff -*-
-.\"
-.\" $OpenBSD: RFC.nroff,v 1.2 2000/10/16 09:38:44 djm Exp $
-.\"
-.pl 10.0i
-.po 0
-.ll 7.2i
-.lt 7.2i
-.nr LL 7.2i
-.nr LT 7.2i
-.ds LF Ylonen
-.ds RF FORMFEED[Page %]
-.ds CF
-.ds LH Internet-Draft
-.ds RH 15 November 1995
-.ds CH SSH (Secure Shell) Remote Login Protocol
-.na
-.hy 0
-.in 0
-Network Working Group T. Ylonen
-Internet-Draft Helsinki University of Technology
-draft-ylonen-ssh-protocol-00.txt 15 November 1995
-Expires: 15 May 1996
-
-.in 3
-
-.ce
-The SSH (Secure Shell) Remote Login Protocol
-
-.ti 0
-Status of This Memo
-
-This document is an Internet-Draft. Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its areas,
-and its working groups. Note that other groups may also distribute
-working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other docu-
-ments at any time. It is inappropriate to use Internet-Drafts as
-reference material or to cite them other than as ``work in pro-
-gress.''
-
-To learn the current status of any Internet-Draft, please check the
-``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
-Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
-munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-ftp.isi.edu (US West Coast).
-
-The distribution of this memo is unlimited.
-
-.ti 0
-Introduction
-
-SSH (Secure Shell) is a program to log into another computer over a
-network, to execute commands in a remote machine, and to move files
-from one machine to another. It provides strong authentication and
-secure communications over insecure networks. Its features include
-the following:
-.IP o
-Closes several security holes (e.g., IP, routing, and DNS spoofing).
-New authentication methods: .rhosts together with RSA [RSA] based host
-authentication, and pure RSA authentication.
-.IP o
-All communications are automatically and transparently encrypted.
-Encryption is also used to protect integrity.
-.IP o
-X11 connection forwarding provides secure X11 sessions.
-.IP o
-Arbitrary TCP/IP ports can be redirected over the encrypted channel
-in both directions.
-.IP o
-Client RSA-authenticates the server machine in the beginning of every
-connection to prevent trojan horses (by routing or DNS spoofing) and
-man-in-the-middle attacks, and the server RSA-authenticates the client
-machine before accepting .rhosts or /etc/hosts.equiv authentication
-(to prevent DNS, routing, or IP spoofing).
-.IP o
-An authentication agent, running in the user's local workstation or
-laptop, can be used to hold the user's RSA authentication keys.
-.RT
-
-The goal has been to make the software as easy to use as possible for
-ordinary users. The protocol has been designed to be as secure as
-possible while making it possible to create implementations that
-are easy to use and install. The sample implementation has a number
-of convenient features that are not described in this document as they
-are not relevant for the protocol.
-
-
-.ti 0
-Overview of the Protocol
-
-The software consists of a server program running on a server machine,
-and a client program running on a client machine (plus a few auxiliary
-programs). The machines are connected by an insecure IP [RFC0791]
-network (that can be monitored, tampered with, and spoofed by hostile
-parties).
-
-A connection is always initiated by the client side. The server
-listens on a specific port waiting for connections. Many clients may
-connect to the same server machine.
-
-The client and the server are connected via a TCP/IP [RFC0793] socket
-that is used for bidirectional communication. Other types of
-transport can be used but are currently not defined.
-
-When the client connects the server, the server accepts the connection
-and responds by sending back its version identification string. The
-client parses the server's identification, and sends its own
-identification. The purpose of the identification strings is to
-validate that the connection was to the correct port, declare the
-protocol version number used, and to declare the software version used
-on each side (for debugging purposes). The identification strings are
-human-readable. If either side fails to understand or support the
-other side's version, it closes the connection.
-
-After the protocol identification phase, both sides switch to a packet
-based binary protocol. The server starts by sending its host key
-(every host has an RSA key used to authenticate the host), server key
-(an RSA key regenerated every hour), and other information to the
-client. The client then generates a 256 bit session key, encrypts it
-using both RSA keys (see below for details), and sends the encrypted
-session key and selected cipher type to the server. Both sides then
-turn on encryption using the selected algorithm and key. The server
-sends an encrypted confirmation message to the client.
-
-The client then authenticates itself using any of a number of
-authentication methods. The currently supported authentication
-methods are .rhosts or /etc/hosts.equiv authentication (disabled by
-default), the same with RSA-based host authentication, RSA
-authentication, and password authentication.
-
-After successful authentication, the client makes a number of requests
-to prepare for the session. Typical requests include allocating a
-pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting
-authentication agent forwarding, and executing the shell or a command.
-
-When a shell or command is executed, the connection enters interactive
-session mode. In this mode, data is passed in both directions,
-new forwarded connections may be opened, etc. The interactive session
-normally terminates when the server sends the exit status of the
-program to the client.
-
-
-The protocol makes several reservations for future extensibility.
-First of all, the initial protocol identification messages include the
-protocol version number. Second, the first packet by both sides
-includes a protocol flags field, which can be used to agree on
-extensions in a compatible manner. Third, the authentication and
-session preparation phases work so that the client sends requests to
-the server, and the server responds with success or failure. If the
-client sends a request that the server does not support, the server
-simply returns failure for it. This permits compatible addition of
-new authentication methods and preparation operations. The
-interactive session phase, on the other hand, works asynchronously and
-does not permit the use of any extensions (because there is no easy
-and reliable way to signal rejection to the other side and problems
-would be hard to debug). Any compatible extensions to this phase must
-be agreed upon during any of the earlier phases.
-
-.ti 0
-The Binary Packet Protocol
-
-After the protocol identification strings, both sides only send
-specially formatted packets. The packet layout is as follows:
-.IP o
-Packet length: 32 bit unsigned integer, coded as four 8-bit bytes, msb
-first. Gives the length of the packet, not including the length field
-and padding. The maximum length of a packet (not including the length
-field and padding) is 262144 bytes.
-.IP o
-Padding: 1-8 bytes of random data (or zeroes if not encrypting). The
-amount of padding is (8 - (length % 8)) bytes (where % stands for the
-modulo operator). The rationale for always having some random padding
-at the beginning of each packet is to make known plaintext attacks
-more difficult.
-.IP o
-Packet type: 8-bit unsigned byte. The value 255 is reserved for
-future extension.
-.IP o
-Data: binary data bytes, depending on the packet type. The number of
-data bytes is the "length" field minus 5.
-.IP o
-Check bytes: 32-bit crc, four 8-bit bytes, msb first. The crc is the
-Cyclic Redundancy Check, with the polynomial 0xedb88320, of the
-Padding, Packet type, and Data fields. The crc is computed before
-any encryption.
-.RT
-
-The packet, except for the length field, may be encrypted using any of
-a number of algorithms. The length of the encrypted part (Padding +
-Type + Data + Check) is always a multiple of 8 bytes. Typically the
-cipher is used in a chained mode, with all packets chained together as
-if it was a single data stream (the length field is never included in
Home |
Main Index |
Thread Index |
Old Index