d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFH (r263234, r263691, r266465, r290671, r290672, r290673, r290674,

Browse Source 
r294320, r294322, r294324, r294330, r294469, r294494, r294466)

Reduce diffs to head in preparation for removing HPN and None.
This commit is contained in:
des 2016-01-24 15:44:57 +00:00
parent 4aca574c5a
commit 58256dbc0b
53 changed files with 152 additions and 22220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/openssh/FREEBSD-tricks
View File

@ -1,14 +0,0 @@
# $FreeBSD$
# Shell code to remove FreeBSD tags before merging
grep -rl '\$Fre[e]BSD:' . | grep -v FREEBSD >tags
cat tags | while read f ; do
sed -i.orig -e '/\$Fre[e]BSD:/d' $f
done
# Shell + Perl code to add FreeBSD tags wherever an OpenBSD or Id tag occurs
cat tags |
xargs perl -n -i.orig -e 'print; s/\$(Id|OpenBSD): [^\$]*/\$FreeBSD/ && print'
# Diff against vendor branch
svn diff --no-diff-deleted --old=$FSVN/vendor-crypto/openssh/dist/ --new=.

112
crypto/openssh/FREEBSD-upgrade
View File

@ -3,81 +3,97 @@
FreeBSD maintainer's guide to OpenSSH-portable
==============================================
XXX
XXX this needs a complete rewrite
XXX svn merge from vendor branch, resolve conflicts manually
XXX (see FREEBSD-tricks for tips on how to reduce conflicts)
XXX run freebsd-configure.sh to generate config.h and krb5_config.h
XXX svn diff Makefile.in to see if the Makefiles need adjusting
XXX
00) Make sure your mail spool has plenty of free space. It'll fill up
pretty fast once you're done with this checklist.
0) Make sure your mail spool has plenty of free space. It'll fill up
pretty fast once you're done with this checklist.
01) Download the latest OpenSSH-portable tarball and signature from
OpenBSD (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/).
1) Grab the latest OpenSSH-portable tarball from the OpenBSD FTP
site (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/)
02) Verify the signature:
2) Unpack the tarball in a suitable directory.
$ gpg --verify openssh-X.YpZ.tar.gz.asc
$ tar xf openssh-X.YpZ.tar.gz \
-X /usr/src/crypto/openssh/FREEBSD-Xlist
03) Unpack the tarball in a suitable directory:
3) Remove trash:
$ tar xf openssh-X.YpZ.tar.gz
Make sure -X took care of everything, and if it didn't, make sure
to update FREEBSD-Xlist so you won't miss it the next time. A good
way to do this is to run a test import and see if any new files
show up:
04) Copy to the vendor directory:
$ cvs -n import src/crypto/openssh OPENSSH x | grep \^N
$ svn co svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/dist
$ rsync --archive --delete openssh-X.YpZ/ dist/
4) Import the sources:
05) Take care of added / deleted files:
$ cvs import src/crypto/openssh OPENSSH OpenSSH_X_YpZ
$ svn rm $(svn stat dist | awk '$1 == "!" { print $2 }')
$ svn add --no-auto-props $(svn stat dist | awk '$1 == "?" { print $2 }')
5) Resolve conflicts. Remember to bump the version number and
addendum in version.h, and update the default value in
ssh{,d}_config and ssh{,d}_config.5.
06) Commit:
6) Generate configure and config.h.in:
$ svn commit -m "Vendor import of OpenSSH X.YpZ." dist
$ autoconf
$ autoheader
07) Tag:
Note: this requires a recent version of autoconf, not autoconf213.
$ svn copy -m "Tag OpenSSH X.YpZ." \
svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/dist \
svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/X.YpZ
7) Run configure with the appropriate arguments:
08) Check out head and run the pre-merge script:
$ ./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-tcp-wrappers --with-libedit \
--with-ssl-engine
$ svn co svn+ssh://svn.freebsd.org/base/head
$ cd head/crypto/openssh
$ sh freebsd-pre-merge.sh
This will regenerate config.h, which must be committed along with
the rest.
09) Merge from the vendor branch:
Note that we don't want to configure OpenSSH for Kerberos using
configure since we have to be able to turn it on or off depending
on the value of MK_KERBEROS. Our Makefiles take care of this.
$ svn merge -cNNNNNN \^/vendor-crypto/openssh/dist .
8) If source files have been added or removed, update the appropriate
makefiles to reflect changes in the vendor's Makefile.in.
0A) Resolve conflicts. Remember to bump the version addendum in
version.h, and update the default value in ssh{,d}_config and
ssh{,d}_config.5.
9) Build libssh. Follow the instructions in ssh_namespace.h to get a
list of new symbols. Update ssh_namespace.h, build everything,
install and test.
0B) Diff against the vendor branch:
A) Build and test the pam_ssh PAM module. It gropes around libssh's
internals and will break if something significant changes or if
ssh_namespace.h is out of whack.
$ svn diff \^/vendor-crypto/openssh/dist .
B) Re-commit everything on repoman (you *did* use a test repo for
this, didn't you?)
Files that have modifications relative to the vendor code, and
only those files, must have the svn:keywords property set to
FreeBSD=%H and be listed in the 'keywords' file created by the
pre-merge script.
0C) Run the post-merge script:
$ sh freebsd-post-merge.sh
0D) Run the configure script:
$ sh freebsd-configure.sh
0E) Check config.h very carefully.
0F) If source files have been added or removed, update the appropriate
makefiles to reflect changes in the vendor's Makefile.in.
10) Build libssh:
$ cd ../../secure/lib/libssh && make obj && make depend && make
11) Follow the instructions in ssh_namespace.h to get a list of new
symbols, and them to ssh_namespace.h. Keep it sorted!
12) Build and install world, reboot, test. Pay particular attention
to pam_ssh(8), which gropes inside libssh and will break if
something significant changes or if ssh_namespace.h is out of
whack.
13) Commit, and hunker down for the inevitable storm of complaints.
An overview of FreeBSD changes to OpenSSH-portable
==================================================
XXX This section is out of date
0) VersionAddendum
The SSH protocol allows for a human-readable version string of up

2
crypto/openssh/auth-krb5.c
View File

@ -2,7 +2,7 @@
/*
* Kerberos v5 authentication and ticket-passing routines.
*
* $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
* $FreeBSD$
*/
/*
* Copyright (c) 2002 Daniel Kouril. All rights reserved.

2
crypto/openssh/auth-pam.c
View File

@ -45,7 +45,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
/* Based on $FreeBSD$ */
#include "includes.h"
#include <sys/types.h>

1
crypto/openssh/auth2-chall.c
View File

@ -25,6 +25,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>

1
crypto/openssh/bufaux.c
View File

@ -38,6 +38,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>

2
crypto/openssh/buffer.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -14,6 +13,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/param.h>

2
crypto/openssh/channels.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: channels.c,v 1.331 2014/02/26 20:29:29 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -41,6 +40,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>

2
crypto/openssh/cipher.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -37,6 +36,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>

2
crypto/openssh/clientloop.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -61,6 +60,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>

2
crypto/openssh/compat.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: compat.c,v 1.82 2013/12/30 23:52:27 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@ -25,6 +24,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>

5
crypto/openssh/config.h
View File

@ -1681,6 +1681,11 @@
/* Define if xauth is found in your path */
/* #undef XAUTH_PATH */
/* Enable large inode numbers on Mac OS X 10.5. */
#ifndef _DARWIN_USE_64_BIT_INODE
# define _DARWIN_USE_64_BIT_INODE 1
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
/* #undef _FILE_OFFSET_BITS */

1708
crypto/openssh/config.h.in
View File

File diff suppressed because it is too large Load Diff

19741
crypto/openssh/configure vendored
View File

File diff suppressed because it is too large Load Diff

1
crypto/openssh/digest-libc.c
View File

@ -17,6 +17,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <limits.h>

14
crypto/openssh/freebsd-configure.sh
View File

@ -7,6 +7,7 @@ configure_args="
--prefix=/usr
--sysconfdir=/etc/ssh
--with-pam
--with-ssl-dir=/usr
--with-tcp-wrappers
--with-libedit
--with-ssl-engine
@ -15,6 +16,19 @@ configure_args="
set -e
# make sure configure uses the correct compiler
export CC=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCC)
export CPP=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCPP)
unset CFLAGS CPPFLAGS LDFLAGS LIBS
# regenerate configure and config.h.in
autoheader
autoconf
# reset PATH to avoid picking up the wrong libraries
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
unset LD_LIBRARY_PATH
# generate config.h with krb5 and stash it
sh configure $configure_args --with-kerberos5
mv config.log config.log.orig

14
crypto/openssh/freebsd-post-merge.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
#
# $FreeBSD: stable/10/crypto/openssh/freebsd-post-merge.sh 263691 2014-03-24 19:15:13Z des $
#
xargs perl -n -i -e '
print;
s/\$(Id|OpenBSD): [^\$]*/\$FreeBSD/ && print;
' <keywords
xargs perl -n -i -e '
print;
m/^\#include "includes.h"/ && print "__RCSID(\"\$FreeBSD\$\");\n";
' <rcsid

17
crypto/openssh/freebsd-pre-merge.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
#
# $FreeBSD: stable/10/crypto/openssh/freebsd-pre-merge.sh 263691 2014-03-24 19:15:13Z des $
#
:>keywords
:>rcsid
svn list -R | grep -v '/$' | \
while read f ; do
svn proplist -v $f | grep -q 'FreeBSD=%H' || continue
egrep -l '^(#|\.\\"|/\*)[[:space:]]+\$FreeBSD[:\$]' $f >>keywords
egrep -l '__RCSID\("\$FreeBSD[:\$]' $f >>rcsid
done
sort -u keywords rcsid | xargs perl -n -i -e '
$strip = $ARGV if /\$(Id|OpenBSD):.*\$/;
print unless (($strip eq $ARGV || /__RCSID/) && /\$FreeBSD[:\$]/);
'

2
crypto/openssh/kex.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -25,6 +24,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/param.h>

2
crypto/openssh/misc.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: misc.c,v 1.92 2013/10/14 23:28:23 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -26,6 +25,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>

2
crypto/openssh/moduli.5
View File

@ -13,7 +13,7 @@
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd September 26, 2012
.Dd $Mdocdate: September 26 2012 $
.Dt MODULI 5
.Os
.Sh NAME

1
crypto/openssh/monitor.c
View File

@ -26,6 +26,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>

1
crypto/openssh/monitor_wrap.c
View File

@ -26,6 +26,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/uio.h>

1
crypto/openssh/mux.c
View File

@ -31,6 +31,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>

1
crypto/openssh/packet.c
View File

@ -38,6 +38,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include "openbsd-compat/sys-queue.h"

1
crypto/openssh/pathnames.h
View File

@ -1,4 +1,5 @@
/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

1
crypto/openssh/readconf.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: readconf.c,v 1.218 2014/02/23 20:11:36 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

672
crypto/openssh/schnorr.c
View File

@ -1,672 +0,0 @@
/* $OpenBSD: schnorr.c,v 1.9 2014/01/09 23:20:00 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Implementation of Schnorr signatures / zero-knowledge proofs, based on
* description in:
*
* F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
* 16th Workshop on Security Protocols, Cambridge, April 2008
*
* http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
*/
#include "includes.h"
#include <sys/types.h>
#include <string.h>
#include <stdarg.h>
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include "xmalloc.h"
#include "buffer.h"
#include "log.h"
#include "schnorr.h"
#include "digest.h"
#ifdef JPAKE
#include "openbsd-compat/openssl-compat.h"
/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */
/* #define SCHNORR_MAIN */ /* Include main() selftest */
#ifndef SCHNORR_DEBUG
# define SCHNORR_DEBUG_BN(a)
# define SCHNORR_DEBUG_BUF(a)
#else
# define SCHNORR_DEBUG_BN(a) debug3_bn a
# define SCHNORR_DEBUG_BUF(a) debug3_buf a
#endif /* SCHNORR_DEBUG */
/*
* Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
* using the hash function defined by "hash_alg". Returns signature as
* bignum or NULL on error.
*/
static BIGNUM *
schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
int hash_alg, const BIGNUM *g_v, const BIGNUM *g_x,
const u_char *id, u_int idlen)
{
u_char *digest;
u_int digest_len;
BIGNUM *h;
Buffer b;
int success = -1;
if ((h = BN_new()) == NULL) {
error("%s: BN_new", __func__);
return NULL;
}
buffer_init(&b);
/* h = H(g || p || q || g^v || g^x || id) */
buffer_put_bignum2(&b, g);
buffer_put_bignum2(&b, p);
buffer_put_bignum2(&b, q);
buffer_put_bignum2(&b, g_v);
buffer_put_bignum2(&b, g_x);
buffer_put_string(&b, id, idlen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: hashblob", __func__));
if (hash_buffer(buffer_ptr(&b), buffer_len(&b), hash_alg,
&digest, &digest_len) != 0) {
error("%s: hash_buffer", __func__);
goto out;
}
if (BN_bin2bn(digest, (int)digest_len, h) == NULL) {
error("%s: BN_bin2bn", __func__);
goto out;
}
success = 0;
SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
out:
buffer_free(&b);
bzero(digest, digest_len);
free(digest);
digest_len = 0;
if (success == 0)
return h;
BN_clear_free(h);
return NULL;
}
/*
* Generate Schnorr signature to prove knowledge of private value 'x' used
* in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
* using the hash function "hash_alg".
* 'idlen' bytes from 'id' will be included in the signature hash as an anti-
* replay salt.
*
* On success, 0 is returned. The signature values are returned as *e_p
* (g^v mod p) and *r_p (v - xh mod q). The caller must free these values.
* On failure, -1 is returned.
*/
int
schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
int hash_alg, const BIGNUM *x, const BIGNUM *g_x,
const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p)
{
int success = -1;
BIGNUM *h, *tmp, *v, *g_v, *r;
BN_CTX *bn_ctx;
SCHNORR_DEBUG_BN((x, "%s: x = ", __func__));
SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
/* Avoid degenerate cases: g^0 yields a spoofable signature */
if (BN_cmp(g_x, BN_value_one()) <= 0) {
error("%s: g_x < 1", __func__);
return -1;
}
if (BN_cmp(g_x, grp_p) >= 0) {
error("%s: g_x > g", __func__);
return -1;
}
h = g_v = r = tmp = v = NULL;
if ((bn_ctx = BN_CTX_new()) == NULL) {
error("%s: BN_CTX_new", __func__);
goto out;
}
if ((g_v = BN_new()) == NULL ||
(r = BN_new()) == NULL ||
(tmp = BN_new()) == NULL) {
error("%s: BN_new", __func__);
goto out;
}
/*
* v must be a random element of Zq, so 1 <= v < q
* we also exclude v = 1, since g^1 looks dangerous
*/
if ((v = bn_rand_range_gt_one(grp_p)) == NULL) {
error("%s: bn_rand_range2", __func__);
goto out;
}
SCHNORR_DEBUG_BN((v, "%s: v = ", __func__));
/* g_v = g^v mod p */
if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) {
error("%s: BN_mod_exp (g^v mod p)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
/* h = H(g || g^v || g^x || id) */
if ((h = schnorr_hash(grp_p, grp_q, grp_g, hash_alg, g_v, g_x,
id, idlen)) == NULL) {
error("%s: schnorr_hash failed", __func__);
goto out;
}
/* r = v - xh mod q */
if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) {
error("%s: BN_mod_mul (tmp = xv mod q)", __func__);
goto out;
}
if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) {
error("%s: BN_mod_mul (r = v - tmp)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__));
SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
*e_p = g_v;
*r_p = r;
success = 0;
out:
BN_CTX_free(bn_ctx);
if (h != NULL)
BN_clear_free(h);
if (v != NULL)
BN_clear_free(v);
BN_clear_free(tmp);
return success;
}
/*
* Generate Schnorr signature to prove knowledge of private value 'x' used
* in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
* using a SHA256 hash.
* 'idlen' bytes from 'id' will be included in the signature hash as an anti-
* replay salt.
* On success, 0 is returned and *siglen bytes of signature are returned in
* *sig (caller to free). Returns -1 on failure.
*/
int
schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
u_char **sig, u_int *siglen)
{
Buffer b;
BIGNUM *r, *e;
if (schnorr_sign(grp_p, grp_q, grp_g, SSH_DIGEST_SHA256,
x, g_x, id, idlen, &r, &e) != 0)
return -1;
/* Signature is (e, r) */
buffer_init(&b);
/* XXX sigtype-hash as string? */
buffer_put_bignum2(&b, e);
buffer_put_bignum2(&b, r);
*siglen = buffer_len(&b);
*sig = xmalloc(*siglen);
memcpy(*sig, buffer_ptr(&b), *siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_free(&b);
BN_clear_free(r);
BN_clear_free(e);
return 0;
}
/*
* Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against
* public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and
* 'grp_g' using hash "hash_alg".
* Signature hash will be salted with 'idlen' bytes from 'id'.
* Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
*/
int
schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
int hash_alg, const BIGNUM *g_x, const u_char *id, u_int idlen,
const BIGNUM *r, const BIGNUM *e)
{
int success = -1;
BIGNUM *h = NULL, *g_xh = NULL, *g_r = NULL, *gx_q = NULL;
BIGNUM *expected = NULL;
BN_CTX *bn_ctx;
SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
/* Avoid degenerate cases: g^0 yields a spoofable signature */
if (BN_cmp(g_x, BN_value_one()) <= 0) {
error("%s: g_x <= 1", __func__);
return -1;
}
if (BN_cmp(g_x, grp_p) >= 0) {
error("%s: g_x >= p", __func__);
return -1;
}
h = g_xh = g_r = expected = NULL;
if ((bn_ctx = BN_CTX_new()) == NULL) {
error("%s: BN_CTX_new", __func__);
goto out;
}
if ((g_xh = BN_new()) == NULL ||
(g_r = BN_new()) == NULL ||
(gx_q = BN_new()) == NULL ||
(expected = BN_new()) == NULL) {
error("%s: BN_new", __func__);
goto out;
}
SCHNORR_DEBUG_BN((e, "%s: e = ", __func__));
SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
/* gx_q = (g^x)^q must === 1 mod p */
if (BN_mod_exp(gx_q, g_x, grp_q, grp_p, bn_ctx) == -1) {
error("%s: BN_mod_exp (g_x^q mod p)", __func__);
goto out;
}
if (BN_cmp(gx_q, BN_value_one()) != 0) {
error("%s: Invalid signature (g^x)^q != 1 mod p", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
/* h = H(g || g^v || g^x || id) */
if ((h = schnorr_hash(grp_p, grp_q, grp_g, hash_alg, e, g_x,
id, idlen)) == NULL) {
error("%s: schnorr_hash failed", __func__);
goto out;
}
/* g_xh = (g^x)^h */
if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) {
error("%s: BN_mod_exp (g_x^h mod p)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
/* g_r = g^r */
if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) {
error("%s: BN_mod_exp (g_x^h mod p)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__));
/* expected = g^r * g_xh */
if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) {
error("%s: BN_mod_mul (expected = g_r mod p)", __func__);
goto out;
}
SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__));
/* Check e == expected */
success = BN_cmp(expected, e) == 0;
out:
BN_CTX_free(bn_ctx);
if (h != NULL)
BN_clear_free(h);
if (gx_q != NULL)
BN_clear_free(gx_q);
if (g_xh != NULL)
BN_clear_free(g_xh);
if (g_r != NULL)
BN_clear_free(g_r);
if (expected != NULL)
BN_clear_free(expected);
return success;
}
/*
* Verify Schnorr signature 'sig' of length 'siglen' against public exponent
* g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a
* SHA256 hash.
* Signature hash will be salted with 'idlen' bytes from 'id'.
* Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
*/
int
schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q,
const BIGNUM *grp_g,
const BIGNUM *g_x, const u_char *id, u_int idlen,
const u_char *sig, u_int siglen)
{
Buffer b;
int ret = -1;
u_int rlen;
BIGNUM *r, *e;
e = r = NULL;
if ((e = BN_new()) == NULL ||
(r = BN_new()) == NULL) {
error("%s: BN_new", __func__);
goto out;
}
/* Extract g^v and r from signature blob */
buffer_init(&b);
buffer_append(&b, sig, siglen);
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: sigblob", __func__));
buffer_get_bignum2(&b, e);
buffer_get_bignum2(&b, r);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("%s: remaining bytes in signature %d", __func__, rlen);
goto out;
}
ret = schnorr_verify(grp_p, grp_q, grp_g, SSH_DIGEST_SHA256,
g_x, id, idlen, r, e);
out:
BN_clear_free(e);
BN_clear_free(r);
return ret;
}
/* Helper functions */
/*
* Generate uniformly distributed random number in range (1, high).
* Return number on success, NULL on failure.
*/
BIGNUM *
bn_rand_range_gt_one(const BIGNUM *high)
{
BIGNUM *r, *tmp;
int success = -1;
if ((tmp = BN_new()) == NULL) {
error("%s: BN_new", __func__);
return NULL;
}
if ((r = BN_new()) == NULL) {
error("%s: BN_new failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_sub(tmp, high, tmp) == -1) {
error("%s: BN_sub failed (tmp = high - 2)", __func__);
goto out;
}
if (BN_rand_range(r, tmp) == -1) {
error("%s: BN_rand_range failed", __func__);
goto out;
}
if (BN_set_word(tmp, 2) != 1) {
error("%s: BN_set_word(tmp, 2)", __func__);
goto out;
}
if (BN_add(r, r, tmp) == -1) {
error("%s: BN_add failed (r = r + 2)", __func__);
goto out;
}
success = 0;
out:
BN_clear_free(tmp);
if (success == 0)
return r;
BN_clear_free(r);
return NULL;
}
/* XXX convert all callers of this to use ssh_digest_memory() directly */
/*
* Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
* with digest via 'digestp' (caller to free) and length via 'lenp'.
* Returns -1 on failure.
*/
int
hash_buffer(const u_char *buf, u_int len, int hash_alg,
u_char **digestp, u_int *lenp)
{
u_char digest[SSH_DIGEST_MAX_LENGTH];
u_int digest_len = ssh_digest_bytes(hash_alg);
if (digest_len == 0) {
error("%s: invalid hash", __func__);
return -1;
}
if (ssh_digest_memory(hash_alg, buf, len, digest, digest_len) != 0) {
error("%s: digest_memory failed", __func__);
return -1;
}
*digestp = xmalloc(digest_len);
*lenp = digest_len;
memcpy(*digestp, digest, *lenp);
bzero(digest, sizeof(digest));
digest_len = 0;
return 0;
}
/* print formatted string followed by bignum */
void
debug3_bn(const BIGNUM *n, const char *fmt, ...)
{
char *out, *h;
va_list args;
int ret;
out = NULL;
va_start(args, fmt);
ret = vasprintf(&out, fmt, args);
va_end(args);
if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
if (n == NULL)
debug3("%s(null)", out);
else {
h = BN_bn2hex(n);
debug3("%s0x%s", out, h);
free(h);
}
free(out);
}
/* print formatted string followed by buffer contents in hex */
void
debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
{
char *out, h[65];
u_int i, j;
va_list args;
int ret;
out = NULL;
va_start(args, fmt);
ret = vasprintf(&out, fmt, args);
va_end(args);
if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
free(out);
if (buf == NULL)
return;
*h = '\0';
for (i = j = 0; i < len; i++) {
snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
j += 2;
if (j >= sizeof(h) - 1 || i == len - 1) {
debug3(" %s", h);
*h = '\0';
j = 0;
}
}
}
/*
* Construct a MODP group from hex strings p (which must be a safe
* prime) and g, automatically calculating subgroup q as (p / 2)
*/
struct modp_group *
modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p)
{
struct modp_group *ret;
ret = xcalloc(1, sizeof(*ret));
ret->p = ret->q = ret->g = NULL;
if (BN_hex2bn(&ret->p, grp_p) == 0 ||
BN_hex2bn(&ret->g, grp_g) == 0)
fatal("%s: BN_hex2bn", __func__);
/* Subgroup order is p/2 (p is a safe prime) */
if ((ret->q = BN_new()) == NULL)
fatal("%s: BN_new", __func__);
if (BN_rshift1(ret->q, ret->p) != 1)
fatal("%s: BN_rshift1", __func__);
return ret;
}
void
modp_group_free(struct modp_group *grp)
{
if (grp->g != NULL)
BN_clear_free(grp->g);
if (grp->p != NULL)
BN_clear_free(grp->p);
if (grp->q != NULL)
BN_clear_free(grp->q);
bzero(grp, sizeof(*grp));
free(grp);
}
/* main() function for self-test */
#ifdef SCHNORR_MAIN
static void
schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
const BIGNUM *grp_g, const BIGNUM *x)
{
BIGNUM *g_x;
u_char *sig;
u_int siglen;
BN_CTX *bn_ctx;
if ((bn_ctx = BN_CTX_new()) == NULL)
fatal("%s: BN_CTX_new", __func__);
if ((g_x = BN_new()) == NULL)
fatal("%s: BN_new", __func__);
if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1)
fatal("%s: g_x", __func__);
if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4,
&sig, &siglen))
fatal("%s: schnorr_sign", __func__);
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 1)
fatal("%s: verify fail", __func__);
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bad ID)", __func__);
sig[4] ^= 1;
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bit error)", __func__);
free(sig);
BN_free(g_x);
BN_CTX_free(bn_ctx);
}
static void
schnorr_selftest(void)
{
BIGNUM *x;
struct modp_group *grp;
u_int i;
char *hh;
grp = jpake_default_group();
if ((x = BN_new()) == NULL)
fatal("%s: BN_new", __func__);
SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__));
SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__));
SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__));
/* [1, 20) */
for (i = 1; i < 20; i++) {
printf("x = %u\n", i);
fflush(stdout);
if (BN_set_word(x, i) != 1)
fatal("%s: set x word", __func__);
schnorr_selftest_one(grp->p, grp->q, grp->g, x);
}
/* 100 x random [0, p) */
for (i = 0; i < 100; i++) {
if (BN_rand_range(x, grp->p) != 1)
fatal("%s: BN_rand_range", __func__);
hh = BN_bn2hex(x);
printf("x = (random) 0x%s\n", hh);
free(hh);
fflush(stdout);
schnorr_selftest_one(grp->p, grp->q, grp->g, x);
}
/* [q-20, q) */
if (BN_set_word(x, 20) != 1)
fatal("%s: BN_set_word (x = 20)", __func__);
if (BN_sub(x, grp->q, x) != 1)
fatal("%s: BN_sub (q - x)", __func__);
for (i = 0; i < 19; i++) {
hh = BN_bn2hex(x);
printf("x = (q - %d) 0x%s\n", 20 - i, hh);
free(hh);
fflush(stdout);
schnorr_selftest_one(grp->p, grp->q, grp->g, x);
if (BN_add(x, x, BN_value_one()) != 1)
fatal("%s: BN_add (x + 1)", __func__);
}
BN_free(x);
}
int
main(int argc, char **argv)
{
log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1);
schnorr_selftest();
return 0;
}
#endif
#endif

2
crypto/openssh/scp.1
View File

@ -10,7 +10,7 @@
.\"
.\" $OpenBSD: scp.1,v 1.61 2013/10/20 09:51:26 djm Exp $
.\"
.Dd October 20, 2013
.Dd $Mdocdate: October 20 2013 $
.Dt SCP 1
.Os
.Sh NAME

1
crypto/openssh/servconf.c
View File

@ -1,6 +1,5 @@
/* $OpenBSD: servconf.c,v 1.249 2014/01/29 06:18:35 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved

2
crypto/openssh/serverloop.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -37,6 +36,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>

1
crypto/openssh/session.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved

1
crypto/openssh/sftp-common.c
View File

@ -25,6 +25,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/stat.h>

3
crypto/openssh/sftp-server.8
View File

@ -1,5 +1,4 @@
.\" $OpenBSD: sftp-server.8,v 1.25 2013/10/14 14:18:56 jmc Exp $
.\" $FreeBSD$
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@ -23,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd October 14, 2013
.Dd $Mdocdate: October 14 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME

2
crypto/openssh/sftp.1
View File

@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd October 20, 2013
.Dd $Mdocdate: October 20 2013 $
.Dt SFTP 1
.Os
.Sh NAME

2
crypto/openssh/sftp.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: sftp.c,v 1.158 2013/11/20 20:54:10 deraadt Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -17,6 +16,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/ioctl.h>

2
crypto/openssh/ssh-add.1
View File

@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd December 7, 2013
.Dd $Mdocdate: December 7 2013 $
.Dt SSH-ADD 1
.Os
.Sh NAME

1
crypto/openssh/ssh-gss.h
View File

@ -1,4 +1,5 @@
/* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*

3
crypto/openssh/ssh-keygen.1
View File

@ -1,5 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $
.\" $FreeBSD$
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -36,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd February 5, 2014
.Dd $Mdocdate: February 5 2014 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME

3
crypto/openssh/ssh-keyscan.1
View File

@ -1,5 +1,4 @@
.\" $OpenBSD: ssh-keyscan.1,v 1.34 2014/01/28 14:13:39 jmc Exp $
.\" $FreeBSD$
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
@ -7,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
.Dd January 28, 2014
.Dd $Mdocdate: January 28 2014 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME

2
crypto/openssh/ssh-keysign.8
View File

@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd December 7, 2013
.Dd $Mdocdate: December 7 2013 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME

2
crypto/openssh/ssh-pkcs11-helper.8
View File

@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd July 16, 2013
.Dd $Mdocdate: July 16 2013 $
.Dt SSH-PKCS11-HELPER 8
.Os
.Sh NAME

2
crypto/openssh/ssh.1
View File

@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $
.\" $FreeBSD$
.Dd December 7, 2013
.Dd $Mdocdate: December 7 2013 $
.Dt SSH 1
.Os
.Sh NAME

1
crypto/openssh/ssh.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

1
crypto/openssh/ssh_config
View File

@ -1,5 +1,4 @@
# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
# $FreeBSD$
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for

2
crypto/openssh/ssh_config.5
View File

@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: ssh_config.5,v 1.185 2014/02/23 20:11:36 djm Exp $
.\" $FreeBSD$
.Dd March 22, 2015
.Dd $Mdocdate: February 23 2014 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME

1
crypto/openssh/ssh_namespace.h
View File

@ -202,6 +202,7 @@
#define compat20 ssh_compat20
#define compat_cipher_proposal ssh_compat_cipher_proposal
#define compat_datafellows ssh_compat_datafellows
#define compat_kex_proposal ssh_compat_kex_proposal
#define compat_pkalg_proposal ssh_compat_pkalg_proposal
#define convtime ssh_convtime
#define crypto_hash_sha512 ssh_crypto_hash_sha512

2
crypto/openssh/sshconnect.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.246 2014/02/06 22:21:01 djm Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -15,6 +14,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/wait.h>

2
crypto/openssh/sshconnect2.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -26,6 +25,7 @@
*/
#include "includes.h"
__RCSID("$FreeBSD$");
#include <sys/types.h>
#include <sys/socket.h>

2
crypto/openssh/sshd.8
View File

@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
.\" $FreeBSD$
.Dd December 7, 2013
.Dd $Mdocdate: December 7 2013 $
.Dt SSHD 8
.Os
.Sh NAME

1
crypto/openssh/sshd.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

3
crypto/openssh/sshd_config
View File

@ -1,5 +1,4 @@
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# $FreeBSD$
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@ -128,7 +127,7 @@
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Disable HPN tuning improvements.
# Change to yes to disable HPN tuning improvements.
#HPNDisabled no
# Buffer size for HPN to non-HPN connections.

2
crypto/openssh/sshd_config.5
View File

@ -35,7 +35,7 @@
.\"
.\" $OpenBSD: sshd_config.5,v 1.172 2014/02/27 22:47:07 djm Exp $
.\" $FreeBSD$
.Dd March 22, 2015
.Dd $Mdocdate: February 27 2014 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME