svn commit: r223204 - user/brooks/openssh-hpn

Brooks Davis brooks at FreeBSD.org
Fri Jun 17 20:55:35 UTC 2011 

Author: brooks
Date: Fri Jun 17 20:55:35 2011
New Revision: 223204
URL: http://svn.freebsd.org/changeset/base/223204

Log:
  Wrap all the NONE cipher support from HPN in #ifdef NONE_CIPHER_ENABLED.
  Note that this does not include all references to it in the source.

Modified:
  user/brooks/openssh-hpn/cipher.c
  user/brooks/openssh-hpn/kex.c
  user/brooks/openssh-hpn/kex.h
  user/brooks/openssh-hpn/myproposal.h
  user/brooks/openssh-hpn/packet.c
  user/brooks/openssh-hpn/packet.h
  user/brooks/openssh-hpn/readconf.c
  user/brooks/openssh-hpn/readconf.h
  user/brooks/openssh-hpn/servconf.c
  user/brooks/openssh-hpn/servconf.h
  user/brooks/openssh-hpn/ssh.c
  user/brooks/openssh-hpn/sshconnect2.c
  user/brooks/openssh-hpn/sshd.c

Modified: user/brooks/openssh-hpn/cipher.c
==============================================================================
--- user/brooks/openssh-hpn/cipher.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/cipher.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -163,8 +163,12 @@ ciphers_valid(const char *names)
 	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
 	    (p = strsep(&cp, CIPHER_SEP))) {
 		c = cipher_by_name(p);
+#ifdef NONE_CIPHER_ENABLED
 		if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
 		    c->number != SSH_CIPHER_NONE)) {
+#else
+		if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
+#endif
 			debug("bad cipher %s [%s]", p, names);
 			xfree(cipher_list);
 			return 0;
@@ -338,7 +342,9 @@ cipher_get_keyiv(CipherContext *cc, u_ch
 	int evplen;
 
 	switch (c->number) {
+#ifdef	NONE_CIPHER_ENABLED
 	case SSH_CIPHER_NONE:
+#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:
@@ -373,7 +379,9 @@ cipher_set_keyiv(CipherContext *cc, u_ch
 	int evplen = 0;
 
 	switch (c->number) {
+#ifdef	NONE_CIPHER_ENABLED
 	case SSH_CIPHER_NONE:
+#endif
 	case SSH_CIPHER_SSH2:
 	case SSH_CIPHER_DES:
 	case SSH_CIPHER_BLOWFISH:

Modified: user/brooks/openssh-hpn/kex.c
==============================================================================
--- user/brooks/openssh-hpn/kex.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/kex.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -90,8 +90,13 @@ kex_names_valid(const char *names)
 	return 1;
 }
 
-/* Put algorithm proposal into buffer.  Also used in sshconnect2.c. */
+/* Put algorithm proposal into buffer. */
+#ifndef NONE_CIPHER_ENABLED
+static void
+#else
+/* Also used in sshconnect2.c. */
 void
+#endif
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
 	u_int i;
@@ -407,7 +412,9 @@ kex_choose_conf(Kex *kex)
 	int nenc, nmac, ncomp;
 	u_int mode, ctos, need;
 	int first_kex_follows, type;
+#ifdef	NONE_CIPHER_ENABLED
 	int auth_flag;
+#endif
 
 	my   = kex_buf2prop(&kex->my, NULL);
 	peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -431,8 +438,10 @@ kex_choose_conf(Kex *kex)
 	}
 
 	/* Algorithm Negotiation */
+#ifdef	NONE_CIPHER_ENABLED
 	auth_flag = packet_get_authentication_state();
 	debug ("AUTH STATE is %d", auth_flag);
+#endif
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		newkeys = xcalloc(1, sizeof(*newkeys));
 		kex->newkeys[mode] = newkeys;
@@ -444,6 +453,7 @@ kex_choose_conf(Kex *kex)
 		choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
 		choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
 		choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+#ifdef	NONE_CIPHER_ENABLED
 		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
 		if (strcmp(newkeys->enc.name, "none") == 0) {
 			debug("Requesting NONE. Authflag is %d", auth_flag);			
@@ -453,6 +463,7 @@ kex_choose_conf(Kex *kex)
 				fatal("Pre-authentication none cipher requests "
 				    "are not allowed.");
 		} 
+#endif
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,

Modified: user/brooks/openssh-hpn/kex.h
==============================================================================
--- user/brooks/openssh-hpn/kex.h	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/kex.h	Fri Jun 17 20:55:35 2011	(r223204)
@@ -140,7 +140,9 @@ struct Kex {
 
 int	 kex_names_valid(const char *);
 
+#ifdef	NONE_CIPHER_ENABLED
 void	 kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
+#endif
 
 Kex	*kex_setup(char *[PROPOSAL_MAX]);
 void	 kex_finish(Kex *);

Modified: user/brooks/openssh-hpn/myproposal.h
==============================================================================
--- user/brooks/openssh-hpn/myproposal.h	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/myproposal.h	Fri Jun 17 20:55:35 2011	(r223204)
@@ -75,8 +75,10 @@
 	"arcfour256,arcfour128," \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
+#ifdef	NONE_CIPHER_ENABLED
 #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
 	",none"
+#endif
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160," \
 	"hmac-ripemd160 at openssh.com," \

Modified: user/brooks/openssh-hpn/packet.c
==============================================================================
--- user/brooks/openssh-hpn/packet.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/packet.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -195,7 +195,9 @@ struct session_state {
 };
 
 static struct session_state *active_state, *backup_state;
+#ifdef	NONE_CIPHER_ENABLED
 static int rekey_requested = 0;
+#endif
 
 static struct session_state *
 alloc_session_state(void)
@@ -1862,11 +1864,13 @@ packet_send_ignore(int nbytes)
 	}
 }
 
+#ifdef	NONE_CIPHER_ENABLED
 void
 packet_request_rekeying(void)
 {
 	rekey_requested = 1;
 }
+#endif
 
 #define MAX_PACKETS	(1U<<31)
 int
@@ -1874,10 +1878,12 @@ packet_need_rekeying(void)
 {
 	if (datafellows & SSH_BUG_NOREKEY)
 		return 0;
+#ifdef	NONE_CIPHER_ENABLED
 	if (rekey_requested == 1) {
 		rekey_requested = 0;
 		return 1;
 	}
+#endif
 	return
 	    (active_state->p_send.packets > MAX_PACKETS) ||
 	    (active_state->p_read.packets > MAX_PACKETS) ||
@@ -1970,8 +1976,10 @@ packet_restore_state(void)
 	}
 }
 
+#ifdef	NONE_CIPHER_ENABLED
 int
 packet_get_authentication_state(void)
 {
 	return (active_state->after_authentication);
 }
+#endif

Modified: user/brooks/openssh-hpn/packet.h
==============================================================================
--- user/brooks/openssh-hpn/packet.h	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/packet.h	Fri Jun 17 20:55:35 2011	(r223204)
@@ -38,7 +38,9 @@ void     packet_set_interactive(int, int
 int      packet_is_interactive(void);
 void     packet_set_server(void);
 void     packet_set_authenticated(void);
+#ifdef	NONE_CIPHER_ENABLED
 int      packet_get_authentication_state(void);
+#endif
 
 void     packet_start(u_char);
 void     packet_put_char(int ch);
@@ -118,7 +120,9 @@ do { \
 } while (0)
 
 int	 packet_need_rekeying(void);
+#ifdef	NONE_CIPHER_ENABLED
 void	 packet_request_rekeying(void);
+#endif
 void	 packet_set_rekey_limit(u_int32_t);
 
 void	 packet_backup_state(void);

Modified: user/brooks/openssh-hpn/readconf.c
==============================================================================
--- user/brooks/openssh-hpn/readconf.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/readconf.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -136,7 +136,9 @@ typedef enum {
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
 	oKexAlgorithms, oIPQoS,
 	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
+#ifdef	NONE_CIPHER_ENABLED
 	oNoneEnabled, oNoneSwitch,
+#endif
 	oDeprecated, oUnsupported
 } OpCodes;
 
@@ -251,8 +253,10 @@ static struct {
 	{ "hpnbuffersize", oHPNBufferSize },
 	{ "tcprcvbufpoll", oTcpRcvBufPoll },
 	{ "tcprcvbuf", oTcpRcvBuf },
+#ifdef	NONE_CIPHER_ENABLED
 	{ "noneenabled", oNoneEnabled },
 	{ "noneswitch", oNoneSwitch },
+#endif
 
 	{ NULL, oBadOption }
 };
@@ -1021,6 +1025,7 @@ parse_int:
 		intptr = &options->tcp_rcv_buf;
 		goto parse_int;
 
+#ifdef	NONE_CIPHER_ENABLED
 	case oNoneEnabled:
 		intptr = &options->none_enabled;
 		goto parse_flag;
@@ -1043,6 +1048,7 @@ parse_int:
 			error("Continuing...");
 			return 0;
 	        }
+#endif
 
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
@@ -1208,8 +1214,10 @@ initialize_options(Options * options)
 	options->hpn_buffer_size = -1;
 	options->tcp_rcv_buf_poll = -1;
 	options->tcp_rcv_buf = -1;
+#ifdef NONE_CIPHER_ENABLED
 	options->none_enabled = -1;
 	options->none_switch = -1;
+#endif
 }
 
 /*
@@ -1399,9 +1407,11 @@ fill_default_options(Options * options)
 		options->tcp_rcv_buf *= 1024;
 	if (options->tcp_rcv_buf_poll == -1)
 		options->tcp_rcv_buf_poll = 1;
+#ifdef	NONE_CIPHER_ENABLED
 	/* options->none_enabled must not be set by default */
 	if (options->none_switch == -1)
 		options->none_switch = 0;
+#endif
 }
 
 /*

Modified: user/brooks/openssh-hpn/readconf.h
==============================================================================
--- user/brooks/openssh-hpn/readconf.h	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/readconf.h	Fri Jun 17 20:55:35 2011	(r223204)
@@ -139,9 +139,10 @@ typedef struct {
 					 * transfer. */
 	int	tcp_rcv_buf;	/* User switch to set tcp recv buffer. */
 
+#ifdef	NONE_CIPHER_ENABLED
 	int	none_enabled;	/* Allow none to be used */
 	int	none_switch;	/* Use none cipher */
-
+#endif
 }       Options;
 
 #define SSHCTL_MASTER_NO	0

Modified: user/brooks/openssh-hpn/servconf.c
==============================================================================
--- user/brooks/openssh-hpn/servconf.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/servconf.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -142,7 +142,9 @@ initialize_server_options(ServerOptions 
 	options->hpn_disabled = -1;
 	options->hpn_buffer_size = -1;
 	options->tcp_rcv_buf_poll = -1;
+#ifdef	NONE_CIPHER_ENABLED
 	options->none_enabled = -1;
+#endif
 }
 
 void
@@ -492,7 +494,9 @@ static struct {
 	{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
 	{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
 	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
+#ifdef	NONE_CIPHER_ENABLED
 	{ "noneenabled", sNoneEnabled, SSHCFG_ALL },
+#endif
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1451,9 +1455,11 @@ process_server_config_line(ServerOptions
 		intptr = &options->tcp_rcv_buf_poll;
 		goto parse_flag;
 
+#ifdef	NONE_CIPHER_ENABLED
 	case sNoneEnabled:
 		intptr = &options->none_enabled;
 		goto parse_flag;
+#endif
 
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",

Modified: user/brooks/openssh-hpn/servconf.h
==============================================================================
--- user/brooks/openssh-hpn/servconf.h	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/servconf.h	Fri Jun 17 20:55:35 2011	(r223204)
@@ -166,7 +166,9 @@ typedef struct {
 	int	tcp_rcv_buf_poll;	/* Poll TCP rcv window in autotuning
 					 * kernels. */
 
+#ifdef	NONE_CIPHER_ENABLED
 	int	none_enabled;		/* Enable NONE cipher switch. */
+#endif
 }       ServerOptions;
 
 void	 initialize_server_options(ServerOptions *);

Modified: user/brooks/openssh-hpn/ssh.c
==============================================================================
--- user/brooks/openssh-hpn/ssh.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/ssh.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -545,6 +545,7 @@ main(int ac, char **av)
 			break;
 		case 'T':
 			no_tty_flag = 1;
+#ifdef	NONE_CIPHER_ENABLED
 			/*
 			 * Ensure that the user does not try to backdoor a
 			 * NONE cipher switch on an interactive session by
@@ -552,6 +553,7 @@ main(int ac, char **av)
 			 * session without a tty.
 			 */
 			options.none_switch = 0;
+#endif
 			break;
 		case 'o':
 			dummy = 1;

Modified: user/brooks/openssh-hpn/sshconnect2.c
==============================================================================
--- user/brooks/openssh-hpn/sshconnect2.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/sshconnect2.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -81,6 +81,7 @@
 extern char *client_version_string;
 extern char *server_version_string;
 extern Options options;
+#ifdef	NONE_CIPHER_ENABLED
 extern Kex *xxx_kex;
 
 /*
@@ -89,6 +90,7 @@ extern Kex *xxx_kex;
  */
 
 extern int tty_flag;
+#endif
 
 /*
  * SSH2 key exchange
@@ -427,6 +429,7 @@ ssh_userauth2(const char *local_user, co
 	pubkey_cleanup(&authctxt);
 	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
 
+#ifdef	NONE_CIPHER_ENABLED
 	/*
 	 * If the user explicitly requests to use the none cipher enable it
 	 * post authentication and only if the right conditions are met: both
@@ -448,6 +451,7 @@ ssh_userauth2(const char *local_user, co
 			    "a TTY is allocated\n");
 		}
 	}
+#endif
 	debug("Authentication succeeded (%s).", authctxt.method->name);
 }
 

Modified: user/brooks/openssh-hpn/sshd.c
==============================================================================
--- user/brooks/openssh-hpn/sshd.c	Fri Jun 17 20:54:32 2011	(r223203)
+++ user/brooks/openssh-hpn/sshd.c	Fri Jun 17 20:55:35 2011	(r223204)
@@ -2291,10 +2291,12 @@ do_ssh2_kex(void)
 	if (options.ciphers != NULL) {
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+#ifdef	NONE_CIPHER_ENABLED
 	} else if (options.none_enabled == 1) {
 		debug ("WARNING: None cipher enabled");
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
+#endif
 	}
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);

More information about the svn-src-user mailing list