Module Name: src
Committed By: christos
Date: Mon Oct 20 03:05:13 UTC 2014
Modified Files:
src/crypto/external/bsd/openssh/dist: auth.h compat.c mac.c
monitor_wrap.c monitor_wrap.h packet.c sshconnect2.c umac.c
src/crypto/external/bsd/openssh/lib: Makefile
Added Files:
src/crypto/external/bsd/openssh/dist: umac128.c
Log Message:
- remove some more jpake remnants.
- try to fix umac; probably still broken on hosts that require strict
alignment, but it is still a start.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth.h
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/compat.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/mac.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/monitor_wrap.h
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/umac.c
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/openssh/dist/umac128.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/lib/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/auth.h
diff -u src/crypto/external/bsd/openssh/dist/auth.h:1.8 src/crypto/external/bsd/openssh/dist/auth.h:1.9
--- src/crypto/external/bsd/openssh/dist/auth.h:1.8 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/auth.h Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: auth.h,v 1.8 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: auth.h,v 1.9 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
/*
@@ -62,7 +62,6 @@ struct Authctxt {
char *style;
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
- void *jpake_ctx;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
Index: src/crypto/external/bsd/openssh/dist/compat.c
diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.7 src/crypto/external/bsd/openssh/dist/compat.c:1.8
--- src/crypto/external/bsd/openssh/dist/compat.c:1.7 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/compat.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: compat.c,v 1.85 2014/04/20 02:49:32 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <stdlib.h>
@@ -179,6 +179,7 @@ compat_datafellows(const char *version)
if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
datafellows = check[i].bugs;
+ /* Check to see if the remote side is OpenSSH and not HPN */
if(strstr(version,"OpenSSH") != NULL)
{
if (strstr(version,"hpn") == NULL)
Index: src/crypto/external/bsd/openssh/dist/mac.c
diff -u src/crypto/external/bsd/openssh/dist/mac.c:1.9 src/crypto/external/bsd/openssh/dist/mac.c:1.10
--- src/crypto/external/bsd/openssh/dist/mac.c:1.9 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/mac.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <openssl/hmac.h>
@@ -153,14 +153,12 @@ mac_init(Mac *mac)
ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
return -1;
return 0;
-#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key);
return 0;
case SSH_UMAC128:
mac->umac_ctx = umac128_new(mac->key);
return 0;
-#endif
default:
return -1;
}
@@ -174,9 +172,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u
u_int64_t for_align;
} u;
u_char b[4];
-#ifdef UMAC_HAS_BEEN_UNBROKEN
u_char nonce[8];
-#endif
if (mac->mac_len > sizeof(u))
fatal("mac_compute: mac too long %u %zu",
@@ -192,7 +188,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u
ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
fatal("ssh_hmac failed");
break;
-#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
put_u64(nonce, seqno);
umac_update(mac->umac_ctx, data, datalen);
@@ -203,7 +198,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u
umac128_update(mac->umac_ctx, data, datalen);
umac128_final(mac->umac_ctx, u.m, nonce);
break;
-#endif
default:
fatal("mac_compute: unknown MAC type");
}
@@ -213,16 +207,13 @@ mac_compute(Mac *mac, u_int32_t seqno, u
void
mac_clear(Mac *mac)
{
-#ifdef UMAC_HAS_BEEN_UNBROKEN
if (mac->type == SSH_UMAC) {
if (mac->umac_ctx != NULL)
umac_delete(mac->umac_ctx);
} else if (mac->type == SSH_UMAC128) {
if (mac->umac_ctx != NULL)
umac128_delete(mac->umac_ctx);
- } else
-#endif
- if (mac->hmac_ctx != NULL)
+ } else if (mac->hmac_ctx != NULL)
ssh_hmac_free(mac->hmac_ctx);
mac->hmac_ctx = NULL;
mac->umac_ctx = NULL;
Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.9 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.10
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.9 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */
/*
* Copyright 2002 Niels Provos <[email protected]>
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/queue.h>
@@ -1268,168 +1268,6 @@ mm_ssh_gssapi_userok(char *user)
}
#endif /* GSSAPI */
-#ifdef JPAKE
-void
-mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
- char **hash_scheme, char **salt)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_GET_PWDATA, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_GET_PWDATA, &m);
-
- *hash_scheme = buffer_get_string(&m, NULL);
- *salt = buffer_get_string(&m, NULL);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step1(struct modp_group *grp,
- u_char **id, u_int *id_len,
- BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
- u_char **priv1_proof, u_int *priv1_proof_len,
- u_char **priv2_proof, u_int *priv2_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP1, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP1, &m);
-
- if ((*priv1 = BN_new()) == NULL ||
- (*priv2 = BN_new()) == NULL ||
- (*g_priv1 = BN_new()) == NULL ||
- (*g_priv2 = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- *id = buffer_get_string(&m, id_len);
- /* priv1 and priv2 are, well, private */
- buffer_get_bignum2(&m, *g_priv1);
- buffer_get_bignum2(&m, *g_priv2);
- *priv1_proof = buffer_get_string(&m, priv1_proof_len);
- *priv2_proof = buffer_get_string(&m, priv2_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
- BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
- const u_char *theirid, u_int theirid_len,
- const u_char *myid, u_int myid_len,
- const u_char *theirpub1_proof, u_int theirpub1_proof_len,
- const u_char *theirpub2_proof, u_int theirpub2_proof_len,
- BIGNUM **newpub,
- u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except theirpub1, theirpub2 */
- buffer_put_bignum2(&m, theirpub1);
- buffer_put_bignum2(&m, theirpub2);
- /* monitor already knows our id */
- buffer_put_string(&m, theirid, theirid_len);
- buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
- buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_STEP2, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_STEP2, &m);
-
- if ((*newpub = BN_new()) == NULL)
- fatal("%s: BN_new", __func__);
-
- buffer_get_bignum2(&m, *newpub);
- *newpub_exponent_proof = buffer_get_string(&m,
- newpub_exponent_proof_len);
-
- buffer_free(&m);
-}
-
-void
-mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
- BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
- BIGNUM *theirpub1, BIGNUM *theirpub2,
- const u_char *my_id, u_int my_id_len,
- const u_char *their_id, u_int their_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
- BIGNUM **k,
- u_char **confirm_hash, u_int *confirm_hash_len)
-{
- Buffer m;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* monitor already has all bignums except step2_val */
- buffer_put_bignum2(&m, step2_val);
- /* monitor already knows all the ids */
- buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
-
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
-
- /* 'k' is sensitive and stays in the monitor */
- *confirm_hash = buffer_get_string(&m, confirm_hash_len);
-
- buffer_free(&m);
-}
-
-int
-mm_jpake_check_confirm(const BIGNUM *k,
- const u_char *peer_id, u_int peer_id_len,
- const u_char *sess_id, u_int sess_id_len,
- const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
-{
- Buffer m;
- int success = 0;
-
- debug3("%s entering", __func__);
-
- buffer_init(&m);
- /* k is dummy in slave, ignored */
- /* monitor knows all the ids */
- buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
- mm_request_send(pmonitor->m_recvfd,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
-
- debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd,
- MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
-
- success = buffer_get_int(&m);
- buffer_free(&m);
-
- debug3("%s: success = %d", __func__, success);
- return success;
-}
-#endif /* JPAKE */
-
#ifdef KRB4
int
mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.h
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.h:1.6 src/crypto/external/bsd/openssh/dist/monitor_wrap.h:1.7
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.h:1.6 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.h Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor_wrap.h,v 1.6 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: monitor_wrap.h,v 1.7 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.24 2014/01/29 06:18:35 djm Exp $ */
/*
@@ -97,25 +97,6 @@ int mm_bsdauth_respond(void *, u_int, ch
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);
-/* jpake */
-struct modp_group;
-void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **);
-void mm_jpake_step1(struct modp_group *, u_char **, u_int *,
- BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
- u_char **, u_int *, u_char **, u_int *);
-void mm_jpake_step2(struct modp_group *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-void mm_jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
- BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
- const u_char *, u_int, const u_char *, u_int,
- const u_char *, u_int, const u_char *, u_int,
- BIGNUM **, u_char **, u_int *);
-int mm_jpake_check_confirm(const BIGNUM *,
- const u_char *, u_int, const u_char *, u_int, const u_char *, u_int);
-
/* auth_krb */
#ifdef KRB4
int mm_auth_krb4(struct Authctxt *, void *, char **, void *);
Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.13 src/crypto/external/bsd/openssh/dist/packet.c:1.14
--- src/crypto/external/bsd/openssh/dist/packet.c:1.13 Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/packet.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: packet.c,v 1.13 2014/10/19 16:30:58 christos Exp $ */
+/* $NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.13 2014/10/19 16:30:58 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
@@ -944,6 +944,7 @@ packet_send2_wrapped(void)
len, padlen, aadlen));
/* compute MAC over seqnr and packet(length fields, payload, padding) */
+debug("mac %p, %d %d\n", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
if (mac && mac->enabled && !mac->etm) {
macbuf = mac_compute(mac, active_state->p_send.seqnr,
buffer_ptr(&active_state->outgoing_packet), len);
Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.16 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.17
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.16 Sun Oct 19 12:30:59 2014
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: sshconnect2.c,v 1.16 2014/10/19 16:30:59 christos Exp $ */
+/* $NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,7 +26,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.16 2014/10/19 16:30:59 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
@@ -306,9 +306,6 @@ int userauth_passwd(Authctxt *);
int userauth_kbdint(Authctxt *);
int userauth_hostbased(Authctxt *);
int userauth_kerberos(Authctxt *);
-int userauth_jpake(Authctxt *);
-
-void userauth_jpake_cleanup(Authctxt *);
#ifdef GSSAPI
int userauth_gssapi(Authctxt *authctxt);
@@ -1614,79 +1611,6 @@ userauth_hostbased(Authctxt *authctxt)
return 1;
}
-#ifdef JPAKE
-int
-userauth_jpake(Authctxt *authctxt)
-{
- struct jpake_ctx *pctx;
- u_char *x1_proof, *x2_proof;
- u_int x1_proof_len, x2_proof_len;
- static int attempt = 0; /* XXX share with userauth_password's? */
-
- if (attempt++ >= options.number_of_password_prompts)
- return 0;
- if (attempt != 1)
- error("Permission denied, please try again.");
-
- if (authctxt->methoddata != NULL)
- fatal("%s: authctxt->methoddata already set (%p)",
- __func__, authctxt->methoddata);
-
- authctxt->methoddata = pctx = jpake_new();
-
- /*
- * Send request immediately, to get the protocol going while
- * we do the initial computations.
- */
- packet_start(SSH2_MSG_USERAUTH_REQUEST);
- packet_put_cstring(authctxt->server_user);
- packet_put_cstring(authctxt->service);
- packet_put_cstring(authctxt->method->name);
- packet_send();
- packet_write_wait();
-
- jpake_step1(pctx->grp,
- &pctx->client_id, &pctx->client_id_len,
- &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
- &x1_proof, &x1_proof_len,
- &x2_proof, &x2_proof_len);
-
- JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
-
- packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
- packet_put_string(pctx->client_id, pctx->client_id_len);
- packet_put_bignum2(pctx->g_x1);
- packet_put_bignum2(pctx->g_x2);
- packet_put_string(x1_proof, x1_proof_len);
- packet_put_string(x2_proof, x2_proof_len);
- packet_send();
-
- bzero(x1_proof, x1_proof_len);
- bzero(x2_proof, x2_proof_len);
- free(x1_proof);
- free(x2_proof);
-
- /* Expect step 1 packet from peer */
- dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
- input_userauth_jpake_server_step1);
- dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
- &input_userauth_success_unexpected);
-
- return 1;
-}
-
-void
-userauth_jpake_cleanup(Authctxt *authctxt)
-{
- debug3("%s: clean up", __func__);
- if (authctxt->methoddata != NULL) {
- jpake_free(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
- dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
-}
-#endif /* JPAKE */
-
#if KRB5
static int
ssh_krb5_helper(krb5_data *ap)
Index: src/crypto/external/bsd/openssh/dist/umac.c
diff -u src/crypto/external/bsd/openssh/dist/umac.c:1.5 src/crypto/external/bsd/openssh/dist/umac.c:1.6
--- src/crypto/external/bsd/openssh/dist/umac.c:1.5 Sun Oct 19 12:30:59 2014
+++ src/crypto/external/bsd/openssh/dist/umac.c Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: umac.c,v 1.5 2014/10/19 16:30:59 christos Exp $ */
+/* $NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */
/* -----------------------------------------------------------------------
*
@@ -53,7 +53,9 @@
/* --- User Switches ---------------------------------------------------- */
/* ---------------------------------------------------------------------- */
+#ifndef UMAC_OUTPUT_LEN
#define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */
+#endif
/* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */
/* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */
/* #define SSE2 0 Is SSE2 is available? */
@@ -65,13 +67,14 @@
/* ---------------------------------------------------------------------- */
#include "includes.h"
-__RCSID("$NetBSD: umac.c,v 1.5 2014/10/19 16:30:59 christos Exp $");
+__RCSID("$NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
-#include <endian.h>
+#include <sys/endian.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <time.h>
#include "xmalloc.h"
#include "umac.h"
@@ -124,17 +127,6 @@ typedef unsigned int UWORD; /* Register
#define MUL64(a,b) ((UINT64)((UINT64)(UINT32)(a) * (UINT64)(UINT32)(b)))
-#if defined(__NetBSD__)
-#include <sys/endian.h>
-#define LOAD_UINT32_LITTLE(ptr) le32toh(*ptr)
-#define STORE_UINT32_BIG(ptr,x) (*(UINT32 *)(ptr) = htobe32(x))
-#define LOAD_UINT32_REVERSED(p) (bswap32(*(UINT32 *)(p)))
-#define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = bswap32(v))
-#else /* !NetBSD */
-
- /* ---------------------------------------------------------------------- */
- /* --- Endian Conversion --- Forcing assembly on some platforms */
-
/* ---------------------------------------------------------------------- */
/* --- Endian Conversion --- Forcing assembly on some platforms */
/* ---------------------------------------------------------------------- */
@@ -150,7 +142,6 @@ typedef unsigned int UWORD; /* Register
#define LOAD_UINT32_REVERSED(p) get_u32_le(p)
#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v)
#endif
-#endif /*!NetBSD*/
#define LOAD_UINT32_LITTLE(p) (get_u32_le(p))
#define STORE_UINT32_BIG(p,v) put_u32(p, v)
@@ -238,6 +229,26 @@ static void pdf_init(pdf_ctx *pc, aes_in
aes_encryption(pc->nonce, pc->cache, pc->prf_key);
}
+static inline void
+xor64(uint8_t *dp, int di, uint8_t *sp, int si)
+{
+ uint64_t dst, src;
+ memcpy(&dst, dp + sizeof(dst) * di, sizeof(dst));
+ memcpy(&src, sp + sizeof(src) * si, sizeof(src));
+ dst ^= src;
+ memcpy(dp + sizeof(dst) * di, &dst, sizeof(dst));
+}
+
+static inline void
+xor32(uint8_t *dp, int di, uint8_t *sp, int si)
+{
+ uint32_t dst, src;
+ memcpy(&dst, dp + sizeof(dst) * di, sizeof(dst));
+ memcpy(&src, sp + sizeof(src) * si, sizeof(src));
+ dst ^= src;
+ memcpy(dp + sizeof(dst) * di, &dst, sizeof(dst));
+}
+
static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
{
/* 'ndx' indicates that we'll be using the 0th or 1st eight bytes
@@ -259,27 +270,27 @@ static void pdf_gen_xor(pdf_ctx *pc, con
#if LOW_BIT_MASK != 0
int ndx = nonce[7] & LOW_BIT_MASK;
#endif
- *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1];
+ memcpy(t.tmp_nonce_lo, nonce + 4, sizeof(t.tmp_nonce_lo));
t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */
- if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) ||
- (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) )
+ if (memcmp(t.tmp_nonce_lo, pc->nonce + 1, sizeof(t.tmp_nonce_lo)) != 0 ||
+ memcmp(nonce, pc->nonce, sizeof(t.tmp_nonce_lo)) != 0)
{
- ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0];
- ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0];
+ memcpy(pc->nonce, nonce, sizeof(t.tmp_nonce_lo));
+ memcpy(pc->nonce + 4, t.tmp_nonce_lo, sizeof(t.tmp_nonce_lo));
aes_encryption(pc->nonce, pc->cache, pc->prf_key);
}
#if (UMAC_OUTPUT_LEN == 4)
- *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx];
+ xor32(buf, 0, pc->cache, ndx);
#elif (UMAC_OUTPUT_LEN == 8)
- *((UINT64 *)buf) ^= ((UINT64 *)pc->cache)[ndx];
+ xor64(buf, 0, pc->cache, ndx);
#elif (UMAC_OUTPUT_LEN == 12)
- ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0];
- ((UINT32 *)buf)[2] ^= ((UINT32 *)pc->cache)[2];
+ xor64(buf, 0, pc->cache, 0);
+ xor32(buf, 2, pc->cache, 2);
#elif (UMAC_OUTPUT_LEN == 16)
- ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0];
- ((UINT64 *)buf)[1] ^= ((UINT64 *)pc->cache)[1];
+ xor64(buf, 0, pc->cache, 0);
+ xor64(buf, 1, pc->cache, 1);
#endif
}
@@ -554,8 +565,6 @@ static void nh_transform(nh_ctx *hc, con
/* ---------------------------------------------------------------------- */
-#if (__LITTLE_ENDIAN__)
-#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z))
static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes)
/* We endian convert the keys on little-endian computers to */
/* compensate for the lack of big-endian memory reads during hashing. */
Index: src/crypto/external/bsd/openssh/lib/Makefile
diff -u src/crypto/external/bsd/openssh/lib/Makefile:1.14 src/crypto/external/bsd/openssh/lib/Makefile:1.15
--- src/crypto/external/bsd/openssh/lib/Makefile:1.14 Sun Oct 19 12:30:59 2014
+++ src/crypto/external/bsd/openssh/lib/Makefile Sun Oct 19 23:05:13 2014
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.14 2014/10/19 16:30:59 christos Exp $
+# $NetBSD: Makefile,v 1.15 2014/10/20 03:05:13 christos Exp $
.include <bsd.own.mk>
@@ -73,6 +73,8 @@ ssh-ed25519.c \
ssh-pkcs11.c \
ttymodes.c \
uidswap.c \
+umac.c \
+umac128.c \
uuencode.c \
verify.c \
xmalloc.c
@@ -99,7 +101,6 @@ SRCS+= digest-libc.c
CPPFLAGS+= -DHAVE_BLF_H
-SSHDIST= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist
CPPFLAGS+= -I${SSHDIST}
.PATH: ${SSHDIST}
Added files:
Index: src/crypto/external/bsd/openssh/dist/umac128.c
diff -u /dev/null src/crypto/external/bsd/openssh/dist/umac128.c:1.1
--- /dev/null Sun Oct 19 23:05:13 2014
+++ src/crypto/external/bsd/openssh/dist/umac128.c Sun Oct 19 23:05:13 2014
@@ -0,0 +1,6 @@
+#define UMAC_OUTPUT_LEN 16
+#define umac_new umac128_new
+#define umac_update umac128_update
+#define umac_final umac128_final
+#define umac_delete umac128_delete
+#include "umac.c"
