diff -p openssh-3.9p1/buffer.c openssh-3.9p1.hpn/buffer.c *** openssh-3.9p1/buffer.c Fri Nov 21 07:56:47 2003 --- openssh-3.9p1.hpn/buffer.c Mon Dec 13 15:37:05 2004 *************** RCSID("$OpenBSD: buffer.c,v 1.21 2003/11 *** 18,23 **** --- 18,29 ---- #include "buffer.h" #include "log.h" + void + set_unlimited(Buffer *buffer, int new_value) + { + buffer->unlimited = new_value; + } + /* Initializes the buffer structure. */ void *************** buffer_init(Buffer *buffer) *** 30,35 **** --- 36,42 ---- buffer->alloc = len; buffer->offset = 0; buffer->end = 0; + buffer->unlimited = 0; } /* Frees any memory used for the buffer. */ *************** buffer_append_space(Buffer *buffer, u_in *** 78,84 **** u_int newlen; void *p; ! if (len > 0x100000) fatal("buffer_append_space: len %u not supported", len); /* If the buffer is empty, start using it from the beginning. */ --- 85,92 ---- u_int newlen; void *p; ! if ((buffer->unlimited && len > MAXBUFSZ) || ! (!buffer->unlimited && len > 0x100000)) fatal("buffer_append_space: len %u not supported", len); /* If the buffer is empty, start using it from the beginning. */ *************** restart: *** 107,113 **** /* Increase the size of the buffer and retry. */ newlen = buffer->alloc + len + 32768; ! if (newlen > 0xa00000) fatal("buffer_append_space: alloc %u not supported", newlen); buffer->buf = xrealloc(buffer->buf, newlen); --- 115,122 ---- /* Increase the size of the buffer and retry. */ newlen = buffer->alloc + len + 32768; ! if ((buffer->unlimited && newlen > MAXBUFSZ) || ! (!buffer->unlimited && newlen > 0xa00000)) fatal("buffer_append_space: alloc %u not supported", newlen); buffer->buf = xrealloc(buffer->buf, newlen); diff -p openssh-3.9p1/buffer.h openssh-3.9p1.hpn/buffer.h *** openssh-3.9p1/buffer.h Mon Mar 4 20:53:04 2002 --- openssh-3.9p1.hpn/buffer.h Mon Dec 13 15:37:05 2004 *************** *** 16,27 **** --- 16,32 ---- #ifndef BUFFER_H #define BUFFER_H + #define MAXBUFSZ (2<<29)-1 + typedef struct { u_char *buf; /* Buffer for data. */ u_int alloc; /* Number of bytes allocated for data. */ u_int offset; /* Offset of first byte containing data. */ u_int end; /* Offset of last byte containing data. */ + u_int unlimited; } Buffer; + + void set_unlimited(Buffer *,int); void buffer_init(Buffer *); void buffer_clear(Buffer *); diff -p openssh-3.9p1/channels.c openssh-3.9p1.hpn/channels.c *** openssh-3.9p1/channels.c Fri Aug 13 07:18:01 2004 --- openssh-3.9p1.hpn/channels.c Mon Dec 13 15:37:05 2004 *************** channel_new(char *ctype, int type, int r *** 257,262 **** --- 257,263 ---- c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; + c->dynamic_window = 0; c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; *************** static void *** 711,716 **** --- 712,721 ---- channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); + if (!c->input.unlimited && limit > 0x10000) + limit = 0x10000; + else if (c->input.unlimited && limit > MAXBUFSZ) + limit = MAXBUFSZ; if (c->istate == CHAN_INPUT_OPEN && limit > 0 && *************** channel_check_window(Channel *c) *** 1528,1541 **** !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && c->local_window < c->local_window_max/2 && c->local_consumed > 0) { packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); packet_put_int(c->remote_id); ! packet_put_int(c->local_consumed); packet_send(); debug2("channel %d: window %d sent adjust %d", c->self, c->local_window, c->local_consumed); ! c->local_window += c->local_consumed; c->local_consumed = 0; } return 1; --- 1533,1561 ---- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && c->local_window < c->local_window_max/2 && c->local_consumed > 0) { + u_int32_t tcpwinsz = 0; + socklen_t optsz = sizeof(tcpwinsz); + int ret = -1; + u_int32_t addition = 0; + if (c->dynamic_window) { + ret = getsockopt(packet_get_connection_in(), + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); + if ((ret == 0) && tcpwinsz/2 > MAXBUFSZ) + tcpwinsz = MAXBUFSZ/2; + } + if (c->dynamic_window && (ret == 0) && + (2*tcpwinsz > c->local_window_max)) { + addition = 2 * tcpwinsz - c->local_window_max; + c->local_window_max += addition; + } packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST); packet_put_int(c->remote_id); ! packet_put_int(c->local_consumed + addition); packet_send(); debug2("channel %d: window %d sent adjust %d", c->self, c->local_window, c->local_consumed); ! c->local_window += c->local_consumed + addition; c->local_consumed = 0; } return 1; diff -p openssh-3.9p1/channels.h openssh-3.9p1.hpn/channels.h *** openssh-3.9p1/channels.h Fri Aug 13 07:18:01 2004 --- openssh-3.9p1.hpn/channels.h Mon Dec 13 15:37:05 2004 *************** struct Channel { *** 98,103 **** --- 98,104 ---- u_int local_window_max; u_int local_consumed; u_int local_maxpacket; + int dynamic_window; int extended_usage; int single_connection; diff -p openssh-3.9p1/cipher.c openssh-3.9p1.hpn/cipher.c *** openssh-3.9p1/cipher.c Thu Aug 12 08:40:25 2004 --- openssh-3.9p1.hpn/cipher.c Mon Dec 13 15:37:05 2004 *************** ciphers_valid(const char *names) *** 175,181 **** for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); ! if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); xfree(cipher_list); return 0; --- 175,182 ---- for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); ! if (c == NULL || (c->number != SSH_CIPHER_SSH2 && ! c->number != SSH_CIPHER_NONE)) { debug("bad cipher %s [%s]", p, names); xfree(cipher_list); return 0; *************** cipher_get_keyiv(CipherContext *cc, u_ch *** 343,348 **** --- 344,350 ---- int evplen; switch (c->number) { + case SSH_CIPHER_NONE: case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: *************** cipher_set_keyiv(CipherContext *cc, u_ch *** 377,382 **** --- 379,385 ---- int evplen = 0; switch (c->number) { + case SSH_CIPHER_NONE: case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: diff -p openssh-3.9p1/compat.c openssh-3.9p1.hpn/compat.c *** openssh-3.9p1/compat.c Mon Nov 3 04:09:03 2003 --- openssh-3.9p1.hpn/compat.c Mon Dec 13 15:37:05 2004 *************** compat_datafellows(const char *version) *** 62,85 **** "OpenSSH_2.1*," "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF}, { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF}, { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| ! SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_2.5.0p1*," "OpenSSH_2.5.1p1*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| ! SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_2.5.0*," "OpenSSH_2.5.1*," "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF}, ! { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_2.*," "OpenSSH_3.0*," ! "OpenSSH_3.1*", SSH_BUG_EXTEOF}, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, --- 62,96 ---- "OpenSSH_2.1*," "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF|SSH_BUG_LARGEWINDOW}, { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF|SSH_BUG_LARGEWINDOW}, { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| ! SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| ! SSH_BUG_LARGEWINDOW}, { "OpenSSH_2.5.0p1*," "OpenSSH_2.5.1p1*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| ! SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| ! SSH_BUG_LARGEWINDOW}, { "OpenSSH_2.5.0*," "OpenSSH_2.5.1*," "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| ! SSH_BUG_EXTEOF|SSH_BUG_LARGEWINDOW}, ! { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| ! SSH_BUG_LARGEWINDOW}, { "OpenSSH_2.*," "OpenSSH_3.0*," ! "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_LARGEWINDOW}, ! { "OpenSSH_3.2*," ! "OpenSSH_3.3*," ! "OpenSSH_3.4*," ! "OpenSSH_3.5*," ! "OpenSSH_3.6*," ! "OpenSSH_3.7*," ! "OpenSSH_3.8*," ! "OpenSSH_3.9p1", SSH_BUG_LARGEWINDOW}, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, diff -p openssh-3.9p1/compat.h openssh-3.9p1.hpn/compat.h *** openssh-3.9p1/compat.h Sat Jul 17 02:12:08 2004 --- openssh-3.9p1.hpn/compat.h Mon Dec 13 15:37:05 2004 *************** *** 55,60 **** --- 55,61 ---- #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 + #define SSH_BUG_LARGEWINDOW 0x01000000 void enable_compat13(void); void enable_compat20(void); *************** char *compat_cipher_proposal(char *); *** 65,68 **** --- 66,70 ---- extern int compat13; extern int compat20; extern int datafellows; + #endif Common subdirectories: openssh-3.9p1/contrib and openssh-3.9p1.hpn/contrib diff -p openssh-3.9p1/kex.c openssh-3.9p1.hpn/kex.c *** openssh-3.9p1/kex.c Mon Jun 21 22:56:02 2004 --- openssh-3.9p1.hpn/kex.c Mon Dec 13 15:37:05 2004 *************** static void kex_kexinit_finish(Kex *); *** 49,55 **** static void kex_choose_conf(Kex *); /* put algorithm proposal into buffer */ ! static void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { int i; --- 49,55 ---- static void kex_choose_conf(Kex *); /* put algorithm proposal into buffer */ ! void kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { int i; diff -p openssh-3.9p1/kex.h openssh-3.9p1.hpn/kex.h *** openssh-3.9p1/kex.h Mon Jun 14 20:30:09 2004 --- openssh-3.9p1.hpn/kex.h Mon Dec 13 15:37:05 2004 *************** struct Kex { *** 118,123 **** --- 118,125 ---- void (*kex[KEX_MAX])(Kex *); }; + void kex_prop2buf(Buffer *, char *proposal[PROPOSAL_MAX]); + Kex *kex_setup(char *[PROPOSAL_MAX]); void kex_finish(Kex *); diff -p openssh-3.9p1/myproposal.h openssh-3.9p1.hpn/myproposal.h *** openssh-3.9p1/myproposal.h Mon Jun 14 20:30:09 2004 --- openssh-3.9p1.hpn/myproposal.h Mon Dec 13 15:37:05 2004 *************** *** 30,36 **** #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ ! "aes128-ctr,aes192-ctr,aes256-ctr" #define KEX_DEFAULT_MAC \ "hmac-md5,hmac-sha1,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ --- 30,36 ---- #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ ! "aes128-ctr,aes192-ctr,aes256-ctr,none" #define KEX_DEFAULT_MAC \ "hmac-md5,hmac-sha1,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ Common subdirectories: openssh-3.9p1/openbsd-compat and openssh-3.9p1.hpn/openbsd-compat diff -p openssh-3.9p1/packet.c openssh-3.9p1.hpn/packet.c *** openssh-3.9p1/packet.c Mon Jun 21 22:56:02 2004 --- openssh-3.9p1.hpn/packet.c Mon Dec 13 15:37:05 2004 *************** packet_send_ignore(int nbytes) *** 1501,1506 **** --- 1501,1513 ---- rnd >>= 8; } } + int rekey_requested = 0; + + void + packet_request_rekeying(void) + { + rekey_requested = 1; + } #define MAX_PACKETS (1U<<31) int *************** packet_need_rekeying(void) *** 1508,1513 **** --- 1515,1525 ---- { if (datafellows & SSH_BUG_NOREKEY) return 0; + if (rekey_requested == 1) + { + rekey_requested = 0; + return 1; + } return (p_send.packets > MAX_PACKETS) || (p_read.packets > MAX_PACKETS) || diff -p openssh-3.9p1/packet.h openssh-3.9p1.hpn/packet.h *** openssh-3.9p1/packet.h Thu May 13 02:39:33 2004 --- openssh-3.9p1.hpn/packet.h Mon Dec 13 15:37:05 2004 *************** *** 18,23 **** --- 18,26 ---- #include + void + packet_request_rekeying(void); + void packet_set_connection(int, int); void packet_set_nonblocking(void); int packet_get_connection_in(void); diff -p openssh-3.9p1/readconf.c openssh-3.9p1.hpn/readconf.c *** openssh-3.9p1/readconf.c Sat Jul 17 02:12:08 2004 --- openssh-3.9p1.hpn/readconf.c Mon Dec 13 15:37:05 2004 *************** initialize_options(Options * options) *** 914,919 **** --- 914,920 ---- options->verify_host_key_dns = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; + options->none_switch = -1; options->num_send_env = 0; options->control_path = NULL; options->control_master = -1; *************** fill_default_options(Options * options) *** 1037,1042 **** --- 1038,1045 ---- options->server_alive_interval = 0; if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; + if (options->none_switch == -1) + options->none_switch = 0; if (options->control_master == -1) options->control_master = 0; /* options->proxy_command should not be set by default */ diff -p openssh-3.9p1/readconf.h openssh-3.9p1.hpn/readconf.h *** openssh-3.9p1/readconf.h Sat Jul 17 02:12:08 2004 --- openssh-3.9p1.hpn/readconf.h Mon Dec 13 15:37:05 2004 *************** typedef struct { *** 101,106 **** --- 101,107 ---- int enable_ssh_keysign; int rekey_limit; + int none_switch; int no_host_authentication_for_localhost; int identities_only; int server_alive_interval; Common subdirectories: openssh-3.9p1/regress and openssh-3.9p1.hpn/regress Common subdirectories: openssh-3.9p1/scard and openssh-3.9p1.hpn/scard diff -p openssh-3.9p1/scp.c openssh-3.9p1.hpn/scp.c *** openssh-3.9p1/scp.c Fri Aug 13 07:19:38 2004 --- openssh-3.9p1.hpn/scp.c Mon Dec 13 15:37:05 2004 *************** main(int argc, char **argv) *** 227,233 **** addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; ! while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) switch (ch) { /* User-visible flags. */ case '1': --- 227,233 ---- addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; ! while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246zS:o:F:")) != -1) switch (ch) { /* User-visible flags. */ case '1': *************** main(int argc, char **argv) *** 235,240 **** --- 235,241 ---- case '4': case '6': case 'C': + case 'z': addargs(&args, "-%c", ch); break; case 'o': diff -p openssh-3.9p1/serverloop.c openssh-3.9p1.hpn/serverloop.c *** openssh-3.9p1/serverloop.c Fri Aug 13 07:18:01 2004 --- openssh-3.9p1.hpn/serverloop.c Mon Dec 13 15:37:05 2004 *************** server_request_session(void) *** 895,900 **** --- 895,904 ---- c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); + set_unlimited(&c->input,1); + set_unlimited(&c->output,1); + if (!(datafellows & SSH_BUG_LARGEWINDOW)) + c->dynamic_window = 1; if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); diff -p openssh-3.9p1/ssh.c openssh-3.9p1.hpn/ssh.c *** openssh-3.9p1/ssh.c Sun Aug 15 03:23:34 2004 --- openssh-3.9p1.hpn/ssh.c Fri Jan 14 14:41:27 2005 *************** main(int ac, char **av) *** 236,242 **** again: while ((opt = getopt(ac, av, ! "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNPR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; --- 236,242 ---- again: while ((opt = getopt(ac, av, ! "1246ab:c:e:fgi:kl:m:no:p:qstvxzACD:F:I:L:MNPR:S:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; *************** again: *** 432,437 **** --- 432,438 ---- break; case 'T': no_tty_flag = 1; + options.none_switch = 0; break; case 'o': dummy = 1; *************** again: *** 455,460 **** --- 456,468 ---- case 'F': config = optarg; break; + case 'z': + /* make sure we can't turn on the none_switch */ + /* if they try to force a no tty flag on a tty session */ + if (!no_tty_flag) { + options.none_switch = 1; + } + break; default: usage(); } *************** ssh_session2_open(void) *** 1141,1147 **** "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); ! debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); --- 1149,1159 ---- "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); ! if (!tty_flag && (!(datafellows & SSH_BUG_LARGEWINDOW))) { ! c->dynamic_window = 1; ! set_unlimited(&c->input,1); ! set_unlimited(&c->output,1); ! } debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); diff -p openssh-3.9p1/sshconnect2.c openssh-3.9p1.hpn/sshconnect2.c *** openssh-3.9p1/sshconnect2.c Mon Jun 14 20:30:09 2004 --- openssh-3.9p1.hpn/sshconnect2.c Fri Jan 14 14:48:12 2005 *************** RCSID("$OpenBSD: sshconnect2.c,v 1.138 2 *** 58,63 **** --- 58,69 ---- extern char *client_version_string; extern char *server_version_string; extern Options options; + extern Kex *xxx_kex; + + /* tty_flag is set in ssh.c. use this in ssh_userauth2 */ + /* if it is set then prevent the switch to the null cipher */ + + int tty_flag; /* * SSH2 key exchange *************** ssh_userauth2(const char *local_user, co *** 309,315 **** pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); ! debug("Authentication succeeded (%s).", authctxt.method->name); } --- 315,329 ---- pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); ! if ((options.none_switch == 1) && !tty_flag) /* no null on tty sessions */ ! { ! debug("Requesting none rekeying..."); ! myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; ! myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; ! kex_prop2buf(&xxx_kex->my,myproposal); ! packet_request_rekeying(); ! fprintf(stderr, "WARNING: ENABLED NULL CIPHER\n"); ! } debug("Authentication succeeded (%s).", authctxt.method->name); } diff -p openssh-3.9p1/version.h openssh-3.9p1.hpn/version.h *** openssh-3.9p1/version.h Tue Aug 17 08:47:41 2004 --- openssh-3.9p1.hpn/version.h Mon Dec 13 15:37:05 2004 *************** *** 1,3 **** /* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ ! #define SSH_VERSION "OpenSSH_3.9p1" --- 1,3 ---- /* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ ! #define SSH_VERSION "OpenSSH_3.9p1-hpn"