svn commit: r223204 - user/brooks/openssh-hpn
Brooks Davis
brooks at FreeBSD.org
Fri Jun 17 20:55:35 UTC 2011
Author: brooks
Date: Fri Jun 17 20:55:35 2011
New Revision: 223204
URL: http://svn.freebsd.org/changeset/base/223204
Log:
Wrap all the NONE cipher support from HPN in #ifdef NONE_CIPHER_ENABLED.
Note that this does not include all references to it in the source.
Modified:
user/brooks/openssh-hpn/cipher.c
user/brooks/openssh-hpn/kex.c
user/brooks/openssh-hpn/kex.h
user/brooks/openssh-hpn/myproposal.h
user/brooks/openssh-hpn/packet.c
user/brooks/openssh-hpn/packet.h
user/brooks/openssh-hpn/readconf.c
user/brooks/openssh-hpn/readconf.h
user/brooks/openssh-hpn/servconf.c
user/brooks/openssh-hpn/servconf.h
user/brooks/openssh-hpn/ssh.c
user/brooks/openssh-hpn/sshconnect2.c
user/brooks/openssh-hpn/sshd.c
Modified: user/brooks/openssh-hpn/cipher.c
==============================================================================
--- user/brooks/openssh-hpn/cipher.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/cipher.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -163,8 +163,12 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
+#ifdef NONE_CIPHER_ENABLED
if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
c->number != SSH_CIPHER_NONE)) {
+#else
+ if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
+#endif
debug("bad cipher %s [%s]", p, names);
xfree(cipher_list);
return 0;
@@ -338,7 +342,9 @@ cipher_get_keyiv(CipherContext *cc, u_ch
int evplen;
switch (c->number) {
+#ifdef NONE_CIPHER_ENABLED
case SSH_CIPHER_NONE:
+#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
@@ -373,7 +379,9 @@ cipher_set_keyiv(CipherContext *cc, u_ch
int evplen = 0;
switch (c->number) {
+#ifdef NONE_CIPHER_ENABLED
case SSH_CIPHER_NONE:
+#endif
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
Modified: user/brooks/openssh-hpn/kex.c
==============================================================================
--- user/brooks/openssh-hpn/kex.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/kex.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -90,8 +90,13 @@ kex_names_valid(const char *names)
return 1;
}
-/* Put algorithm proposal into buffer. Also used in sshconnect2.c. */
+/* Put algorithm proposal into buffer. */
+#ifndef NONE_CIPHER_ENABLED
+static void
+#else
+/* Also used in sshconnect2.c. */
void
+#endif
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int i;
@@ -407,7 +412,9 @@ kex_choose_conf(Kex *kex)
int nenc, nmac, ncomp;
u_int mode, ctos, need;
int first_kex_follows, type;
+#ifdef NONE_CIPHER_ENABLED
int auth_flag;
+#endif
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
@@ -431,8 +438,10 @@ kex_choose_conf(Kex *kex)
}
/* Algorithm Negotiation */
+#ifdef NONE_CIPHER_ENABLED
auth_flag = packet_get_authentication_state();
debug ("AUTH STATE is %d", auth_flag);
+#endif
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
@@ -444,6 +453,7 @@ kex_choose_conf(Kex *kex)
choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+#ifdef NONE_CIPHER_ENABLED
debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
if (strcmp(newkeys->enc.name, "none") == 0) {
debug("Requesting NONE. Authflag is %d", auth_flag);
@@ -453,6 +463,7 @@ kex_choose_conf(Kex *kex)
fatal("Pre-authentication none cipher requests "
"are not allowed.");
}
+#endif
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
Modified: user/brooks/openssh-hpn/kex.h
==============================================================================
--- user/brooks/openssh-hpn/kex.h Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/kex.h Fri Jun 17 20:55:35 2011 (r223204)
@@ -140,7 +140,9 @@ struct Kex {
int kex_names_valid(const char *);
+#ifdef NONE_CIPHER_ENABLED
void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
+#endif
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
Modified: user/brooks/openssh-hpn/myproposal.h
==============================================================================
--- user/brooks/openssh-hpn/myproposal.h Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/myproposal.h Fri Jun 17 20:55:35 2011 (r223204)
@@ -75,8 +75,10 @@
"arcfour256,arcfour128," \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
+#ifdef NONE_CIPHER_ENABLED
#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
",none"
+#endif
#define KEX_DEFAULT_MAC \
"hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160," \
"hmac-ripemd160 at openssh.com," \
Modified: user/brooks/openssh-hpn/packet.c
==============================================================================
--- user/brooks/openssh-hpn/packet.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/packet.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -195,7 +195,9 @@ struct session_state {
};
static struct session_state *active_state, *backup_state;
+#ifdef NONE_CIPHER_ENABLED
static int rekey_requested = 0;
+#endif
static struct session_state *
alloc_session_state(void)
@@ -1862,11 +1864,13 @@ packet_send_ignore(int nbytes)
}
}
+#ifdef NONE_CIPHER_ENABLED
void
packet_request_rekeying(void)
{
rekey_requested = 1;
}
+#endif
#define MAX_PACKETS (1U<<31)
int
@@ -1874,10 +1878,12 @@ packet_need_rekeying(void)
{
if (datafellows & SSH_BUG_NOREKEY)
return 0;
+#ifdef NONE_CIPHER_ENABLED
if (rekey_requested == 1) {
rekey_requested = 0;
return 1;
}
+#endif
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
@@ -1970,8 +1976,10 @@ packet_restore_state(void)
}
}
+#ifdef NONE_CIPHER_ENABLED
int
packet_get_authentication_state(void)
{
return (active_state->after_authentication);
}
+#endif
Modified: user/brooks/openssh-hpn/packet.h
==============================================================================
--- user/brooks/openssh-hpn/packet.h Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/packet.h Fri Jun 17 20:55:35 2011 (r223204)
@@ -38,7 +38,9 @@ void packet_set_interactive(int, int
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
+#ifdef NONE_CIPHER_ENABLED
int packet_get_authentication_state(void);
+#endif
void packet_start(u_char);
void packet_put_char(int ch);
@@ -118,7 +120,9 @@ do { \
} while (0)
int packet_need_rekeying(void);
+#ifdef NONE_CIPHER_ENABLED
void packet_request_rekeying(void);
+#endif
void packet_set_rekey_limit(u_int32_t);
void packet_backup_state(void);
Modified: user/brooks/openssh-hpn/readconf.c
==============================================================================
--- user/brooks/openssh-hpn/readconf.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/readconf.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -136,7 +136,9 @@ typedef enum {
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oKexAlgorithms, oIPQoS,
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
+#ifdef NONE_CIPHER_ENABLED
oNoneEnabled, oNoneSwitch,
+#endif
oDeprecated, oUnsupported
} OpCodes;
@@ -251,8 +253,10 @@ static struct {
{ "hpnbuffersize", oHPNBufferSize },
{ "tcprcvbufpoll", oTcpRcvBufPoll },
{ "tcprcvbuf", oTcpRcvBuf },
+#ifdef NONE_CIPHER_ENABLED
{ "noneenabled", oNoneEnabled },
{ "noneswitch", oNoneSwitch },
+#endif
{ NULL, oBadOption }
};
@@ -1021,6 +1025,7 @@ parse_int:
intptr = &options->tcp_rcv_buf;
goto parse_int;
+#ifdef NONE_CIPHER_ENABLED
case oNoneEnabled:
intptr = &options->none_enabled;
goto parse_flag;
@@ -1043,6 +1048,7 @@ parse_int:
error("Continuing...");
return 0;
}
+#endif
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
@@ -1208,8 +1214,10 @@ initialize_options(Options * options)
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
options->tcp_rcv_buf = -1;
+#ifdef NONE_CIPHER_ENABLED
options->none_enabled = -1;
options->none_switch = -1;
+#endif
}
/*
@@ -1399,9 +1407,11 @@ fill_default_options(Options * options)
options->tcp_rcv_buf *= 1024;
if (options->tcp_rcv_buf_poll == -1)
options->tcp_rcv_buf_poll = 1;
+#ifdef NONE_CIPHER_ENABLED
/* options->none_enabled must not be set by default */
if (options->none_switch == -1)
options->none_switch = 0;
+#endif
}
/*
Modified: user/brooks/openssh-hpn/readconf.h
==============================================================================
--- user/brooks/openssh-hpn/readconf.h Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/readconf.h Fri Jun 17 20:55:35 2011 (r223204)
@@ -139,9 +139,10 @@ typedef struct {
* transfer. */
int tcp_rcv_buf; /* User switch to set tcp recv buffer. */
+#ifdef NONE_CIPHER_ENABLED
int none_enabled; /* Allow none to be used */
int none_switch; /* Use none cipher */
-
+#endif
} Options;
#define SSHCTL_MASTER_NO 0
Modified: user/brooks/openssh-hpn/servconf.c
==============================================================================
--- user/brooks/openssh-hpn/servconf.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/servconf.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -142,7 +142,9 @@ initialize_server_options(ServerOptions
options->hpn_disabled = -1;
options->hpn_buffer_size = -1;
options->tcp_rcv_buf_poll = -1;
+#ifdef NONE_CIPHER_ENABLED
options->none_enabled = -1;
+#endif
}
void
@@ -492,7 +494,9 @@ static struct {
{ "hpndisabled", sHPNDisabled, SSHCFG_ALL },
{ "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
+#ifdef NONE_CIPHER_ENABLED
{ "noneenabled", sNoneEnabled, SSHCFG_ALL },
+#endif
{ NULL, sBadOption, 0 }
};
@@ -1451,9 +1455,11 @@ process_server_config_line(ServerOptions
intptr = &options->tcp_rcv_buf_poll;
goto parse_flag;
+#ifdef NONE_CIPHER_ENABLED
case sNoneEnabled:
intptr = &options->none_enabled;
goto parse_flag;
+#endif
case sDeprecated:
logit("%s line %d: Deprecated option %s",
Modified: user/brooks/openssh-hpn/servconf.h
==============================================================================
--- user/brooks/openssh-hpn/servconf.h Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/servconf.h Fri Jun 17 20:55:35 2011 (r223204)
@@ -166,7 +166,9 @@ typedef struct {
int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning
* kernels. */
+#ifdef NONE_CIPHER_ENABLED
int none_enabled; /* Enable NONE cipher switch. */
+#endif
} ServerOptions;
void initialize_server_options(ServerOptions *);
Modified: user/brooks/openssh-hpn/ssh.c
==============================================================================
--- user/brooks/openssh-hpn/ssh.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/ssh.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -545,6 +545,7 @@ main(int ac, char **av)
break;
case 'T':
no_tty_flag = 1;
+#ifdef NONE_CIPHER_ENABLED
/*
* Ensure that the user does not try to backdoor a
* NONE cipher switch on an interactive session by
@@ -552,6 +553,7 @@ main(int ac, char **av)
* session without a tty.
*/
options.none_switch = 0;
+#endif
break;
case 'o':
dummy = 1;
Modified: user/brooks/openssh-hpn/sshconnect2.c
==============================================================================
--- user/brooks/openssh-hpn/sshconnect2.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/sshconnect2.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -81,6 +81,7 @@
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
+#ifdef NONE_CIPHER_ENABLED
extern Kex *xxx_kex;
/*
@@ -89,6 +90,7 @@ extern Kex *xxx_kex;
*/
extern int tty_flag;
+#endif
/*
* SSH2 key exchange
@@ -427,6 +429,7 @@ ssh_userauth2(const char *local_user, co
pubkey_cleanup(&authctxt);
dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
+#ifdef NONE_CIPHER_ENABLED
/*
* If the user explicitly requests to use the none cipher enable it
* post authentication and only if the right conditions are met: both
@@ -448,6 +451,7 @@ ssh_userauth2(const char *local_user, co
"a TTY is allocated\n");
}
}
+#endif
debug("Authentication succeeded (%s).", authctxt.method->name);
}
Modified: user/brooks/openssh-hpn/sshd.c
==============================================================================
--- user/brooks/openssh-hpn/sshd.c Fri Jun 17 20:54:32 2011 (r223203)
+++ user/brooks/openssh-hpn/sshd.c Fri Jun 17 20:55:35 2011 (r223204)
@@ -2291,10 +2291,12 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+#ifdef NONE_CIPHER_ENABLED
} else if (options.none_enabled == 1) {
debug ("WARNING: None cipher enabled");
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
+#endif
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
More information about the svn-src-user
mailing list